mox

mox , 2 days ago

In general, if something is possible to exploit, some companies will exploit it.

Figuring out which ones do can be difficult-to-impossible, since that information is not usually available to the public, or in many cases even to most employees. Unless a whistleblower steps forward, the best we can do is guess, and take whatever precautions we feel are worthwhile.

mox , 3 days ago

There have already been reports of people being banned and finding their posts restored in response to their attempts to delete them.

mox , 3 days ago

The open-source licenses that I've used don't require surrendering copyright.

mox , 3 days ago

doesn’t look like FOSS, just open source.

Open-source software is FOSS by definition. Did you mean source-available?

mox , 3 days ago (edited 3 days ago)

I was replying to this exchange:

Could mean FOSS but they keep the trademark.

Sure, but that’s unlikely, given the wording. “Owner of the software” is fairly clear

The article's text said, "Winamp will remain the owner of the software". That does not, in fact, preclude giving it a FOSS license, nor does retaining a related trademark. GP was correct. They can make it FOSS and keep the trademark and copyright. I don't see any reason to think it unlikely.

The creator doesn’t “surrender” their copyright, but someone can fork it and then have ownership of their version

Forking someone's copyrighted work does not change ownership of the rights in any jurisdiction that I know of. If you meant "ownership" in a difference sense, like maybe control over a derivative project's direction, then I think choosing a different word would have made your meaning more clear.

mox , 3 days ago (edited 3 days ago)

And FOSS is an umbrella term encompassing both Free software and Open-Source software.

I'm glad to see people taking interest in the meanings behind these terms. We all benefit from understanding them better.

mox , 3 days ago

Doesn’t FOSS refer to software this is both free and open source?

Not exclusively, no. It's an umbrella term.

https://en.wikipedia.org/wiki/FOSS

mox , 3 days ago

Indeed. I clicked reply before your edit. Here is the key part of the quote you selected:

FOSS is an inclusive umbrella term for free software and open-source software.

That means Free software qualifies and FOSS, and Open-Source software qualifies as FOSS. It's a broader category, not a narrower one.

mox , 3 days ago (edited 1 day ago)

I’ve been thinking of OSS and source available as interchangeable.

Nope; they are distinct terms. Source-available is just a general way of saying that the source code can be (legally) acquired. It doesn't meet the standards of open-source software (OSS) or Free Software, both of which guarantee certain rights and freedoms, such as permission to make and redistribute changes to the source code.

https://opensource.org/osd

https://www.gnu.org/philosophy/free-sw.en.html#fs-definition

It's understandable that it might be confusing, though, since some people use the terms casually without understanding that they have specific meanings, and since both phrases use English words that could be interpreted to mean something else. (For example, "free software" doesn't mean software whose price is zero, and "open-source software" doesn't mean software whose source code is published in the open.)

Edit to add: Like many English words, the context in which they are used affects their meaning. The field of software is such a context.

But now it kind of seems to me that free software is interchangeable with open source software. Is it just a matter of branding?

The two overlap, but are not exactly the same. The umbrella term FOSS evolved to encompass both, because there is so much overlap between them that having such a term is often useful.

mox , 2 days ago

Inclusive umbrella term. It means the software has to be both free and open source.

You are mistaken, but I won't argue about it.

mox , 2 days ago

The Free Software Foundation can make whatever definitions they want, but they don’t supersede regular English.

https://www.merriam-webster.com/dictionary/term%20of%20art

mox , 3 days ago (edited 3 days ago)

The right way to do this is to self-host your analytics.

I don't know which tools are popular for this nowadays, but something like Matomo On-Premise might be worth a look. I expect you can find more with a web search. Keywords: open-source self-hosted web analytics.

mox , 3 days ago (edited 3 days ago)

VPS can be had very cheap: https://lowendstock.com/

Also, it might be worth looking for analytics software that can get its data from web server log files. I have done that with Apache and Nginx in the past. These days, I wouldn't be surprised if such software can ingest the log files created by Amazon's S3 free tier. You wouldn't have to manage a VPS with that approach.

Of course, if you're letting a major data collector like Github (Microsoft), Amazon, or Cloudflare serve your site, it's not particularly good for privacy to begin with.

mox , 5 days ago

To know what features people are using, how fast it’s running, know what hardware and where it’s being used, and to try to investigate crashing issues?

None of those things are what's being discussed here, or what GP asked about. As stated in the article, this is about categorizing people's searches.

mox , 5 days ago

Which algorithm are you referring to exactly?

In general, people are wise to use ciphers and protocols that have been examined by the global cryptography community and have held up to that scrutiny.

mox , 5 days ago

There is also Matrix, which has advantages over both of them.

mox , 4 days ago (edited 4 days ago)

Matrix is shit atm mate

No, it is not.

bashes XMPP for no real reason .

No, it does not.

Briar and SimpleX is the gold standard for now

No, they are not. They might fit a certain niche (or could once they mature) but neither is a good general-purpose messenger, because their goals and designs inherently limit usability.

No messaging platform fits every use case, but Matrix is great for general-purpose private messaging that anyone, anywhere can easily use, without Google services, without a phone number, and without being vulnerable to shutdown if a single country's laws turn unfavorable. It has other advantages as well. It's not flawless, but is constantly improving, and is already very useful to many people.

If you have a specific criticism that you can actually support with facts, you could bring it up for discussion. Slinging vague attacks that look a lot like something one might see in a poorly-informed reddit post doesn't help anyone.

mox , 4 days ago

The clients and servers are laggy

Which ones, exactly? The largest public server was laggy about two or three years ago, but hasn't been recently in my experience, and in any case, you can pick a different server or run your own. I have never seen a laggy client.

federation is shit etc .

Again, that doesn't match my experience, and what you've written is too vague to have any useful meaning.

no hope in arguing .

Apparently not. Good day.

mox , 4 days ago

Which server software are you running? Any recent experience with Conduit or Dendrite?

mox , 4 days ago

I wonder if Conduwuit would be worth a try. I don't know anything about the maintainer or what led to the fork, but I see it already has active contributors.

mox , 3 days ago

Signal is fully open source! You can run it on-premises, if you know your business!

Why are we not talking about it?

Unless something has drastically changed recently, the official Signal service won't interoperate with anyone else's instance. That makes its source code practically useless for general-purpose messaging, which might explain why few are talking about it.

mox , 3 days ago (edited 3 days ago)

on your own premises, for your own users/community in case you are not trusting Signal’s infrastructure.

Yes, that's an example of data (and infrastructure) sovereignty. It's good for self-contained groups, but is not general-purpose messaging, since it doesn't allow communication with anyone outside your group.

If you know any other similar alternative with strong encryption open source protocols please let me know! I love learning new things everyday!

Matrix can do this. It also has support for communicating across different server instances worldwide (both public and private), and actively supports interoperability with other messaging networks, both in the short term through bridges and in the long term through the IETF's More Instant Messaging Interoperability (MIMI) working group.

XMPP can do on-premise encrypted messaging, too. Technically, it can also support global encrypted messaging with fairly modern features, with the help of carefully selected extensions and server software and clients, although this quickly becomes impractical for general-purpose messaging, mainly because of availability and usability: Managed free servers with the right components are in short supply and often don't last for long, and the general public doesn't have the tech skills to do it themselves. (Availability was not a problem when Google and Facebook supported it, but that support ended years ago.) It's still useful for relatively small groups, though, if you have a skilled admin to maintain the servers and help the users.

mox , 7 days ago

I’d recommend using a markdown editor, then either export it through a template,

This is what a static site generator does.

https://staticgen.com/

(I don't know why jamstack has taken over that site, but the list itself seems to be intact.)

mox , 8 days ago

For something interesting, I suggest Qubes OS.

For a reliable workhorse, I would suggest Debian.

mox OP , 10 days ago (edited 10 days ago)

My only concern is that having different laws for each state may make it hard for companies to comply and it may even lead to “location locked” devices.

Given how difficult it is to pass consumer protection laws without lots of loopholes, it's possible that the different laws in each region could work to our advantage: A corporation might sensibly decide to observe all the protections globally, rather than exploiting regional exceptions and loopholes, making the patchwork of laws act almost like a whole blanket. That wouldn't be legally enforced, of course, but it would be better than nothing.

In principle, all these state laws could also inform creation of a single, more comprehensive federal law. Here's hoping.

mox , 11 days ago

Assuming the federated version allowed contributor-chosen licenses (similar to GitHub), any harvesting in violation of the license would be subject to legal action.

Contrast that with Stack Exchange, where I assume the terms dictated by Stack Exchange deprive contributors of recourse.

mox , 13 days ago (edited 13 days ago)

Read this part more carefully:

By pushing routes that are more specific than a /0 CIDR range that most VPNs use, we can make routing rules that have a higher priority than the routes for the virtual interface the VPN creates.

Most traffic gets sent through a VPN only because of a default gateway (set by the VPN) in the client's routing table. If the client's ISP were to have their DHCP server set one or more specific routes that are broad enough to cover most of the global address space, they would effectively override that default gateway. I believe that's the scenario described in the article.

Note that the "ISP" here could be a mobile operator, an internet cafe, an airport, someone running a wifi access point that looks like the airport's, or a guest on the same local network running an unauthorized DHCP server.

mox , 18 days ago

Last time I checked, the biggest obstacle to a new anonymous Google account was their phone number verification aggressively rejecting numbers that aren't issued by well-known carriers. This includes most VoIP services, for example. If you can work around that, I expect signup would be easy.

mox , 16 days ago

I’ve done it before and there is no ID verification whatsoever

Many such places will have footage of you making the purchase, and some will have a record of your mobile phone's presence. This might not matter to most people, but whistleblowers (and anyone else who might be targeted by government or law enforcement) ought to think carefully before assuming they're safely anonymous.

mox , 19 days ago (edited 19 days ago)

Power consumption: 1.7 MW

I hope it stays decommissioned. We're burning up the planet too fast already, and old computers tend to be far less efficient than modern ones.

mox , 20 days ago (edited 20 days ago)

Another advantage of T9 is that alternative words were offered in a consistent order, so the most common ones could easily be memorized along with the number of button taps needed to get there. This allowed me to reliably write messages without looking at the screen at all.

mox , 22 days ago (edited 22 days ago)

I need "shibboleet."

https://xkcd.com/806/

(Don't forget to read the hover text.)

mox , 22 days ago

some very specialized Linux distros won't have a Steam package; that won't be a concern with anything you're likely to pick.

And the Steam flatpak can be used on any distro that doesn't package Steam but does package Flatpak, so it's even less likely to be a problem.

mox , 23 days ago

A cautionary tale from the digital trenches. Good luck with the cleanup.

mox , 24 days ago

Luddite…

Avoiding spyware doesn't mean you're opposed to labor-saving technology, much as avoiding tasers doesn't mean you're opposed to electronics. :)

mox , 24 days ago

Thank you for specifying that the collection of data is the problem, not just how it's handled once collected.

Unfortunately, disabling the SIM or wireless module in the car isn't enough, since collected data could still be downloaded at a shop during warranty repair, or smog check, or (if you're unlucky) post-accident inspection, or by a mileage-tracking device from an insurance company.

mox , 24 days ago (edited 24 days ago)

they wanted these machines to be run by workers who had gone through an apprenticeship and got paid decent wages.

A machine that avoids that can be called labor-saving, in the sense that it saves the employer from having to pay for skilled labor. I get the distinction you're making, and thanks for the article, but it really doesn't invalidate the use of the phrase.

Still a good clarification, though, and I side with the skilled labor on this one. :)

mox , 24 days ago

It is annoying, and they're definitely pushing people toward invasive smartphone apps using various means, but this particular annoyance has a good reason:

Browsers simply aren't as secure as individual apps, mainly because they execute code from other web sites as well. That means credentials available to a browser are only one remote exploit away from being compromised. And browsers are big, complex beasts with an unending stream of vulnerabilities waiting to be discovered and exploited. Tight countermeasures make sense for things as important as banks and medical info.

mox , 24 days ago (edited 24 days ago)

They isolate each tab in its own memory space and process so that an exploit would be limited in scope

Browser sandboxing is nice when and where it works, but is not universal, complete, or immune to exploitable bugs. It also happens to be a high value target.

mox , 24 days ago (edited 24 days ago)

"Controlled by a foreign adversary" and "foreign adversary country" are the key phrases. The definitions are here.

It refers to United States Code title 10 section 4872(d)(2), which says:

Covered nation .— The term “covered nation” means— (A) the Democratic People’s Republic of North Korea; (B) the People’s Republic of China; (C) the Russian Federation; and (D) the Islamic Republic of Iran.

I think those phrases are important when discussing any potential "slippery slope" aspects of this bill. It's about companies/applications from specific adversary nations. It's not about just any service that annoys a US politician. The bar here is much higher, and the scope is narrow. While it does identify ByteDance and TikTok by name, it will also apply to other companies from those nations, if they are determined to present a threat to US national security.

I haven't read the entire bill, so please don't take this as advice, but in principle, I think it seems like a sensible measure. A major communication platform like TikTok makes a very effective propaganda and misinformation tool. Exactly the sort of thing that an adversary nation would use to sway political discourse, influence elections, even undermine a democracy.

Of course, any law can be abused, so paying attention to how this one is applied and enforced will be important, just as with any other.

mox , 26 days ago

Out of curiosity, have you tested the shadow ban with a non-web Twitch client, like a phone app or an IRC client?

mox , 26 days ago (edited 25 days ago)

Fair enough. Just so you know, though: F-Droid has open-source Twitch apps requiring minimal permissions, and last time I checked, you could use a desktop IRC client to interact with Twitch chat. (The latter requires more effort to set up.)