Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

toastal

@toastal@lemmy.ml

toast.al

he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

toastal ,

This is how I ended up getting my account deleted as well. 3D scan of my head was a immediate nope.

toastal ,

Are FOSS licenses the best for a game & this sort of thinking tho? I am not convinced the FSF or OSI provide good enough guidance for those looking to escape corporate interest. Do you need a license that allows others to resell it? Why is the NC in Creative Commons seen with such hostility & incompatibility if upholding corporate interest isn’t a goal?

toastal ,

I mean I love the idea but I have had my misgivings about how the FOSS gatekeepers do their thing

toastal ,

I mean check any previous discussing that happened about License Zero/Parity/Prosperity licenses, or Peer Production License, or Anti-Capitalist, etc. & how they have wording that is basically like CC BY-SA-NC where you need to share the changes, attribute, but for profit entities are not allowed to use it without contributing (in terms of money, or code, or some sort of giving back). Droves of folks crawl out of the woodwork to say that this ruins the 4 FREEDOMS as if they are written in stone or that were made perfect since inception rather than trying to test if all these rules still apply or need amendments to the modern age & exploitation in software. It would be interesting to see if any group decided to really run with one of these licenses as a major project & seeing if the public not the OSI or FSF agreed with those terms… to maybe saying we need a new definition of those freedoms.

(Just as much I have seen some good arguments about devs to stop trying to use licenses as a battleground for politics or morality & that dealing with the status quo of establish licenses & fighting in other ways is a better use of effort)

toastal ,

Write back if you think exploring is worth your effort & find anything new in the space. It seems a bit underdeveloped since adoption is low where it seems most end up with OSI licenses as a practical compromise rather than what they truly wanted.

toastal ,

Movim is sort of like a decentralized social media space built atop XMPP

toastal ,

I have no idea what channels are… Is this threading?

toastal ,

Movim has public posts that can be commented on in a decentralized fashion but can also restrict comments to followers

toastal , (edited )

Paying a tutor or a class might be a good accelerant since you could ask fundamental questions in your native language. Once you have the grammar scaffolding, you could then use flashcards to start building vocab or looking for natives to share conversations with. Note also: immersion rarely works without some foundations to build on (unless the language in question is basically the same as your native language like Dutch is to English). The TL;DR is apps are more entertainment then education.

toastal ,

The best is to not trust the centralized server of either of these platforms. Set up your own XMPP server & gives these the boot.

toastal ,

client or server that doesn’t support the same encryption protocols

Outside of TLS which most any server uses by default, XMPP or not, the server is not responsible for E2EE. Conversations Compliance & Are We OMEMO Yet have existed for a long while & I never see anyone recommending a client not on these lists so while certain features may be fragmented, the communication essentials have been more or less established for years now. XMPP is an extensible format, and some applications that aren’t for chatting with your friends/family, don’t need many of these features which allows the protocol to morph into something stripped down for the task… which is why the base spec is basically barren, & community XEPs are what folks get behind for adding new features for different use cases.

toastal ,

XMPP is battle-tested* and thriving*

I don’t think you know how many commercial use cases are relying on XMPP, nor how much the community has been working on updates. Older technologies tend to have maturity is spec but also in implementations where the servers are robust & already at the point of optimization over chasing features. We see this with how little specs it takes to run a server & have Conversation forks on Android have some of the best battery life & data plan usage in the chat space. The network is massively decentralized too… unlike Matrix where almost everyone is on Matrix.org or a server provided/hosted by Matrix.org giving them all the metadata.

toastal ,

LinkedIn is just another Microsoft-owned account you should just delete for your sanity

toastal ,

Not everything proprietary is inherently bad, but you did more than most ever could. It’s those megacorporations & anything “free” you have to worry the most about.

Steam is a weird one since it is proprietary, & you could lose access to your digital game copies but a) most work if you just download them for long-term storage, b) they provide a decent service with deals & synced saves, c) they are privately-held so they don’t need to chase quarterly profits for shareholders, & d) they have done more for Linux gaming than almost anyone else (even if the selfish goal was to break Microsoft’s shackles & later have a hardware device they could sell you that happens to be mutually beneficial for both sides with so many patches).

Deleting everything Microsoft & Google is very difficult. The former I am locked since too much free software thinks it can sleep in the dragon’s den as GitHub. Google, well good luck finding an employer that isn’t using it in my experience & when it comes to using your own email for instance, there’s like a 90% chance the person on the other end is using a Google or Microsoft email account without encryption to get them the whole message anyhow.

toastal ,

The fact that you mark your omission with an apostrophe correctly does wonders for ESL learners so the can see both what is being chopped off while also getting insight into how some native speakers’ accents might produce the sounds. Native speakers should use ’em more of’en.

toastal ,

My first WTF moment with British English was walking into a restaurant & the hostess asked: “are you alright?”. “Do I have a bloody nose?” I quaked. Turns out it was just how folks say “what’s up?” as a hello there.

toastal ,

Fx has a sound icon on the tab too

toastal ,

Signal & WhatsApp are not secure enough. Meta/Facebook regularly give data & metatadata to the cops & Signal is centralized & not self-hosted by your crew so while messages are encrypted, the metadata still isn’t. If you must use Signal, I would pick Molly as an Android client since you can a) encrypt the messages under a separate password for storage on seizure & b) you can use the UnifiedPush version to make sure your notification metadata isn’t going thru Google’s Firebase servers. Protests are the ideal place for Briar as it is works via mesh net so internet & SIM cards are not required (but years ago wden I tried it, the app was a major battery drainer).

toastal ,

Also worth noting that OpenStreetMaps works offline too.

toastal ,

Those components are not really meant for self-hosting, its open to be looked at. You would need to patch out the SIM requirement, point the hardcoded server/clients elsewhere, find some way to sideload modified clients to those using iOS lol, & it’s not federated so you would need a separate app for just this task. At this rate you are 100% better off using a choosing systems where server & clients are actually built with this in mind… Signal’s chat features are not novel

toastal ,

With the right intel you could piece back some of the pieces, especially with some pieces from other sources, with just that metadata. With metadata, it’s about putting together lots of sources to see the picture clearly which is why Facebook bought WhatsApp for just the metadata (& address book). The thing is that you, can skip Signal & you will still have several free software messaging alternativ where nothing is on a US-based server where they can subpoena.

toastal ,

In the corpo cases, I’m sure all they have to do is ask. There are better alternatives & this guide feels radically incomplete stopping at such pedestrian option instead of labeling them in a bottom tier of like suffiecent-if-you-literally-can’t-use-anything-else.

toastal ,

Not saying you are wrong, but I think the argument a) should mention WhatsApp in the same breath as Signal & b) stopping at Signal instead of linking to where to find more info

toastal ,

I use XMPP every day to talk to friends & self-host a Prosody server (may move to ejabberd in the future).

The client & server situation can be a bit loosey-goosey since the base XMPP spec isn’t large, but involves a ton of opt-in XEPs. Luckily the Conversations compliance helps define a common set of expected specifications for servers & in many senses, I’m happy to see there is a zoo of clients you can find that fit your need from a CLI, to TUI, to web, to native clients that something will meet your needs & written in several different languages so you could find something that fits your interest for contributing to if you have the skills.

toastal ,

I agree with donation to upstream Conversations since it is the basis of many forks, but I still prefer the differences of Cheogram: 1) webxdc support, 2) black theme (not dark). The JMP support stuff could be great if I had a use for it, but currently don’t.

toastal ,

Signal also requires you surrender to the Android/iOS duopoly to install the app on a device with a SIM to create that account. You can’t create an account on a SIM-less tablet; you can’t have a Linux phone. I’m not entirely sure if it behaves like LINE tho, where they will check in to see if the phone is still activated else it will kill access to your account from other platform--I have to keep Signal installed to talk to my family currently.

toastal ,

That’s the Apple price you pay tho. It’s not a popular platform for FOSS or otherwise ethical software since you have to use their overpriced hardware to develop on & there are fees to publish apps (even with EU opening up alt stores, many won’t see it as legitimate for a long time--difficult enough with F-Droid eco). Have you considered upgrading to a Linux or Android phone? (/s, but kinda not)

toastal ,

This is the reason you shouldn’t choose a chat platform that requires the using the mobile OS duopoly—get your friends off of LINE, WhatsApp, & Signal.

toastal ,

You still need an Android/iOS primary device… it’s not just a SIM situation IIRC

toastal ,

Learn to love OpenStreetMap

toastal ,

What is their mission?

A helpful graphic about writing alt text (lemmy.ml)

image descriptionAn infographic titled “How To Write Alt Text” featuring a photo of a capybara. Parts of alt text are divided by color, including "identify who", "expression", "description", "colour", and "interesting features". The finished description reads “A capybara looking relaxed in a hot spa. Yellow yuzu fruits are...

toastal ,

Just as important is “decorative images” where you explicitly leave the alt empty https://www.w3.org/WAI/tutorials/images/decorative/

Ask: How do you handle your résumés?

Usually I rely on my network & haven’t needed this kind of document in ages, but I’ve been tasked with creating a résumé for myself. I’ve grown more privacy-conscious every year & I think it’s weird that we are expected to give out so much information about ourselves to companies that lie about their culture & don’t...

toastal OP ,

Would be a good filter against those places that would actually get hung up on this

toastal ,

The SponsorBlock integration is a major difference from NewPipe

toastal ,

OMG. I haven’t seen these images in like 20 years. My cousin loved these.

toastal ,

Staring in the face of late-stage capitalism, the human race tries to find a glimmer of optimism. Can’t afford a real date, find it too hard to connect while sober.

toastal ,

Microsoft products you can start saying no to: Windows, WSL, GitHub, Sponsors, Copilot, VS Code, Codespaces, Azure, npm, Teams, Outlook, Office, & LinkedIn.

toastal ,

Use them reluctantly & push back against it until you can free yourself from them. Let folks know you are unhappy about it or powers at be will think everything is okay. Surely we can agree fundamentally that Microsoft should not be controlling these spaces as it does with the platform lock-in.

toastal ,

npm, Inc. (a subsidiary of GitHub, a subsidiary of Microsoft)

-- https://en.wikipedia.org/wiki/Npm

toastal ,

Brave Search has been alright, tho I’m not entirely sure how their algorithms are working & they index much slower so they probably aren’t doing full aggregation themselves nor does it seem that they are just using Bing like DuckDuckGo. Yandex is great for image search & I use their translation service even if it’s a little weaker just to spread my data across services instead of centralizing. Even if I preferred content written by a human, a lot of general queries it seems I am more prone to reaching for an LLM …even tho it could be a hallucination, a lot of the content written by folks on the highest SEO sites are just as much bullshit.

toastal ,

You can go to the Blink + V8 engine without using Google Chrome; in fact that’s exactly what you should be doing as Google’s browser has way more spyware built into it.

The thing that killed it for me was the lack of PWA support

I hear ya. I’m still butthurt about Fx killing SSB (site-specific browser) before it even had a chance. They had the feature locked behind a flag & then removed it due to low usage. It seems a lot of folks hadn’t even heard of it til the news was out about it being removed. It would have been great to use since you could run something akin to firefox --ssb https://url (I forget exactly the command, & you’d want to write it to cover Gecko forks), but it means you could ship some apps with just exec. Since the process was pooled with the main browser instance too, it wasn’t as taxing on resources as Electron.

toastal ,

Didn’t watch the video, but… Traffic is often already encrypted with TLS or other encryption & you don’t have to use the ISP for DNS. This would cover a lot of the data you would be discussing. Instead if using these advertized commercial VPNs you are giving the data to those corporations instead which is hardly better in many cases—luckily most of your traffic is encrypted with TLS & you don’t have to use them for DNS …which takes us back to the previous statement for concerns.

There’s still value in VPNs for a several online activities (censorship, piracy, activism, etc.) & threat models to certain folks, but assuming the ISP is the bogeyman in most common scenarios for non-niche use cases is incorrect—but it isn’t how these commercial VPNs are selling themselves. If the ISPs possess the ability to break TLS encryption we’d have bigger issues to worry about & VPNs wouldn’t help. I would assume the video goes in this route but chooses the clickbait title for views.

toastal ,

If it’s all encrypted & they don’t have the DNS requests, all they can see is that you sent X bytes to some IP which isn’t very helpful. Who’s to say these VPNs aren’t selling their data back to the ISPs anyhow?

toastal ,

What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.

“Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).

toastal ,

By who? Who is auditing the auditors? That’s not to say audits aren’t good, but when the code is proprietary, a lot of trust is required. I would prefer banking on solid, open tech which the TLS standard is. There is still use cases for VPNs, but outside like streaming piracy, you might be better served by the Tor network.

toastal ,

Everything after Hello is encrypted tho. The metadata is important, but takes some leaps of assumption to know what that data means—moreso than the metadata of say WhatsApp since the payload could be just about anything & from anywhere, not just a P2P text/multimedia message. And DNS over HTTPS does exist now & has support in all browsers & mobile operating systems. If it’s the hostnames you are worried about, a simple SSH SOCKS5 proxy with remote DNS could work with many older technologies. Not saying there isn’t some worry, but there are solutions now, the ISP is getting close to nothing, & for most folks subscribing to a comericial VPN is not worth giving monthly money to these actors that you probably can’t trust.

toastal ,

Sure if you need that protection, but there is a lot of fearmongering about VPNs that are misinformation to sell products most folks don’t need to be worrying about versus more pressing matters in security/privacy

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • random
  • meta
  • All magazines
    •