I’ve tried. SO many times. It’s just so damn clunky. I ended up using Krita (also FOSS) instead.

That’s why our instance has no downvote mechanism!

From the blog post OP linked in a comment:

We made an unrelated change that caused a similar, longer availability incident two weeks ago on November 18, 2025. In both cases, a deployment to help mitigate a security issue for our customers propagated to our entire network and led to errors for nearly all of our customer base.

It seems that the method they have of specifically propagating new security configurations to their servers is not a gradual or group-based rollout, it pushes certain changes to all servers at once, so uncaught bugs end up hitting everything instead of just some initial test group.

In particular, the projects outlined below should help contain the impact of these kinds of changes:

Enhanced Rollouts & Versioning: Similar to how we slowly deploy software with strict health validation, data used for rapid threat response and general configuration needs to have the same safety and blast mitigation features. This includes health validation and quick rollback capabilities among other things.

“Fail-Open” Error Handling: As part of the resilience effort, we are replacing the incorrectly applied hard-fail logic across all critical Cloudflare data-plane components. If a configuration file is corrupt or out-of-range (e.g., exceeding feature caps), the system will log the error and default to a known-good state or pass traffic without scoring, rather than dropping requests. Some services will likely give the customer the option to fail open or closed in certain scenarios. This will include drift-prevention capabilities to ensure this is enforced continuously.

So large skyscrapers, large nuclear plants, datacenters, etc would be state owned. Actually more…. This would be hundreds of the largest companies. This means the state would commandeer a company when what, the market cap hit a billy? The nav? That actually seems kinda crazy to do

Not state-owned, just state-managed. We already generally subsidize power plants, but for other large projects it could provide both funding and oversight of the build.

When it comes to really large companies themselves, if there’s a cap then they would just stop being such large companies, not be taken over.

But if you wanted to make a process for a company to grow beyond the $1B cap, my personal preference would be a system where depending on the level of impact to peoples’ lives, either something like monthly auditing of financials and business plans, or for companies operating in areas with a higher potential for harms, something closer to a Fannie Mae-style conservatorship, that would directly advise the company on minimizing risks (and potentially actually prohibit actions outright if they clearly were harmful). Ownership, stocks, profit, etc, would all still be private. We actually already embed IRS auditors in companies if they’re caught doing tax evasion, and I think of this more as a logical extension of that. We’ve tried voluntary compliance with laws and regulations, and too many of the very large companies are happy to flout them, and use their wealth to help them do so.

You quoted the wrong part, then. The company cap that Phoenixz proposed was $1 billion, not $10-20 million. Companies can easily build larger-scale projects with a billion, and projects that are going to run over that should probably be weighed against public interest and publicly-funded and managed, if they’re beneficial.

personal net [worth]

personal

Privately owned power plants aren’t built and owned by individuals with their personal wealth. Ditto for 99% of large buildings. And we can do without the personal skyscrapers, yes.

Corporate wealth needs its own set of guardrails and limits.

Guarantee that their lawyers told them they were a huge, illegal, indefensible liability, and it was better to axe them than potentially pay the per-work copyright violation penalties.

Ten years was the total time for everything under the “larger overhaul”. The frontend website portion is not broken down.

92 million dollars over cost on a 4.1 million dollar project is not incompetence and mismanagement.

Doubling the cost of a project should have triggered reviews or an audit. 23x’ing the cost of a project is either corruption, or such gross negligence with public funds as to be criminal all on its own.

Minchin said the total cost “includes the previously stated $4.1m required to redesign the front end of the websites”.

“The remaining cost ($92.4m) reflects the significant investment required to fully rebuild and test the systems and technology that underpin the website, making sure it is secure and stable and can draw in the huge amounts of data gathered from our observing network and weather models,” Minchin said.

So 92 MILLION dollars on SQA and maybe some pentesting? Bullshit. Pentests run $50k-$400k for single-domain websites like this, and $400k is on the very expensive end.

Even if you paid 30 people $200k apiece for 4 years to work on this, which is more people and at higher salaries than would have happened, that would still only come to $24m, less than a third of the cited cost.

There is no possible way for this to have legitimately cost this much. There was corruption of some kind involved.

Packing more transistors into the same space is not the same as “innovation”. There’s more innovation in late-90s-early-2000s handheld Windows CE 3.0 devices than there are between modern smartphone designs.

Take

these

for

example.

that means adjusting to a shrinking market no matter what your company does.

Which is good. Markets are supposed to go up and down, and responsible businesses would have the capital reserves to weather the troughs, but no (public) companies are responsible anymore, and they waste any capital reserves on appeasing short-term shareholders who don’t give a rat’s ass about the long-term prospects of the company.

They know that verification is happening as we shift rightwards, but instead of being the ones beholden to implement an age-verification system that puts them at risk, they want to have device manus do it, which would absolve PH from any responsibility. It’s a business move, on their part.

I also wonder if people do more secure passwords for important services.

In my experience, most people have at most 2-3 passwords, and some do choose a “more secure” one for things like banking and work. Very few people use a password manager.

But my question is, are these only “hacked” passwords? Because those who are not hacked, you don’t know what passwords they have. So this is a bit of bias here, right?

No, that’s not how these are obtained. Password dumps are from attackers breaching a site’s user database and dumping their credentials, usually by phishing administrators’ logins. Attackers are brute-forcing passwords anymore except on a one-off, very rare basis. Here’s a list of publicly-known password dumps, and you can see details about where they came from: https://haveibeenpwned.com/PwnedWebsites

It’s very valid. The password dumps they’re analyzing aren’t based on attackers brute-force, they’re based on attackers breaching sites’ backends and dumping the user databases. Some of these are sites with millions of records, and when you look at credential-stuffing lists (which are aggregate lists of currently-accessible accounts using previously-breached credential pairs), it adds millions more.

Sort this list by year, and you can see there’s tens of millions of leaked passwords in 2025 alone: https://haveibeenpwned.com/PwnedWebsites

“Self-replicating GPUs that devour the world”

“Wake up honey, new apocalypse just dropped!”

I think in part because 90s Internet was before the majority of millennials were really heavily online. I’m an '88 millennial, and my childhood Internet was still early 2000s, mostly.

Stuff like IRCRizon and Limewire and Geocities and even Gaia Online over DSL, rather than BBSes over probably AOL dialup (I had that as a kid, but only as a very young kid, i.e. literal preteen.

Nyan cat and motivational poster memes are my golden age, not Usenet.

I’ve used CF tunnels myself, but I’m sitting at home rn so it doesn’t matter. Watched ID4 a bit ago, no streaming services necessary.

Sucks for everyone without a dope homelab/ home data center setup!