Even with a 10% pay cut the VC will be remunerated over $1,000,000 per year, even despite the university’s poor financial performance.

Having worked at a university the waste is in plain sight. Vendor lock-in, consulting fees (especially with the Big 4), high executive pay, and compartmentalisation between professional and academic staff are high on the list.

In my area (different university) there was a constant stream of poor decision making. Moving to the cloud? Let’s hire a consultant to tell us what to do, and then do it in the worst possible way, instead of using internal capabilities! I suggested that the contract include provisions for “best practice” as listed by the vendor (HashiCorp) but this was ignored. The consultant gave us spaghetti Terraform code and an inefficient, high cost subscription layout.

The professional and academic staff barely talk in my experience. Academics do their own thing as much as possible. Professional staff throw solutions over the wall, mostly because of the existence of the wall in the first place.

The university was looking at using “crotch sensors” (motion sensors under the desk) to measure desk utilisation, spending money on “smart” ambient sound solutions etc. in the executive building, and other high cost solutions looking for a problem, at the same time as freezing staff and threatening redundancies. I was denied training but offered access to an LLM subscription (GitHub CoPilot) along with other IT staff, because AI is the going buzzword being parroted by the executives.

The higher education sector seriously needs an external review… and a proverbial kick up the bum.

I sold my car last year and barely gave it a secomd thought (I still have access to a car on weekends). Money, environment and space-saving were all factors.

I don’t think government should be in the business of subsidising driving (which is currently the case in multiple ways). Instead that money should be used to make public and active transport safe, convenient and reliable.

Here’s the actual paper of the technology (Prio) that it’s based on.

Some problems stand out:

• It requires that the organisations (Mozilla and ISRG) not collude to decrypt the secret share (probably reasonable)
• The paper suggests registering end users to protect against Sybil attacks.
• The scheme requires the organisations to correctly withhold results from advertisers until there are sufficient results.

I’m not overly familiar with the tech stack but I’d be concerned about browsers using a persistent UUID to send impressions to Mozilla’s API.

The biggest elephant in the room is that seemingly nobody wants the damn thing. It offers nothing to users, except maybe a good feeling inside that they’re supporting AdTech. It offers AdTech less than the current deal where they can collect obscene amounts of personal information for targeted advertising.

PSA: if your financial institution/government/<other website> is using SMS codes (aka PSTN MFA) for multi-factor authentication they are practically worthless against a determined attacker who can use SIM swap or an SS7 attack to obtain the code. Basically you are secured by a single factor, your password. If your password is compromised it may be sold via black hat marketplaces and purchased by an attacker who would then likely attempt to break that second factor.

The best way to protect yourself is to use a unique password; a password manager especially helps with this. Sometimes institutions will offer “Authenticator” (TOTP) as a second factor, or PassKey authentication, both secure alternatives to SMS codes.

Here in Aus I’m working with Electronic Frontiers Australia to try and force some change within government and financial institutions (via the financial regulator). Most banks here use SMS codes and occasionally offer a proprietary app. One of the well-known international banks, ING Bank, even uses a 4 pin code to login to their online banking portal. 😖

Unfortunately SMS codes are a legacy left from old technology and a lack of understanding or resourcing by organisations that implement it. Authenticator/TOTP tokens have been around for 16 years (and standardised for 13 years), and PassKeys are relatively newer. There is a learning curve but at the very least every organisation should at least provide either TOTP or PassKeys as an option for security-minded users.

I have a bicycle crate in my rear rack (40L from memory). I can just throw my backpack and/or shopping in there and be on my way. No issues transporting when empty. I avoid riding in the rain but I guess a waterproof bag would help for that. It’s durable, the main concern is the rear rack. I had to replace the cheaper rack that I bought last year after the welding snapped in a few places over time (I had it held together with duct tape for a while). My new rack should be much more sturdy this time around.

I have access to borrow a car which I do every few weeks so I don’t need to over engineer my bike setup too much.

Yeah 100% agree. I put in a submission to the joint select committee on social media a while back saying as much. The concept has Meta, X, Microsoft, Google and the big players in mind. Even if it is just the big players it’ll have unintended consequences, privacy being the main one. Digital ID providers, public or private, not using standards and only supporting Google Play and Apple App Store is a big issue.

I personally don’t care about the concept of the eSafety Commissioner that much. I think the idea of a government body that looks at cyberbullying cases is possibly misguided (way too high up) but I’m not overly concerned with that aspect. Julie Inman Grant is ex-Microsoft and ex-Adobe, two organisations which are pretty hostile to users’ rights. She is constantly requesting more powers to solve an unsolvable problem. There are massive problems with X and Meta, but some of the solutions she puts forward are just draconian like mandatory ID and client-side scanning. Their strategy page is a thinly veiled pro-big tech piece talking about concerns about potential lack of authority in decentralised computing.

Yeah, eKaren is really not far off the mark as far as name calling goes.

On one hand, the hate that’s being directed to the e-Safety commish is disgraceful.

On the other hand she is effectively proposing an internet licence for all Australians to be able to interact online via mandatory age verification. It applies to all social media sites but the definition of social media is so vague it basically just says a digital service which can be used to communicate with other people. She is deserving of our scrutiny.

https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Social_Media/SocialMedia/Terms_of_Reference

Yeah it is a bit of a pain. I currently only have a few users. Tooling-wise there are ways to tail the journals (if you’re using journalctl) and collate them but I haven’t gotten around to doing this myself yet.

At work we use separate clusters for various things. We built an Ansible collection to manage the lot so it’s not too much overhead.

For home use I skipped K8s and went to rootless Quadlet manifests. Each quadlet is in a separate non-root user with lingering enabled to reduce exposure from a container breakout.

It’s called Microsoft Clarity, and yes, Teams does it https://clarity.microsoft.com/ https://en.wikipedia.org/wiki/Session_replay

The company behind GitLab is seeking buyout offers, so make of that what you will.

My employer uses GitLab CE and it’s pretty good, and it is FOSS. The EE version is “open core” so not really FOSS.

If I were starting from scratch I’d be looking into Gitea/Forgejo as well.

There are different types of cycling. I would always wear a helmet to work because I live 6km away and it’s a decent ride. There are hills and I often get to a reasonable speed.

Compare that to someone living in South Brisbane commuting to the CBD, or someone going for a leisurely bike stroll on the riverwalk - they may not go fast at all. We don’t wear helmets whilst walking or jogging, but why is it mandatory for a slow ride?

The big reason helmets can be offputting is because they can mess up your hair. If the city wants to encourage people who live relatively close to their jobs to ride in, more flexibility on helmets could be a good thing.

FWIW I do think helmet safety should always be encouraged. Riding down a hill? Going more than a leisurely stroll? Wear a helmet. Makes sense. But it’s really not that necessary for people who are riding slow.

You can definitely work in an office job, bring your clothes in your bag and get changed at work.

If that’s not your thing, catch PT. Nobody’s saying you have to do the cycling thing. But plenty of people ride into offices for work and wear their smart clothes just fine.

I ride all year round in Brissie. I find my comfort level depends on when I ride, distance, speed and my bike setup.

First, I ride to and from work in the morning and arvo when it’s cooler, not in the middle of the day.

I ride 6km each direction which is manageable. In winter I barely break a sweat. In summer I have a shower on each side. I can and sometimes do get away without showering by riding slowly. Or I just catch PT if I’m going somewhere else after work.

The other thing I noticed is that not wearing a bag helps a lot with reducing sweat on my back. I have a basket on the back of my bike and just throw my bag in. A lot of other people use pannier bags.

Everywhere that I’ve worked so far has had an End of Trip facility except for my supermarket job as a teenager.

I much prefer Librewolf. They are a little more transparent about it is, an independent, open source repackaging of Firefox with Arkenfox(ish) patches applied to it, rather than an entity which signs up for deals with other businesses.