I don't think iDrac are much better, though, in that regard.
There have been and there will be many stories about these BMCs, unfortunately.
One thing seems for sure: they should be in an isolated network or even better: unplugged.
Pretty uninformed move. Or yet another marketing stunt.
Cryptocurrencies are not bad (edit: for the climate) by essence. Some are (e.g. proof-of-work based consensus ones). Some aren't (e.g. federated bizantine agreement).
The latter does not consume a lot of energy to reach decentralized consensus. That's why I like XLM.
Disclosure: I do not own any crypto assets (edit: and I never did in the past either). I am just an applied cryptographer.
Also, this quote neglects the fact that many contributions are authored by employees of big tech companies, like Microsoft. The author of this quote needs to learn about how to use git log --author="@some_big_tech.com"
I suppose you want protection from server compromise if you require client-side encryption. However, you should be mindful that if the code that encrypts your content is served by your server as part of a web interface, then an attacker can simply alter the code that is sent to your browser to leak your master password, or your files.
If you want secure client side encryption, you cannot rely on a code that is served by your server either. You will need to install an app.
Being a network security specialist, I'll ask these basic questions:
what's the universal definition of a private network?
does this measure make sense in IPv6 within the global scope?
is it the responsibility of the browser to secure against DNS rebinding?
My answers to these questions are:
there is no universal definition, so this approach is doomed by design
no
heck, no; that's the job of the webserver, by avoiding the so-called default virtual host. The Host/:authority header should always be verified, and this is sufficient to counter all forms of DNS rebinding.
I fear that ignoring tickets just makes them stack. Similarly, closing and locking tickets arbitrarily may affect your reputation. This may or may not be a problem depending on how you feel about your reputation. Still, it is worth remembering that some maintainers do care, and that they don't want to look bad (even though most would understand).
I personally don't think that setting a bar high to deter less motivated people from contributing is a sane approach. I suffer from poor quality bug reports every single day, at work, and yet, they often are an indicator of something that IS broken in my software. I need them.
The key difference is that I am paid for it, and that my contributors are also paid employees, that I have to work with every day, and that will learn over time.
Being on the receiving end of an endless streams of negative comments, for no other reason that being willing to share some of your work, as-is, is not an appropriate retribution. And even if that was a paid job, I'm not sure one would want to keep it.
I don't think the issue is whether contributors are tech pros or not, and whether one should do gatekeeping. I think that the point is that it is worth remembering, when you contribute an issue to a project, that the maintainer is a human being, probably giving some of its own free time, out of passion and compassion, to fix your issue, and that negative comments are plainly abusive and should probably be worded in a gentler way.
In that case, I would recommend Fedora Silverblue :)