Anarchism is opposition to power hierarchies, specifically non-consensual or coercive ones. Wealth inequality without safety networks is a coercive power hierarchy, and so needs to be fought. Capitalism as a whole is almost always incompatible with anarchy, at least in the way we tend to do it now. In a system with strong social safety networks the choice to work for someone can actually be a choice, and so some schools of thought would view it as compatible.
Others view exclusive ownership of property as someone asserting power over someone else’s ability to use said property, and therefore wrong. Needless to say, abolition of private property is not compatible with capitalism.

Depends on the anarchist. Many would focus on seeking the absence of involuntary power hierarchies. A manager who distributes work and does performance evaluations isn’t intrinsically a problem, it’s when people doing the work can’t say “no, they’re a terrible manager and they’re gone”, or you can’t walk away from the job without risking your well-being.

Anarchists and communists/socialists have a lot of overlap. There’s also overlap with libertarians, except libertarians often focus on coercion from the government and don’t give much regard to economic coercion. An anarchist will often not see much difference between “do this or I hit you” and “do this or starve”: they both are coercive power hierarchies.
Some anarchists are more focused on removing sources of coercion. Others are more focused on creating relief from it. The “tear it down” crowd are more visible, but you see anarchists in the mutual aid and community organization crowds as well.

It wasn’t the crypto key pair part I was referring to, it was the part where fido is geared towards interactive user auth, not non-interactive storage.
It wouldn’t have surprised me if the ssh devs hadn’t put implementing fido support for host keys high in the development list, or that it was tricky to find documentation for. Using something like a tpm is the more typical method.

There’s no technical reason it can’t work, and the op got it to work so clearly the implementation supports it, but that doesn’t mean it’s the most expected setup, which means it might have unexpected gaps in functionality or terrible documentation.

Unfortunately, I think you’re going to run into trouble because fido authenticators are geared towards working as user authenticators rather than as device authenticators.
It certainly should be possible from a technical perspective, but implementation-wise, it’s very likely that the code focuses on making fido devices work with client keys, and using tpms for host keys, since that’s much more focused on headless server functionality.

Oval peg in a round hole.

I feel like if we get to that point, we’ve given up on the constitution. “He can’t run for president because he’s term limited, but he’s still eligible to be president, therefore we can make him vice president so the president can resign and he can be president” is such an abuse of the term “eligible” where you turn “cannot be elected but otherwise good to go” into “eligible to be in the highest elected office in a Democratic government”.

If the way it’s written isn’t clear cut enough then the court would find a way to say anything wasn’t clear cut.

D’oh. I only thought the rest of the comment and then submitted as it was because I needed to go find the text to copy.

And from the 12th amendment:

But no person constitutionally ineligible to the office of President shall be eligible to that of Vice-President of the United States.

You can only be elected president twice. If you serve more than two years of someone else’s term you can only be elected once. If you can’t be president you can’t be vice president.

So if you’re elected once, then serve as VP and the president goes away and you serve as president for 2 years and a day, you’ve already been elected once so you can’t run again, and you can’t be VP because you can’t be the president.
If you’ve been elected twice you can’t be VP, so you can’t get any extra time that way.

His argument has legal inconsistencies. It’s been soundly rejected by every authority with any say in the matter, so … You’re entirely correct. If his argument were to be accepted, then he couldn’t be president.

A legal argument being rejected also rejects the parts that would harm the person making it, as well as the parts that would help them.

It’s like a person in prison yelling that they’re innocent. You can say what you want, but the decision has already been made.

It actually does.

No person shall be elected to the office of the President more than twice, and no person who has held the office of President, or acted as President, for more than two years of a term to which some other person was elected President shall be elected to the office of the President more than once.

(Edited to add) And from the 12th amendment:

But no person constitutionally ineligible to the office of President shall be eligible to that of Vice-President of the United States.

You can be elected twice and you can serve for no more than 10 years total.

Yeah, it’s definitely faster, but I’m not sure it’s going to make too much of a difference for a Minecraft server.

With setting it up being a bit annoying by hand, I’d still rank the router option higher even if it’s a worse VPN. Otherwise you risk ending up in that yak shaving situation where you’re fighting with routing tables and DNS when you wanted a Minecraft server.

Oh for sure. What I meant was “check router for a built in VPN and use it if it has one, otherwise use wireguard because it’s the easiest”.

The specific VPN doesn’t really matter so much. The built-in one would be the easiest, so checking for a solution that took a few clicks is worth it. :)

I would use something like wireguard, or another VPN service you can host yourself if your router supports it natively.

From the looks of it Minecraft servers seem to have dogshit authentication, so using some form of private network setup is going to be your best move.

I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.

My example was for simplicity, not mockery.
The power going out is the power companies fault, so I’m most mad at them. The store didn’t have a generator because they trusted the power company, so my cake got ruined. I’m still mad at them but less so because they weren’t the cause of the problem, even though they could have done more to prevent this from impacting me.
Culpability wise, I can only make demands of the store and hope that enough other people do so that they in turn demand answers from the power company.

There are actually a fair number of certifications, including ones from government agencies, relating to software development, deployment, and related practices. That so many organizations didn’t have the ones relating to protection from supply chain issues is distressing, to say nothing of it slipping through quality control in the first place.

Please, if you think we’re in a place in this thread where I’d be mocking you, re-read it with the understanding that I agree with you entirely on legal and structural issues, and at most just have a different opinion about where the balance of "fuck you"s go. I think I put more scorn towards the vendor because doing the thing is worse than failing to prevent the thing. Also, I work at a parallel company and so I’m more familiar with exactly how much you have to be fucking up for this to happen because I spent the last three days dealing with the more minor controls that prevent this from happening. Everyone has outages because you can’t prevent 100% of errors, but it’s on the vendor to build to the spec of their most sensitive customer and ensure that outages don’t keep a doctor from patient records.

Can’t fault you for feeling that way. I definitely don’t think anyone should be exempt from responsibility, I meant blame in the more emotional “ugh, you jerk” sense.

If someone can’t fulfill their responsibilities because someone they depended on failed them, they’re still responsible for that failure to me, but I’m not blaming them if that makes any sense.

Power outage or not, the store owes me an ice cream cake and they need to make things even between us, but I’m not upset with them for the power outage.

I’d love to know how you plan to do user mode packet filtering. Keep in mind that on Linux, the designated API is inherently kernel mode. https://netfilter.org/

This isn’t one of the cases where we’re talking about Linux being superior to windows. Any OS will be fucked if you give it a mangled kernel module. In this case, it’s just that only one got one.

Your perception that anything that touches the kernel is an intrinsic security risk is unfounded.

I mean, sure. But typically operating systems don’t expose that type of information to user space, instead providing a kernel interface with user mode configuration.

It’s why they use the same basic approach on mac and Linux.

The kernel is responsible for managing hardware and general low-level system operations. Anything that wants to do those things needs to get itself into kernel mode one way or another.

The typical way you do this is called a “driver” and no one thinks about them as being kernel code. Things like graphics cards and the like.

Things that want to do actions like monitor network traffic or filesystem activity system wide or in a lower level capacity than the normal tools provide also need to be kernel level.
In a security context, that specifically would include things that want to monitor raw packets rather than the parsed content that assumes the packet is well formed in a way that a malicious one might not be.

Cloudstrike does the same thing on Linux, and the typical tools for network management or advanced security are also either compiled in or loadable kernel modules.
It’s easy to forget that ip/ebtables and selinux and friends are kernel level software frequently distributed as kernel modules, in the case of the firewalls, or compiled in with a special framework and not just user mode software.

Also, it’s less about “their” drivers and more about what a kernel module can do.
Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.

“Malformed file” isn’t a programming defect or something you can fix by having a better API.

Security operations being one of the things that is often best done at the kernel level because of the need to monitor network and file operations in a way you can’t in user mode.

That’s totally fair. :)

I work at a different company in the same security space as cloudstrike, and we spend a lot of time considering stuff like “if this goes sideways, we need to make sure the hospitals can still get patient information”.

I’m a little more generous giving the downstream entities slack for trusting that their expensive upstream security vendor isn’t shipping them something entirely fucking broken.
Like, I can’t even imagine the procedureal fuck up that results in a bsod getting shipped like that. Even if you have auto updates enabled for our stuff, we’re still slow rolling it and making sure we see things being normal before we make it available to more customers. That’s after our testing and internal deployments.

I can’t put too much blame on our customers for trusting us when we spend a huge amount of energy convincing them we can be trusted to literally protect all their infrastructure and data.

you cannot pull a Boeing and let people die

You say that, but have you considered the savings?