It is generally used similarly to "life goes on". Even if with more pessimism about the fact that certain things don't change (sometimes for good though).

It is still going to be a big deal for a few weeks though...

A very old one indeed. It's never certain how conclaves will go.

Not to talk about annotations. Take screenshot, click preview, click edit, click rectangle tool, make rectangle (repeat), click done. Instead with flameshot it's literally 2 clicks. Thanks for writing documentation BTW, on behalf of whomever you work with.

I have opposite experiences! Multiple Linux laptop, with multiple docking stations: a bit of xrandr magic and everything works, forever. (BTW, try setting manually the refresh rate at different values for the two monitors via xrandr, I have solves a similar problem to yours in the past by creating a dedicated display class.)

On a Mac, it's impossible, I have to plug one cable directly in the computer to make it work, and the quality of the output on 2k monitor is way worse since they disabled sub-pixel rendering or some stuff.

Windows also works decently on this regard, until it doesn't (my partner's PC stopped recognizing HDMI monitor at some point, and the debugging was frustrating as hell).

I actually also warm up the metal bowl with the cooking water, but I generally don't add the cooking water to it (like I do for cacio e pepe).

I will try next time, it seems it might make it easier to nail the density.

I agree so much for flameshot. For work I moved to a Mac and we are not allowed to install flameshot (signing issue), and the workflow for taking screenshots (e.g., when writing documentation) is so much worse and slow with the default macOS tooling.

Thanks! Ironically, I searched now and the one I use is called "spaghetti ladle".

There is also a famous Italian chemist who deal with food (recipe [IT]).

I remember that egg doesn't need to go above 65C, but now I don't know if this paper also addresses what the minimum should be, I will have a look!). I usually put the bowl with the egg briefly on top of the boiling water, just to warm it up a little bit.

I am saying to salt generously for people not used to make pasta, anyway, not adding any other salt anywhere it is not a problem to oversalt pasta really (I put the same I put everyday).

Even some traditional chefs use a mix of parmigiano, it helps counter a bit the acidity of the pecorino (in fact, I copied this from one of them!). It also depends on the pecorino, I live abroad, so I don't have much choice.

For carbonara the cooking pot is too hot and IMHO cooks the egg too much. I just remove spaghetti with a "whatever the tool is called", so that I have all the cooking water at my disposal and I can dose it with a ladle. Too much cooking water messes the carbonara really bad, since if you already mixed it with egg, you will need to dry it and the only way is really keeping it in the pan, which will also cook the egg.

My recipe (speaking as someone from Rome, my tastes might be different):

Ingredients:

• 1 egg yolk per person + 1 full egg. (E.g., 2 people = 2 yolks + 1 egg)
• pecorino romano (a lot). I put also a 20%-ish of parmigiano to balance the taste.
• black pepper, freshly ground.
• guanciale (traditionally, I live abroad and often use pancetta - which is less fat and might require a little bit of olive oil)

Usually you want spaghetti or maybe rigatoni, fettuccine or similar (like OP) tend to suck too much the sauce and are also heavier (it makes sense that they used many full eggs).

Preparation: You beat the eggs and add scraped pecorino until the result is thick. You add pepper and a bit of salt to it as well and mix.

In a pan with no oil or butter you put the guanciale and you let it sweat. You let it fry in its own fat until it's like you want it. You can take a couple of teaspoons of fat and add it to the egg and pecorino mix.

Depending on your taste, you can remove a bit of fat.

You put water boiling and you salt it generously. You boil pasta, and take it out approximately 2 minutes before the official cooking time. You add the pasta in the pan with the guanciale, and you add cooking water into it to continue the cooking while you mix (few water, multiple times, bit by bit). With the pasta still wet, you add it to the container where the egg mix is (not on fire). Better too dry (in which case you add a bit of cooking water) than too liquid (cannot be repaired easily, you will have to drop it in the pan and let it dry). You mix vigorously and you should have the egg sauce perfectly attached to the pasta. If you put enought pecorino in the sauce, you probably won't need additional one on top.

That's it. There are people who do it very differently, for example there are those who mix egg with so much pecorino that they make a solid ball that they add to the pan while finishing the cooking of the pasta and they melt it with cooking water.

Either way, carbonara (and cacio e Pepe) are extremely simple recipes that have a tricky process easy to mess up, and it takes a few attempts to get it as you want it.

Looking online OVH has 10x the employees of hetzner and probably as much revenue, just to give scale. OVH also has like 43 datacenters. I think hetzner has maybe 5 and I am not even sure they run their own everywhere.

OVH is quite big actually, I have used them too for some stuff (same for Scalaway, I think they are also quite bigger than Hetzner).

Why would anybody care? The only thing that matters is who uses them to make good stuff.

Way too small compared to the other ones mentioned. It's great (and I use it), but they are tiny. I think you already have to contact support for having more than 10 machines or something like that, to give an idea.

In 4 years I have never (and will never) used any service from /e/. There is no vendor lock whatsoever. That's fully optional.

Points 3, 4 and 5 in your list are moot IMHO.

Also

It takes a base level of understanding why you would buy a Fairphone

It doesn't really. "Phone is repairable and X can help me", "they pay the makers fair wages" are not really complex value propositions that require some (technical) understanding.

The point of /e/ and similar distributions is that you can buy a phone with it (average user will never reflash) and just have a phone that doesn't use Google (it does, for the amount that doesn't require you to do extra technical stuff and have a sane user experience at the same time).

That said, calyx seems a great alternative and so are iode. I think the advantages of one over the other (for my brief search) are quite small.

Gotcha, you are the classic person who is unnecessarily confrontational, but that dashes at any actual confrontation, because ultimately you have nothing to say. Your history shows this clearly.

We can all live without toxic people like you.

So your argument is repeating a cliché? OK.

I don't need to convince you, but I explained my reasoning. Maybe make some practical examples, show some CVEs that - if left unpatched - severely impact the privacy (or the broader security) of the average users.

Also, as anybody who works in security knows, security is not a binary, and securing often means paying a price (in usability, in Euro, in comfort, in performance, whatever). In my mom's threat model there is no the APT leveraging a 0 day to breach her worthless phone, there are opportunistic scammers who send her emails. There is also google and the like harvesting her data to sell her shit (hence a deGoogled phone with bootloader unlocked is more important than a Google phone with bootloader locked, for example).

In my threat model there might be some more resourceful attackers (because believe it or not, a financial org trusts me with securing their infra). However, as I also said, a much simpler and cheaper attack that recently has made the news is just to snatch the phone unlocked from my hands on the street, rather than exploiting an android CVE. This is why for example I have app pins for signal, email and everything that supports it, and I need to authenticate at every use. I also store all my TOTP on my yubikey, rather than keeping them on the phone (even with PIN), so my phone is not good as a 2FA device.

What you call blasé is actually just a way I personally assessed the risks and decided to invest accordingly. People whose threat model involve the bots who spam emails do not have to invest in security like if the NSA is after them. Updating android a month later is not going to be even a "low" risk for most people, especially if they adopt the much more important practice (IMHO) of not installing every shitty app under the sun. If you think otherwise, make concrete examples perhaps. Using a cliché is not really building your credibility here.

I definitely wait more than a week to update for example. The marginal security risk is completely irrelevant for me compared to the operational risk of a buggy update. N-1 is a common practice for updating software in fact, unless there is absolutely a great reason to upgrade.

Also, I want to be in your circle, because most people I know if the phone doesn't update automatically they probably won't even think of updating their phone (or their computer) at all.

For me the reason is simple, I don't care about the advanced threats that would be mitigated by GrapheneOS enough to buy a pixel and migrate. I already own a FP3 and that's what I am going to use until it breaks.

I might consider Graphene in the future, but having to buy a Google phone (even a used one) already pisses me off, compared to a FP (or similar). eOS also tries to be a "noob-friendly" distribution, that you can buy phones with and you never have to mess with the phones, which means people who don't have the skills or don't want to mess with their phones might trade the risk with ease of operation, and it might be the right choice for them.

Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a "googled" phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.

I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.

I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.

Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it's possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).

If these two issues are what prompts you to call a "security dumpster fire", I would say we at least have very different risk perceptions.