That’d be nice.

The frustrating thing is we’ve already learned this lesson. But b/c people don’t pay attention in school, we have to learn it the hard way all over again.

Honestly, a recession would be best case, wouldn’t it? Everything I read makes it seem like a depression is inevitable.

How about fucking doing anything?

With a firm minority in both chambers of Congress, what, exactly, would you have them do besides raise awareness? This problem is on the voters who elected all these clowns, and right now, they’re the only ones who can fix it. And that’s not going to happen until 2026.

Dennis Takes a Mental Health Day is probably the most accurate portrayal of me ever written.

I flat-out refuse to do business with any that requires I use an app. I won’t even scan a QR code for a restaurant menu; that’s my cue to go eat elsewhere.

Those truck nuts are clearly aftermarket / gender-affirming care. Someone should point that out to the truck’s owner.

See post edit. I’ve already answered that twice.

If they expected you to read the install script, they’d tell you to download and run it. It’s presented here for lazy people in a “trust me, bro, nothing could ever go wrong” form.

• There are SHA256 checksums of each binary file available in each release on Github. You can confirm the binary was not tampered with by comparing a locally computed checksum to the value in the release’s checksums file.

• Binaries can also be signed (not that signing keys have never leaked, but it’s still one step in the chain of trust)

• The install script is not hosted on Github. A misconfigured / compromised server can allow a bad actor to tamper with the install script that gets piped directly into your shell. The domain could also lapse and be re-registered by a bad actor to point to a malicious script. Really, there’s lots of things that can go wrong with that.

1. That’s been the way to acquire software since shortly after the dawn of time. You already know what you’re getting yourself into.
2. There are SHA256 checksums of each binary file available in each release on Github. You can confirm the binary was not tampered with by comparing a locally computed checksum to the value in the release’s checksums file.
3. Binaries can also be signed (not that signing keys have never leaked, but it’s still one step in the chain of trust)
4. The install script is not hosted on Github. A misconfigured / compromised server can allow a bad actor to tamper with the install script that gets piped directly into your shell. The domain could also lapse and be re-registered by a bad actor to point to a malicious script. Really, there’s lots of things that can go wrong with that.

The point is that it is bad practice to just pipe a script to be directly executed in your shell. Developers should not normalize that bad practice

I mean, how about:

1. Download the release for your arch from the releases page.
2. Extract to ~/.local/bin
3. Run

Oh, we can do that too, at least to varying degrees. Depends on the bank and what services they offer.

My bank will at least do what’s called “Bill Pay”. It’s (mostly) the equivalent of me telling the bank to write and mail a check to a company on my behalf. I don’t currently have that setup, but it is something I’m looking into. It’s been available for a long time, but years and years ago when I looked into it, only certain companies/utilities were supported by my bank.

It’s not like they are a secret.

They’re also not public info, either. Typically they’re combined with name, address, etc for fraud protection, but those details are even easier to acquire than account numbers. The routing numbers are public information, though. In the result of a data breach, a bad actor has everything they need.

What are any potential hackers going to to with my bank account numbers?

Just about anything they want since they’ll likely have your personal details too. When adding a bank account to any of my utility payment accounts, there is no verification whatsoever; enter details, authorize payment.

I don’t use CashApp and the like, but in the past, PayPal would deposit a few cents into the account, and you had to verify ownership of the account by entering those random amounts into the signup form to complete the process. That’s also trivially defeated if enough of your data was breached and in the hands of an attacker (e.g. call the bank, pretend to be you, and ask for the info).

Not to mention, why would attackers in phishing/scam emails ask for bank details if they’re not secret or are useless?

Yeah, I’ve been meaning to look into that. Especially so I can start unlinking my bank details from sites that will eventually expose them in a breach.

That maximizes my costs as well (plus hassle). I don’t even own a checkbook.

Gotta do what you gotta do 🤷‍♂️

I think fry.gs is the main mod’s own instance.

Though best practice, as much as it exists in the Fediverse, would be to host the community assets from the home instance of the community.

Please upload the icon/baner to LW instead of from a 3rd party instance. This is the second recent time these have broken.

And this is why every time a developer asks me for shell access to any of the deployment servers, I flat out deny the request.

Good on you for learning from your mistakes, but a perfect example for why I only let sysadmins into the systems.

I’m…speechless and all out of snark on this one. This is fucking horrifying.

Single-issue voters who threw their vote away or sat out and did not help stop this, well, hope you’re happy with your choices.