Ya, Secure Boot is really only useful for corporate devices or very specific people who might actually be targeted by state level attackers. For most of us, it’s not worth the hassle.

Ya, they kinda should be. While I don’t like Youngkin one bit, he was pretty well calibrated to run as a Republican in Virginia at the time he ran. He was elected in late 2021, and people were pretty unhappy with the situation around COVID at that point. And much of that blame was piling up on Democrats (read: Biden Administration). Virginia was not some solid blue state. With a heavy military and FedGov presence, there is a lot of pull towards the GOP politically. And Youngkin was reasonably charismatic and appealed well to the GOP base in Virginia. Also, the Democrats had gone out of their way to find as bland of a candidate as possible. Sure, there was nothing major wrong with McAuliffe, but you really don’t want your campaign slogan to be “meh, he’s ok”.

Earle-Sears is basically the wrong candidate at the wrong time for the GOP. She’s done little to nothing to distance herself from Trump, and that brand is not doing well in a lot of Virginia. Even in the Southwest, which is redder than a baboon’s ass, Trumpism has been showing cracks. Earle-Sears’s has also not been doing a lot to promote herself, hiding out from journalists and avoiding debates. She’s just not the charismatic, “independent conservative” which Youngkin built a campaign message around. By contrast Spanberger is pretty close to the center of politics in Virginia. She’s basically a centrist Democrat who has been out pushing a left of center economic message. She’s also former CIA, which I think helps on the balance in Virginia (again, big Military and FedGov presence). She won’t win any sort of popularity contest on Lemmy, but the candidates Lemmy would like aren’t going to win in Virginia at the moment.

Try using old.reddit.com. Literally just replace www with old, or add old in front of reddit.com. This should take you to a version of reddit’s interface which isn’t complete trash and it usually also allows you to bypass the need to login for NSFW content.

For me, it’s a kinda simple rubrick:

• First and foremost, is the money actually available - I was a pretty bad financial fuck-up in my 20’s. I learned a lot about money and credit, but the cost of that education was a lot higher than I would have liked. So, being sure the money is actually there and won’t cause me trouble down the line is always the first thing. Credit is OK for some major (generally secured) purposes, but frivolities should be cash in hand.
• Second, do your homework - If you plan to make a major purchase, spend some time researching the thing, its costs and everything else about it before hand. We live in an amazing time of information availability, go online and learn the upsides and downsides to the thing. Also, try to get a feel for the cost of the thing. You should go in knowing what you want, the features you’re looking to get on said thing and have a rough idea of how much the thing will cost.
• Third, “Wind the clock” - this means that you should step away from any major purchase and take some time to consider it. If the sales critter insists that they won’t be able to make the same deal tomorrow, don’t walk, run. Time pressure is the most basic sales tactic. If the deal isn’t going to look good to me when I reevaluate it tomorrow, I sure as fuck don’t want to take it today. It’s not that I won’t make a purchase the same day, but I also go in willing to drive down the street and start negotiations over again with the next sales critter.
• Finally, it’s just money - If you have the money and have the right deal for the right thing, quit your belly-aching and commit. Ya, you probably just fucked up and you’ll learn that as you go. But, the experience will probably be valuable to you. Maybe it won’t quite reach the value of the money it cost you, but you’re unlikely to actually know that until after you’ve spent it. Money sitting in the bank won’t buy you happiness. Money spent on experiences might. So, go spend some money. Have those experiences and realize that you can always make more money, you cannot make more time.

There used to be readable how-tos and tutorials for things, and now all that’s left is 45 minute YT videos littered with influencer garbage.

This is so much of what I hate about the internet today. Many, many things which should be a single page wall of text is now some 20 minute video which just shows the person doing something, with terrible music in the background and fuck-all for deep explanations. I do understand how hard it is to write those deep explanations, my own blog has gone over a year without an update. But fuck, if you’re the type of person who can be constantly working and posting, this seems like something that should be reasonable to do. Of course, monetizing the written word is harder. I know some writers are getting there on substack,. but that seems like a platform where you need to have an audience first and then you can monetize it. There isn’t really any discoverability in substack. If people don’t know you’re there, they won’t find you.

Not sure if it will handle queries on bash commands. But, this video covers setting up and running a local large language model (LLM). IIRC, he specifically sets up DeepSeek, but it looks like you have a couple options. However, one caveat is that these LLMs run much faster with with a good GPU backing them up. If you don’t have a reasonable gaming GPU, you may be waiting a bit for answers.

I mean, that’s how it used to be when I was growing up.

Also, this is complete and utter bullshit. I’m older than Ron boy, and child labor laws predate me. The folks picking crops in the fields in the 80’s and 90’s were the same immigrants that are (or were, I guess) doing it today. And anyone who attended Yale almost certainly wasn’t out picking crops as a kid. Like most members of the GOP, he has zero attachment to reality.

Dashes, of all kinds need to fucking die, die, die.
While not completely fair, my burning hatred of dashes comes for word processing applications automatically replacing hyphens and especially double hyphens in code with dashes. And this never gets caught until said code needs to be copy-pasted back into a functional application, and it fails. Sometimes in weird and horrible ways. So, while it’s the auto-replace which causes the problem, the existence of dashes is proximate enough that they all need to be burned out of existence for all time.

If the murky depths of my memories of school is correct, the location of the period is dictated by whether or not it is part of the quote. So, if the quote should have a period at the end, it goes inside the quotation marks. If the quote does not include the period (e.g. you are quoting part of a sentence), but you are at the end of a sentence in your own prose, you put the period on the outside of the quotation marks.

While “broom the floor” isn’t common, “sweep the floor” is. Of course, why we use the tool name as a verb in the case of “mop” or “vacuum”, but not in the case of “broom”, is another case of English being English. But, you shouldn’t expect consistency out of English. It’s not really a language, it’s several languages dressed up in a trench-coat pretending to be one.

The aircraft landed safely and even taxied to a gate under it’s own power:
https://www.latimes.com/california/story/2025-07-20/delta-plane-lands-safely-at-lax-after-engine-fire-caught-on-video

Redmond’s previous system relied on digital escorts — American employees with proper security clearances — to monitor the foreign engineers working on the systems. However, it’s been noted that some of these U.S. citizens weren’t knowledgeable enough to determine if the person they were monitoring was doing regular work or putting in a backdoor.

This is a problem all over the FedGov. I’ve been on both sides of this situation. I’ve been a contractor escorted into spaces I was not cleared to be in. And, I’ve escorted contractors in cleared spaces. I can kinda see how the situation developed. When I was a contractor being escorted, the folks escorting me were great folks, but most knew fuck all about computers. I could have been up to some pretty shady stuff, and they likely would not have recognized it. Also, as physical escorts who were comfortable with me, they weren’t exactly monitoring the screens all that closely. Even when it was me escorting contractors, I wasn’t always completely knowledgeable about their work. Sure, I might know more about computers than some folks, but I don’t know everything about everything, and it’s possible that they could have slipped one past me.

All that said, when I was doing this stuff, I was subject to background checks on the regular. While they didn’t quite go to the level of stuffing a microscope up my arse, I wouldn’t have been surprised if they asked about it. So, how the fuck did Microsoft end up with Chinese nationals working on DoD systems? While I’m sure there’s some great IT folks over there who just do their jobs and wouldn’t get involved in spying/sabotage, this is just plain stupid. We’re putting systems for our military in the hands of folks under the direct influence of once of the US’s main adversaries.

Default credentials in network infrastructure? What year is it?

ESA wants to develop hydrogen hypersonic aircraft with Mach 5

Fixing the clickbait headline (not OP’s fault, she faithfully copied the dumbass editor’s work). There’s a long way to go from “we want this” to actually making it happen.

Why it happened?

Security, kinda. Google didn’t like having extensions which could have their execution modified outside the core code (e.g. the block lists). Also, I’d put money on Google hating anything which reduces ad revenue.

What to use instead?

uBlock Origin, in FireFox.

Haven’t watched the video from Lindybeige; but, here’s a rather good video on what incendiary arrows (like the ones pictured) would have been like. We have evidence of medieval (and earlier) use of incendiary devices in warfare (QED, the arrows pictured). Though, probably nothing like what is shown in movies.

You’re just suffering from an ear infucktion.

Good video on the firearms of feudal Japan.

What mobile provider are you using? I know that T-Mobile IP addresses tend to get me a lot of captchas. And that’s related to their use of CGNAT, which means that the server sees many different identifying characteristics all coming from a single IP address. Also, geoip location of systems is really unreliable for T-Mobile IPs.

who was running the compromised infrastructure?

The DoD report doesn’t get into it. It repeatedly references “a US state’s Army National Guard network”. Which, is probably not the same network as the US Army’s network. It’s also likely to be an Unclassified network; so, it’s not quite as bad as it could be. But also not great.

the US military doesn’t do its own IT anymore. It’s all outsourced to Microsoft and other cloud providers to the tune of tens of billions of dollars.

While some of it is on Microsoft’s and other cloud providers, there is also a lot which isn’t. On top of that, much of the stuff “in the cloud” is all IaaS or PaaS. So, while MS, et al. run the hardware, the operating systems and software is often run by the IT departments for the various branches and programs. These IT departments will be some mix of US Civilian State or Federal employees and then a lot of IT contractors. Generally, the people doing the actual IT work are contractors working for companies like Boeing or Booz-Allen-Hamilton.

I’d like to know which sloppy cloud contractor is responsible.

If you want to find the people responsible, find the managers who have programs on the “state’s Army National Guard network” (as the report puts it) and figure out which one of them either authorized some sort of “shadow IT” project, or just threw a hissy-fit every time the IT folks tried to roll out patches. That’s often how these things go. The report mentions multiple CVEs which were exploited, and I’d place a pretty large bet that they were unpatched in the environment because some manager whined loud enough to get his assets exempted from patching. All too often these types of vulnerabilities hang out there far too long because some department wants high availability on their stuff, but aren’t willing to pay for high availability. So, they bitch and moan that they should be exempt from regular patching. And upper management isn’t willing to back IT and say, “no you aren’t special, you get patched like everyone else”.