The easiest way would be to set up caddy to use acme on the servers, and never care about certificates again. See https://caddyserver.com/docs/automatic-https.

If you insist on your centralized solution, which is perfectly fine imo, just place the certificates to a directory properly accessible to caddy, and make sure to keep the permissions minimal, so that the keys are only accessible by authorized users.

If the certificates are only for caddy, there’s no reason to mess around in system folders.

In all honesty, the constant rambling against any service provider when something goes wrong is tiring. as. fuck.

“I’m not using anything, I’m self-hosting everything and no cloudflare can take ME down!” - hot stuff buddy, let’s talk again when at some point you’ll have something interesting and get hugged to death. Or when something of your diy self hosted stack breaks or gets taken down by an attack.

“I’m not using (big company name) but (small startup name), and I’m not having any issues!” - wow, great, obviously the goal of the company is to stay as small as they are and supply your service. Let’s talk again too, when at some point your friendly startup gets sold, or grows more. Oh btw, smaller company usually also means less resources.

“That’s all because they are using centralized services, we need to federate everything to not have a single point of failure” - federation alone won’t help if the centralized service has several magnitudes of resources more. Any single cloudflare exit node can probably handle several times the load of the fediverse. We’ve seen lemmy instances go down all the same, and this will happen with any infrastructure.

I’m not supporting big companies having that much market share and the amount of control over the Internet as a whole that they have. But, have at least some respect from a technical standpoint for the things they’ve built. I’d say way over 80% here haven’t seen infrastructure, traffic and software on a scale that’s even remotely close to the big players, but are waffling about how this or that is better and how those problems should be solved and handled. Sit the fuck down.

Honestly, cleaning up legacy shit code is already a thing, it’s called consulting.

It won’t be a dedicated career field. The AI bubble is at an all time high, and it works now. What people will realize, is that there is more to a piece of software than just the initial code / prototype. AI is amazing at prototyping, it’s fast and it gives the dopamine rush of bringing something online fast. What AI is not good at is actually creating production ready code. Maintainability, security, operations of AI slop code suck. Massively. Adding features by AI to a vibe coded codebase sucks, and all of this is amplified exponentially if the person vibe coding does not know their shit.

The question on vibe coding is not if it will break, but when. And when it breaks, it does not matter if it’s AI or just bad code. It’s a broken app that needs fixing, and that’s just your regular software engineering job.

In addition to all the suggestions - check out modding databases like nexusmods or whatever. Many older games that would not fit your definition have graphical mods that will make your GPU work.

Personally I’ve played modded stalker, fallout, elder scrolls. Hell, you can make Minecraft look absolutely amazing, but it’s a pain to set up properly. You’ve mentioned you’re not into horror games, some games also have total conversions available that do a some genre bending too.

Cyberpunk is not that old, but it’s one of the best looking games ever made IMHO.

Witcher 3, also potentially with mods.

No matter how well reasoned, allegedly fit for purpose or how much something pretends to be it, we shouldn’t be trusting those promises, especially not from people we don’t know. That does not end well neither for the free candy van nor for cybersecurity. Trust like that has been responsible for a lot of attacks over varying vectors and for projects going wrong.

On the other hand, detrimental reliance is a tort and if someone is relying on an app for a specific safety function, the app could be civilly liable if it fails it’s function in some way.

Yes, if the app would be any kind of official tool.

Imagine if you had this attitude about an insulin use tracker/calculator, that sometimes gave wildly wrong insulin dose numbers.

Yes, and that’s why regulations for those kinds of things exist, that prevent those things. There is no regulation for the ice tracker.

Maybe down the road, it’s decided that aiding and abetting ICE is a crime, and providing misinformation intentionally or unintentionally is a criminal act. App developer dude could be criminally liable if he knew or ought to have known he had vulnerabilities. You know, in your New Nuremberg trials that you are going to get sometime in the next decade or so.

If down the road a regulation would happen for, app developer dude would be forced to either comply or to stop operations.

So fucking what? He is not being paid in any kind, and anything he does on that project is volunteer work. If he was not able to do anything on that project due to regular work, vacation, personal issues, or the simple fact that he didn’t want to?

If you don’t pay for a service, you don’t get to decide what people do, deal with it

Honestly, apart from the report being potentially wrong, the researcher seems pretty entitled as well. Like good intentions and all that, but he’s given him a week to fix the issue, usual practice in responsible disclosure are 90 days. We’re not talking about a company here, it’s some single random dude providing the app.

This really sounds like some personal issue written down for public drama, while making himself ridiculous for not knowing his own shit properly.

https://github.com/undergroundwires/privacy.sexy/discussions/359

The setting toggle seems to be available since Android 12, but not all vendors seem to have implemented it. There are instructions in the linked GitHub issue that seem sane.

Youre jumping to conclusions. Bigger companies missed bigger problems in their reviews and QA. Why should they be wanting their cursorrules in there, and what kind of mental gymnastics is it to conclude that they are vibecoding based on that. You don’t need it committed, you don’t even need it to be in the project directory.

It’s definitely badly communicated and suspicious, I just called out jumping to extreme conclusions based on a suspicion alone. There probably will be people who are gonna review the code and see how much of it is probably LLM generated, and then we will know. I still think that it’s pretty much impossible to vibe code something on that scale, but I haven’t seen their cursorrules either.

Absolutely, I do them daily, what about you?

Just because they are using Cursor, it doesn’t mean that they are vibe coding. Anyone grabbing their pitchforks for that and screaming “they are vibecoding” only shows their own incompetence.

If they would be vibecoding, their whole software would’ve gone to shit long ago.

Just because some random people without an engineering background are using vibecoding to push their broken slop, it doesn’t mean that any kind of AI assisted coding is bad.

Unless there are those who need certain words for their jobs, I can kinda understand why Microsoft wouldn’t want emails from work addresses to go out with political agendas… for either side.

Sure. Then block both sides, and not only the one not bringing you money.

Work emails should just be about work. Too many people use their work emails like a personal email… with their banking, shopping, etc. That’s what personal email addresses are for.

No one uses their company email for their personal banking, simply for the reason because if you’d leave, you’d lose your access, and since most companies run behind firewalls, vpns, 2fa tokens and similar additional credentials, it’s simply harder to use.

This policy should go for many non-work related topics too. IT can unblock the words for certain users who need to use them for their job.

Of course, let’s waste resources to maintain idiotic blocklists that are out of date the moment they are rolled out, and additional resources to make the blocklist actually work. Palestine, p4lestine, pale s tine, p a l e s t i n e, paleztine. Need more?

You’re not at work for someone with this kind of unhinged mentality watching you working for 8 hours a day straight with no breaks and no distractions. You’re there to get your work done. In my current team, we’ve had the best ideas talking about our problems at the coffee machine. I personally focus best when I have music on. We’re doing sports together once a week on a company fitness incentive, which boosted our team dynamic massively. None of this would be possible in such a controlled environment.

“Googling a lot while coding” is not even remotely close to vibe coding, please don’t gaslight yourself into that.

When you read up on things, you know what you’re looking for. You read a potential solution (e.g. part of a documentation, an example, someone else’s solution, a solution to a similar problem), you think about it and transfer that to your own problem, with your own code, with your own thoughts.

Using AI support is totally fine too - it’s a smarter code completion, nothing more. It might spit out something wrong, something partial, something good. You might ignore it as with the regular completion. In the end, it’s still you thinking about it, modifying it until it works, and doing your thing.

“Vibe coding” is basically saying tech jesus take the wheel. And it might go well for someone who cannot code, who managed to create their small game or some website. It will go horribly wrong for any project handling user data, sensitive data, or something that needs to be maintained after. We’ve had more than enough examples of that.

Take the following with a grain of salt, it depends on your specific setup, environment and preference, but might help you:

Regarding system backups, and depending whether you need to run fedora, check out nixos, which takes a declarative file and builds your system based on that. Declarative immutable system, no moving parts, no breakage. If your system breaks, revert to a prior version and keep using what you’ve had before before retrying. Your backup is a git repo or whatever is keeping your handful of config files. Has been an absolute game changer for me, and the community and ecosystem around it is far beyond the point of quirky esoteric immutable distro.

VSCode has a powerful feature that I’ve yet to see in another editor/IDE - remote development, and it works really, really well. Spin up a VM however you like (I’d recommend checking out Vagrant), and depending on how much you need to do in windows either use the windows box as a remote run target (just running your built artifact in windows), or as a remote development box (running everything in windows and using your Linux VSCode as a “Frontend” for everything else happening in windows). Both methods can be made to work seamlessly in vsc.

Excel - again depending on your usage, you can try wine, you can use a VM, dual boot, M365 in browser, or a remote VM.

You probably just should let an AI generate that.

Because it’s always been like that. An enemy image unites, and allows for political agendas which wouldn’t be possible otherwise. China and Taiwan? Israel and Gaza? The middle east? Jugoslawia? Kosovo and Albania? The soviets, Hitler, the OG fascist Mussolini, and even they weren’t the first ones.

Having an enemy helps unite people against them, and as long as the image of the enemy being present and being a danger is fed, inner conflicts matter way less, since the “danger” is the enemy.

For America it’s an especially interesting case:

• America spends ~900 billion dollars on military, which is as much as the next most spending 9 countries combined. Source. Fuck knows if that’s super accurate, it’s a fuckton. America’s main export good is war, so any enemy is a good enemy, and any war is a good war. Suddenly, the 66.5 billion spent on Ukraine since 2022 aren’t that much anymore.
• The “commies” and the “reds” are an historic enemy, and have been for a significant time of America’s existence. America has existed for 249 years this year. The soviet union existed for 69 years, counting in the Russian Republic right before its 74 years. Right before that was the Russian empire, which existed for 196 years. The Russians, in some form, have been an enemy since basically forever.
• A comparatively extremely dumb population on average at least in regard to the non-american world, in addition to intolerance of the “non-american way” of doing things and disinterest in other cultures.

And since the average American already is used in thinking black and white with glorious freedom of two-party pseudo democracy, it’s even easier to get the enemy image going.

For some variance, China can be used sometimes too.

And before I get called a Russian bot, fuck Putin, fuck Trump, fuck Musk, and many other political figures having blood of many people on their hands.

It’s not about being dumb and expecting stuff for free but a general anger towards subscription based models. Fair models exist and are possible, but are a collateral of the general hate.

Then, free alternatives exist, and believe it or not, some people do not have a tiny monthly fee they could spare or do not want to pay for something that a free alternative exists.

Threema tried exactly that, and failed comically.

Just as AI will replace developers, and then we have Devin. Also don’t forget the artists that will be replaced, that’ll happen just when it learns that humans have 5 fingers per hand.

It’s all marketing for AI, by the afaik currently biggest supplier of AI hardware.

The whole hype will implode when AI itself implodes, not as the AGI singularity, but when the resource costs spiral out of control, and its keeps getting its own generated glop spoonfed