A signature only tells you where something came from, not whether it’s safe. Saying APT is more secure than Docker just because it checks signatures is like saying a mysterious package from a stranger is safer because it includes a signed postcard and matches the delivery company’s database. You still have to trust both the sender and the delivery company. Sure, it’s important to reject signatures you don’t recognize—but the bigger question is: who do you trust?

APT trusts its keyring. Docker pulls over HTTPS with TLS, which already ensures you’re talking to the right registry. If you trust the registry and the image source, that’s often enough. If you don’t, tools like Cosign let you verify signatures. Pulling random images is just as risky as adding sketchy PPAs or running curl | bash—unless, again, you trust the source. I certainly trust Debian and Ubuntu more than Docker the company, but “no signature = insecure” misses the point.

Pointing out supply chain risks is good. But calling Docker “insecure” without nuance shuts down discussion and doesn’t help anyone think more critically about safer practices.

You know container image attestations are a thing, right?

So the end result of this is… companies race to burn fossil fuels into plastic to take water away from municipal or agricultural sources, remove as much safety filtering as they legally (or illegally) can “because it’s cheaper and more competitive” and buy up as much water rights and other water bottling companies as they can with the centralized capital because economies of scale mean better margins. And then once they have a monopoly, they jack up the price and screw over everyone who doesn’t have free water in their taps (which is everyone because the cities all got priced out and had to sell their water rights so now people have to buy bottled water).

Regulation in this scenario doesn’t work because the water companies are operating in some country across the world which has no money or army to enforce its laws. Or the local politicians are corrupt. There is no competition because people don’t have any real choice: they have to drink water which means they have to buy it from some company (as opposed to getting it for free as a human right). That is the big lie we’re all told about capitalism: that competition is a given in every market, government regulation is “in the way” and that the free market will somehow lead to the best outcome for all. At least for water (and also for web browsers), that is patently and obviously not true.

Edit: link formatting

Nooooo some of my favorite science education channels are PBS 😭

And there is no aspect, no facet, no moment of life that can't be improved with pizza.

Why not ask whoever is taking care of your cat to send pics / videos?

I don’t entirely agree. TikTok isn’t just silly dances, thirst traps, and trends—it has played a significant role in community organizing and coalition-building across social movements. Consider the university Pro-Palestine encampments or mainstream news reporting on social media reaction to the United Healthcare CEO’s killing. Neither is solely attributable to TikTok, but the scale and nature of discussion on the platform have demonstrably influenced real-world conversation and activism. Another example is Keith Lee’s viral restaurant reviews transforming the viability of small mom and pop businesses overnight.

What sets TikTok apart isn’t just its massive reach (150 million monthly active users, nearly half the US population) but also its algorithm and features that enable collaborative, asynchronous discussion. Unlike YouTube Shorts or Instagram Reels, where content is mostly one-off entertainment with fleeting comment sections, TikTok fosters actual conversations. Features like stitching allow users to directly respond to others, creating an evolving discourse where users can trace context. At times, entire feeds become dominated by discussion of a single topic—sometimes celebrity gossip, but often major events like October 7 or the United Healthcare CEO killing. This level of organic, large-scale discourse doesn’t happen the same way on other platforms. A great example of this dynamic was when TikTok users collectively decided to migrate to the actually Chinese app XiaoHongShu specifically to spite the US government. That didn’t just happen—it was discussed and coordinated.

In my view, TikTok is a national security threat not because of unproven claims about data leaks or state-authored propaganda, but because it provides an already restless and dissatisfied population with a real platform to discuss issues and organize. If a decentralized, open-source alternative existed at scale, TikTok itself wouldn’t be necessary. I acknowledge that TikTok—like any centralized platform—has real issues, particularly around privacy and censorship. But until such a decentralized alternative gains traction, TikTok remains important. And even then, I doubt the US government would be any more comfortable with a decentralized version, since it still wouldn’t give them control over what discussions take place.

Generally agree, although worth noting that which side you pass on depends on which side of the road people use to drive in your country. In the US, driving on the right means overtaking on the left. One could say that generally the advice is to drive in outermost lanes (closer to the road shoulder) unless overtaking in lanes further from the shoulder.

94% AI generated per zerogpt.com

I lurk in my city’s subreddit. It briefly closed as part of the protests, but the Lemmy community that was created at the time is inactive.

Sure, but that’s just Starlink. G60 was just launched at 1200 km, which will take thousands of years. OneWeb is at a similar altitude. Both are currently much smaller in scale, of course, but still potential problems. Not to mention the impact all three systems are having on astronomy.

For Starlink, I’m much more concerned about the aluminum oxide pollution. I linked the study in my earlier comment, but this magazine article does a better lay explanation: https://universemagazine.com/en/starlink-destroys-the-ozone-layer-that-would-recover-by-2066/ The worst part for me is that we might not actually see the bulk of the effects until 30 years from now when the aluminum from hundreds of tons of burnt up satellites descends into the stratosphere where 90% of our ozone is.

I agree, but at what cost? When the satellites burn up, they are likely worsening the hole in the ozone layer. And even if they don’t, they are probably contributing to Kessler syndrome, which could ruin low earth orbit for generations.

Sources:

1. https://agupubs.onlinelibrary.wiley.com/doi/10.1029/2024GL109280
2. https://www.nature.com/articles/s41598-021-89909-7

Edit: formatting

Not exactly the same, but I find “plug” and “socket” or “jack” to be generally more useful terms since the definitions are based on function rather than similarity to genitalia. Plugs are usually male, but always. For example, computer power supplies typically have a male jack and a female plug. In those situations, I find it more meaningful to describe the part by whether it is fixed or moves rather than which way the prongs go.

It’s the right to bear arms, not the right to bare arms!

I usually say “semiweekly” to mean twice per week. I also say “semimonthly” to mean twice per month (24 times per year) as opposed to “biweekly” (26 times per year).

While "sociopathy" isn't a scientific term, claiming that all autistic people are sociopaths is a harmful false equivalence. Associating autism with the stigma of sociopathy based on your own definition doesn't hold up. Your sources confirm that "sociopathy" isn't scientific but don't support your claim about autism.

ASD and ASPD are distinct conditions, and the colloquial use of "sociopath" generally refers to traits associated with ASPD, not autism. Language evolves over time—consider how "literally" now also means "figuratively" due to ironic use, or how "antisemitism" specifically refers to discrimination against Jews, despite its broader etymological roots. Similarly, "sociopath" today typically refers to ASPD-related traits, not just any "social illness."

The person you're responding to provided reputable sources disputing your definition, while your own sources lack expertise in psychology or linguistics. In fact, your third source even contradicts your argument; the article cites a contemporary psychologist who directly contrasts psychopaths with autistic children, highlighting the differences between the two conditions. If you're calling others "pseudoscientists," it's important to evaluate your sources more carefully.

People aren't downvoting the idea that "sociopathy is nothing to be ashamed of"—that's a valid point. But instead of playing word games, you could focus on that truth directly.

I am curious how either unit would earn revenue as an independent company.

Will Android get to keep the Play Store? Does that include media? Do they charge Google to distribute the Maps app?

Will Google pay Chrome to stay the default search engine? Maybe Chrome can charge schools and libraries for ChromeOS updates?

Would be great if we could just take off all of August like Europe does.

Adding onto what TheMrDrProf said: basically LetsEncrypt just wants to know you actually control the domain you’re using to get the certificate. With HTTP challenges, your domain has to resolve to a working HTTP server. With DNS challenges, you need API access to your DNS provider so that Certbot can set a temporary record that proves ownership.

If you’re using NPM to manage your certs, then as TheMrDrProf said as long as the HTTP request from LetsEncrypt can make it to your NPM through the VPS proxy, you should be able to pass the challenge and get a certificate. The IP address of the domain doesn’t really matter as long as the request makes it all the way to the challenge HTTP server, which in this case is NPM.

In NPM, you should see “Use a DNS challenge” option. If you use that and your DNS Provider is supported (if not, I recommend Cloudflare), then your VPS proxy does not even need to be working in order to renew certificates. This has a few advantages such as being able to shut off unencrypted traffic on port 80 completely.

1. The certificate and private key need to be on your home server since that’s where the TLS is decrypted.
2. You should be able to tunnel TLS traffic through WireGuard, so no port forwarding is needed.
3. You’d probably want to move Nginx Proxy Manager to your home server as an ingress gateway (and you can keep all the config + TLS certificates). Then on your VPS, you would no longer need the complexity and something like HAProxy, vanilla Nginx, or Traefik would suffice. Seems like NPM has an open issue to add support for TLS passthrough, but in my opinion it’s simpler to just have your VPS forward all traffic to one port on your home server.

For added security, you can make sure the proxy on the VPS only routes traffic for the correct domain using SNI. That way if someone hits your IP randomly, it only goes to your home server if the correct domain name was requested as well.

What you’re doing makes sense to me. Good luck!