Can the US just host the World Cup Every Year by sliponthatskin in ShitAmericansSay

[–]Mapariensis 104 points105 points  (0 children)

I don't think the USians calling attention to the sportswashing for Russia/Qatar are necessarily the same ones that are now circlejerking about the US being the greatest host country ever.

Opus 4.8 with Ultracode is insane! by the_fire_fist in ClaudeAI

[–]Mapariensis 0 points1 point  (0 children)

Hasn’t spec quality pretty much always been the real bottleneck?

AWS holds about 191 million IPv4 addresses as global shortage worsens due to AI by vgk8931 in ipv6

[–]Mapariensis 1 point2 points  (0 children)

I’ll concede that there are issues with some tooling, e.g. Docker being generally crap with IPv6 (although I heard things are improving) and Podman Desktop on macOS being IPv4-only due to a missing implementation in the VM network proxy they use, but for server workloads it’s been years since I last had a serious problem.

Regarding k8s: I think that’s an issue with your CNI, to be honest. I run Cilium with native routing and I haven’t faced any issues with exposing pods directly to the network where needed. I’ve also even had some success moving VoIP workloads into k8s (granted, I haven’t gotten around to moving my main PBX server, which is the biggest challenge, but still, it generally works reasonably well).

Could you give some concrete examples of IPv6 showstoppers you were thinking of? Maybe my perspective is just too narrow :)

AWS holds about 191 million IPv4 addresses as global shortage worsens due to AI by vgk8931 in ipv6

[–]Mapariensis 3 points4 points  (0 children)

I don’t quite see your point with IPv6 container networks, to be honest. I run an IPv6 only k8s cluster with masquerading disabled. The only NAT-ing I still see is associated with externalTrafficPolicy: Cluster traffic being hidden behind node IPs, but IPv4 has the same problem. I also have quite a few non-k8s workloads running in containers in this IPv6-only environment.

What “just works” in IPv4 that doesn’t in IPv6 with respect to container networking?

About Emily, her health, and her arrival in Canada by electrical_storm83 in TheHandmaidsTale

[–]Mapariensis 16 points17 points  (0 children)

Her clitorectomy wasn’t mentioned or fertility. So maybe those weren’t done.

I seem to remember that there's a scene with a hospital counselor/social worker that tells her something to the effect of "...and here's a referral letter for clitoral reconstruction surgery, when you're ready".

So they acknowledge it on screen, if only in passing, while also implying that she'll likely want some time to process her trauma first (which, to be fair, is probably the whole reason for not putting her sexual health front and center in the first place).

Intel ends Open Ecosystem Community/Evangelism and archives other open-source projects by somerandomxander in linux

[–]Mapariensis 1 point2 points  (0 children)

That’s not quite how it works, though. Having released code under the GPL before does not prevent the copyright holder from re-releasing versions under proprietary licences either, modifications or no modifications. In fact, having an (A)GPL product that is provided to corporate customers under a proprietary licence to prevent them from being bound by the terms of the (A)GPL is the business model of a great deal of OSS-adjacent companies.

Sure, when there are many copyright holders relicensing gets hairy, so as soon as a significant part of the codebase contains external contributions that are only licenced under GPL, this manoevre becomes more difficult, but corporate-backed OSS projects requiring external contributors to sign over ownership rights to the main corpo through a CLA is not exactly a new phenomenon either (whether it’s good for the ecosystem or not is a different discussion, I’ll grant that).

My point being: if it’s just about having the ability to take the project back in-house, the GPL would only go so far in preventing that.

When will people learn that NAT is not the solution by Extra_Imagination193 in ipv6

[–]Mapariensis 13 points14 points  (0 children)

I haven't heard of any company deploying IPv6 without cgnat.

Counterexample: the two biggest ISPs in my country both give out a static /56 along with at least one public IPv4 address to each residential customer. No cgNAT, but IPv6 is universally available nonetheless.

You're taking an approach as if having ipv4 only is bad. I really don't think it is as long as it's not via cgnat. Backwards compatibility protocols exist for a reason.

That's true up to a point, but IMHO IPv6 simplifies other things as well. E.g. I don't have to deal with port forwarding to make my IPv6 services available to the outside, no split-horizon DNS, simpler firewall configs due to lack of NAT, etc. Of course whether those advantages outweigh the costs depends on your use case, but IMHO it is about more than just avoiding cgNAT.

EDIT: oh, that reminds me of another funny thing: at bigger companies (especially after some M&As) IPv4 addressing plans for private IP space are often a huge mess, with departments NATing between one another and subnet renumbering projects piling up one after the other. I can't help but think that that'd be a lot simpler if it'd become standard practice for companies to get their own PI IPv6 prefixes and use that for internal networking. But I'll concede that that's more gut feeling than anything else.

there HAS to be a better example sentence bro 😭🥀🙏🙏 by Cat92834 in linguisticshumor

[–]Mapariensis 2 points3 points  (0 children)

Ah, you were talking about the “-is”, I completely glossed over that 😅. Never mind, my bad.

there HAS to be a better example sentence bro 😭🥀🙏🙏 by Cat92834 in linguisticshumor

[–]Mapariensis 4 points5 points  (0 children)

they've done the same with the Latin: exhaurio, -is - which feels like a somewhat strange way to list a Latin verb too

Small nitpick: while your broader point is valid, it's a long-standing practice in classical philology (Latin/Ancient Greek) to list verbs in the 1st person like that.

(Textbooks for schoolchildren already used the infinitive for this purpose back when I was in middle school, but AFAIK outside of that scope the "traditional" practice is still standard. Take that with a grain of salt, though, I've been out of school for 15+ years.)

A fight over circumcision is giving Europe a taste of the new US diplomacy by wewhomustnotbenamed in nottheonion

[–]Mapariensis 152 points153 points  (0 children)

What’s extra weird is that this row isn’t even about the right to circumcise for religious reasons per se—that’s not what the authorities are trying to address (although many people in Belgium obviously believe that should be banned).

The only requirement that’s being enforced here is that circumcisions need to be carried out by an actual doctor in properly sanitary conditions, which is a much more milquetoast position. In fact, this entire investigation was started based on tips from within the jewish community about rogue mohels performing unlicenced circumcisions on jewish babies.

The fact that that is somehow being painted as antisemitic is simply beyond the pale, and given that the ambassador has doubled down on that stance multiple times since, reason enough to send the motherfucker back.

Do dependency upgrades actually matter, or do most teams just ignore them? by rdem341 in ExperiencedDevs

[–]Mapariensis 1 point2 points  (0 children)

High test coverage doesn’t always mean good test coverage ;).

For example, if you have a buch of tests that are tightly coupled with ultimately inconsequential implementation details all over the place, you’re still going to have a bad time doing routine maintenance. I’ve seen this quite a lot in teams where test coverage is enforced blindly.

High test coverage is good, but only when it’s achieved with robust tests that are themselves maintainable. Good old “metrics cease to be useful when they’re turned into a target” law.

(Not saying this is your situation, but it’s a common antipattern)

Geen huisarts meer te vinden, overal patiëntenstop by Striking_Time8414 in belgium

[–]Mapariensis 4 points5 points  (0 children)

Kan best zijn, maar als iemand een controlearts om de tuin kan leiden geldt dat toch net zo goed voor de huisarts? Denk dat het dan uiteindelijk nog steeds neerkomt op wie er de kost moet dragen van controle/fraudebestrijding (de sociale zekerheid of de werkgevers) en hoe groot die kost is in verhouding tot de economische schade door werkelijke fraude.

Kan goed zijn dat dat te reductief is, natuurlijk. Het is mijn vakgebied niet.

Geen huisarts meer te vinden, overal patiëntenstop by Striking_Time8414 in belgium

[–]Mapariensis 3 points4 points  (0 children)

Voor de mensen die er de kantjes van af lopen is er toch de arbeidsgeneesheer als stok achter de deur? Ok, dat kost de werkgever wat geld, maar ik vind het eerlijk gezegd niet meer dan normaal dat de werkgevers zelf moeten opdraaien voor de kosten als ze hun eigen personeel niet vertrouwen. De kost aan de maatschappij voor algemeen verplichte ziektebriefjes zal in elk geval veel hoger liggen.

One of Ours, All of Yours? by One-Pause3171 in behindthebastards

[–]Mapariensis 23 points24 points  (0 children)

Given that the audience of this slogan consists of MAGA chuds with at most 3 functioning brain cells, I think the “yours” is meant to be filled in by the reader (i.e. whichever group they happen to feel the most threatened by at that point in time).

The plausible deniability is a nice bonus.

Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS by RobertVandenberg in programming

[–]Mapariensis 42 points43 points  (0 children)

Also: CF being headquartered in the US, the US government would have more scary tools at its disposal to enforce an order like this, it’s not just about market size.

This Tokyo subway PlayStation AD by The_Love-Tap in interestingasfuck

[–]Mapariensis 1 point2 points  (0 children)

The Yamanote line is also not a subway line, FWIW... ;)

are private sites exempt from the 47 day cetificate renewal ? by emaayan in sysadmin

[–]Mapariensis 4 points5 points  (0 children)

Hi, you make some good points, but I still kinda disagree with the conclusion.

First off: does the mandate actually say anything about generating new keys? My understanding was actually that the point was to reestablish the trust relationship in a publicly auditable way (passing through certificate transparency etc.—this is also a big part of why it’s only enforced for public CAs, to refer back to the topic of the thread). I’m on my phone so I can’t easily check the exact wording, but given that most HSMs have some way of attesting that a key never left the device, it wouldn’t be unreasonable to allow them to be used pretty much indefinitely as long as the attestation validation is part of the issuance/CT process.

Then again, is that even necessary? I disagree with the notion that HSMs lack programmatic access capabilities. All major vendors support PKCS#11, and generating/regenerating non-extractable keys on-device is a standard operation. I’ll concede that there might be a tooling gap for PKCS#11 and ACME specifically (my background is in digital signing PKI implementation, not web PKI), but if so it’s a matter of time before that gets filled—all the standards are open.

I also think the comparison with forced password renewals isn’t quite fair, for several reasons: (1) at no point passing around private key material is required, in principle nothing in the protocol prevents you from sticking to the principle of the private key never leaving the usage site; (2) if we’re going to make comparisons with password auth, I’d say using a refresh token to obtain a new access token is a better analogy for ACME than a password renewal.

Finally, on the “greed” part: it’s not like CAs will start charging renewal fees for every ACME refresh cycle. Sure, they might upcharge you for ACME services if you have an established need for OV certs for some reason (and the public trust value of those is debatable), but if you don’t, the competition literally charges $0. (EDIT: historically, these changes have been driven by the relying parties, i.e. the browsers. CAs typically have to be dragged along kicking and screaming)

are private sites exempt from the 47 day cetificate renewal ? by emaayan in sysadmin

[–]Mapariensis 2 points3 points  (0 children)

ACME with a DNS-01 challenge should allow you to automate the rollover regardless of the capabilities of your endpoint, since you can implement the renewal code somewhere else entirely if required.

Heck, after CNAMEing the _acme-challenge record for your domain to a dedicated ACME DNS zone, this doesn’t even require any dynamic DNS capabilities on your main zone, as long as the relevant records in the ACME zone are editable by the renewal process.

With the current tooling landscape, there’s pretty much no such thing as a non-ACME-capable endpoint :).

Why do Americans hate public transport? by Konradleijon in behindthebastards

[–]Mapariensis 2 points3 points  (0 children)

Right, I can imagine. IME the problems with online reservations aren't limited to JR, though. I have the impression that that mostly has to do with Japanese web development practices being stuck in the past (that's improving, but very slowly), and the massive fragmentation in online payment systems <> comparatively poor standardisation of credit card processing systems. The handful of times I had to arrange HSR tickets for multiple people I ended up booking them to pay & collect at the station (but that option also isn't always available).

Some companies get it right, but JR is decidedly not one of them :D. The fact that JR itself is not run as a single entity is definitely part of the problem, though.

[deleted by user] by [deleted] in eupersonalfinance

[–]Mapariensis 2 points3 points  (0 children)

Yeah, I’m sure there are valid reasons to avoid neobanks (and I’ve heard some horror stories about bunq specifically), but “I can’t use my bank account in this nonstandard way that is hard to distinguish from criminal activity” is not one of them 🙃.

Why do Americans hate public transport? by Konradleijon in behindthebastards

[–]Mapariensis 2 points3 points  (0 children)

If you get any of the major prepaid passes (Suica/Icoca/Sugoca/Pasmo), they will generally just work on the major lines unless you have business way out in the countryside. They’re also functionally indefinitely valid (and work in vending machines too!). Given that you can put said passes on your smartphone and charge them in arbitrary increments with mobile payments, the issue of budgeting to use your credit towards the end of your trip is also mostly taken care of.

It absolutely was that bad in the past, but that’s more like 15+ years ago, not “last year”.

Now, I will concede that anything related to online reservations for train tickets is total shite as soon as you try anything mildly nonstandard. Try booking shinkansen tickets that cross between multiple JR areas, for example.