Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)H

hersh

@ hersh @literature.cafe

Posts
1
Comments
124
Joined
2 yr. ago

  • Lawsuit Alleges That WhatsApp Has No End-to-End Encryption

    Jump

  • For most: yes, there is a risk that the vendor has included a backdoor. There is also the risk that they are straight-up lying about how their service operates.

    For Signal in particular: You can verify that their claims are true because you can audit the source code.

    The Signal client is open-source, so any interested parties can verify that it is A) not sending the user's private keys to any server, and B) not transmitting any messages that are not encrypted with those keys.

    Even if you choose to obtain Signal from the Google Play Store (which comes with its own set of problems), you can verify its integrity because Signal uses reproducible builds. That means it is possible for you to download the public source code, compile it yourself, and verify that the published binary is identical. See: https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

    You might not have the skills or patience to do that yourself, but Signal has undergone professional audits if anyone ever discovers a backdoor, it will be major news.

    You are more likely to be compromised at the OS level (e.g. screen recorders, key loggers, Microsoft Recall, etc.) than from Signal itself.

  • Featured

    What book(s) are you currently reading or listening to? January 27

    Jump

  • I'm also on a Brandon Sanderson kick (for roughly two years now). I'm currently reading The Sunlit Man. It's good, but don't read it until you finish the Stormlight Archive series and the standalone novella Shadows for Silence in the Forests of Hell. Most of the Cosmere stories are fairly approachable in isolation, but this one is very dense with references to established characters, places, and lore, to the point where it should be considered a sequel or spinoff. Even I feel a little lost!

    If anyone's looking for an easy way into Sanderson's Cosmere (it's intimidating! I get it!), I highly recommend the novella The Emperor's Soul. It's self-contained, it's short, and it's just a fantastic story. If you prefer listening to reading, Graphic Audio has an "audio movie" version which is a nice taste of what they offer, too.

    @dresden@discuss.online let me know if you want recommendations on reading order before you continue on to The Lost Metal.

  • What are your thoughts on RCS messaging now that you can use it between Android and iOS?

    Jump

  • Last I checked, there is still no way for developers to use RCS on Android, so it's a non-starter for me. I do not and will not limit myself to first-party apps.

    Please correct me if I'm wrong. If there's an open-source RCS-compatible messaging app out there, I'd love to try it.

  • Amber the programming language compiled to Bash, 0.5.1 release

    Jump

  • One reason is that Python is not built-in on macOS anymore, so it's hard to justify using it for management scripts. Particularly when you do not have control of the execution environment to begin with. I've written some obnoxiously complicated bash (or zsh) scripts because I want to make sure it will run on a vanilla Mac with no additional dependencies. 10 years ago I would've done all that stuff in Python, but not anymore. Thanks, Apple!

    From a technical perspective, sure, I could push out a portable python environment and it wouldn't affect the rest of the system. But that comes at a cost. I don't want to fight for it, and I don't want to be responsible for maintaining it. It's easier to just use bash/zsh.

    Python is also too heavy for some embedded devices. Not sure if I can count on Amber scripts to run in a busybox environment but maybe?

    That said, if the question is "is it worth learning a whole new thing when I already know bash/zsh", I am not so sure. But in principle, I dig it, regardless of how practical it is with my specific background and needs. I mean, if I learned about this 20 years ago I feel like I might still be reaping rewards.

  • Google Starts Sharing All Your Text Messages With Your Employer

    Jump

  • That's a good rule of thumb, but as a direct point of comparison, it's not that bad with iPhones. Apple's MDM protocol is very particular about what admins are allowed to control even on company-owned devices. For example, admins can't see the Apple ID used on the phone and can't grant apps screen sharing permission without user approval.

    And we certainly can't access iMessage.

  • Orion Browser for Linux (Webkit-based) Alpha available by end of year "if all goes well"

    Jump

  • PSA syncthing-fork has changed owners

    Jump

  • I get that they don’t want to deal with Google Play

    Was that the reason? Shame they didn't just leave it on F-Droid and GitHub then. Nobody needs to use Google Play (at least not yet...)

  • I am learning that people simply do not care

    Jump

  • This reminds me of a line from the novel Popco by Scarlet Thomas: "Do what can, then stop."

    I repeat this to myself when I feel overwhelmed with the scope of a task, or when I start to let "perfect" become enemy of "good".

    For example, if you feel like you should stop eating meat but find that difficult for whatever reason, don't throw your hands up. Do what you can, then stop. Maybe that means eating meat a few times a week instead of every day.

    It applies to politics as well. I know plenty of people who refuse to engage at all because they don't feel like it's possible to do "enough". Do what you can, then stop. Maybe that means spending fifteen minutes before voting day to find the least odious candidate you can vote for. Maybe it means phone banking or joining a campaign. Maybe it means running for office. Or maybe it just means talking to some friends about issues that matter to them.

    Or maybe you're trying to lose weight. I think we've all seen people try and fail because there seems to be no middle ground between giving up and letting it dictate your entire life. Do what you can, then stop. Maybe that just means drinking more water and less of anything else.

    Don't beat yourself up just because you can't fix the whole world.

  • What's a good Google Drive replacement for syncing my Keepass database?

    Jump

  • I used to use Filen for this, but it never worked very well. The file provider path it returned to Keepass2android was only temporary, so it would break periodically. Did Filen change how that works?

    I eventually started using Syncthing instead. I connect to my home wi-fi often enough that it's never too far out of sync with my home PC. And since it's a local file, there's no issue with using absolute paths.

  • Has anyone else noticed that non Google search engines just stopped working with the tracker part of url removed?

    Jump

  • You should probably report that to the browser developer. Sounds like their tracker filter has a bug causing false positives.

  • TIL there is a law called Marchetti's Constant. Humans only tolerate commutes of less than ~1 hour. Housing outside that limit will fail.

    Jump

  • I was thinking that it sounded about right, until I read beyond the headline:

    Its value is approximately one hour, or half an hour for a one-way trip.

    WHAT. I thought he meant one hour each way!

    Are there any cities where that is the norm??? I've had sub-30 commutes in my life, and it felt like the height of luxury.

    I had a 1.5 hour (one way) commute for a while, and I was burned the fuck out after a year of that. It takes a toll on your health.

  • I want the "Android" / GrapheneOS sandbox experience on Linux, is it achieveable?

    Jump

  • To elaborate on this a little, you can use Flatseal to specify which directories a Flatpak app can have access to directly. For example, in a music player that stores the path of your music library, you'd want to use Flatseal to be sure it has direct access to that folder. This is similar to GrapheneOS's storage scopes.

    Aside from that, apps can also call on a file picker that lets you choose any file/folder on your system, and flatpak then creates a virtual path to bridge to that file/folder without exposing the entire rest of the filesystem. This is nice for one-time open/save commands, but doesn't work for apps that need persistent access to a specific directory like in the music player example. This is similar to Android's file provider API.

    I don't recall off the top of my head what flatpak apps have access to by default. Some subset of the home folder, I think?

  • The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.

    Jump

  • Thanks for the info. I have not really tested Seedvault myself so this is all good to know.

    Ironically, one of the main reasons I switched to GrapheneOS was because Google's backups were so frustrating and I was hoping Seedvault would be more comprehensive.

  • The Fairphone 5 price has been dropped to €499. The phone is designed to be the most advanced environmentally friendly smartphone.

    Jump

  • What's wrong with Seedvault?

  • Any opinions about Filen?

    Jump

  • I jumped on a lifetime deal they had a few years back. I mostly use it via the web UI and Android app, so I cannot comment on desktop or CLI client functionality.

    The Android app is "okay", but not great. Background photo sync doesn't work consistently; I need to manually launch the app periodically to jog it. I know Android is kind of aggressive about background services, but other apps do this better so I think this is on Filen. Perhaps they should run a permanent notification to stay alive 24/7, like Syncthing does?

    As with pretty much every other cloud storage app, it does not let me sync arbitrary folders/files, only photos and videos. sigh

    It uses Android's file provider API, so you can open and save files in most apps directly from/to Filen. However, this only seems to work for one-time use, not for apps that need to regularly open/save the same file. For example, when using Keepass2Android, you can have it store your password database on a cloud storage service. This works pretty well with Google Drive, but with Filen it loses the connection frequently because the pseudopaths the API returns are not stable over time (which makes sense, I guess, and is one more reason I want arbitrary local file sync instead). Personally, I went back to storing my Keepass database locally and then periodically backing it up rather than keeping it on live cloud storage.

    It's one of the cheapest E2EE cloud storage services I've seen (definitely the cheapest for me with the lifetime promo I got), and the core functionality of uploading and downloading files (and folders) works. That's good enough for me to give it the thumbs-up.

  • Anthropic has developed an AI 'brain scanner' to understand how LLMs work and it turns out the reason why chatbots are terrible at simple math and hallucinate is weirder than you thought

    Jump

  • But here’s the really funky bit. If you ask Claude how it got the correct answer of 95, it will apparently tell you, “I added the ones (6+9=15), carried the 1, then added the 10s (3+5+1=9), resulting in 95.” But that actually only reflects common answers in its training data as to how the sum might be completed, as opposed to what it actually did.

    This is not surprising. LLMs are not designed to have any introspection capabilities.

    Introspection could probably be tacked onto existing architectures in a few different ways, but as far as I know nobody's done it yet. It will be interesting to see how that might change LLM behavior.

  • isInHell = 'true'

    Jump

  • How it feels to use xkill

    Jump

  • I'm not sure what the exact model is, but it's probably from the Performa or Power Mac 5000 or 6000 series. It's low-res so it's hard to read, but the text next to the floppy drive says "PowerPC", referring to the CPU family used in Macs in that era.

    The screen looks like Mac OS 8. It's so low-rest that it's kind of hard to tell, but the menu bar at the top of the screen is clearly from Mac OS. Could be 7.5, but I'm guessing 8 since that's what's shown in the web browser.

    I think the left screen is showing Windows. Again, super low-res, but those look like Windows 95/98's blue window title bars and gray task bar at the bottom.

  • How it feels to use xkill

    Jump

  • Same.

    That was probably the intention. X-Files was at its height of popularity around this time (assuming 1997 by the Mac model and OS 8).

  • Linux @lemmy.ml
    hersh @literature.cafe

    How can I get OpenCL to work on Debian Bookworm with an AMD 7900 XTX?