Curious how none of the coverage of this launch mention that the app isn’t actually open-source (though they pretend to be an open-source project), which makes all of their claims of “end-to-end encryption” worthless...
Several things, but the issues focus around the company running the show, rather than the API. Their ‘binding rules’ have an outrageous number of loopholes.
“We won’t sell any assets ever! Unless… someone buys us. Or if we decide there’s a benefit to selling the assets.”
“We reserve the right to do whatever we deem fit with non-profit money, so long as it benefits matrix.”
Matrix was ‘de-federated’ from Libera.chat because Matrix admins refused to properly moderate their servers, respect privacy, maintain reciprocity, etc. There’s a whole letter explaining the hair ball that occurred.
Their explicit goal is monopoly. Every thing should use our API. Everyone should federate. (Share your data with our servers.)
Companies are companies. Non-profits included. Non-profits are just a way of saying, “We’re not going to the stock market, but we can still funnel money into various pockets… especially our own, or people we want to pay money to.”
Foss/Floss is about ownership, control, modifiability, ect. being handed to whoever owns it. Matrix is about ownership being shared with Matrix.
It’s a wondrous API. Everyone should use it, and set up their own private self-cleaning servers.
That would be the case if it wasn’t a flagrant violation like, “These matrix rooms are spying on these chat rooms without announcing the users in the matrix room”, and Matrix refusing to fix it when informed.
Imagine if Matrix did that to their user base. “We’ll occasionally drop in to listen, or pipe your conversation to other people, but you won’t see the, “x joined”, notice. Cheers!” Creepy spying, the polar opposite of privacy.
Matrix was ‘de-federated’ from Libera.chat because Matrix admins refused to properly moderate their servers, respect privacy, maintain reciprocity, etc. There’s a whole letter explaining the hair ball that occurred.
SimpleX Chat is an instant messenger that is decentralized and doesn’t depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations....
Thought this was a good read exploring some how the “how and why” including several apparent sock puppet accounts that convinced the original dev (Lasse Collin) to hand over the baton.
Unless you happen to have a friend that wants to get in on it, you’re basically always picking a stranger.
At risk of sounding tone deaf to the situation that caused this: that’s what community is all about. The likelihood you know the neighbors you’ve talked to for years is practically nil. Your boss, your co-workers, your best friend and everyone you know, has some facet to them you have never seen. The unknown is the heart of what makes something strange.
We must all trust someone, or we are alone.
Finding strangers to collaborate with, who share your passions, is what makes society work. The internet allows you ever greater access to people you would otherwise never have met, both good and bad.
Everyone you’ve ever met was once a stranger. To make them known, extend blind trust, then quietly verify.
Imagine finding a backdoor within 45 day of it’s release into a supply chain instead of months after infection. This is a most astoundingly rapid discovery.
Fedora 41 and rawhide, Arch, a few testing and unstable debian distributions and some apps like HomeBrew were affected. Not including Microsoft and other corporations who don’t disclose their stack.
Anonymous data is useless. Most any data can be de-anonymized. And tracking data is always to “improve services” until the companies are offered significant sums for it…
What was the first ever distro you installed and used? For me, it was Mint as I seemed like the closest thing to Windows minus all the forced updates and chappy changes....
I had not suitably prepared. I was a Windows Vista power user who heard how I could crack some Wi-Fi and gave it a whirl.
My chips went into one basket and me, oh my, was the transition ever so uncomfortable. What was dual booting? Who knows. Long story short, I made a mess for myself. I went through a significantly steeper learning curve than most, though it introduced me to script kiddie tools, programming, and eventually exploits.
Now a decade or so later, I’ve settled away from Arch to Debian. Though I miss the bleeding edge, my update frequency has lost much of it’s zealous edge.
VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?
C-I-A Confidentiality, Integrity, Accessibility. They don’t need the keys for C or A. Only one option remains. To modify the code and pass it off as code VLC wrote or signed off on.
Likely to install malware and re-sign. Brazen identity theft.
Maybe I’m wrong, they could use VLC’s private keys to gobble encrypted communications too.
Darren Kitchen from Hak5 has an amusing story about a bank teller who assured him email was entirely fine to send sPII through. “No sir, you just need to send it to us, and once we have your information then it’ll be secure.” No encryption. So, yes.
Also look into the Equifax security breach. Un-patched software for months.
It makes almost no sense to have a password length limit. 1_000_000, that’s One Million, characters is equal to 1MiB. That’s twice the length of the Lord of the Rings Trilogy and much less than most modern webpages. After hashing, which is how passwords should be stored, text length is irrelevant. All hashed inputs come out the exact same length. 65 characters for SHA256.
Very much known for their horrible security practices, yes. Absolutely.
Never mind the biblical bit where god says he creates evil, you’ll never convince the religious with facts and logic. They’ve got to feel it or realize it themselves.
My, what a benevolent god is god to bet with the life of his most loyal worshiper. A bet he looses… against Satan? And then god goes down and brags about his achievements to cow his tortured worshiper?
That actually fits with the days of Olympus quite well actually.
Also, slaves, I mean servants are all virtually identical, right? Not like you can get attached to people who are just servants.
And god’s divine plan for all of those people goes out the door as soon as Satan is like, “Is this one person really faithful though? If I take all the things you granted him, will he still love you?”
But a good representation if god existed, we’d all be toys. God would’ve planned all this from the start with his omnipotence when he set all the pieces in motion like an enormous rube goldberg mess to torture people for no reason. Create evil indeed.
You should always back up your OTP secrets, but I agree Yubikeys are a good choice. You can get USB A for $25. I think the Yubikey 5 grants you app access for an additional $25 or more? Pass.
Kyle Rittenhouse abruptly departed the stage during an appearance at the University of Memphis on Wednesday, after he was confronted about comments made by Turning Point USA founder and president Charlie Kirk....
Because the actual story fits blearily enough well with republican’s “good guy with a gun” mythos. Trigger Warning: Violence, Death, and Bodily Injury.
If I’m wrong, please correct me and cite your sources.
a guy who is famous for murder
Correction: Famously accused of murder and acquitted of all charges despite rigorous cross examination and ever increasingly difficult hurdles to claiming self defence… such as assuming provocation incited the first attacker. Also despite intense political pressure from then and current POTUS Joseph Biden, who was vocally in favor of murder charges until after the not-guilty verdict was delivered.
His first attacker, Joseph Rosenbaum (deceased): “The man with a toothbrush.” A belligerent 36 year old bare chested man. Chasing a 17 year old with a firearm, who was running away. A convicted child molester. At the time being tried for assault and out on bail. Shot at close range.
His second attacker, Anthony Huber (deceased): An avid skater, chasing down a presumed murderer fleeing in the direction of the police. Assailed the accused in the shoulder, neck, and head with a skateboard and grappled over the rifle. Shot at close range.
Third, Gaige Grosskreutz the star witness of the trial: a trained paramedic who chased the presumed murderer alongside Anthony Huber. Confronted the 17 year old, who had immediately prior, shot Anthony Huber while wrestling on the ground. Drew his pistol and immediately lost his right bicep upon pointing his weapon at the accused.
The 17 year old, Kyle Rittenhouse, then approached officers with his hands above his head, and was told to get out of the road. Fears of a mass shooter caused the crowds to disperse.
Please stop calling the idiot a murderer. He was acquitted, and the people who attacked him are none too heroic after looking at their part in the events, nor after seeing their criminal records.
Believe whatever you like, I’m not the world thought police. Discredit yourself if it please you. Fantasy is often preferable to reality and I won’t fault you for it.
you keep on living in your fantasy world down there in the States
You’re as likely to be Mr. United States as I am Mr. Canuk.
Apologist, possibly. I will absolutely defend that which I hold true. As a pedant, I will assert molesters are not rapists for molesting, rapists are not murderers for raping, and correctly classifying terrible things or events is not apologising, defending, or minimising. By all means call him a killer.
Murder apologist is a straw man I won’t be stepping to.
Kindness to remind myself not to lash out or insult people over internet comments. What’s your username mean?
As far as discrediting the trial, the jurors determine guilt.
In America, the judge is allowed to dismiss or accept evidence and facts, which can skew a trial one way or another. However, this trial was almost ridiculously thorough. The jurors were not aware of the attackers’ backgrounds, nor were allowed to consider the attackers’ other actions that night. Jurors were told to consider the defendant had instigated the incident. On the stand, the paramedic admitted he expected he wouldn’t have been shot if he didn’t point his firearm at the defendant, meaning he was aware he wasn’t chasing a mass-shooter, and might otherwise be called a murderer by everyone who is calling the defendant one.
It doesn’t matter how shit these people were a random guy with a gun doesn’t get to decide if they live or die.
A valid point. Do you feel the same way about the paramedic?
Rittenhouse out himself in that situation
Another valid point. I agree.
C.
Please yourself. Your assessment and a definition are worth something.
How you sound to others is your problem, but personally I’d suggest you pick up a dictionary and then go with something more astute, such as killer, man-slayer, or gunman. Possibly gunboy.
The paramedic is an attempted killer too. Where is your outrage over Gaige chasing a killer to kill him? What of his lack of trial?
Just as well. The conversation is a shambling waste. You’re only here to feel justified anger I suppose, so we may as well go our separate ways. A pleasant morning to you. Ciao.
“The most recent example is a now-merged merge request to revert an earlier change bumping the Zlib dependency for Mesa. The basis for that revert is that it breaks SPECViewPerf.”...
I very much agree with, “don’t break userspace”, and this was a wise choice.
On the other hand, if capital becomes the developers’ core objective and they would not have made the same action for plebeian users, this would be an outrage.
Most cryptocurrencies do not have this. It is trivial to tie bitcoin to an identity. Given the nature of publicly posting the transactional records, all it takes is tying any given purchase to someone one time, to identify them and view their entire purchase history.
mining cryptocurrencies has a high initial energy requirement, but it scales really well in terms of transactions,
Objection. Proof of work negates this. By making rapid block solving intentionally more difficult in order to slow down said solving, energy wasted on solving increases exponentially.
More transactions means a new block is completed faster. Last block was solved too soon, so tack another zero requirement to the next hash. More computation and energy wasted when there are perfectly acceptable hashes almost instantaneously.
Trust me on this. I know what you’re thinking, “Blindly trust an internet stranger? No thank you.” That’s good, but this time, you should listen because you care about your privacy.
It’s not different enough to matter… yet.
Identifying users was still trivial as of 2 months ago, which is the last time I brushed up on implementing smart contracts. Bitcoin Lightning came out somewhere around 7 years ago. Unless something fresh and hot hit the market within the past 60 days, and has been implemented, do not, I repeat DO NOT trust your privacy to bitcoin, especially if you’re doing something your governing body disapproves of.
Monero’s privacy protections are still a generation ahead, but still not a big headache for the good ol’ 5-Eyes. Probably not for the 14-Eyes either, but who knows what they know.
talking about blatantly illegal transactions, like trafficking or drug deals, but if that’s not part of someone’s threat model
I am talking about anything that might become a skeleton in your closet, when political winds change. If you:
donate to anyone religious, vocally non-religious, political, controversial, extreme, or critical of government.
are American and can be linked 3.5 degrees of Kevin Bacon to any Russian.
purchase cakes from bigoted religious Christians.
bought merchandise of controversial figures
donated to the guy who taught his pug to Seig Heil and plan to visit Germany.
transfer money to protesters.
contribute to public defence funds.
purchase “suspicious” amounts of nearly random chemicals for reasons you don’t care to explain.
purchase novels with Russian or Chinese themes and undertones.
do anything your governing body or enforcement division disapproves of.
The likely-hood of you becoming a big enough thorne for governments is small, but they are ultimately the key holder to your privacy. That should be your threat model.
if I choose to run for office
De-anonymizing crypto users is not illegal. Posting it is illegal, but finding out what you purchased for a smear campaign? Totally fine in most western countries. Advanced persistent threats would be that future’s threat model. It is not hard for large political organizations to hire teenage nosy geeks to dig up OSINT dirt. Your level of risk tolerance is your choice. If it’s too much hassle, it’s too much hassle.
That said, the largest governments in the world have signed a cooperative agreement to share and process data they are currently collecting, regardless of the legality of collecting it.
Purchasing privacy coin, using TOR(Yes, in caps. They don’t get to set the rules on acronyms.), doing anything “out of the ordinary” will likely warrant investigation into your affairs. Once they have that data, their track record of protecting it is not so good. “The Pentagon”, “ANAO”, and this one doesn’t even mention why the UK suddenly needs a new task force with Russian advanced persistent threats “on the horizon”.
Everybody else: If you just don’t want your neighbors to know you have a fetish, knock yourself out with lightning and have the package gift-wrapped.
I like what you’re saying, but I see it differently.
Which is balanced by decreased value of additional coins, so less interested miners should drop out.
What people should do is not what people will do. Because of the hype, people are still investing into ever more expensive rigs and consuming ever more electricity competing in races they have no chance in until they realize they can compete in other races.
should primarily be excess green energy.
Yeah, it should, but it isn’t. Personally I’d prefer excess energy drive electricity prices down, rather than demand increasing reliance on more stable and constant sources.
I wasn’t going to reply because this conversation will likely no longer go in a positive or productive direction, but I’m quite peeved and decided to allow myself the gratification of issuing corrections.
you’re saying a buzz word without understanding the trade offs in designs
I understand quite well, and I resent you for not only assuming me to be an uninformed commentator, but for also having the audacity to state it as if it were fact.
POW doesn’t have to imply higher energy cost for more transactions
But it does imply it for every major coin on the market today, and said coin owners seem quite content with how things are, Only the fooled are interested in investing in another new block chain, which will likely turn into a scam as soon as someone realises the money they can steal.
What the world could be is not a rebuttal to its current state. Further it’s quite disingenuous to tell people problems aren’t problems because of what could be.
GPLv3 allows you to sell your work for money, but you still have to hand over the code your customers purchased. You buy our product, you own it, as is. Do whatever you like with it, but if you sell a derivative, you better cough up the new code to whoever bought it.
Very. Just have a good enough internet connection and hardware to download and run models. Interrupted downloads must start over. 4-41 GB. Otherwise find the source, use wget, and download to the correct folder.
By using the Services, you are directing us to share this information publicly and freely.
I’m sure you’re aware, but gdpr-info.eu/recitals/no-32/ specifically states data collection must be opt-in, emphasis mine:
1 Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her,
[…]
3 Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
4 Consent should cover all processing activities carried out for the same purpose or purposes.
5 When the processing has multiple purposes, consent should be given for all of them.
6 If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Long tale short, it depends, but likely yes unless reddit stops what it is doing.
Almost every post will contain experiences that could identify someone, so the wisest move would be to assume yes, or naively try to classify each post as ‘bread-crumb’ or ‘not bread-crumb’ for their specific processing then store and sell each separately. Non exhaustive list of personal data criteria:
If the comments are tied to, or not stored separately from, your identifiers, (email, IP, handle, site ID, location, etc,) then yes
If your comments are not anonymous or include details about you, then yes.
If the data will be processed to identify you, then yes.
If the data will be used to profile you, then yes.
Unique information about you, such as your subscribed sub-reddits, your browsing habits, the time spent on each link, your writing style, etc may also count as personal data if used to identify or target you.
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
[…]
(4) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
(5) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
[…]
(15) ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;–
Most proprietary companies will give very steep discounts or even free licences to schools and universities. If you introduce an entire generation of students to your software, students will gravitate toward what they’re familiar with when they enter the “real world”.
how vulnerable is the device to having its webcam exploited?
Every bit as much as Windows minus their proprietary spyware.
How vulnerable is a Linux device if you don’t take extra precautions like firewalls.
Depends on what links you like to click.
what makes Windows so much more vulnerable?
Fewer eyes on the source code. Effort to reward ratio, the 80-20 rule. 20% of the effort nets your 80% of the reward. Literally. Develop exploits for one platform, target 80% of average computer users. Or write exploits for hundreds of different distros for checks notes … 4%. Unless you like servers. There there’s a coin toss. 50% linux, 50% Windows.
Keep yourself safe, there’s malware for Gnu-Linux too. Install your patches when you can. Remove software you don’t use. Practice good cyber hygiene.
Automattic buys Beeper for $125MM, launches closed-source "privacy" app (techcrunch.com)
Curious how none of the coverage of this launch mention that the app isn’t actually open-source (though they pretend to be an open-source project), which makes all of their claims of “end-to-end encryption” worthless...
Why don't people here love SimpleXChat more? (simplex.chat)
SimpleX Chat is an instant messenger that is decentralized and doesn’t depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations....
XZ Hack - "If this timeline is correct, it’s not the modus operandi of a hobbyist. [...] It wouldn’t be surprising if it was paid for by a state actor." (lcamtuf.substack.com)
Thought this was a good read exploring some how the “how and why” including several apparent sock puppet accounts that convinced the original dev (Lasse Collin) to hand over the baton.
Found this out in the wilds of Nova Scotia. Looked like Debian (lemmy.world)
Your first distribution
What was the first ever distro you installed and used? For me, it was Mint as I seemed like the closest thing to Windows minus all the forced updates and chappy changes....
VLC - App stores were a mistake (archive.is)
VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?
Do you daily drive Wayland, if so since when, if not when will you?
I’ve been on Wayland for the past two years exclusively (Nvidia)....
Science rule (i.imgur.com)
Are hardware security keys worth it? If so, which to pick?
This isn’t strictly a privacy question as a security one, so I’m asking this in the context of individuals, not organizations....
Kyle Rittenhouse storms off stage after being confronted by students (www.newsweek.com)
Kyle Rittenhouse abruptly departed the stage during an appearance at the University of Memphis on Wednesday, after he was confronted about comments made by Turning Point USA founder and president Charlie Kirk....
What animal could you take in a fight? (lemmy.world)
article: The Significant Corporate Importance & Pressure Around Mesa Open-Source Linux 3D Drivers (www.phoronix.com)
“The most recent example is a now-merged merge request to revert an earlier change bumping the Zlib dependency for Mesa. The basis for that revert is that it breaks SPECViewPerf.”...
Thoughts on Cryptocurrency?
I was wondering what viewpoints and opinions this community has when it comes to cryptocurrency....
Open-source ChatGPT Alternative (jan.ai)
Response from Reddit regarding GDPR violation
TL;DR: I got a response from Reddit that basically says they’re not violating anything....
Open source in books at school in India (lemmy.ml)
What's your favorite terminal?
I’m looking for a new terminal. What’s your favorite one and why? Which one is popular?
Is it unnecessary to cover one's webcam on Linux?
Cross-posted to: sh.itjust.works/post/15859195...