That ruthless review prompt seems interesting, would you be willing to share it? I've been trying to have Claude act as a reviewer for me and it feels like it never will disagree.
Can you share more information about the undercutting? I've heard of places like Elecrow trying to incentivize people to sell via their platform/OEM service but it sounds like you've had people asking you to license your designs?
I never followed up, but I didn't read it as some serious IP licensing thing. It sounded like they've come to the conclusion that they're making the stuff that's sold on Tindie anyway, so might as well set up a website and ship directly to your customers.
About Sunday/Monday last week right before it went down I noticed the site was supper buggy and failing to add things to cart, I emailed support and got a "we are checking the issue". Since it went down all I've heard from support is "Please be patient. Tindie will be back up soon as we are currently performing maintenance. At this time, we do not have an estimated timeframe to provide."
The fact that it wasn't communicated at all prior and not having a timeframe makes me thing this was probably an ops screw up.
I see this a lot with small independent sites with big userbases. Instead of being honest, they hide mistakes behind maintenance or blame it on hackers.
I've been using the docs tool in my homelab for ~3 months now as a knowledge base for some projects I've been working on with some friends.
It's really good. The typing experience "feels" right and the collaboration features work. I haven't played with the other solutions yet but I'm very excited if they are up to the same standard.
I deployed it with docker and it was relatively smooth. I had to play a bit with the OIDC but I'm pretty sure that was more a me issue than anything.
I am incredibly jealous of people for who this works for. Mine just become too unwieldy to manage or work with because they grow out in a crazy fashion.
My "productivity solution" is currently TriliumNotes with three work spaces as 1) Planner with sub notes for year, month, day 2) Brain Dump with subnotes for year and month 3) Projects with sub notes for each project. I manage tasks with Vikunja and then my time with Google Calendar.
It's an absolute mess, but it's the closest I've gotten to a solution that works the way my brain does.
Thank you for sharing. I feel similar to you; jealous this system works for others, sounds like a dream, but too overwhelming for me once it hits some point of no return. Your structure sounds interesting.
I'm genuinely curious how others do not get overwhelmed or sucked into yak-shaving some reorganization of a system like this.
I don't understand the rational for announcing that a vulnerability in project X was discovered before the patch is released. I read the project zero blogspot announcement but it doesn't make much sense to me. Google claims this is help downsteam users but that feels like a largely non-issue to me.
If you announce a vulnerability (unspecified) is found in a project before the patch is released doesn't that just incentivize bad actors to now direct their efforts at finding a vulnerability in that project?
The reason for this policy is that if you don’t keep a deadline upstream can just sit on the report forever while bad actors can find and exploit the vulnerabilities, which harms downstream users because they are left entirely unaware that the vulnerability even exists. The idea behind public disclosure is that downstream is now made aware of the bug and can take appropriate action on their side (for example, by avoiding the software, sponsoring a fix, etc.)
"Don't announce an unpatched vulnerability ever" used to be the norm. It caused a massive problem: most companies and organizations would never patch security vulnerabilities, so vulnerabilities would last years or sometimes decades being actively exploited with nobody knowing about it.
Changing the norm to "We don't announce unpatched vulnerabilities but there is a deadline" was a massive improvement.
Maybe for a small project? I think the difference here is rather minimal. Everybody "knows" code often has security bugs so this announcement wouldn't technically be new information. For a large project such as ffmpeg, I doubt there is a lack of effort in finding exploits in ffmpeg given how widely it is used.
I don't see why actors would suddenly reallocate large amounts of effort especially since a patch is now known to be coming for the issue that was found and thus the usefulness of the bug (even if found) is rather limited.
reply