All the data gathered by Cambridge Analytica was gathered through the public API though, after users had consented to share it (by logging into a quiz app that requested the permissions). That’s why the API is very locked down now, and the approval process to get any sort of data access is very strict.

The main issue was that they gathered data from people whose profiles were set to be visible only to friends. If someone logged into the quiz and granted permissions, their friends’ data was also accessible via the API.

Makes sense - thanks.

Doesn’t the water evaporate and become part of the water cycle? Water can’t just disappear? Maybe I’m missing something.

It would be good to cut down water usage… Not just for data centers but also for things like lawns and golf courses.

aggressively guard

tbh it’s a hard balance for any social media company.

Guard content too little and you end up with Cambridge Analytica, which was literally because the public APIs allowed too much access (third-party apps could see any data through the API that you could see through your Facebook account, including friends profiles). You also end up with headlines talking about big data leaks which really just end up being compilations of public data (which has happened to both Facebook and LinkedIn).

Guard content too much and you restrict users’ freedom too much.

It’s not too bad if you use an outbound SMTP relay for sending. SMTP2Go is pretty good, and they have a free plan with 1000 emails per month. I use Mailcow and you can configure relays in their web UI, but it works just as well with the sender_dependent_relayhost_maps setting in Postfix.

Sure, it’s not fully self-hosted, but the interesting part to self-host is the storage of your emails, not the sending (which will just relay through other SMTP servers along the way anyways).

You don’t absolutely need a central repository for Git. It’s decentralized. You can learn the basics (committing, branching, rebasing, amending, merging, resolving merge conflicts) entirely on your computer.

My advice would be to get familiar with using Git locally first. Simulate things like merge conflicts - have two branches that both change the same line in a text file, then merge them together and resolve the conflict.

Once you’re more comfortable with using it locally, learn about code forges like Github or Forgejo.

It’s called a “merge request” in Gitlab, which is a much better name.

At least it’s open source so anyone can look at the code and figure out why it asks for the permissions.

I didn’t realise that people still use Gogs. It was forked to Gitea, which was then forked to Forgejo. Forgejo has a much larger focus on security compared to its predecessors.

Are there any actual issues in those commits though? I spot checked a few and they look pretty benign, and don’t really look vibe coded to me.

Just because someone uses an AI tool doesn’t mean their work is vibe-coded slop. An experienced developer that knows what they’re doing can use AI as a tool to take care of boring/mundane parts and write a rough plan for their work, while still paying attention to the business logic and system design, and still fully reviewing everything themselves.

A lot of the recent commits are in the test suite, and building test suites, fixtures and harnesses is something AI is fairly decent at if you give it a good prompt (give it the input, expected output, and expected side effects).

Printing doesn’t change very often. The main protocols (like PostScript, PCL, and IPP) haven’t had any major changes in a very long time. Software like SavaPage probably mostly “just works” and doesn’t need a huge amount of maintenance or have a huge number of issues.

Interesting - I’ve never heard of this but it looks useful. Love that it supports OIDC. Thanks for the link.

Syncthing is pretty good.

I tried seafile and it kept going down and corrupted a lot of files after an unexpected server shutdown. It shared the corruption to all the local files on every app/pc I had it shared to.

This sounds like an issue with your server rather than with Seafile specifically. Was the unexpected shutdown due to a power outage? You should have a UPS so that it can properly shut down during outages. You’ll hit similar issues with any other system otherwise.

That’s true, but the stickers weren’t much work so I figured I’d try them out.

paperless treats it as a single ASN number row and reports the highest used.

This is OK as long as you consistently use the QR codes to assign ASNs.

If your scanner supports scanning to a network share, install Samba on your Pi and share the paperless-ngx incoming directory. My ScanSnap iX1600 supports this, but I’m not familiar with other models. I had to configure the scanner using the Windows app to add the SMB details, but once it’s configured, it works without a computer attached.

Paperless-ngx also supports email. You can set up a separate email account for it, then forward it any documents you want to keep to it.

For documents you need to keep a physical copy of, use ASNs (archive serial numbers) to correlate the physical and virtual copy. You can use QR code stickers to automatically set the ASN in paperless-ngx. I posted a nested comment with more details about this.

Consider using paperless-ai to use an LLM to tag and title your scanned documents automatically. It needs a webhook to be configured. Consider a local model if possible, and if you want to use a hosted model, review the provider’s privacy policy to ensure they do NOT train the AI on user content.

And file away your scanned papers separately,

I’d recommend using ASN (archive serial numbers) for documents you store a physical copy of, following the recommended flow

I printed ASN QR code stickers, using the smallest Avery labels I could find (Avery 5267 in the USA, L4731REV-25 in Europe) along with their free online design app.

For documents I want to keep, I stick a QR code sticker on them before scanning. Paperless-ngx automatically detects the QR code and sets the ASN. I then file it away in a folder that’s sorted by ASN. When I need to find the physical copy again, I first look in Paperless to find the ASN, then find the document in the folder (pretty quick since all documents are sorted).

You’ll need to set the following settings:

PAPERLESS_CONSUMER_ENABLE_BARCODES=true
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE=true
PAPERLESS_CONSUMER_BARCODE_SCANNER=zxing

I’ve been meaning to try this. It’s backed by Louis Rossman, so I’m sure it’s great.

These days I see so much AI slop that my reaction when I see code I hand-wrote myself is “hey, that’s pretty good”.

My team’s code is great, but we use a lot of shared code written by other teams, with varying levels of quality.

Open source projects are particularly vulnerable here since anybody can just grab the source and throw an LLM at it to see if it can find exploits.

On the other hand, this means that they should end up more secure. Open-source projects get far, far more vulnerability testing than closed-source projects. Security holes in closed-source systems can exist for years at a time, which is how things like the Pegasus malware work (undisclosed security holes).