Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)MI
Mikina @programming.dev
Posts 10
Comments 441
Will Corps ditch Windows over Recall for Linux?
  • Many companies are still using Windows 7 machines or 2008 win servers, without MS17-010 patch. They don't really care about security that much, when it's inconvenient or slightly difficult to mitigate. They won't be switching entire architecture just for a few screenshots

  • A fresh install of Signal takes up 410MB, blowing both Firefox and Chromium out of the water
  • I self-hosted it few months ago, and it's actually surprisingly easy! Someone has made an Ansible script for Matrix with Element and some bridges, that (at least a month ago, IaaC tends to be pretty fragile) worked out of the box on a first try. I just set up some config values (mostly about enabling bridges I want) based on their amazing documentation, and then ran it once and everything is working so far. I even updated it several times already, and every time it was smooth, and it was basically just running a single ansible command. Their documentation is pretty well written, and with my basic cloud, IT and Linux knowledge I had no issues with following it. All you need to know is how to set up cloud VM, get a domain and set DNS, and set up SSH keys to access the server.

    In total it took me about two hours in total, from when I decided "I'm setting up Matrix tonight" without any prior knowledge, looking up my options and finding the ansible script, setting up cloud and getting Matrix up and running.

    I'm renting a VM on Hetzner for like 6$ per month, and it worked without issues so far. I use it for Discord and Messenger, although the Meta bridge does have some problems, for example I didn't figure out how to message someone with whom I haven't had a conversation since I set up the bridge, since only then it creates the room for it. But that can be solved by keeping the Messenger app or usign the browser to send a first message, and it immediately shows in your Matrix bridge (and stays there forever).

  • People who have installed Linux on their parents computer, how did it go? Which distro do you recommend? Any tips?
  • I've just ben talking with my kind of tech illiterate gf about switching hers to Linux too, since she saw some articles about Copilot and Recall, which she hates with passion. Should I go for Mint or PopOS, assuming she does game on steam a lot (nothing with anticheat, thankfully)? She's working in a GSuite/Slack workshop, so there shouldn't be any problems with that. However, she does have NVIDIA GPU, which was the cause for most troubles for me.

    I'm on Nobara, but that's because I've always preferred Fedora, and it isn't exactly a smooth sailing. Nothing major, but I suppose one of the two I mentioned would be a better choice.

  • When did you know a career was either the perfect or the worst match for your personality?
  • Ever since I played watchdogs and shadowrun, I wanted to work in cybersecurity, especially as a Red Teamer, which is literally Shadowrun - you run complex ops that have to break in, and steal stuff from largre banks without anyone but the management knowing about the test, with almost nothing being off-limits, as long as it doesn't cause some kind of damage.

    Five years later, I do work as a Red Team Lead. Hpwever, our company was just scrambling to start doing RT since thats the buzzword now, and while we did have amazing pentesters, unfortunately pentesting and Red Teaming requires vastly different skills. Ypu never need to avoid EDRs, write malware with obscure low-level winapi, or even know what kind of IoC ajd detections will a command you run create, when you are doing a pentest.

    But since no one knew better, and I love learning and researching new stuff, while also having Red Teaming romabticized, my interrest in it eventually led to me getting a Lead position for the barely scrambling team.

    Mind you, I was barely out of being a junipr, with only three years of part time pentesting experience. It was NOT a good idea.

    I quickly found out that RT is waaay harder and requires the best of the best from cybersec and maleare development. We didnt have that. Also, turns out that I love to learn now stuff and take on a challenge, but being a Lead also means you are drowning in paperwork and discussions with client, while also everyone from the team doesn't know what to do and turns to me about what should we do. Which I didn't know, and barely managed to keep learning it on my own. Our conpany didnt want to give us much time for learning outside of delivery, I was only working parttime, and I was slowly realizing that we don't have almost any of the skills we need.

    We were doing kind of a good job, most of our engagement turned out pretty well, but it was atrocious.

    Turns out, I'm not good at managing and planning projects, or leading people. I'm better just as a line member.

  • Dealing with games that just won't run on Linux
  • I also have a dual-boot, with fresh install of Windows I debloated as much as possible, that I use for games that I can't get to run even after trying protondb.com. However, it has only happened one or two times since I switched more than half a year ago, and I usually just give up on and refund games that I can't get to work on Steam. I have a lot of other things to play, and usually I wasn't that much dead set on playing that particular one. I do make sure to post on the forums of the game when that happens, though.

    I've also recently stumbled upon https://windowsxlite.com/24H2ProV2/, which should be a debloated and minimized Windows (4Gb installed size is mindblowing, considering that all my Windows VMs have like 40Gb freshly installed). The site looks shady, but it was recommended to me by my coleague who works in cybersecurity, so I hope he knows what he's doing. I haven't got the time to test it yet, but it does mention that it should work for games, so who knows.

  • AI Appears to Rapidly Be Approaching Brick Wall Where It Can't Get Smarter
  • Duh, it's a ML algorithm that requires an enormous amount of feedback. It can't get smarter than humans, because then there's no one, or no data, who can tell if what it's spewing is really clever or just nonsense.

    I hate what happened to common perception of "AI". The whole amazing field of machine learning has been reduced to overhyped chatbots, with so many misconceptions repeated even by experts who should know better.

  • Windows updating just before thesis defense
  • My favorite windows update was when I was attending an onsite coding competition hosted my Microsoft. We were all in this large meeting hall that looked like a theater, and we spent first 10 minutes or so at the start of the competition just looking at Windows update, with the Microsoft rep apologizing to us, because his pc decided to do the "Forced update restart you cant postpone any more" literally two minutes into the presentation

  • Top EU Court Says There’s No Right To Online Anonymity, Because Copyright Is More Important
  • This is actually a great question, in the context of the Fediverse.

    Usually, every social network or forum has in their ELUA that anything you post is theirs, and you can't do anything about i.e Reddit using your data to train AIs.

    Hlwever, here, we're on private instances of regular people. We can make our own rules, can't we? If an instance would say that anything you post is copyrighted by the author, i.e by CC, would it be enforcable if someone would decide to scrape (or repost) the content for profit?

  • Meta uses “dark patterns” to thwart AI opt-outs in EU, complaint says
  • I am an EU resident. I eventually managed to find it by following the link in the email while signed in to FB, and sent a generic message that I don't trust AI to not misinterpret or leak my data, while also stating that I consider AI training to be by design a breach of my GDPR rights, since there is no way for them to delete your data from the AI once it has been trained on them, which the legislative hasn't caught up to handle yet, since AIs are kind of new and nobody expected that. It worked pretty quickly, and I should be opted out now

  • Meta uses “dark patterns” to thwart AI opt-outs in EU, complaint says
  • Has anyone managed to figure out how to opt out?

    I tried using the link from an email, but that landed me in generic contact us page, and when I selected that I want to opt out, they just said that the will contact me, and never did.

  • 42 key points of the secret #EUGoingDark surveillance plan for the new EU Commission
  • I suppose it's written in a way to sound way worse and alarming than it actually is, due to the upcoming elections. It sounds almost unreal, i mean "EU secret plan to ban any kind of encryption or privacy" can't be reallistically happening, right?

    I know about Chatcontrol, so I wouldn't be surprised, but this article sounds pretty overblown, to the point of sounding more like a wild conspiracy theory. Does anyone have more resources or info about this, that don't read like an election ad?

    I'm not trying to dismiss or disrespect the author, and I trust that it was written with best intentions, but it's a really worrying topic about which I'd like to get more information about.

    However, thanks for bringing it up, I contacted our local Pirate party about the topic, because they don't have anything related to crime prevention vs. privacy in their programe. I suppose that I know what the answer would be, but getting a confirmation before I vote for them would definitely be nice.

  • Your API Shouldn't Redirect HTTP to HTTPS
  • I'd like to mention one exception, because it took me ages to properly debug.

    If your endpoint is serving mirrors for APT, don't redirect to HTTPS.

    APT packages are signed and validated, so there is no need to use TLS. Lot of docker images (such as Kali) do not have root certificates by default, so they can't use the TLS, because cert validation fails. You also can't install the certificates, because they install through APT. If your local mirror redirects to https by default, it will break it for people who choose the mirror, which IIRC happens automatically based on what's closest to you. I think this issue is still there for Czech Kali package mirror, and it took me so long to figure out (because it's also not an issue for most of the users, since they have different mirrors), so I like mentioning this when talking http/s. It's an edge case, but one that I find interresting - mostly because it would never occur to me that this can be an issue, when setting up a mirror.

    But that was more than a year ago, it may be better now.

  • Introducing Windows Copilot Runtime
  • Btw, choco (and maybe even winget?) already has a gsudo tool, which implements sudo. It is super handy, and having a native version is definitely better, but before its available, I recommend gsudo.

  • Meta is a complete dumpster fire
  • That's weird, Meta has a whole department whose only job is to uphold user privacy. They even have a Chief Privacy Officer role, and they are saying that user choice and user privacy is super important to them and the core of every product 0-0.

    https://about.fb.com/news/2019/07/ftc-agreement/

    Yeah, fuck them. Gaslighting POS.

  • EDIT: Fake screenshot about some facts from the Palworld development, very loosely based on a really interesting blog post from the dev that's linked in the post body.

    UPDATE: So, apparently it's mostly fake, taken from this article [translation] (where they even mention some kind of VCS).

    However, even though it's not as absurd, it's a great read and a pretty wholesome story, so I recommend reading the article instead. And I'm even more convinced that this studio really does not deserve any of the hate they are getting.

    Here is my summary of some of the interesting points from the article:

    PocketPair started as a three man studio, passionate about game development, that couldn't find an investor for their previous games even though they've had really fleshed out prototypes, to the point where they just said "Game business sucks, we'll make it and release it on our own terms", and started working on games without any investor.

    They couldn't hire professionals due to budget constraints. The guy responsible for the animations was a random 20-yo guy they found on Twitter, where he was posting his gun reload animations he self-learned to do and was doing for fun, while working as a store clerk few cities over.

    They had no prior game development experience, and the first senior engineer, and first member of the team who actually was a professional game developer, was someone who ranomly contacted them due to liking Craftopia. But he didn't have experience with Unity, only Unreal, so they just said mid-development "Ok, we'll just throw away all we have so far, and we'll switch to Unreal - if you're willing to be a lead engineer, and will teach us Unreal from scratch as we go."

    They had no budget. They literally said "Figuring out budget is too much additional work, and we want to focus on our game. Our budget plan is "as long as our account isn't zero, and if it reaches zero, we can always just borrow more money, so we don't need a budget".

    For major part of the development, they had no idea you can rig models and share animations between them, and were doing everything manually for each of the model, until someone new came to the team and said "Hey, you know there's an easier way??"

    It's a miracle this game even exists as it is, and the developer team sound like someone really passionate about what they are doing, even against all the odds.

    This game is definitely not some kind of cheap cash-grab, trying to milk money by copying someone else's IP, and they really don't deserve all the hate they are receiving for it.

    56

    How did my domain password get into Windows Credential Storage?

    Hello!

    I've recently stumbled upon an amazing blog about getting credentials from Bitwarden vault through DPAPI and Windows Credential Storage, and what suprised me is that any low-privileged process can just ask for all information in Credential Storage, without requiring any user input (the article discusses it in the second half, even though the first half is about abusing DA credentials), through the CredEnumerateW WinApi call.

    Since that vector was pretty interresting, I tried running their PoC for listing the cred storage on my, and several colleague machines, and was surprised that every machine had domain account credentials listed in plaintext, that could be grabbed by any low-privileged process just by calling this WinAPI.

    I suspected that it's because of Outlook or Teams, because I found articles from few years ago mentioning that they do get saved there. However, one colleague did not have his credentials there, even though he was using Teams and Outlook, and had his password saved.

    So, how did that password get there? Why most people we tried the PoC with do have a domain password saved, but some do not? Or is it because of Windows Hello? I'd love to get some kind of solution/recommendation about how to avoid having your password, in plaintext, in such an insecure space. Or was I dumb enough to save it into Edge somwhere, and have promptly forgotten about it?

    And more importantly - how this isn't a pretty severe vulnerability, and is considered "as designed" by Microsoft? The fact that any process can just ask for your credentials is mind-blowing, plus it isn't even detected by EDRs we've tried it with when discussing it with our SoC.

    9

    What distro you use/recommend as a daily driver for a Cybersecurity job (pentesting and Red Teaming)? Would QubeOS be a good fit?

    Hello!

    I'm working as a pentester/RT Operator in a cybersecurity company, which for some reason is a Windows shop, so we are mostly forced to work within VMWare VMs, WSL and similar. However, I've recently found out that we can in fact dualboot or reinstall our laptops, so I'm now looking for a good setup or recommended distros to use.

    When I last tried switching to Fedora, my main issue was that since we are deeply integrated into O365, and our Exchange server isn't configured to allow 3rd party apps (and we can't create app passwords), accessing Teams, Mail or just writing reports in Office was a struggle. And another issue was the fact that our PT VPN is Checkpoint, which I did not manage to get working on Linux.

    I'm of course familiar with Kali/Parrot/BlackArch, but I would not consider those fitting for a daily driver - each engagement can get pretty messy, and I think it's better to start with a fresh VM for every customer, just to avoid any potential issues.

    I've recently discovered QubeOS, which in theory sounds like it should be perfect for this usecase - you can easily separate data for different customers, keep them safe in a storage qube, deal with per-customer networking/different VPNs in their respective Kali VM qubes, and spin up a Windows qube for report writing and backoffice/administration/communication. And if I really understand it correctly, it should also be possible to easily test out malware in a separate disposable qube without much risk.

    But I didn't try working with QubeOS yet, so all of this is just a theory based on my understanding of it's features and usecases.

    So, my question would be - what kind of setup do you use for engagements and backoffice/administrative work? What distro would you recommend, that works well with running different VMs without it being too much of a hassle? And most importantly, is there anyone who uses QubeOS in this field of work, or will it only slow me down and make everything a lot harder than it should be?

    Thank you!

    11

    What do you think would be an actually good use of blockchain/smart contracts? What kind of problems (big or small) is it a good tool for?

    Hello!

    When I was creating a CTF for a conference, I've finally got to learn about how blockchain and smart contracts actually works in practice, and the whole concept is simply brilliant. A quick introduction for those unfamiliar with it would be in this summary, but just to summarize how I basically understand it, blockchain is simply a VM that runs code (smart contracts) a both the code, and result of every execution of it is calculated by a bunch of users (so, mining is basically running a VM) and appended into the blockchain based on some kind of consensus and proof of work. This means that you get a single source of truth and history of every execution of a smart contract that is decentralized and you can rely on it.

    But, almost every use of blockchain or smart contracts I have seen has pretty large issues either in sustainability in the long term, or in cases where you simply need some form of an authority to prevent and punish misuse. While I'm not really that much familiar with every use of blockchain so far, I will first list what I've already thought about or seen, and the main issues that I think are a deal-breaker for choosing blockchain for that kind of tasks. It's possible that some of the issues are wrong or have already been solved, so please correct me if I'm wrong - my knowledge of blockchain isn't really that in-depth.

    First and the most common use is the one you are probably most aware of - cryptocurrencies. If I ignore the biggest and most unfortunate issue of cryptocurrencies turning into an investment-only product, with hugely volatile and inflated price that is not backed by any kind of real value (sure, you can pay with BTC, but it's slow, expensive and super volatile to be useful, so the only real use is to literally sell it to others for a profit - which also basically means you are scamming someone out of their money down the line), I see the following problems with using blockchain for currencies:

    • Longevity - The ledger size is already getting massive, only after a few year. It's not sustainable, and it will eventually be really hard to keep the whole ledger at a large enough number of places to not run into problems of integrity. It's growing exponentionally, and is at around 500Gb after around 10 years.
    • Gas cost - It's getting harder and harder to mine and confirm new transactions, which increases the cost while also making less people able to mine new transactions without being at a loss. This will only get worse, and eventually lead to the 50% problem (if someone controls 50%+ of mining nodes, he can confirm fake transactions or do whatever he wants with the blockchain) being a real issue.
    • Lack of moderation - This may be one of the more controversial issues, because it goes directly against the whole idea of cryptocurrencies, but is one of the biggest problems I see that are in the way of crypto being able to be considered for wider use. We live in a world where some people are dicks that are not afraid to steal and cheat, and something like a currency simply has to be moderatable. You need to be able to punish criminals, and take back what they have stolen. If someone doesn't pay their debts and owns me money, the government should be able to just take the money if they have them. If someone uses an account for scamming and stealing, it should be possible to freeze it.

    The last issue will eventually show in most of the other uses of blockchain as well, and while I have included it, I'm still not sure how I feel bout it. In an ideal world, you would not have to deal with something like this. I would also really like to have an option to do my transactions privately, without anyone being able to profile my behavior and data, but such a system would have to allow for some safeguards against missuse to be widely adoptable. (Which is an interresting off-topic question - would it be possible to create a system that is private, but also has the possibility for trusted authorities to freeze accounts and force transactions?) And the more that I think about it, the more I'm certain that I'd rather have a centralized system where you can punish criminals and scammers, than a system where lives of people are regularly ruined by someone stealing all of their savings unpunished. But it is a thin line - I only say that because I live in a country that is all-right and I can trust my government - for now. But I definitely agree that such a private unmoderated option should exist - but can't be considered for widespread use, which I've heard some people say that "crypto will replace cash in a few years". And this is why it never will, IMO. But this discussion shouldn't be about whether this is a good opinion or not - but more about "what blockchain is a good tool for".

    Next one are NFTs. I will just quickly gloss over them, because they are even bigger scam than crypto is. Ever heard someone say "Someone has copied and minted my NFT?". Well, it's a shame that there isn't some kind of centralized authority that could, you know, not allow them to do that.

    Another use I've heard someone praise as "the future" was lending money. I'm not sure what were they talking about, but the whole point was that you can... Escrow an amount you are borrowing, and then borrow the same amount? It didn't make any sense, so I guess I'm missing something, but then again - we have the same issues as above, while also it being just a bizare idea - why simply not use the amount you already have? The person tried to explain it to me, but it just feels gimmicky. And if you escrow a lesser amount, you then have the same problem with moderation as above - nothing can force you to return the money (unless it is already escrowed, but then, why??)

    So far, every use of blockchain I have heard about would be better done in a centralized fashion, especially as far as longevity is concerned. The growing ledger size and increasing gas cost, along with the 50% problem simply makes most of these kind of uses too impractical to work on a larger scale.

    But I really like the concept and idea of smart contracts, and I'm sure there has to be some kind of use that is not as "revolutionary" or large scale. I'm just having hard time coming up with any.

    I have only one - voting, and maybe transparent randomization (i.e lottery). Smart contracts are an amazing way to collect votes transparently but privately, since you can be sure that no-one can cheat, if you set it up properly. It's also something that doesn't suffer from the longevity problem, because it's more of a one-shot use of blockchain, rather than something ongoing - which also justifies the price.

    (tl;dr feel free to start here:) Which is what I'm interested in - does any of you have similar ideas for use of smart contracts and blockchain, that would be practical in a daily live? Be it one-shot smart contracts for a small task, such as voting or random winner selection, maybe some kind of escrow. It doesn't have to be a "society changing system", or something revolutionary. A common small code snippets or apps that would solve the trust issue inherent to a centralized task is what I'm after - but have hard time coming up with.

    And just a disclaimer - I don't plan on building anything and am not fishing for the next blockchain thing, I barely even understand it. I would just like to incorporate blockchain into my programming repertoire as a tool, because the concept feels so clever, but is also misused or misunderstood due to hype, but it has to have it's uses that are overshadowed by people jumping on the blockchain bandwagon without considering whether it's really the best tool for the job.

    But is has to be a good tool for some kind of problems, right? And I would like to start a discussion about what would that be, without it being affected by the hype and reputation surrounding blockchain. I feel like that would be an interesting though exercise, and I'm sure we can come up with some interesting little uses here and there, without it being gimmicky but actually the best tool for the job.

    Thank you!

    EDIT: And I'd like to add that I never got into the blockchain hype, and my opinion on how it's used so far is mostly negative. If a product mentions blockchain, I usually just avoid it as a gimmick. But that's why I'm genuinely interested in this discussion - I don't judge a tool about how people misuse it.

    99

    I'm looking for games with unique or experimental game design

    Hello!

    One of the things I really enjoy is unique, interesting or out-of-the box game design. It doesn't have to be AAA game, it doesn't have to be a perfect game, it can be pretty rough - but if it has a mechanic or design element that is somehow unique or original, I'm instantly in love with the game.

    The problem is that such games do not usually get a lot of exposure, since it is after all a niche. And that is really a shame - in the past few years the most fun had with video-games was playing such smaller and shorter indie games with something unique or pretty clever, where I can obsess over the design and more importantly - get inspired. That leads me to my question - are there any communites or blogs or content curators that are about this kind of smaller, maybe unpolished, but original games? Or what games would you recommend that would fit into this description? I don't mind if it's a 5 minute experience. It's ok if it's more interactive art than a game.

    To better illustrate what I'm looking for, I'd compare it to modern art - the kind where you get a single colored square on a canvas. I never got it, and it always felt just weird - until I had to start doing flyer design and started researching and reading about composition, space and all that stuff. And now I see there's so much going on even on a picture with a single line, that it's really interesting to think about why the square is where it is, and what kind of composition rules was he working with.

    And I think it's the same for game design - sometimes you see a clever mechanic or design on otherwise really ugly and unpolished game, and it still gets you inspired and thinking.

    I understand that my question is a little bit vague, so I'll give you a list of some games I consider unique, some of them are well known, some of them not-so-much:

    • Immortality \- you probably know about this one, but a game where the plot twist is discovering a hidden game mechanic, you could've done all the time? And the fact that you watch three movies at once in random scene order is also a really good experience.
    • Against the Storm \- I really like how they solved the issue with management sims - that they tend to get boring once you set everything up, by making it a roguelike.
    • Different Strokes \- an online persistent collaborative museum of art, where you can either leave a new painting, or edit someone's else. Each painting can be edited only once, so there are always two authors of a single piece.
    • Sayonara Wild Hearts \- I really like the idea of making what's basically an interactive music album. While the game design isn't anyting that interresting, the focus on music is cool - there should be more music albums with video-games instead of video-clips.
    • Project Forlorn \- Again, not really a game - this time I think there's no actuall gameplay, but it's the best interactive music album presentation I've ever seen. And again - I like the idea of exploring music and games together.
    • Playdate \- Not exactly a single game, but rather a console - but the idea behind giving you a game per day (which is I think how it started, they may all be available now looking at it) sounds amazing - which I'd also consider a game design (or rather, experience design?).
    • Baba is You - Another probably well known game, but the puzzle mechanic is just mindblowing.
    • Before Your eyes - In this game, the main mechanic is that you go through the memories of someone who has just passed away, but the time advances every time you blink - physically blink, because the game can use your camera. That is such a clever idea, that it definitely fits onto this list.
    • Nerve Damage - This is my favourite recent discovery. The game is trying so hard to be uncomfortable to play, with it's main design build around just being unplayable. But it somehow works and once you get into the flow, it's such an unique experience.

    So, does anyone has some recommendations about where to look for more experimental games? A curated list, blog would be awesome - since clicking through pages of games on itch.io is pretty hit and miss. Also, feel free to share some of your favourite unique design or experimental experiences and games!

    143

    Would a single-user self-hosted frontend for interacting with Fediverse apps be feasible?

    Hello!

    While discussing about privacy on Lemmy and in the Fediverse, I've stumbled upon an idea that would solve some of the issues inherent to the fact that you need to have a home instance, that is under control of someone you have to trust. But my knowledge about ActivityPub is lacking, and I'm not sure if something like this would be possible or not. Also - it possible that something like that already exists, but I didn't manage to find anything.

    So, would it be possible to create a Fediverse/ActivityPub app that is just a self-hosted frontend for interacting with other apps, such as Lemmy or Mastodon, that only hosts your own personal data related to your account, but not the content you post to other instances?

    The main thing I'm unsure with is how Fediverse works in this regard - who hosts the content. If my home instance is programming.dev, and I create a Post or a Comment on lemmy.ml, who is the source of truth for that post? Does the content get saved on my home instance, and Lemmy.ml only gets an ID that it queries if an user requests it, or do I send the content to Lemmy.ml to live on their server?

    Depending on this, it would make such a self-hosted app easier or harder. If the content lives on the instance I post it to, it would mean that you can create a fediverse app that only stores your personal user information and DMs, and you don't have to deal with serving your posts to others - because they live on the other instance you posted it to. Then all that would be left is to create an UI for displaying and querying content from other instances, and you have a way how to interact with the Fediverse without risking any of your personal private data.

    On the other hand, if the content would have to live on my instance, I would have to deal with serving it to whoever requests it, which would make it a lot harder to self-host.

    I kind of hope it's the first option, because then it would allow for public communities of content-only servers while also letting users have their own personal-data only instances that allows them to interact with the rest. And I really like that idea, because it would allow you to for example have reliable E2E for messages, since you have the code that generates and stores the private certificate under absolute control, and only need to share your private key with others.

    In general, it seems like a great solution to many privacy problems on the Fediverse, and if something like that would be possible (without having to serve the content, because then it may get too resource-intensive for a regular user), I would definitely try to come up with such a solution.

    And now that I think about it - if you actually have to host the content, then it maybe be possible to create a combination of user-data / content servers, where you select a public community run content server to host your data, and have the personal user-data server self-hosted. And if a request comes to your user-data server for content, you just redirect it to the community-ran server. But that's just brainstorming.

    0

    Apps/Extensions that feed random fingerprinting data? Something I'd call "offensive privacy tools".

    Hello!

    Ever since I've seen the screenshot of permissions that the Threads app requires, I've been thinking that it would be a great idea if you could have an app that would give them the permission, but kept feeding it random and bullshit data.

    This could extend to other fingerprinting tools on the web - I can make my browser have limited fingerprinting, but as far as I know, it's usually static. Using letterboxing will set your pixel size to a common value, and privacy focused browsers are using constant User Agent that includes everything.

    But that's not going to help too much - I want my fingerprint to be random, and totally wrong. Feed them unusable data, something that not only isn't useful for them - but also actively sabotages their analytics. Pair that with a VPN, and now they have no way how to track you across sites, and also get a lot of bullshit data.

    Another great thing would be an Adblock extension that not only hides every ad, but also click on it. Multiple times. Sure, it would be giving money to the websites you visit (which may be good), but it will also cost advertisers who pay for clicks (and will probably get you banned anyway).

    I'm assuming that nothing like that exists, but I suppose that forking UBlock or forking LibreWolf could work, and just adding a Random here and there into their anti-fingerprinting code could maybe not be so hard.

    8

    In my understanding of the main principles of the Fediverse, federating with any large corp should never even be considered. Is my understanding wrong? What is the "idea of the fediverse" to you?

    There is one argument I've seen missing in most of the de/federation discussions, that I think should be mentioned, and warrants it's own discussion.

    I've seen a lot of people mentioning that defederating with Meta means we have broken the promise of Fediverse, that you can use one account to interact with whatever service you choose, and that it should be inclusive.

    But I don't agree that's the main idea. There is something that's more important, and to make sure I'm not misinterpreting it, I'll just directly quote various websites about the Fediverse I've found (I was just taking top results for Fediverse on DuckDuckGo, but I did select only the parts that are the most important point for me personally). But I do concur, I was not able to find a single source of truth, and I'm not really sure how credible the resources are, so please disagree with me if it's wrong or I've chosen some no-name site that just matched my rethorics.

    https://www.fediverse.to/ has the following sentence as the main hero header: > The fediverse is a collection of community-owned, ad-free, decentralised, and privacy-centric social networks. > > Each fediverse instance is managed by a human admin. You can find fediverse instances dedicated to art, music, technology, culture, or politics. > > Join the growing community and experience the web as it was meant to be.

    Another search result is for fediverse.party, which has the following quite in https://fediverse.party/en/fediverse/ : > Fediverse (also called Fedi) has no built-in advertisements, no tricky algorithms, no one big corporation dictating the rules. Instead we have small cozy communities of like-minded people.

    The page also mentions some link for knowledge about the fediverse. Some of them are only tutorials about how to join, but there's also https://joinfediverse.wiki/What_is_the_Fediverse%3F , with the following part: > How does it compare to traditional social media? > >... > > Morals > > * Traditional social media is neither social nor media. It is not made for you, it is made to exploit you and it is full of misleading ads and fake news. > * This is because the aim of traditional social media is to make a whole lot of money. > * The aim of the Fediverse is to benefit the people. > * The aim of traditional social media is to control and steer the users. > * The aim of the Fediverse is to empower the users to control the Fediverse.

    I wasn't able to find more websites directly about the fediverse, and I did not want to quote random articles. But for completion sake, here is a list of FAQ/About sections of websites that are about the Fediverse, but don't directly support or imply the point of view I was trying to make (one that can be best summarized by the Morals in the last quite):

    • https://fediverse.info/frequently-asked-questions
    • https://fedi.tips/what-is-mastodon-what-is-the-fediverse/
    • https://framatube.org/w/9dRFC6Ya11NCVeYKn8ZhiD
    • https://en.wikipedia.org/wiki/Fediverse
    • https://the-federation.info/

    The split seems to be 50:50, but at least for my DuckDuckGo search results, the https://www.fediverse.to/ is the first result you find, and that one is pretty clear about what Fediverse should be. I wanted to start a discussion about what do the users here see as a main selling point of the fediverse, and whether morals and non-profit nature of the instances is important to most of the users as it is to me, or whether you'd rather have interconnectness and inclusivness.

    28

    ELI5 - What is the difference between headphones, earphones and IEMs?

    Hello! I was looking through the sidebar's list of recommended earphones, and after clicking through some of them, I've realized that I actually don't know if that's a list for me, a consumer looking for something to jack into my phone.

    I've tried quickly looking for differences between IEMs and headphones, but didn't managed to reach a conclusion. I've vaguely familiar with the term "monitors", since I do help out from time with band shows, but I never actually dealt with audio equipment or audio setup (aside from carrying it to the stage). From what I assume based on what I've seen, monitors are the the speakers that play on stage, so the band can hear what they play. And IEMs are earbud versions of monitors that the band uses instead.

    I've always assumed that they are basically headphones/earphones, just connected to some kind of transmitter, and calling them IEMs just makes it easier to find earbuds focused on audio quality, because the term is not as mass-marketed as earbuds are. But judging by the cable connector I've seen on some of the IEMs I've looked at, it's probably not a jack.

    So, what are the differences? Is it a different tech all-together, or are they really just a higher quality earphones with better connector? Would looking for IEMs instead of earbuds make it easier to find better earbuds for regular use, or are they meant only for studios and I'll have a hard time even connecting them without aditionall equipment?

    Thank you for any reply or explanation. I realize this question may seem pretty basic, and I hope it's not too out of place - I have almost zero experience with audio, but I did start recently DJing (where all I needed so far was to be able to connect RCA into a mixer) and helping out with setting up band shows, so I'm asking this question not because I'm shopping for earbuds, but because I'm honestly interested in learning something new about how different tech around music work and what's the common language around it.

    11