„How do you know” is such a powerful question.

I especially like the Electrolux one. It’s simple, memorable, and once you see a butt and bikini, you can’t unsee it.

Thanks, I hate it!

I’ve been hoping for it to become widely available since first reading about it somewhere south of 2010. But I guess it would need to become easily manufacturable in local pharmacies for procedure to become widespread.

First, Omarchy doesn’t need funding or partners. It’s backed by a Nazi multimillionaire.

Second, the whole apolitical argument is bullshit. Everything is political. Support for a distro that doesn’t really need support by nature of being a child of a Nazi multimillionaire is a support for that Nazi multimillionaire.

“We didn’t support them because of that” means nothing. The support still sends a message. Just like artist loses control over interpretation of their art the moment they release it, people lose control over interpretation of their actions the moment they act. Does it sound fair? Maybe not, but it’s how reality works.

I’d probably add that for something like nextcloud granted scopes can be an „orthogonal”–for the lack of a better word–subset of requested scopes.

The set of requestable scopes has to be defined by the system itself, not its specific configuration. E.g. „files:manage”, „talk:manage”, „mail:read” are all general capabilities the system offers.

However, as a user I can have a local configuration that adds granularity to the grants I issue. E.g.: „files:manage in specific folders” or „mail:read for specific domains or groups only” are user trust statements that fit into the capability matrix but add an additional and preferably invisible layer of access control.

It’s a fairly rare feature in the wild and is a potential UX pitfall, but it can be useful as an advanced option on the grant page, or as a separate access control for issued grants.

https://oauth.net/articles/authentication/

That aside, why is nextcloud asking for scopes from remote API in the diagram? What is drawn on the diagram has little to do with OAuth scopes, but rather looks like an attempt to wrap ACL repository access into a new vocabulary.

Scopes issued by the OAuth authorization server can be hidden entirely. The issuer doesn’t hold any obligation to share them with authorized party since they are dedicated for internal use and can be propagated via invisible or opaque means.

I really can’t figure out what’s going on with that diagram.

Yeah, had to dive in myself.

The answer is no, they can’t. You need to pass /dev/kvm and /dev/net/tun in a composefile for a reason.

There’s no „windows in docker”, but rather „handy windows vm orchestrator with nice UI in a container”. A bit of a mouthful.

• ssh to remote, forwarding some remote port to your local ssh port (-R)
• ssh from remote through the exposed port, starting socks proxy in the process (-D)
• use socks proxy explicitly or find some tool that can route the traffic into it

Similar approach can be used to establish VPN tunnel with no encryption (ssh already provides that), routing everything but your ssh connection through it.

• ssh to remote, reverse forwarding your VPN-over-tcp server’s listening port
• establish vpn connection on remote, route everything but your ssh connection through the newly established interface

It will be wasteful, but it will work.

If the average user

Proceeds to describe a task average users never perform.

And no, you having been a smart child doesn’t excuse you being an obtuse adult.

Good point.

Gl.iNet is a great value router, but if you want to do anything really interesting, it won’t do.

I have Slate AX chugging along, and have been eyeing teklager boxes to do actual routing, with slate as an access point.

Same weird non-sequiturs chain that foobar2000 author uses.

They could’ve honestly said “I don’t wanna”, and that would be the end of it.

Considering that git doesn’t need federation, and email is the grandfather of federation, sourcehut has a working version of it this very moment.