Oh yeah! It’s sad that users have to have a technical education to use the Internet if laws and what at least I perceive as “right” fundamentally differ.

At least for the moment it’s only copy right for me personally - there are countries and laws where this need is way more fundamental :(

No it doesn’t. Because it’s not an opinion but a description on how to not get into the situation you’ve described - i.e. about personal security.

What I’ve described prevents a link between you and your online actions - that’s the whole point. It’s the defense against surveillance and can be applied on situations with way higher risk than just a fine.

Yeah that’s way more specific and can get behind - I don’t even test any “free” VPNs.

I didn’t intend to imply that VPNs are free.

“most of them are (if advertised heavily)” is quite a claim without data to back it up.

At least for the one I tested none of them sent additional traffic over my connection. That’s just one data point and I only looked to ones with port forwarding but still far away from your claim.

There are a shitload of VPN tests out there and testing id your connection gets used by third parties for not traffic is even possible for a layperson.

Please stop fear mongering without remedies or specifics.

That’s what VPNs are there for! Ze German setup: gluetun and qbittorrent via docker, qbittorrent only going over gluetuns network.

This way we can return what we take tenfold and still come out on top!

Yeah this is beyond ridiculous to blame anything or anyone else.

I mean accidently letting lose an autonomous non-tested non-guarailed tool in my dev environment… Well tough luck, shit, something for a good post mortem to learn from.

Having an infrastructure that allowed a single actor to cause this damage? This shouldn’t even be possible for a malicious human from within the system this easily.

That’s an utterly ignorant statement.

To expect others, often volunteer, to take such a personal risk because the legislation in one part of the world is utterly fucked. How about expecting the people who actually live in the country and state and have a chance to influence those laws to step up their game instead of trying to tell third parties to take individual and personal consequence.

They outline the issues from their perspective.

What else should they do? Break their own licence model (which prohibits (geographic) discrimination) or break the law? It’s either one of those two or comply.

The answer is a clear yes.

In short: Choose your tool that will suit you throughout your degree and really dig into it and learn it now while doing your paper.

Long version:

This is absolutely common and I’m not aware of a text editor which supports footnotes but doesn’t support automatically numbering and referencing.

In latex there’s actually a \footnote that takes care of that. In libre office, if I recall correctly, it’s Insert -> Footnote and I’m sure there are templates with the proper formatting and font sizing already in place.

Now it sounds like you’re quite early in your higher degree career - depending on your goals and future challenges you might want to either go the easiest route or really dig into writing-based formatting: It’s just faster if you’re typing all the time to not switch to a mouse to inert footnotes - but only if your really used to it.

Opencloud is the was to go from the established systems in my opinion. https://github.com/opencloud-eu

File sharing and -management for me has a higher level of trust and stability requirements. Syncin with four developers and “doing everything” while based on typescript makes me suspicious - but I haven’t tried it hands-on.

Haha I feel you!

Perhaps try to be a bit less extreme in your language in front of your parents - or offer them a bet: if a CO2 monitor is yellow or red at the evening they pay for it and you can air whenever it’s getting yellow. If it stays green you pay for it and shut up about the windows!

As I don’t know your parents I can just project from myself: Whoever would be the physically closer one at that precise moment.

I can’t imagine a situation where this could be a rational decision unless one of you fucked them over in a way I can’t even begin to fathom.

This is so deep monked brain territory that it really comes down to pure instinct and that is driven by perceived higher chance.

If the situation is in a way there it’s impossible (for example would have to carry both of you but you’re too heavy) chances would be high that we’d all die together - not because of some heroism bullshit but simply because I know my inner monkey quite well and it’s self preservation instinct vs kin preservation are … Let’s say not in my favor ad an individual :D

Your parents are right in terms of energy waste, im sorry to say.

I’m quite similar though and air about five times a day but with a timer so that the air gets circulated completely without cooling out the house itself.

The breathing struggle is most likely a mix of dust sensitivity and psychology. For me an air cleaner made a huge difference in my comfort level.

I’d you want to go the scientific approach get a CO2 monitor (the most important element for brain performance when talking about home air) and a PM2.5 sensor for dust levels.

Sorry if I use the wrong English terms! I think you are right :) With system I refered to the literal computer system the file is saved on. I’m not a dev of one of those tools but I know several maintainers and developers that’s why I’m a bit sensitive there! Thats why I (baldy apparently, apologies!) tried to focus on the developer point of view and ignored the whole cost/benefit aspect which you described very well - thank you for that!

Back to my point re/ local security because I feel this is the only one where I see a fundamentally different assessment between us: (Fontext: access an unencrypted file on my machine): I’m not aware of a mechanism to read (unencrypted or not) files on a host without a preceding incident. How else could your files be acessed? I don’t understand how I might have this backwards.

You’re completely right if course that there are a lot of tools out there one could use - but it would be on the developer to implement support for those. If you support one you can be damn sure users shout for “I want to use Y”. And then you would still need a Fallback for anyone not willing to install a supported third party tools.

Cybersecurity works inherently with risk scenarios. Your comparison is flawed because you state that there is an absolute security hygiene standard.

That said: I highly appreciate your approach to the subject, i.e. looking at the code and raising a discussion about something that looks wrong. Thank you for that!

On the subject itself:

There are two common ways to implement token management. The most common one I am aware of is actually the text based one. Even a lot of cloud services save passwords as environment variables after a vault got unlocked via IAM. That’s because the risk assessment is: If a perpetrator has access to these files the whole system is already corrupted - any encryption that gets decrypted locally is therefore also compromised.

The second approach is to implement the OS level secret manager and what you’re implicitly asking for from my understanding.

While I agree that this would be the “cleaner” solution it’s also destroying cross platform compatibility or increasing maintenance load linear to the amount of platforms used, with a huge jump for the second one: I now need a test pipeline with an OS different than what I’m using.