The biggest reason not to use a single account like this is that you lose everything if you lose the owning account. It’s bad advice to say you should absolutely do one or the other. It’s good advice to consider the risks.
The issue here is that Canonical pushed the snap install without warning about its reduced functionality. I don’t think highlighting a wildly different experience between a snap install and the Docker experience people are used to from the standard package install is “bashing it just because it’s popular to hate on snap.” For example, if you take a fresh Ubuntu server 22 install and use the snap package, not realizing that snaps have serious limitations which are not explicitly called out when the snap is offered in the installation process, you’re going to be confused unless you already have that knowledge. It also very helpfully masks everything so debugging is incredibly difficult if you are not already aware of the snap limitations.
It’s probably a good idea to have a stronger definition and mission. Here are a few scenarios you should consider.
FSF defines anything that’s not copyleft as hostile. That’s most companies. I personally don’t think I can tell my users what to do with my software other than remove my liability so I vehemently disagree with Stallman.
Mongo wrote the SSPL and MariaDB wrote the BSL. Both licenses are seen as regressions. I personally respect the MariaDB case and have been harassed by too many Mongo salespeople to say the same about them.
Platforms like AWS are the reason companies like CockroachDB and Elastic implemented restrictive licenses.
IBM has been gutting open source through its acquisition of Red Hat. This is a common story; Oracle has been screwing *nix longer.
Protecting trademarks causes a lot of consternation from users. The Rust Foundation is the most recent example of this I remember blowing up the FOSS community.
I like your idea a lot. I think it needs some definition to be very successful!
In all fairness to Pocket Casts, the yearly cost in the US is $40, which is about the monthly cost of the three things you mentioned together. If your country gives you yearly Google Play Pass, YouTube Premium, and Spotify Premium for less than $40 US, that’s a fucking steal.
In all fuck you to Pocket Casts, Basic App functionality like folders shouldn’t be behind a subscription. I can understand a one-time unlock fee for app functionality or ongoing subscription costs to cover cloud storage and sync capabilities. I cannot fucking understand why folders would cost me $40 US a year.
What about infrastructure costs? Are you comfortable making someone else pay for your access? What about the design and implementation of the API? Should all software be free?
Please note that I’m not trying to support this decision at all. I personally feel like API access is similar to SSO for enterprise stuff (check out sso.tax). I also feel like there should be some level of compensation and even profit so people can focus on building stuff like this. It’s really hard to define what that is, especially without transparent costs, which I don’t believe OpenSubtitles shares? Also they use super predatory ads so I don’t think they have any high ground to even suggest what I’m talking about.
I have attended or been involved with five different state universities and a few different community colleges. For computer science, aside from one glaring exception, the default has been some flavor of Linux. The earliest for me at a school was Fedora 7. I think they had been running Solaris in the late 90s; not sure what was before that.
The only glaring exception is Georgia Tech. Because of the spyware you have to install for tests, you have to use Windows. Windows in a VM can be flagged as cheating. I’m naming and shaming Georgia Tech because they push their online courses hard and then require an operating system that isn’t standard for all the other places I’ve been or audited courses.
This is a fundamental misunderstanding of Russell’s Teapot. If someone claims there is a teapot floating in space, cool, they need to prove its existence and the rest of us can go around as if one doesn’t exist. If someone claims there isn’t a teapot floating in space, now the burden of proof is on them. We can quickly exercise some critical thinking and realize that, while there might be a teapot in space someone brought with them and left, it’s not going to be beyond the asteroid belt.
Now do every belief system with empirical evidence. You can’t, primarily because belief in the logic used to prove that empirical evidence is the best evidence is itself a belief system. Changing any one of the axioms that underpin your methodology completely changes the methodology (eg parallel lines meet at infinity turns geometry into hyperbolic geometry). Furthermore, we can extend Gödel’s incompleteness theorems to any formal system, like you’re attempting to employ, and show that they can’t prove themselves.
In other words, we must take things on faith if we want to use logic and pull out statement related to logic like “burden of proof is on the positive.” You can believe whatever the fuck you want; you just can’t prove it and, in most metaphysical cases, you can’t disprove it either.
Again, fundamental misunderstanding of Russell’s Teapot. You’re attempting to talk about proof, using the language of logic, to make sweeping claims that logic cannot make.
If you’re saying we can neither prove nor disprove the metaphysical, we’re on the same page.
If you’re saying the metaphysical doesn’t exist because no one has proved it and they have to prove it first, you don’t understand how logic, as we understand it today, works.
Edit: to highlight your issues a little, “it doesn’t exist because it doesn’t exist” isn’t logically sound. Unlike Russell’s Teapot, circular logic is an actual, provable fallacy rather than a rhetorical tool that is not a result of logic. More importantly, you’re depending on logic as a system of faith, just like religion, unless you’ve found some results that contradict Gödel and company. We’ve made all of it up and, with our understanding today, it is not objective.
I’m okay with people using burner email addresses to get my free content, I just need to be able to filter them out of my list so it doesn’t drive up bounces and hurt deliverability.
AWS SES, for example, is fucking rabid about bounces. Being able to filter out addresses you know are going to bounce is pretty important.
Can a list like this be used for anti-privacy measures? Absolutely! Does that mean we should never create lists like this? For me that depends on whether or not you think we should prevent encryption because bad actors can use it for bad purposes.
You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down because of how others are abusing it. Should the original dev be punished by their email provider because they shouldn’t be allowed to use this? Should anything that has potential harm be required to be a private repo? Who gets to decide all of that?
In the interest of specifics, can you point to where this specific list has done harm? I spent a fair amount of time looking around to make sure I wasn’t going out on a limb for someone with neutral views.
Do I use an aliasing service that allows me to change the account emails point to? Yes. Can I access those accounts with access to my email? Yes.
The issue here is that if you lose access to social network that logs you into those things, you lose the account. If you have an actual account, not delegated access, you can still access the account with the social account.
I’m struggling to find some good article examples because Google is rolling out inactive account deletion and that’s polluting my search results. So go test this out yourself: go try to change the account name/email, password, or MFA for any of those accounts you use social auth for. Try figure out how you would log into without that social account. Next do the same thing with an account you don’t use social auth for.
I worked at one of the majors pre-Microsoft acquisition. “Highly skilled” is actually a relative comparison to the security teams at gaming companies, not an industry benchmark comparison. The bar for highly skilled plummets once you include things like social platforms, launchers, and telemetry.
But it’s not public. It’s a private blockchain. The immutable ledger aspect only matters if everyone can see the ledger. Otherwise we take at face value all of the things you said. Assume they run one node and that one node is compromised by a malicious actor. The system fails. Extend it to a limited number of nodes all controlled by SREs and assume an SRE is compromised (this kind of spearphishing is very common). The system fails again.
Sure, you can creatively figure out a way to manage the risks I’ve mentioned and others I haven’t thought of. The core issue, that it’s not public, still remains. If I’m supposed to trust Proton telling me the person I’m emailing is not the NSA pretending to be that person (as the Proton CEO suggested), I need to trust their verification system.