tuta is (like proton) snake oil. (here and here are two of my old comments about why…)

Mailbox.org lets you keep your own private key.

Every email provider lets you keep your own private key if you do encryption using the interoperable OpenPGP standard using software running on your own computer. Many email providers will recommend that you do exactly that, and will helpfully instruct you about how to do so (eg, the more reputable options in this thread such as migadu.com, mailbox.org, posteo.de, and even fastmail.com all have instructions for how to use some implementation of pgp to encrypt your email).

Meanwhile any company selling non-standard “email encryption” (eg, proton and tuta) which is not compatible with pgp (or, in the corporate world, s/mime, which is also a standard…) is firmly in the snake oil business and should be distrusted and boycotted regardless of which shitty youtubers they’re sponsoring this week.

note: the above 3 list items are all rendered differently despite being the same markdown (-)

this is a quote

• this is another list item

this is a quote

• this is another list item

that may be true but you should consider that HR departments are notorious for failing to document complaints from members of socially-disadvantaged groups

https://www.truthdig.com/articles/the-ecological-cost-of-ai-is-much-higher-than-you-think/ (from November 2025; the same author Alistair Alexander also has some other good articles there such as this one from last month)

Obama.org says it is a place “where people from around the world come to get inspired and bring change home”

You can read more about it here: https://www.theguardian.com/artanddesign/2026/jun/02/klingon-prison-barack-obamas-presidential-library-chicago

I don’t follow how a useful thing becomes “useless” or “no point” just because millions of people are unjustly denied access to it.

Fwiw Let’s Encrypt was just the first but isn’t actually the only free ACME provider anymore; acme.sh has a list of other providers in its readme and there is another list here. Actalis is Italian apparently; unfortunately I think the rest might be ultimately US-based (ZeroSSL says it’s Austrian but it’s owned by a US company).

It would be nice if some more independent country (eg, China) who already has one or more CAs trusted by all major browsers would step up and start offering free certs to the world.

It’s worth noting that HTTPS is needed not only for its confidentiality and authenticity properties, but also is required by browsers for pages to be allowed to use modern features like WebRTC (needed to have a voice or video call from a web page).

It’s much easier said than done. Anyone can start a new Certificate Authority but for it to be useful internationally it (its public key) needs to be built-in to (trusted by) all of the popular web browsers, the largest of which are all controlled by US companies.

effectively making it useless

do you know what Let’s Encrypt is? it is very far from useless; the system it is a part of is very flawed but it’s how the web works currently and US sanctions restricting access to it is absurd.

It’s actually called the Barack Obama Presidential Center because his Presidential Library is digital. (The physical copies of his documents will be preserved in a National Archives and Records Administration facility elsewhere.)

Companies now block older browser versions

Now? This has been happening since the dawn of the web. At least the screenshot you pasted represents all of the big three rendering engines - it used to be common to see “Internet Explorer version XYZ required”, sometimes with javascript to prevent you from using the site with any other browser (even if in some cases it would actually work fine if you simply spoofed your user agent string).

I have used kinda retro devices to surf the web at times

Most websites became HTTPS-only sometime after the snowden disclosures in 2013.

Over time old versions of TLS have been deprecated and eventually support for them is dropped from browsers and web servers alike. So, a browser from even 15 years ago literally cannot connect to most webservers today.

Planned obsolescence is terrible but it’s a minor factor here: it’s actually dangerous to use even (especially?) a slightly-out-of-date web browser because every new release fixes vulnerabilities which can be exploited to run malicious code on your computer. The planned obsolescence which prevents people from being able to have an up-to-date browser comes mostly from proprietary operating system vendors; to have up-to-date software while continuing to use somewhat older computers you need to use free/libre software.

AI;DR - i literally could not bear to finish reading this slop, and went to find something human-written to confirm if any of it is based in reality. It is, but I wouldn’t assume any details in the slop summary are accurate.

From what i skimmed I think the sole real-world source on the topic which this “article” (if you can call it that) cites is this abstract for a seminar that happened in 2022. An 88-page report from 2019 (San Joaquin Kit Fox Response to the Topaz Solar Farms) has far more information as well as pictures of the foxes and one of the dens the researchers built for them:

don’t threaten me with a good time

As others have said it is a huge amount of work to maintain a fork of such a complicated piece of software.

Especially around security: web browsers constantly process potentially-malicious data, which gives them a large attack surface. Every browser regularly has new vulnerabilities discovered which must be fixed. Hard forking a browser means that, even ignoring any bugs in the new code the fork has added, every time a bug is discovered and fixed in the code they forked from someone needs to analyze the upstream’s fix and port it to the fork. The more they diverge, the more work this is. Failing to do this work lets any malicious website exploit the bugs and install malware on users’ computers.

yep. (see my other comment in this thread)

another screenshot of a tweet, no link, no alt text, smh my head.

imo science memes should link the science!

Here is the paper from April which this tweet is actually referring to: https://royalsocietypublishing.org/rspb/article/293/2069/20252994/481340/The-phonology-of-sperm-whale-coda-vowels

Unsurprisingly the tweet’s characterization of the research as finding whale language “structurally comparable to Chinese” is an exaggeration; they are actually saying it is similar to tonal languages and then using Mandarin as one example of a tonal language.

Here is an article about it: https://www.theguardian.com/environment/2026/apr/15/sperm-whales-alphabet-vocalizations-similar-humans …which also links this other fascinating news from the same lab from back in March https://www.theguardian.com/environment/2026/mar/27/scientists-film-whale-giving-birth-other-whales-help-her (“This is the first evidence of birth assistance in non-primates”)

finally here https://xcancel.com/kuso_otoko/status/2062224294835540161 is the tweet this post is a screenshot of, where you can find people in the replies already making the predictable “met them at a very Chinese time in their life”, “that’s why japan hates them”, etc jokes.

One shot rewriting the whole test suite

tridge’s blog post makes it clear that this was not “one-shotted” at all.

You should read the whole thread

I regret reading it; I’ll assume in good faith that it wasn’t LLM generated but it is ironically as confidently wrong as if it were.

It almost (and should have) lost me when it started by quote-agreeing with someone else saying “rsync was basically done until the maintainer discovered vibecoding” - no, pay attention, it was not “basically done”, there were/are a mountain of CVEs!

But then this got my interest:

This does not “translate tests into pytest” or a unit testing framework, it writes its own testing framework where tests are whole python scripts that redefine basic test functions in every script. Surely there would be a single way to “run rsync and get the results” - nope, well, there is, but then every test file will randomly redefine its own _run_and_capture function.

tridge says he has used pytest on other projects and had good reasons not to use it here; I’m inclined to believe him.

But the notion of every test defining its own way to invoke rsync sounded like a valid criticism, and an easy one to verify, so I checked: It turns out that there is in fact a common run_rsync function which is used by the majority of the tests. One test defines its own _run_and_capture function (which differs in that it writes the output to a file, for reasons I didn’t investigate), and it looks like a few others invoke rsync other ways, but the majority of them use the common function.

So, that rambling thread’s sole concrete criticism of rsync’s new python tests turns out to be false.