There's a difference between S3 API spec and what Amazon does with S3 - for isntance, the new CAS capabilities with Amazon are not part of the spec.
Ceph certainly implements the full API spec, though it may lag behind some changes.
It's mostly a question of engineering time available to the projects to keep up with changes.
It already exists, it’s their Bring Your Own Cloud offering.
It’s to retain customers that grew big enough on Grafana Cloud to justify having their own in-house team run the tools instead. So Grafana offers them a pricing where the Grafana engineers operate the platform within the customer’s cloud account. Very large customers get to keep not having to operate and build/hire for the expertise, and save some money.
Sure some companies are big enough to make it worth it and still want to run their own OSS observability stack, but it’s generally not going to be popular with executive decision-makers, so it likely will remain rare. And if they do run it, Grafana still benefits from their contributions to AGPL code.
On the low-spending end, OSS users not buying cloud would not really be a serious revenue concern. They just don’t spend enough. You use cloud if tou have super broad product usage, so you don’t have to run and maintain Grafana, Mimir, Loki, Tempo, Pyroscope, k6, etc. all yourself.
If you don’t want or need all that, you run Loki+Grafana yourself and enjoy.
“Anti-personal mobility” is beyond absurd, absolute loony-bin stuff.
“Anti-personal mobility advocates” do not exist. Transit advocates exist, and improvements in transit also massively benefit those who need to or prefer to drive.
Most motorists absolutely hate e-scooters and e-bikes. They hate them with a white-hot passion. You will never see more road rage than against a scooter when I ride it in a traffic lane. The scooter goes about 17mph, and with 3+ traffic lanes available to cars, they will pile up behind a scooter, scream out their open windows, honk and cut me off, and spit in my face: yes literally spit all over my face, because they hate personal mobility so much.
Motorists hate anything that isn't a car and is in their way. Motorists hate Critical Mass; they hate light rail or streetcars that hog their rights-of-way; they hate pedestrians (especially when pedestrians aren't wearing the right clothes); they hate Lyft, Uber, and Waymo especially; they hate big trucks and they hate Amish people with horse-drawn buggies.
Motorists will establish coalitions to vote against public transit measures in their home towns. They have come out in City Council and other public meetings, to protest and rail, so to speak, to rail against the expansion of light rail into their neighborhoods, because not only do they hate the construction, but they hate the "type of people" that light rail brings, and ultimately they hate the gentrification that comes from a fixed-route project that will ultimately close their shitty exploitive businesses and replace them with more elevated exploitation and richer moguls.
As someone who's canvassed on transit and bike mobility issues before, I think you've spent too long in online urbanism circles. There's a kernel of truth in what you say but it's exaggerated and victimized way too much. Your examples are also pretty textbook online urbanism and ignores other vulnerable road users (motorcycles, mobility scooters, etc)
No, in fact, my assertions are wholly based on in-person interactions with motorists, in conversation and on the roads. I’ve literally been spit upon and road-raged, and many voters and taxi drivers have expressed their sheer hatred and opposition to public transit.
My assertions have nothing to do with “online circles” except here where I am breaking the bad news to y’all.
If you haven't spent time in "online circles" then why is your understanding of vulnerable road users and non-car options limited to only bikes, light rail, and Critical Mass? What about rail trails projects? Does your area follow any NACTO guidelines? How does your DOT/DPW see things?
I don't deny the general idea that motorists in the US tend to have a crab mentality on the road where they want and expect everyone in the road to only be other drivers. I've also been sneered at in various ways in every non car form of transit I've been in.
If anything, the commenter's circumscribed scope of discussion only reinforces the point that they are informed by personal experience and not the internet echo chamber. Whereas you are throwing out these gatekeep-y acronyms to establish transit advocate street cred.
In my town the issues are rail trails and kids dying on e-bikes. Are my opinions on rail banking invalid if I don't know all the rules about wheelchair access ramps at the station? Come on now.
If you're going to post something as contrarian as they did then yes. Cars are popular and the American built environment is oriented around them. You might not like it, but nobody will take your seriously if you don't acknowledge the status quo.
The exact set of topics they brought up are very online. I may be wrong about their experience with urbanism but it literally looks like something out of r/fuckcars
Or they're just one of the many people who experienced a similar "what radicalized you" moment.
This type hate is part of the status quo with cars. I've been on both sides of it - there are times I catch the entitlement building within myself as a driver!
e-scooters kind of sit in an uncanny valley of shittiness. I'll upfront say it's not at all fair to anyone using them responsibly, but there's a lot of cultural baggage that is going to make them uniquely reviled compared to alternatives. For instance, I've longboarded all around the city of Dallas for years and nobody has ever honked at, cut me off, or spit on me. But temporary rental scooters with no permanent docking station carry with them the stigma of:
- People riding them on sidewalks to putting pedestrians in danger
- "Parking" them right in front of someone's gate, blocking the entrance to their house
- Obviously drunk partiers using them in lieu of getting a ride or taking the bus
- Groups of them sitting around half knocked over completely blocking a sidewalk or other pathway meant for cyclists, runners, walkers, and other pedestrians
Fair or not, you're like the kid using a razor scooter at the skate park. Nobody likes you but it doesn't mean they hate everyone at the skate park. They just hate scooter kids.
Yeah I do not think there are any serious transit advocates that put time into advocating for e-scooters. They are worse and more dangerous than bikes and e-bikes in every possible way.
And any bike lane infrastructure would benefit e-scooters anyway, so riding them in the road at 30mph below the flow of traffic is a sad hill to die on.
at least in England, if you use an e-scooter while under the influence of alcohol, that equates to a motoring offence whereby incurring (car) driving licence penalties, driving licence disquaifications (bans), fines, and imprisonment all apply, depending on circumstances and severity. I'm not sure if/why it would be different anywhere else
I assumed comment is referring to people that advocate for transit as “anti-personal mobility”, they are counting cars as the only “personal mobility” which is beyond laughable.
At this point S3 is an API spec more than a particular system. Plenty of things only work against the S3 API spec since the implementations have become such popular and relatively cheap and performant storage systems.
It gives a nice limited surface area that doesn't allow you to do things that can get too complex or can vary too much across filesystems, etc.
AI as advanced fuzz-testing is ridiculously helpful though - hardly any bug you can in this sort of advanced system is a specification logic bug. It's low-level security-based stuff, finding ways to DDOS a local process, or work around OS-level security restrictions, etc.
I'm kind of doubtful that AI is all that great at fuzz testing. Putting that aside though, we are talking about web browsers here. Security issues from bad specification or misunderstanding the specification is relatively common.
I'd consider another Keychron (my first mechanical since a couple of AT and PS/2 Model M and variant devices I had years and years ago) and I like some stuff about it and definitely like the price, but would look for a model with a few differences next time and probably skip Keychron if I couldn't get all of these fixed in one of their boards:
1 - Longer battery life (I have a bluetooth + plug-in model). The battery life is crazy-low, even when not in use and the lights are turned off. I keep it plugged in all the time, as a result. I don't really get why it can't last, idle, about as long as a game controller does (many weeks! And those don't have much space for batteries).
2 - No light pattern button. That thing exists only to accidentally hit and switch it away from "gently and evenly lit" which is one of the very-few non-insane patterns available. Brush it by accident, there goes a minute or so of your time getting it back to something that's not trying to look like a disco ball. And it's right on the corner, so you will hit it by accident when moving the keyboard around or reaching for something just past it. Easily my least-favorite thing about the board, despite how bad the next item is.
3 - Mine has a kind of tray-design around the edge, resulting in about a 1/8" lip, that looks very cheap to assemble (so that's nice, lower price) but means it collects EVERYTHING out of the air and is a pain in the ass to clean. It also makes it look kinda like someone's 3D printed hobby project. Like it's an ugly keyboard, both because of the design and because it's visibly collecting dust and hair just a few days after its last keys-removed full cleaning.
I disabled the lighting on my Keychron Q1 Max due to the battery drain. With it on (on the lowest glow possible), it would barely last a week. With it off? I go literal months without charging it back up, and it's used wirelessly 100% of the time, both via Bluetooth and 2.4 GHz.
Same on my K8. It’s holding down something and the light buttons.
It’s a godsend, all I want is dim-ish blue lights, but I’d keep coming back to it doing rainbow patterns and flashes that I’m sure some people love but I find really distracting.
I recently bought a Keychron, but I'm not wildly enthusiastic yet. It's very thick; much thicker than the 2002 Dell keyboard it's replacing. And the key press feels very spongy. I suspect I might prefer clacky keyboards after all.
Yeah I would certainly only recommend a hotswap model, even if someone isn't into keyswitches that much, they still probably have a preferred feel that they want to go for.
In reality most $Evilcorp have policies against AGPLv3, which is why projects can make moneh selling a less-restricted enterprise license for the same code.
I often hear this but I don’t really understand it. Not saying you need to explain it to me but what is the issue with AGPLv3 that turns those corporations away?
To my non-lawyer eyes it looks like MIT or Apache2 but modifications need to be made public as well.
If you don’t make any modifications then it should be fine?
Or do most $Evilcorp aim to make modifications?
Or is AGPLv3 something like garlic against vampires (doesn’t make sense but seems to work)?
AGPLv3 includes that “distribution” includes essentially communicating with the service over the network, as opposed to the GPL concept of like, sending a shrink wrapped binary that someone downloads and runs themselves.
So basically they are worried that they have no way of avoiding one or more of their tens of thousands of engineers “distributing” it to customers by including it in some sort of publicly accessible service.
AFAIK there’s no settled case regarding what level of network communication qualifies - like if I run a CRUD app on Postgres and Postgres was AGPL, am I distributing Postgres?
Now the second part is that you only have to give out your changes to the AGPL software to those that it was “distributed” to. Most people aren’t changing it! If anything they’re just running a control plane in front of it…
but it goes back to the corporate legal perspective of “better safe than sorry” - we can’t guarantee that one of our engineers, isn’t changing it in some way that would expose company internals, then triggering a condition where they have to distribute those private changes publicly.
As a general rule I install none of these web conferencing things on my machine. Either the browser version works fine, as Google Meet, Zoom, Teams and even WebEx all do, or this is not a meeting I need to be on.
Exactly the same. Moreover my main work machine, the one I call my "workstation", doesn't even have sound. No videos. No meetings from that one. And that's the machine to which the Yubikeys are hooked.
I've got plenty of machines, including that one shitty laptop I trust even less than the rest. Arguably the only way to operate securely is to consider that most devices in your house (and at work) are compromised and hostile, that most networks are trying to fuck you up (for example not HTTP at my home: simply none, it's not allowed) and that they're really out there to get you. And, yet, to have a setup that works.
Same things with my phones: I've got one real phone, with two apps I added to it. Country's mandatory EID app and brokerage's 2FA app. And that's it. Nothing else. Nada. Zilch. One phone, two apps. No email account. Nothing.
Then I've got another phone, with another subscription, where I've got Telegram, that app to see the targets at the shooting range (long distance shooting: there are webcams in front of targets so you can see where you hit), the home automation apps, etc. All those shitty phone apps developped by clueless devs: they go on that phone. The email? Some throwaway email account I don't care about. You can 0-day that phone: I wouldn't give a shit. And I tell people: "My name on Telegram ain't my real name" and they love it. Non-technical people: they begin to understand and they love it.
People are going to need to step up their security game big times now for I think we're in for quite a wild ride.
I know it's bad but I'm not going to say there's not some schadenfreude seeing what happens to those who were calling others "paranoid".
I mean: we're talking about people "quickly installing software (as admin/root)" on their main machine.
The road is going to be long for it's an entire shift of mindset that's now required.
Convenience vs security: you pick. Video call vs major project compromised: you pick.
The vindictive side of me hopes the cybersecurity "rug" is pulled out from underneath all these companies (new & old) who don't appreciate craftsmanship. I don't think we need regulations, but companies need to suffer when they drop the ball
Does not seem like they specified whether it was browser or desktop teams, but either way it asked him to install an actual system package which you should never do anyway.
The relevant part is:
* they scheduled a meeting with me to connect. the meeting was on ms teams. the meeting had what seemed to be a group of people that were involved.
* the meeting said something on my system was out of date. i installed the missing item as i presumed it was something to do with teams, and this was the RAT.
Twilio is the DataDog / Microsoft of telecom APIs. The only reason you buy them is because it's the biggest name, or you have already integrated them so deeply that you're unwilling to rip it out.
Their price structure also has a huge floor because they're not a carrier so they have to
buy everything from real carriers.
Telnyx is actually a registered carrier so other carriers are forced by law to peer with them at lower prices.
There are other low-cost SMS API providers but AFAIK none are actual carriers and they maintain the cost by only doing messaging and relying on enormous volume to make up for tiny margins - their profitability and therefore longevity are tenuous IMO.
> Telnyx is actually a registered carrier so other carriers are forced by law to peer with them at lower prices.
> There are other low-cost SMS API providers but AFAIK none are actual carriers and they maintain the cost by only doing messaging and relying on enormous volume to make up for tiny margins - their profitability and therefore longevity are tenuous IMO.
Depending on what you're doing, chances are you're better off ignoring everything an aggregator tells you. Measure delivery through actual user measures and cost keep active accounts with multiple providers and shift traffic where the cost/success is best for a given group of users (country/carrier/etc).
All the aggregators will tell you they have global coverage and that they use 100% direct routes, and they're all lieing.
While this is somewhat true, the point of being a registered carrier is that most countries regulate that registered carriers must peer with each other at much lower costs.
It is nearly-impossible to get "direct routes" everywhere, mostly because of the logistics of signing all those agreements.
But you will generally be much better off with an actual registered carrier because they have better access to direct agreements with regulated pricing.
Ceph certainly implements the full API spec, though it may lag behind some changes. It's mostly a question of engineering time available to the projects to keep up with changes.
reply