¯\_(ツ)_/¯
871 stories
·
3 followers

Saturday Morning Breakfast Cereal - Evolution

2 Comments and 16 Shares


Click here to go see the bonus panel!

Hovertext:
I like big butts and cannot lie, 'cause they allow a large brain to pass by.


Today's News:
Read the whole story
moschlar
16 days ago
reply
Mainz, Deutschland
popular
22 days ago
reply
Share this story
Delete
2 public comments
jlvanderzwan
22 days ago
reply
The sequel to that "oh, brain size and butt size just happen to be regulated by the same gene" comic from a few years ago?
jsled
22 days ago
reply
«I like big butts and cannot lie, 'cause they allow a large brain to pass by.»
South Burlington, Vermont

I think it's still reasonable to run personal servers on the Internet

1 Share

In his comment on yesterday's entry, Pete Zaitcev showed me that I should clarify my opinion on running your own personal servers today on the Internet (to the extent that I have an opinion at all). To summarize the rest of this entry, I don't think there's any compelling reason why you shouldn't run a personal server if you want to and you more or less know what you're getting yourself into. At the same time, it's not trivial to do so; it's very much the DIY choice, with all that that implies.

First off, I definitely think that you should have a personal presence on the Internet that's not tied to your (current) employer; in other words, don't make my university sysadmin's email mistake. Having your own domain name is optional and will cost you some money and effort but it probably pays off in the long run, at least for websites (in today's email spam environment, changing email addresses every few years may actually be a feature). However, none of this requires you to have your own servers; plenty of places support you pointing some aspect of your domain at their infrastructure, at least for common things like websites, email, and DNS. Taking advantage of this (either for free or paying people) is definitely the easy way to go.

However, I think that it's still reasonable to have your own server or servers instead, especially now that you can get inexpensive virtual machines that you genuinely run yourself (your choices used to be 'shared hosting' or paying for actual physical hardware and rack space). Modern Unix server software is not full of holes and is generally relatively straightforward to administer, the Internet is not an intrinsically hostile place of DDoS and hate, and most people are still willing to talk to random machines for things like websites (your mileage may vary for things like sending email from your server to GMail). Generally if you put a modern Unix on the Internet for personal use and operate it with decent competence, you'll be okay at one level.

(My impression is that modern VPS providers have done a lot of work to make it very easy for you to bring up a new generic Ubuntu, CentOS, or whatever server that will come up in a sane and operable condition and probably automatically apply security updates and so on. I don't know what Amazon AWS is like, though.)

At another level, by running your own server you're making tradeoffs and accepting limitations. The broad downside is that you've chosen the DIY approach and DIY is always more work and requires more knowledge than getting someone else to do it for you. If you're already a sysadmin it can feel like a busman's holiday, and if you're not a sysadmin or an experienced Unix person you're going to have to turn yourself into one. One dangerous side of this is that it's easy to make mistakes through ignorance, for example not making sure you have some sort of backups. For a personal server, you don't necessarily need everything you want for running one in a company, but there are still a lot of things that may bite you some day. System administration is unfortunately a field so full of trivia that people keep having to rediscover pieces of it the hard way.

Another limitation is that, to put it one way, you're not going to get your own personal GMail, either in its interface or probably in its resilience against spam and other problems. The open source world has produced great marvels and there are things that can come close to some parts of the big company services, but on the whole the DIY approach is going to get you results that are objectively inferior in some ways. It's up to you to decide if you care for your usage; if you read all your email through an IMAP client, for example, the lack of a sophisticated GMail web interface is not an issue.

Judged purely by the end results, this can make running your own server a bad choice. You spend more time, have to learn more things and worry about more issues, and you get an inferior result. If you're going to run your own server anyway, you should have an answer to the question of why, or what you get out of it. One perfectly good answer is 'I want to play around with my own Unix server'; another is 'I don't like having so much of my Internet life at the mercy of big indifferent companies'.

Further, my current broad view is that you shouldn't run anything critical on a personal server unless you're extremely confident that you know what you're doing and that you have working backups (on another provider). Casually operated personal servers are best used for things that you can afford to be down for a few days while you patch things back together from an upgrade, a security problem, an accident, or your VPS provider screwing something up. If you need a highly resilient personal server environment, you're probably looking at a significant amount of work unless you're already an expert in the field and can put together a solid Puppet, Kubernetes, or AWS environment in your sleep.

On the flipside, this is caution speaking. Most of the time you're going to be fine, especially if you pay your VPS provider for some form of backups (and then keep your own offsite copies). Just make sure to apply security updates and as part of this, upgrade or build a new version of the VPS when your Unix or Linux distribution reaches its end of life.

(My personal plan is to use at least two completely separate VPS providers, but that requires getting over my inertia and lack of desire to run my own infrastructure.)

By the way, all of this assumes that you aren't someone who is going to be actively and specifically targeted by attackers. If this is not true, you really need to know what you're doing as far as security goes and you're probably better off in the tender arms of GMail and so on. GMail has a very good security team with a lot of resources, far more than you or I do.

Read the whole story
moschlar
23 days ago
reply
Mainz, Deutschland
Share this story
Delete

The Incident

1 Comment and 2 Shares
in_my_case_a_more_appropriate_title_for_this_comic_would_be_The_High_Incidence_of_Incidents
Read the whole story
moschlar
25 days ago
reply
Mainz, Deutschland
Share this story
Delete
1 public comment
alt_text_bot
25 days ago
reply
So rest easy.

GDPR

4 Comments and 16 Shares
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
Read the whole story
moschlar
55 days ago
reply
Mainz, Deutschland
Share this story
Delete
4 public comments
satadru
54 days ago
reply
Also, for GDPR purposes, I live in France now.
New York, NY
Lythimus
56 days ago
reply
another God Damn Privacy Report.
alt_text_at_your_service
56 days ago
reply
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.
zippy72
50 days ago
But Sycorax Rock!
alt_text_bot
56 days ago
reply
By clicking anywhere, scrolling, or closing this notification, you agree to be legally bound by the witch Sycorax within a cloven pine.

DSGVO? Da gibt’s doch was von Ra… äh ein WordPress Plugin

1 Share

Auf der Blogfamilia hat Maret Buddenbohm gesagt, man soll über das bloggen, was man gerne bei anderen lesen würde. Sie hätte tagelang ein geeignetes Einsteigerhandy für Sohn I gesucht. Hätte man das Ergebnis der Recherche verbloggt, wären hunderte von Eltern glücklich, weil sie sich die Arbeit nicht ein zweites, drittes und hundertes Mal im stillen Kämmerlein machen müssten.

Ich zum Beispiel würde ich gerne was über die Umsetzung der DSGVO lesen, wenn man ein WordPress-Blog hat und zufällig bei all-inkl.com hostet. Leider hat den Artikel noch niemand geschrieben. Dann muss ich das wohl machen. Deswegen hier der Schrillionste Artikel zum Thema DSGVO und Bloggen.

DSGVO macht Gefühle
Das bin ich, wie ich mich mit der DSGVO beschäftige. Abend für Abend – obwohl ich lieber Netflix-Serien schauen möchte.

Ob das, was ich gemacht habe, reicht und ob es gut ist oder gar richtig – keine Ahnung. Könnt ihr nachmachen – für die Folgen müsst ihr aber selbst die Verantwortung übernehmen. Ich bin nur eine Diplom-Psychologin, die ein WordPress-Blog hat.

Es folgt eine Beschreibung für ein einfaches Blog (Privatperson oder Kleinunternehmer) ohne Schnickschnack wie Formulare, Shop oder Newsletter.

1. Schritt: SSL Zertifikat klicken.

Ein SSL Zertifikat habt ihr alle schon. Ich war die letzte. Trotzdem: Wenn man keins kaufen will, kann man sich z.B. über Let’s Encrypt eins klicken. All-inkl.com hat dazu einen FAQ-Eintrag verfasst.

Dazu ins KAS einloggen und dann bei „Domain“ auf die SSL Option klicken. Da gibt es drei Reiter – ihr wählt dann den „Let’s Encrypt“-Reiter und klickt das Häckchen und wie von Zauberhand habt ihr in wenigen Minuten ein https. Hui!

2. Schritt: AV-Vertrag mit dem Hoster abschließen

Bei all-inkl.com auch ziemlich einfach. In den Kundenbereich einloggen – da unter „Stammdaten“ den Punkt „Auftragsverarbeitung“ anwählen, alles gut durchlesen, Häkchen setzen. Fertig.

2b) Wenn ihr Google Analytics benutzt: AV-Vertrag mit Google abschließen

Das selbe mit Google machen, wenn man Google Analytics verwendet. Dafür muss man wirklich einen Vertrag ausdrucken, unterschreiben und nach Dublin schicken. Irre. Eigentlich mit frankiertem Rückumschlag. Größtes Problem an der Umsetzung der Anforderungen der DSGVO bislang – denn ich habe keinen blassen Schimmer, wie ich an irische Briefmarken komme. Ich hab den Vertrag also mit einer Brieftaube geschickt. Sie bringt den Durchschlag zurück.

3) Askimet rausschmeißen und anstattdessen Antispam Bee nehmen

In WordPress zu Plugins navigieren.

Dort den Eintrag zu Askimet suchen – löschen. Danach oben links auf Plugins – Installieren und in der Suche „Antispam Bee“ suchen.

Das entsprechende Plugin auswählen und dann „Jetzt installieren“.

Als nächstes in den Einstellungen sicherstellen: Keine Häkchen an den folgenden Aussagen, da sonst die IP-Adressen an den „Stop Forum Spam“-Dienst weitergeleitet werden bzw. der Kommentartext zwecks Spracherkennung zu Google Translate weitergeschickt wird .

Fertig. Irre! Total einfach.

4) Plugin-Liste bereinigen

Schaut euch eure Plugin-Liste an und schmeißt alles raus, was ihr eigentlich ohnehin nicht benutzt. Ich hab so viel Krempel in meiner Liste gehabt – unglaublich. Wenn ihr unsicher seid – einfach erst mal deaktivieren und schauen, was mit dem Blog passiert. Am besten ein paar Tage. Alles funktioniert, wie gehabt? Deaktiviertes Plugin löschen.

Achso – vorher immer schön Backups machen. Ist klar. Macht man ja immer. Hat jetzt nichts mit den Plugins zu tun, aber Backups sind immer gut.

Macht einen Screenshot von den Plugins, wenn euer Blog perfekt funktioniert. Wenn ihr nämlich aus Versehen etwas löscht, dann könnt ihr es so wie oben bei Antispam Bee beschrieben, einfach wieder installieren. Manche Plugins haben eigene Einstellungen, die einfach auch sichern, dann kann eigentlich nichts passieren.

Mit etwas Glück findet ihr eure verwendeten Plugins auf der Seite „120 WordPress-Plugin im DSGVO-Check (mit Lösungen, Alternativen und Plugin-Tipps!)„, die euch dann sagt, ob ihr sie weiterverwenden könnt oder nicht. Eine zweite, hilfreiche Liste, gibt es bei den WordPress Ninjas.

5) Wenn ihr Google Analytics benutzt – IP kürzen

Ich habe dafür ein Plugin benutzt (Google Analyticator). Da kann man in den Einstellungen einfach „Anonymize IP Adresses“ auf „Yes“ stellen.

6) Datenschutzerklärung updaten

Dafür den Datenschutz-Generator von Thomas Schwenke nehmen. Dass der Datenschutzhinweis deutlich zu sehen sein sollte, ist irgendwie selbsterklärend.

Sofern es automatisierte Dienste gibt oder geben wird, die nach Fehlern in der Datenschutzerklärung suchen, um dann abzumahnen, kann man das vielleicht ein bisschen erschweren, indem man die Seite mit der Datenschutzerklärung auf „noindex“ setzt. Das geht per Plugin – z.B. „Noindex Pages„. Das ergänzt eine kleine Checkbox rechts oben bei „Veröffentlichen“.

7) Kommentiermöglichkeiten anpassen.

Dazu einen Datenschutzhinweis direkt über das Kommentarfeld einbauen. Schön zu sehen auf der Seite Rechtsbelehrung:

Geht – wer hätte das gedacht – per Plugin. Zum Beispiel: „WP GDPR Compliance“.

7a) Verwendung von Gravatar

Auf diversen Seiten habe ich gelesen, dass man Gravatar nicht benutzen soll. Andere vertreten den Standpunkt (siehe oben), dass man einfach direkt bei der Kommentierungsmöglichkeit auf den Einsatz von Gravatar verweist.

8) Cookie-Hinweis einbauen

Hätte man schon lange machen müssen. Gibt etliche, sehr einfach zu bedienende, Plugins. Ich verwende „Cookie Consent„. Nicht vergessen die URL zu eurem Datenschutzhinweis im Plugin zu hinterlegen und den Text anzupassen.

 

So ihr Hasen. Das ist was ich bislang gemacht habe. Ich lasse mir gerne mansplainen erklären, was ich falsch gemacht habe und was fehlt. Go for it! Wirklich. Ich bin über weitere Hinweise dankbar. Jedenfalls mindestens solange bis sie mich verunsichern.

Gegen Panik und blinden Aktionismus (schlimmstenfalls in Form von Bloglöschung) empfehle ich Folge 54 ( DSGVO: Alles zur EU-Datenschutzgrundverordnung – Rechtsbelehrung) und Folge 55 (DSGVO: Datenschutzerklärung FAQder Rechtsbelehrung.

Neu: Micropaying-Dienste sind tot. Aber Du kannst mir einen Kaffee ausgeben, wenn Du auch so deprimiert über die DSGVO bist.

Der Beitrag DSGVO? Da gibt’s doch was von Ra… äh ein WordPress Plugin erschien zuerst auf Das Nuf Advanced.

Read the whole story
moschlar
71 days ago
reply
Mainz, Deutschland
Share this story
Delete

Driving Cars

8 Comments and 19 Shares
It's probably just me. If driving were as dangerous as it seems, hundreds of people would be dying every day!
Read the whole story
moschlar
74 days ago
reply
Mainz, Deutschland
Share this story
Delete
6 public comments
rraszews
73 days ago
reply
If cars didn't exist and someone said, "Hey, I invented a two ton block of metal that can travel at 80mph and which is controlled manually by human beings with no automatic overrides to stop it ramming things. Let's make 90% of the adult population pilot one every morning when they're half asleep," it would be considered too ridiculous for fiction.
emdeesee
74 days ago
reply
"flying in formation with people you've never met"
📌 Lincoln, NE ❤️️ Sherman, TX
tedder
74 days ago
reply
yep. People don't understand how dangerous a 3000lb missile is.
Uranus
Covarr
74 days ago
reply
As high-profile as accidents involving self-driving vehicles have been, they are still far safer than human drivers. And they don't have to take a test in high school.
Moses Lake, WA
artmoney
74 days ago
what's the source for this? i haven't seen anything definitive on this.
Covarr
74 days ago
There is not enough available data to be absolutely certain beyond any margin of error, but: https://www.vtti.vt.edu/featured/?p=422
Covarr
74 days ago
https://www.axios.com/humans-cause-most-self-driving-car-accidents-1513304490-02cdaf3d-551f-46e6-ad98-637e6ef2c0b9.html
Covarr
74 days ago
Additionally, self-driving cars only get better with each passing year as their technology gets better. Humans aren't evolving nearly as quickly. (sorry for repeat replies; Newsblur doesn't allow me to put paragraphs in my comments with, say, Shift+Enter)
artmoney
74 days ago
of course there's no guarantee that that their safety will increase to the point that they're better enough
benzado
74 days ago
100% of the interest and investment in self-driving cars is for the cost savings. Period. Safety is a sideshow. Once they are "safe enough", we'll adapt our environments to accommodate the self-driving cars. It will be too lucrative not to.
matthiasgoergens
74 days ago
Liability and insurance (and reputation) turn extra safety into cost savings. Human driven cars have also become safer. Think eg of ABS.
benzado
73 days ago
Yes, replacing a human driver with a robot that can't ever sue you is a HUGE cost savings. I'm not saying self-driving cars won't be safer. I'm saying it is at best a minor concern for anyone who is paying to develop them.
llamapixel
71 days ago
Robots will always make mistakes. Entropy is a thing ;) http://moralmachine.mit.edu/
lamontcg
71 days ago
robots don't drive drunk, don't get tired, don't "race" because they think its "cool", don't have road rage and don't try to commit suicide by vehicle. pretty certain before too long that they'll be 100x better than we are at driving.
Covarr
70 days ago
artmoney, llamapixel: It doesn't need to be perfect to be worth it. It just needs to make fewer mistakes than human drivers. Reducing accidents is always better than not reducing them, even if it's not enough to eliminate them completely.
artmoney
67 days ago
the assertion that they are already safer is false. i'm not commenting on the future.
llamapixel
66 days ago
Covarr how does a lawyer fight for a closed source neural net suggesting it is not at fault, when might actually have avoidance systems to reduce crash costs. ?
rraszews
50 days ago
Also, every possible type of self-driving car crash will probably happen no more than ONCE; once it happens, they push out a patch and no self-driving car will ever get into that kind of accident again.
benzado
50 days ago
I love that this thread is still going. So many of you are forgetting that self-driving cars do not exist in a fantasy world. As soon as they are mostly as safe as a human driver, the human drivers will be phased out. Patches will be put out to correct for errors when it can be shown that the cost of developing the patch will be lower than insurance and legal settlement costs. After lots and lots and lots of people die, we might get some government regulations. Also, the "comfortable living room on wheels" will be the expensive first class ticket version. If you don't own your own (and that was the point, fewer cars needed, right?), you'll be commuting with the same level of comfort afforded to bus and airplane passengers today.
alt_text_bot
74 days ago
reply
It's probably just me. If driving were as dangerous as it seems, hundreds of people would be dying every day!
alt_text_at_your_service
74 days ago
reply
It's probably just me. If driving were as dangerous as it seems, hundreds of people would be dying every day!
Next Page of Stories