The biggest items on the graph are all out of bounds accesses, use-after-free and overflows. It is undeniable that memory safe languages help reducing vulnerabilities, we know for decades that memory corruption vulnerabilities are both the most common and the most severe in programs written in memory-unsafe languages.

Unsafe rust is also not turning off every safety feature, and it's much better to have clear highlighted and isolated parts of code that are unsafe, which can be more easily reviewed and tested, compared to everything suffering from those problems.

I don't think there is debate here, rewriting is a huge effort, but the fact that using C is prone to memory corruption vulnerabilities and memory-safe languages are better from that regard is a fact.

AFAIK I know that SSH has MaxAuthTries and LoginGraceTime, but all it does is terminating the SSH session (I.e. slow down at most), it won't block the IP via firewall or configuration.

Not sure if there is a recent feature that does the same.

Fair question. What I meant is that suggesting that would have made the whole post 10 lines long and not worth doing. So I avoided such suggestions that completely change the threat model.

It's not useless to avoid a good security posture (although you might have concerns of a monopoly gatekeeping the internet, TLS traffic inspection privacy concerns etc.), on the contrary makes everything I have written about here redundant (+ provide more, like DDoS protection) as you are outsourcing the security controls.

Yes, pretty much that. Plus some configuration might be easier with a DNS hosting. But the main benefit is decoupling domain and DNS for easier change.

Desec.io is a good option. To be honest using cloudflare just for DNS is completely OK. It's not a service that allows spying on you or consolidates their monopoly.

Oh Yeah, Porkbun does have API (it seems since sometime last year? ). I think also Cloudflare, Namecheap and many others do too.

I agree about GoDaddy. It was an original sin for me to use them years ago, and I was lazy with just one domain that I use for most of my emails etc. I deferred the move for a while and then - how it often happens - I had to do it in "emergency" mode.

I am sorry! As an amateur landscape photographer I actually like very much those clouds. There are a few r-word posts about people hating those clouds though, but I checked and they are nowhere near as long as you would expect a proper rant to be

I feel you very much. Security work is also somewhat similar.

I think this takes a way basically the component that made it interesting, understanding what you are doing to the point that you can build stuff.

it's about learning specific applets and features to click on and running down daily and weekly checklists.

Well said.

I would also add security, or at least accessible security. Containers provide a number of isolation features out-of-the-box or extremely easy to configure which other systems require way more effort to achieve, or can't achieve.

Ironically, after some conversation on the topic here on Lemmy I compiled a blog post about it.

Polished doesn't mean functional or ergonomic, which is something I value a lot. The ability to customize what I want easily is also something that Linux offers much more directly than macOS (which is the definition of getting in the way).

Again, I totally believe that for someone the Mac experience can be superior, but it depends on preference, use, habits and priorities.

They did not disclosing any content of any email. They disclosed the very little they have. Once they have been forced to log IP addresses and that was turned to law enforcement, another time they were forced to disclose a recovery email address. These facts if anything should help build trust in proton, as they show how little they collect and therefore can disclose. With signal is the same, they collect super minimal info (the time you last logged in and a couple more data points, I think), and that's what they disclosed in the past.

It's a non-news.

The law - for good or for bad - is what defines rights. If there is a judge which says that an investigation has to happen, and also the companies ensured that the claim is legit (you see from the stats that the context 15-20% of the data requests), then what else can be done?

You cannot operate illegally, so either you comply or you shut down.