Maybe not updating bot mitigation fast enough would cause an even bigger outage. We don’t know from the outside.

It wasn’t an unintentional update though, it was an intentional update with a bug.

5 minutes of uninterrupted DDoS traffic from a bot farm would be pretty bad.

Lemmy.World is part of the FediHosting Foundation

Says the sidebar on https://lemmy.world/

Yes, because scale is not the same as redundancy.

Scale, they need worldwide coverage.

https://mastodon.world/@Mer__edith/115445705126997025

I enjoy solving problems and tinkering, in math class the problem were always way too theoretical. In physics that same math became interesting because it had an application.

That might be true, I don’t know much about GrapheneOS. But I do know that users of open source projects expecting changes to come out of thin air, and filing bugs when they don’t, is hurting the volunteers behind open source projects. So we should all make sure to volunteer some of our own time or money to keep the projects we love going, instead of just expecting them to fix the things we dislike.

Theoretically it might be, but it’s another patch you’ll have to maintain

But if Graphene chooses not to do this, they diverge from the Android project. Which will take more time to maintain the project which will ultimately lead to more developers burning out and dropping out of the project.

It doesn’t need to be affected, but most open source projects don’t have the resources to keep going against big companies when most of their users aren’t contributing.

Does that contradict what I said? Sure, HTTP 1 is still widely used, but without TLS you can’t use anything else.

For SMS we don’t have a choice, but if you configure your own web server you do have a choice.

It’s my understanding that https provides encryption for the data sent between you and the server. If you’re not sending any sensitive data, then the encryption shouldn’t be necessary.

As others have pointed out, everything can be sensitive. If I’m self hosting nextcloud instance with chat that under British law should check for age… self hosting is now sensitive.

In addition to that, without a secure connection you’re stuck with HTTP/1.1 from 1999 instead of the modern 2 or 3 versions.

I also believe it’s possible to set up HTTPS encryption without a domain name, but it might result in that “we can’t verify the authenticity of this website” warning in web browsers due to using a self-signed certificate.

You can: https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate

Why would anyone eat scientists?

It was already a pretty attractive target because of servers for everything. I’m not sure reaching 5% desktop market share will really make it more attractive for malware.

Af an attack can escape a container a lot of companies worldwide are going to need to patch a 0-day. I do not expect that to be part of my threat model for self-hosted services.

How do you reckon that? The companies themselves are trying to reopen coal plants and xAI is burning natural gas to get the energy for training. Those things have a proven impact on the climate.

I’m not the developer, but I do also write app backends for a living so I know there is some nuance that you’re skipping over in your response. But if you have a way to do this completely anonymous on android I’d suggest offering help to the developer who made this.

Something that… links it to the device? Like, a unique ID that Apple can identify?

APNS tokens are linked to the app install and renew on a certain timeline. Already making them not exactly the same as a device identifier.

Edited for further clarification. It’s not about Google, it’s about what Android needs to receive notifications: https://www.iceblock.app/android

Apple notification identifiers are unique to an app install and regularly change though, so it’s hardly a device identifier.

And the developer needs a device ID for that. Which is their objection: https://www.iceblock.app/android