These servers were a lot of fun. You got to pay taxes _in a game_! But seriously they were a lot of fun.

This is a nothingburger.

I have "private" repos listed in the dataset but they were all at one time public. Searching the SoftwareHeritage site I can find those once-public repos with ancient commits.

My private repos that were always private are not listed in the dataset.

FACT CHECK:

They are usually _not_ bullshit.

I love this level of transparency.

Yeah, whether necessary or not, it's still nice to have such a level of detail in a transparency report.

Sure. But I would love if they had considered this from the start:

>As a result we are currently developing new data retention and disclosure policies.

“I guess we don’t actually need that” should have been the idea from the start.

After a quick glance at the information listed in the report I didn't notice excessive data collection on pypi's part.

I'd say they followed "I guess we don't actually need that" approach reasonably well so far and good for them if they want to improve that even more.

One important thing to remember here is that PyPI was originally started in 2002 as a weekend hack project that grew overtime to become the piece of critical infrastructure it is today. There's a lot of stuff in PyPI that exists as historical baggage and cruft and reviewing them just never bubbled up to be a priority. Likewise a lot of the policies it has have been added and grown overtime as something happened that caused us to need one.

On top of all of that, it's volunteer run and has been understaffed for basically it's entire life, so sitting down and figuring out a proper data retention policy that takes a holistic view of everything we have just never bubbled up.

In general I think we already do a pretty good job of collecting a minimal amount of data, and hopefully with proper policies we can do an even better job.

I can't tell if this is sarcastic.

While they are transparent the events happened, they are not transparent about which packages and what authors are being flagged, which is unfortunate.

Is it possible that they can't publish that? Perhaps even not allowed to say that they can't publish that?

> While they are transparent the events happened

Considering they are admitting they will always obey government commands, including regarding non-disclosure of actions to affected users, it is prudent to assume they are, in fact, not transparent about events; only about those events which the government has let them tell you about. Other events (e.g. National Security Letters) may or may not have occurred.

They're not allowed to release that.

Edit

I read 'chaps as saying there was an NDA on the subpoena, but apparently there wasn't, so this might just be flatly wrong.

The NDA isn't the only reason you don't risk interference in an ongoing investigation though so regardless the basic point still stands.

Even in the absence of NDA, are you allowed to? Counsel has apparently advised them not to. Would it not carry the risk of being complicit to a crime?

Disclosing facts is not a crime.

There are lots of situations in which disclosing facts is indeed a crime. You are answering my specific question with a nice sounding maxim which is obviously not true in general.

Perhaps there is no NDA on the fact that subpoenas were issued, but still an NDA on whom they were issued about? Limiting The scope of such an NDA feels like a plausible result of negotiations after a motion to squash the subpoena.

Releasing the user names would not be respecting the privacy of the users.

Not OP but yeah. I don't buy into the whole "to protect you from bad people I need to erode your rights" argument.

Never made sense to me. Terrorists and other very bad people usually aren't in the business of following laws so I don't know what crimes you'd prevent by weakening the rights of everyone else.

I'm very unaware exactly what the issue is with this particular case, so be gentle, but what is the difference between the government agencies doing their job to stop criminals, and evil rights-destroying which it sounds like you are clearly convinced is what's going on?

Let's say someone stole your identity and in the process they emailed all your financial documents to example.anon12345(at)gmail. If you contacted the police and the FBI subpoenaed Google to force them to give them the details of whatever they know about that accountholder, is that bad and hurting the rights of somebody, or is it protecting your rights?

Does it change based on the despicableness level of the crime suspected? From one count of copyright infringement of a Taco Bell commercial, to organized retail theft rings, to identity theft, to CSAM, to terrorism?

I'm not saying you're wrong, I'm just curious what the "We hate subpoena power" argument is so I can decide where I stand on it. I feel mildly like I'm not as bothered as you are, but I suspect I'm missing something.

Also, should "online" operate under different rules than offline? If the "feds" have probable cause that some guy is a drug kingpin and they break into his office and his safe to seize evidence, is that equally bad as forcing Google to open up his Gmail account for them?

I mean, surveillance reduces crime. Wherever you fall on the spectrum of surveillance/privacy, I can guarantee if the government read everything everyone wrote/texted/read and recorded their every move, there would be less crime.

Great to know that. I'll let the parents of Uvalde know how surveillance reduced crime on the 1 year anniversary of the school shooting.

Surveillance does not reduce crime, tending to people's basics needs so that they don't need to commit crimes reduces crimes.

Is a subpoena of 5 specific users' data, presumably with the purpose of getting evidence about things that already happened, the same as 'surveillance'?

> the government read everything everyone wrote/texted/read

is this really a relevant analogy for this? And yes, I've heard of the mass surveillance via telco that we did find out (through Snowden) was happening, and do think it seriously crossed the line. I'm just wondering if this kind of case at issue has anything in common with that malfeasance at all.

Is it your belief that they lacked any probable cause and are actually trying to persecute those 5 people for some reason?

Rather than try to argue against a position I'm not fully understanding, I'd like to hear how you think police should solve crimes with a significant "cyber" component.

To be clear, I'm not advocating for it. But if people couldn't use the internet/communications to plan or communicate criminal activities, crime would reduce (to some degree, meaningful or not).

Climate activism is also being considered an act of terrorism by some now (particularly some Christian party in Germany), dunno if those people label themselves as 'very bad persons'. Probably goes for all terrorists, but this might be easier to relate to as it's grounded in reality and we'd likely agree with the change they seek

Child porn and terrorism are the favorite subjects of politicians looking to enact a new law but idk if it's good to follow that thinking and use it as an example as opposed to a serial killer or something

Wow this channel was the first lego experiment videos I watched. I thought this channel was the same (no clickbait, straight to the content, no voiceovers) https://www.youtube.com/@BrickTechnology but I was mistaken!

Always through the browser!

I run it in a linux vm isolated from my mac system. It has access to the camera, network, and audio, but only when it is running. No host file system access. I just can't trust that company.

I only run it on iOS/iPadOS or on my work computer where if they don’t care enough about security to run Zoom, I am not going to be more royalist than the king.

WAG is so shitty about this. I absolutely need notifications but they constantly nag you.

Can I say _finally_ !!

DDG: image searching "tank man": "blocked by safe search" and then "sorry no results here" when disabling safe search entirely

Shawn Woods has a YouTube channel dedicated to trapping mice and other rodents. Most of his traps are homemade and don't require uncommon materials. A bucket, ramp, and water does the trick a lot of the time. https://www.youtube.com/user/historichunter