• 0 Posts
  • 82 Comments
Joined 2 years ago
cake
Cake day: July 14th, 2023

help-circle
  • stuck with the GPL forever

    If you accept a patch and don’t have the ability to relicense it, you can remove it and re-license the new codebase. You can even re-implement changes made by the patch in many cases, whether those changes are bug fixes or new features.

    If you re-implement the change, you do need to ensure this is done in a way that doesn’t cause it to become a derivative work, but it’s much easier if you have copyright to 99% of a work already and only need to re-implement 1% or so. If you’ve received substantial community contributions and the community is opposed to relicensing, it will be much harder to do so.

    A clean room implementation - where the person rewriting the code doesn’t look at the original code, and is only given a description of the functionality - which can include a detailed description of the algorithm - is the most defensible way to perform such a rewrite and relicense, but it’s not the only option.

    You should generally consult an attorney when relicensing and shouldn’t just do it casually. But a single patch certainly doesn’t mean you’re locked in forever.





  • If you’re in the US, automatic is fine. Manuals make up like 1 percent of new cars and maybe 4% of used cars here. It doesn’t hurt to know how to drive one, but it doesn’t benefit you much, either. I drove a manual once, but it was a rental in another country. I’ve never been faced with needing to - or even having the opportunity to - drive a manual in the US.

    However, learning on a manual does make it easier to understand certain ways of how cars work, even on automatics (less so on CVTs), so if you like understanding things more, I recommend manual even in the US. You can still get that understanding driving automatics, though - just a bit more effort.

    Outside the US, most places I know of manual is the default. If manuals make up even 30 percent or so of cars where you live, I strongly suggest learning to drive one.






  • If your recommend protein intake is 70 grams per day (meaning you weigh about 195 pounds / 87 kg) and you’re only getting 20 grams per day, then you are likely already experiencing health issues.

    From https://www.verywellhealth.com/protein-deficiency-symptoms-8756264 you could expect to experience:

    • Weakness and fatigue, meaning you’ll feel exhausted - mentally, physically, or both
    • Skin, Hair, and Nail Problems
    • Mood changes, including the development of mood disorders, such as depression
    • Compromised immune system
    • Slowed wound healing
    • Decline in bone strength
    • Fatty liver
    • Weight loss due to your muscles and organs being broken down - but my understanding is this is mostly relevant if your overall caloric intake is quite low (starvation levels)
    • Weight gain due to fluid retention or increased hunger

    Not all of those are immediately noticeable.

    However, I’m with the other commenter who said that they think it’s likely that you’re under-estimating your daily protein intake. What method did you use for tracking and calculating it?




  • They put their repo first on the list.

    Right. And are we talking about the list for OBS or of repos in general? I doubt Fedora sets the priority on a package level. And if they don’t, and if there are some other packages in Flathub that are problematic, then it makes sense to prioritize their own repo over them.

    That said, if those problematic packages come from other repositories, or if not but there’s another alternative to putting their repo first that would have prevented unofficial builds from showing up first, but wouldn’t have deprioritized official, verified ones like OBS, then it’s a different story. I haven’t maintained a package on Flathub like the original commenter you replied to but I don’t get the impression that that’s the case.



  • You can self-host Bitwarden, too. My understanding is that VaultWarden is much simpler to self-host, though. Note that VaultWarden isn’t a “fork”; it’s a compatible rewrite in Rust (Bitwarden’s codebase, by contrast, is primarily C#).

    I also use Bitwarden and strongly prefer it over every other password manager I’ve tried or investigated, for what that’s worth. I’d recommend it to 99% of non-enterprise users (it’s probably great for enterprise use as well, TBF).

    The only use case I wouldn’t recommend it for is when you don’t want your passwords stored in the cloud, in which case KeePass is the way to go. To be clear, that recommendation does not apply if you’re syncing your vault with a cloud storage provider - even one you’re hosting, like SyncThing - even if your vault is encrypted. At that point just use Bitwarden or VaultWarden, because they’re at least audited with your use case in mind (Vaultwarden has only been audited once afaik, though).



  • I don’t think gravitational waves traveling at the speed of light is the same as the gravitational attraction being apparently felt faster than light travels.

    I don’t know how you would measure gravitational waves without measuring gravitational attraction.

    It’s not light that is “communicating” that attraction.

    Nobody said it was. The “speed of light” isn’t about “light”. Gravity propagates at the same speed, aka “c.”

    This Reddit discussion on r/AskPhysics might help clear up your misconceptions. Notably:

    Just to clarify: when people talk about the speed of gravity, they mean the speed at which changes propagate. It’s the answer to questions like: if I take the Sun and wiggle it around, how long does it take for the Earth to feel the varitation in the force of gravity? And the answer is that changes in gravity travel at the speed of light.

    But that’s not what you’re asking about. Whenever you’re close to the Earth, gravity is always acting on you: it’s not waiting until you step off a cliff, like in the Coyote and the Roadrunner. The very instant your foot is no longer on the ground, gravity will start to move it downwards. The only detail is that it takes some time for it to build up an appreciable speed, and this is what allows us to do stuff like jump over pits: if you’re fast enough, gravity won’t be able to accelerate you enough - but gravity is still there.

    I get the sense that you’re thinking about the second scenario when objecting to the concept that gravity travels at the speed of light.



  • I’m familiar with SSL in the context of webdev, where SSL (well, TLS) is standard, but there the standard only uses server certificates. Even as a best practice, consumer use cases for client certificates, where each client has a unique certificate, are extremely rare. In an app, I would assume that’s equally true, but that shared client certificates - where every install from Google Play uses the same certificate, possibly rotated from version to version, and likewise with other platforms, like the App Store, the apk you can download from their site, F-Droid, if they were on it, and releases of other apps that use the same servers, like Molly. Other platforms might share the same key or have different keys, but in either case, they’re shared among millions of users.

    I’m not sure Signal does have a client certificate, but I believe they do have a shared API access key that isn’t part of the source code, and which they (at least previously) prohibited the use of by FOSS forks (and refused to grant them their own key)

    That said, I reviewed that code, and while I’m not a big fan of Java and I’m not familiar with the Android APIs, I’m familiar with TLS connections in webdev, the terms are pretty similar cross-language, and I did work in Java for about five years, but I didn’t see anything when reviewing that file that makes me think client certificates are being generated or used. Can you elaborate on what I’m missing?