shrugal

shrugal , 6 days ago

I'm transcoding everything to 320kbps MP3s. It's much much smaller than flac, and I can't hear the difference even if I try.

shrugal , 12 days ago

I can't recommend Synology enough! They make it as easy and painless as possible to own your data again.

shrugal , 12 days ago

Idk when you checked, but they work pretty well now. Not quite on par with Google Docs, but the closest thing I know.

shrugal , 17 days ago

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

shrugal , 17 days ago

It's not. They tricked some MEV-Boost bots into doing bad trades.

shrugal , 17 days ago (edited 17 days ago)

IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.

Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.

shrugal , 17 days ago

What's absurd is this crypto maximalist take.

You can't just make up your own permission and punishment system, and then expect the legal system to just step aside and let it handle all disputes, especially when it comes to fraud. That's like founding your own city in an existing country, and declaring all existing law obsolete. I know some people think this is a real possibility, but the real world doesn't work like that.

shrugal , 15 days ago

No, it really doesn't. That's like creating a bot that buys and sells company shares automatically, and saying the stock exchange has a vulnerability because your bot makes bad decisions.

shrugal , 16 days ago (edited 16 days ago)

I just set up a Vouch-Proxy for this yesterday. It uses the nginx auth_request directive to authenticate users with an SSO server, and then stores the token in a domain-wide cookie, so you're logged in across all subdomains. Works pretty well so far, you don't even notice it when you're logged in to your SSO provider.

But you do have to tell the proxy where you want to redirect a request somehow, either by subdomain (illegal.yourdomain.com) or port (yourdomain.com:8787) or path (yourdomain.com/illegal). I'm not sure if it works with raw IPs as hosts, but you can add additional restrictions like only allowing local client IPs.

In my special case I'm using the local Synology SSO server, and I have to spin up an additional nginx server because the built-in one doesn't support auth_request.

shrugal , 19 days ago (edited 19 days ago)

It's a group therapy called !linux, we always have free seats!

shrugal , 20 days ago

This is pretty impressive and hella creepy!

shrugal , 20 days ago (edited 19 days ago)

It can be a bit annoying sometimes, but there are solutions for almost anything, like alternative clients and frontends. I also think it's important to remember that this is not an all-or-nothing situation. Every little bit of privacy you can preserve helps, even if you still have to use their services sometimes.

If your example is mostly about chat then Beeper might be a good option for you. The messages on FB and IG would still go through Meta, but at least you don't have to install their apps.

shrugal , 19 days ago

If you have an always-on-and-connected device then you can self-host their bridges. It preserves e2ee because messages are de- and reencrypted on your device, and it's relatively easy to set up.

shrugal , 19 days ago

You have to provide the user, group and file name as the next three guesses, just trust me!

shrugal , 25 days ago (edited 25 days ago)

It's hard to overstate what a nothing-burger this article really is! Let me break it down:

• Signal got $3 million from the Open Technology Fund at some point in its development
• Some anonymous source alleges that the OTF's ultimate goal is to promote US foreign interests
• The current chairman of the board Katherine Maher worked at the National Democratic Institute and Wikipedia before
• The same anonymous source says she was recruited because of connections to the OTF
• She has at some point voiced the opinion that a completely free internet without regulation just reproduces existing power structures, and that balancing regulation and 1st amendment rights is a tough problem
• Signal doesn't have reproducible builds on iOS (it absolutely does on Android btw)
• Some people feel like Signal chats come up more often than they should in court cases and media reports

That's it, that's the whole story. That's the reason why the Telegram guy of all people thinks you should be careful, and better use his chat service instead, and the Twitter guy agrees.

I mean, reproducible builds on iOS would be nice, but that platform has much bigger problems from a privacy/security/sovereignty/freedom standpoint anyway. And the rest is just nothing turned up to 11.

shrugal , 26 days ago

Just a heads up, trying to buy Uranium for the reactor on Ebay will get you in trouble real fast, so be careful!

shrugal , 26 days ago (edited 26 days ago)

I think some of the arguments are quite flawed. Bitcoin itself has most of the properties it is said to have, but it lives in a world that doesn't and so some only really apply if you manage to stay inside the system. Like, your Signal chats are private as long as you don't copy-paste them to Facebook.

Regarding self-custody/decentralization and using custodial services: The problem here is not that those properties don't apply to Bitcoin, but that some people just choose to give away control over their wallets or not use Bitcoin itself for certain transactions. Can't blame that on the currency, unless you think it can't be done any other way.

Regarding privacy: I don't think any serious "Bitcoiner" advertises Bitcoin as private. The message has always been that it's "pseudonymous", that you have to take extra steps in order to make it anonymous, and that it's transparent instead of private by design.

Regarding transparency/inclusion: These paragraphs actually argue about privacy again. One is trying to spin the existing transparency into a negative, which is a valid opinion but not something "Bitcoiners" are wrong about. The other circles back to the idea of staying inside the system. Bitcoin transactions are inclusive, but ofc you can still get into trouble if you have to fear external repercussions and can't stay anonymous.

shrugal , 1 month ago

If you have a monopoly and need to maximize profits then the question becomes: Why not?! You could extract more money this way, and it's not like your users would go anywhere else at this point.

That is why it's so important to fight and break up monopolies, and to limit what these companies can do. Because they have no reason not to squeeze every penny they can get out of you!

shrugal , 1 month ago (edited 1 month ago)

I've been running Gluetun for a few months now, and just the other day discovered that you can use it to seamlessly proxy Twitch streams (using it as http proxy for ttv lol pro), so they load via countries that Twitch doesn't show ads for. Setting it up was ridiculously easy, and now I have neither ads nor endless loading anymore. The whole thing was a really nice surprise!

shrugal , 1 month ago (edited 1 month ago)

Yes. It makes it much harder to build a profile about you though, because you're not logged in and they don't know if those views come from you or someone else using your server. Even if you're the only one, the website doesn't know that.

shrugal , 1 month ago (edited 1 month ago)

From what I understand the GDPR says you have to give users a real choice about the usage of their data, without any unreasonable negative repercussions. Having to pay money (at least as much as they are asking for) is such an unacceptable repercussion, no matter how FB might phrase it.

They are allowed to take money or show ads for access, but they can't couple that decision with the one about the user's data usage.

shrugal , 1 month ago (edited 1 month ago)

pay for it with advertising your data

FTFY.

That part is not allowed according to the GDPR afaik, the decision about your personal data cannot be artificially linked to something else. They can absolutely show ads, but without using your data.

shrugal , 1 month ago (edited 1 month ago)

The video is probably factually correct, but very disingenuous with its interpretations and conclusions imo.

Of course Mozilla and Firefox have their own share of problems and bad decisions, and they are pretty well known and talked about from what I've seen, but equating it to Google and Chrome is just pure cynicism. Mozilla having to earn money somehow (1% donations!) and Google trying to maximize profits at all costs is not the same thing, even if it might look similar sometimes.

shrugal , 1 month ago (edited 1 month ago)

I started using their Signal and WhatsApp bridges today, probably one of the easiest setups I ever did. You just run a Docker container for every bridge, and login to your Signal/WhatsApp account by chatting in the app with the Matrix bot it creates.

Literally takes like 5 minutes if you've used Docker before, and you don't need a domain or forwarded ports or anything.

shrugal , 1 month ago

There's almost no difference to a good Matrix client if you already selfhost the server and bridges. Most of the Beeper client's value is making it very easy to manage the bridges they host for you.

shrugal , 1 month ago

This is not applicable here, since Beeper is "just" Matrix + Bridges + Simplified UX!

shrugal , 1 month ago (edited 1 month ago)

What is this "closed source experience" you are talking about? How would making the client open source hinder that in any way, especially when their stated goal is to earn money with premium features instead of the app itself?!

Imo being open source is a VERY big deal for an e2e encrypted chat client! I don't really care whether most of their stack is open if the app I'm actually using to type and encrypt my messages is not. This makes the whole thing look like a trick, pretending to be open when key parts are not.

shrugal , 1 month ago

That's not the point. An app doesn't become good because you can just not use it.

shrugal , 1 month ago

The thing is, we are talking about the Beeper service here. Yes Matrix is good, yes Beeper bridges are good, but a closed source Beeper app is bad. That's what the criticism is about, and it doesn't help if you deflect that by arguing about all the other things they are doing or that no one is forced to install it.

shrugal , 1 month ago

I can answer that: it’s the “I don’t care about security as long as I can send memes and inappropriate messages to most people” experience.

Closed source doesn't help with that though, you don't have to care about privacy in open source.

except you do know that the bridges are decrypting all messages anyway

They are working on on-device bridges that preserve e2ee, but making the client closed source kind of defeats the purpose here.

shrugal , 1 month ago (edited 1 month ago)

You're definitely right that people are a bit too doom-and-gloom about it, Beeper did do a lot of good over the last few years!

But I also find it a bit odd that they talk so much about the importance of open source in messaging, and then release a closed source client without at least adressing the topic. Add the fact that they've been aquired by another company on the same day, and it starts to smell like another instance of openwashing.

Idk, we'll have to see how it plays out I guess.

shrugal , 1 month ago

the connecting with a majority of people using the same closed source platform

The platform is open, including the part that connects to other closed source platforms. It's just Matrix and open source bridges after all. And making the client app closed souce doesn't help with any of that.

I'm sorry if I'm a bit pedantic about this, but it seems like you're describing an upside to closed source software that's just not there.

shrugal , 1 month ago (edited 1 month ago)

Nothing about what you just wrote has anything to do with closed source software though. You could just as well say that closed source helps them predict the future or draw shinier unicorns. It doesn't!

Maybe you mean tightly coupled, stripped-down, preconfigured or vertically integrated, but you can do that just as well with open source software. No one is forcing them to make a general purpose chat app or offer the ability to choose a different server. It's just a matter of being able to see, verify and modify the code.

differentiate above the competition [...] charging for it

This is the only thing that comes close imo. But they stated specifically that they don't want to make money with the chat app itself, so it doesn't really work as a justification. They could easily offer server-side premium features or create a closed source premium-only version or extension, it's no reason to make the base app closed source.

security theatre

They don't have to do that, and they don't afaik. Matrix itself can do proper e2ee just fine, and Beeper is pretty open about the fact that bridges hosted by them have to break e2ee to translate between platforms. They'd only need theater if their closed source app actually has some bad code in it, which is kind of my point.

Expanding to selling some user metadata, or sniffing the bridges, would be an extra

Again: Their Matrix server and bridges are open source right now, and it wouldn't stop them from doing what you're describing.

Too pedantic 😉

I just can't help it. 😜

shrugal , 1 month ago

Yes and yes. It runs the bridge and en/decrypts messages locally on your device, so full e2ee is preserved. The bridge still has to login to your messenger accounts, so nothing changes there.

shrugal , 1 month ago (edited 1 month ago)

Looks dope, but it seems like the Docker container has some very unfortunate limitations:

• Does not support desktop and mobile application connections, only supports use on browsers
• Export to PDF, HTML and Word formats is not supported
• Import Markdown file is not supported

This kinda makes it unusable for me. :/

Edit: I just installed it and ... you have to login and pay for a subscription in order to sync between devices. RIP

Edit 2: It's not a subscription, just a one-time payment. Might be worth it for some!

shrugal , 1 month ago

Looks like you can create a simple binary executable and make it run as root with setuid.

shrugal , 1 month ago

It's a known issue and should be fixed in the most recent version of Piped (and probably everything that depends on NewPipe). I updated mine yesterday and it looks like all video comments work again.

shrugal , 1 month ago (edited 1 month ago)

What does their multi-device story look like? Can I use one identity/account on multiple devices, with synced read state etc?

Edit: Looks like it's being worked on. I don't want to use a messenger without this feature anymore, but I'll give SimpleX another look once it's done.

shrugal , 1 month ago

I use Synology C2 backup for my NAS, but they also have very affordable options for PC backups and object storage.

shrugal , 2 months ago

Please try to request the source code with that screenshot!

shrugal , 2 months ago

But M$ likes to play games with you!

shrugal , 2 months ago

Relevant xkcd

shrugal , 2 months ago

I'll repeat what I said the last time this was posted: NO f*cking way the Fedora guy got past the partition configuration step without pulling at least a few hairs out! I love Fedora, but that UI is just cursed!

shrugal , 2 months ago (edited 2 months ago)

I'm not saying these rules are perfect, but it doesn't help if you argue against rules that don't exist.

Commercial transactions are not "all" tx, and above 3000€ are obviously not the most common tx.

I do think the crypto restriction with no lower limit is too much, and I don't get why they focus on custodial wallets, but it's again not "all" tx.

Why does the government ...

Money laundering, tax evasion and corruption are real crimes with real consequences, and knowing about the flow of money is pretty much required to be able to detect them. It's a trade-off with privacy, so imo setting some limit for anonymous payments is the right thing to do. Idk if 3000€ is perfect, but it does seem reasonable.

Police have more surveillance and crime-detecting tools ...

We need some amount of oversight and surveillance, so imo it's not good enough to just exaggerate every proposal to the extreme and reject it on those grounds. These rules are not a total crackdown on anonymous payments, but they might still be too restrictive. But you kill every discussion about that if you just make up different rules entirely, instead of arguing about the rules that were actually adopted.

shrugal , 2 months ago

They don't have to make extra apps, just remove restrictions that make some functionality exclusive to iPhones or Apple Watches. So iPhones get the same access to Apple Watches as other phones, and Apple Watches get the same access to iPhones as other watches.