Yeah I don’t think the multi-select listboxes have really changed much since the days of Internet Explorer 3 and Netscape Navigator. Out of all the standard form components you can use in HTML, it’s probably the one most in need of improvements.

I’ve used software where you have to ctrl click but I’m not sure I’ve ever come across another website where this is the case

This is the standard behaviour on the web for lists where you can select multiple options. See the example here for instance: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/select#advanced_select_with_multiple_features

Most sites have a custom version though, since the built-in HTML element has such a poor user experience. I really wish browsers would just switch it to be a list with checkboxes.

The behaviour was based on Windows desktop apps in the 90s (where this behaviour was way more common), but after a while, most things switched to checkbox lists instead.

Realistically the solution would be instances moving away from the Lemmy ‘brand’

This is a great idea, and I think some instances do this. I seem to remember Beehaw taking this approach. Similar to forums - each forum has a different name even if they use the same software.

The tricky part for regular users to understand is that if they sign up on one server, they can still access content on others. Old-school internet users thay used to use Usenet would understand it (Usenet functioned the same way) but the majority of users are used to centralized services these days, which makes it hard.

My only thought here is the words like federation and instances getting people hung up. Maybe join-lemmy.org being a highly ranked site is doing more harm than good by creating an additional barrier to the instances and content.

The thing is, that’s a fundamental feature of Lemmy. It’s designed such that no one person or company controls the whole thing. Admins that have differing opinions can each have their own servers with whatever rules they want.

That makes it somewhat incompatible with a a basic signup page like what you’re proposing, just like you can’t have a generic “sign up for email” page without picking a specific provider. Having a huge number of users on a single server somewhat defeats the purpose of decentralization - you’re back to a small number of people / a company having control over a major part of the ecosystem.

Perhaps it could redirect people to a randomly selected instance from a hand-picked list, but maybe that’d be even more confusing? I’m not sure.

For storing the backups, I use a storage VPS. I got one from HostHatch a few years ago during Black Friday sales, with 10TB space for $10/month. Hetzner have good deals with their storage boxes, too - they offer 5TB space for $13/month if you’re in the USA (you need to add VAT if you’re in Europe).

A good rule of thumb is to never pay more than $5/TB/month, and during Black Friday it’s closer to $2/TB/month. The LowEndTalk forum has the best Black Friday deals.

I use Borgbackup for backups, and Borgmatic to handle scheduling them. Borgbackup is a fantastic piece of software.

Borgmatic has an “append only” mode which lets you configure particular SSH keys to only be able to add data to the backup, not delete it. Even if someone/something (ransomware, malicious users, etc) gains access to your system and tries to delete the backups, they can’t. Essentially, this is protection against ransomware.

This is a very common issue with other backup solutions - the client has full access to the backup, so malware on the client system could potentially delete all the backups.

I have two backup copies of most things. One copy on my home server and one copy on my storage VPS. If you do do multiple backups, Borgbackup recommend doing two separate backups rather than doing one then rsyncing it to another server.

Crowdsec blocks login attempts too.

you immediately tie the permanent accessibility of your local files to you retaining access to a cloud account?

The Microsoft account holds a backup of the recovery key, which you need to use to restore access in if you do something like significantly change the hardware or move the drive to a different system (which are effectively the same thing).

You don’t need it for day-to-day use of the system, and you can also just get the recovery key and print it out or write it down somewhere, which is usually how it’s handled on systems that don’t use a Microsoft account.

Say, Veracrypt is churning away in the background. Why would one leave Bitlocker activated?

That’s a good point.

You have different opinions on TPM and the prevalence of evil maids than me, fair

I work at a big tech company so have to be vigilant even with my personal systems :)

the premise of the thread

Some of the things mentioned in the OP don’t actually happen in real life, though. Bitlocker is only automatically activated if you use a Microsoft account to log in, and why wouldn’t you know the account credentials if it’s what you use to log in?

doesn’t rely on TPM and secureboot silliness

TPM is optional (but recommended) for Bitlocker. Practically every computer released in the past 10 years has TPM support.

Secure boot is needed to ensure that the boot is secure and thus it’s okay to load the encryption key. Without it, a rootkit could be injected that steals the encryption key.

You generally want to use TPM and secure boot on Linux too, not just on Windows. You need secure boot to prevent an “evil maid attack”

You can install Dropbear into your initramfs and configure it to allow entering the encryption key via SSH. Example guide I found: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/

You do have to have an unencrypted /boot, but the rest of the system can be encrypted. This uses a separate authorized_keys file embedded within the initramfs.

I know, I just meant why would someone willingly disable Bitlocker?

It sounds like you’re complaining about both approaches.

If Microsoft doesn’t have the key: You can’t recover your files if you lose it.

If Microsoft does have the key: An attacker could get in and take it (unlikely if you have two factor auth though) and you need to trust Microsoft.

And Micosoft stores that key in plain text.

How do you know this, though? It could be encrypted using your account password as a key or seed.

But it also has the superior option which is to turn it off.

Why would you not want to encrypt your files? My Linux systems are encrypted too.

Does this have a way of sharing a directory publicly?

I think OP means “just work” as in the OS is preinstalled. Framework do support Linux but they don’t preinstall a distro for you.

Having said that, I’ve got a Framework 16 and it’s very nice.

What Ethernet chip do they use?

I’ve got a Framework 16 and all components work on both Fedora and Debian without installing custom drivers, so I’m surprised it’s still an issue for some laptops.

Haven’t watched the video yet, but in theory you can do anything in Excel on Windows since it can load COM/ActiveX components written in C / C++ / whatever language you want.

It was missing a bunch of features last time I tried it - no crossfades, no automatic playlists (for things like liked songs, decades, etc), no artist radio (play an artist plus similar artists), no way to play sonically similar songs (based on server-side analysis), no loudness leveling, no Android Auto. Maybe it’s improved now - I’ll have to give it another shot.

Unfortunately I’m not sure I know enough about audio processing and similarity analysis to be able to implement those features myself.

Or a long time Debian user from before the apt command!

apt and apt-get both use dpkg internally, but these days it’s essentially seen as an implementation detail that regular users don’t need to know about.

dpkg doesn’t resolve dependencies (that’s a feature of apt) which means that if you install a Debian package with dpkg, you’ll have to manually install all dependencies first, and they won’t be marked as automatically installed (so autoremove won’t remove them if they’re not needed any more). Using apt solves that.

The web suggests dpkg because either the articles are old, or they’re based on outdated knowledge :)

Yeah, unfortunately it’s closed-source. It’s a good app though! If you build something similar that’s fully open source, with an Android app and Android Auto support, then I’d definitely be interested in trying it.