Six sided devops engineer and baseball fan

I am also @Quill7513@slrpnk.net, but this is my primary and more active account. The slrpnk.net account is for ecology and lemmy.world stuff

https://keyoxide.org/BAF9ACFBBA5B9A51A680D77CEF152DAE039C5CF5

  • 0 Posts
  • 45 Comments
Joined 2Y ago
cake
Cake day: Jun 04, 2023

help-circle
rss

the google corporate overlords are just straight up evil


i think some big project, something really important, needs to migrate for the masses of devs to move too


Sure yeah. I think corpos suck, too. That’s why I don’t prefer 1password. But Firefox puts their passwords into a file, too (two actually). Key3.db and Logins.json, both with known locations, and encrypted using AES-256-GCM which is… Decent but I prefer to go a little more hardened. The thing with keepass is the following:

  1. Its open source, no corpo
  2. The file encryption you select can be as hardened as you want
  3. No one but you need know the location of your file
  4. It offers 2fa which Firefox password manager doesn’t
  5. Firefox password manager is more susceptible to social engineering attacks is mainly what I was worried about but it seems like you’ve got a good handle on it.
  6. You don’t have to integrate keepass with the browser to use it

But I want to make it abundantly clear. @Dyskolos@lemmy.zip has not recommended storing your passwords in a file. They have suggested storing your passwords in a mechanism that can be as secure as your hardware is capable of securing and keeping the location of that up to your own decision making.

But also. Promise me this. If you’re going to keep using Firefox as your password manager:

  1. Don’t use sync. That’s run by Firefox’s corporate arm, Mozilla PBC
  2. Use a primary password of at least 32 characters
  3. Consider rotating your password on a regular interval, like on your birthday

Cover the G logo with a pop socket or some shit. No one will give enough of a shit to desire your phone. Buying used always denies OEMs sales so its always good to buy used


Using the internet without an adblocker is genuinely dangerous. Everyone really should be using uBlock Origin. Using a web browser that prevents uBlock Origin puts you in danger


If you use a deterministic password manager, make sure you make your master password strong


In-built password managers for browsers are straightforward to crack. Like… Terrifyingly easy. It’s much better to use something like Bitwarden, Vaultwarden if you don’t trust Bitwarden, 1Password if you really want the reassurance of paying someone for trust, or KeePass if you don’t trust anyone at all (I, personally, fit into this category).


Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations


I immediately had my suspicions this article might contain some bullshit when I saw it was published by the new oil…


Yeah. I didn’t pull down my comments when I left, but the oldest ones from 2010-2012 are real fucking wrong-headed. That’s while I was still in college and hadn’t learned yet that the real messaging about how the world works was

  1. staring me right in the face
  2. not discussed as being about what its about by mainstream media outlets

That was the era frat rap was not just allowed to exist, but with some regularity got mainstream popularity. The great irony is two big names from that space, Asher Roth and Mac Miller went on to do some really thoughtful and insightful work, and I think their journey of awakening to the harm their privilege did is what a lot of us went through. Like. I don’t think the majority of us were thinking enough about the importance of countercultural music movements. Now google and reddit get to be the kings of that toxic outdated way of thinking.

The bad news is… That toxic outdated way of thinking benefits them. And now they’ll have a big data model that can post real seeming messages and amplify those shitty takes a lot of us grew out of



Hardware specs were too constrained for regular daily use. The software updates are always way behind schedule, and the company is too small to support their warranty (I really do think they’re doing their best to do what’s right, but they’re just super slow on turnaround for support)


I only know about Fairphone and Teracube. Having owned a Teracube I recommend not getting a Teracube


Then more of us should get ourselves on those lists. We should make the lists useless by way of flooding them


Oh for sure. Even the other traditional way of doing windows installs (finding an EXE or MSI and then downloading it) sucks ass. The only good way to do things on windows is with Choco lol


TBF that is literally the exact motivation behind Cinnamon. Mint was like “yo, GNOME 3 sucks for what were trying to do” and forked. I think that’s also why you see such string MATE support with Mint, too. Those developers fucking loved GNOME 2 (with good reason, GNOME 2 was genuinely excellent).

Back in the day I thought GNOME 3 would eventually stabilize into something suitable for daily use, but their constant breaking of APIs frustrates me to no end and makes me view the GNOME project as just being… Out of touch with the reality of the kinds of people who use computers. They’re so hyper focused on their usage patterns they don’t recognize they’ve made themselves irrelevant to most of us.

I genuinely mean it when I say KDE and LXDE-Qt (these days just LXDE, but I want to make sure its clear what I’m talking about) are the future. Its not so much because I think their platforms are intrinsically superior, but instead their philosophy to how developing for the desktop works. And for those who think KDE is too heavy and LXDE is too idiosyncratic, running a desktop without any desktop environment has become downright easy as of late. I’m running MX Linux with fluxbox and Antix with IceWM and I rarely miss features of the big DEs and I’m just running what those two ship with.

I loved GNOME 2. It got so much right and really did a lot to get out of your way. GNOME 3 meanwhile has some truly stellar core ideas for how humans computer interactions can be performed but everything surrounding those core ideas (the ecosystem) sucks because GNOME doesn’t value stability anymore. That’s probably somewhat fine on a rolling release distro, but… I don’t… Think the average person looking to GNOME’s ease of use are going to trend toward rolling releases and are going to prefer pointal releases. Probably the best place to run GNOME on a pointal releases these days is Fedora since that’s where so much GNOME development happens anyway, but Fedora has issues I frankly don’t want to deal with because fedora doesn’t offer me (emphasized because if fedora is offering you special value, that’s fine abd valid) value thanks to being a somewhat unstable pointal release distro (be stable or be rolling release. Ideally be both. Don’t be neither)

And all of this is kind of a shame, too. There’s a whole ecosystem of GTK apps that are effectively decaying because no one trusts GNOME to provide a stable platform and for people who’ve come to rely on those apps, there’s gonna come a time they’re gonna have to migrate to unfamiliar Qt apps. They’ll be able to handle it of course, but most people just want their shit to work how they know it works and to not deal with their system being different from how they’re used to.


People fear what they don’t know. Valve has made Linux gaming stupid easy and still people are more worried about FOMO of that small percentage of games that don’t run on Linux. Maybe we’ll see a shift if someone releases a banger game that’s designed to be really really good on steam deck (so Linux exclusive, basically) and have it out in Linux for a few months before the windows version comes out


Their main mistake was never trying to make their walled garden not suck ass. I would try to install things from the windows store just to see about it back when I was running windows and it took an infernally long time to open the store, search for an app, and then install that app.


Especially since when was the last time you got a phone that impressed you? Like phones haven’t been getting better they’ve been getting more gimmicky


Phones don’t use an IBM-PC architecture. You’d need a phone based on an architecture phones aren’t usually based on or You’d need to re-engineer UEFI to work for an architecture it wasn’t designed for


I highly encourage everyone to buy their pixel phones for grapheneos secondhand. there’s enough pixel fanbois out there you should be able to deprive any corporation of the money of your sale by buying a like new condition last generation pixel (Like an 8 now that the 8a and 9 are out)


Interesting! I assume then that dslul was the original developer. Weird I wasn’t able to turn up anything at all… Well… Not that weird given that internet search is broken


Its also worth noting Graphene’s focus on pixel devices stems from those devices having more easily secured hardware. Which android fork you decide to use will depend on your particular use case. I wound up going with a Pixel and Graphene for android auto. But if you’re someone with existing hardware that you want to set up with a degoogled os, there’s e/os, lineageos, CalyxOS, iodé, and, if you wanna get really weird, postmarket os. Having done a deep dive into this I can honestly day there’s no single OSFA answer to this.


The latest f-droid release has been causing me headaches and I’ve switched (for the time being) to droid-ify. Which also has some headaches but no show stoppers. Of the two, I can definitely say I prefer f-droid. I hope this helps someone find what they want in an app installing app


I tried Floris board. Its particular rough patches are deal breakers for me, but I’m sure my keyboard of choice has rough patches that would be deal breakers for potential Floris board users. I hope some people see your comment and give it a try. It seems like a promising project


Exactly. I don’t even think of myself as having escaped surveillance capitalism. I’ve made it less lucrative though. All that data they’re mining? I’ve done a little bit of work to make sure the mines are tapped out. I’m gonna keep working to convince others that there’s value in doing the same. Its all part of telling these greedy shitheads we won’t accept their global destruction anymore


Yeah I use play store because I have to have some stuff furnished from play store for work but aurora store is a great way to acquire those apps you do need to get through life but that aren’t open source


So I don’t want to tell you to panic but I can’t find anything about “dslul” or their version of openboard. The questions I have are as follows:

  1. How did you acquire this apk? (F-Droid, play store, obtainium, regular download?)
  2. Do you have hypatia installed? If not, can you install it and run a device scan to see if there’s any known malicious blobs on your device?
  3. Please take a look at heliboard. I know its weird to tell people they’re safer going with the most popular options, but legitimately we’re a pack animal. We do better when we look out for each other and this may be a case where it’s best to go to the version of this project that has the most eyes on it

“Richard Stallman is a sexist and a transphobe”

“You’re a corporate shill!”

Like I couldn’t have possibly reached that conclusion based on the things that he says or the way the be acts…



Didn’t see any mention of dungeon crawl stone soup so I’m adding it here



Some stuff won’t work such as android auto


One of my favorite articles about that last part is “I am not a maker”


Google hasn’t understood the internet for a long time. They created an excellent search algorithm by treating the internet as a single information system that warranted analysis and indexing for convenient traversal.

These days that’s not… Something they’re interested in anymore. The goal is to collect user data for targeting advertising and resale. Their core product is still the search bar, sure, but that’s just a hook to reel you in. They’ll attach whatever buzzword to it it takes to keep it in the zeitgeist. “Ai” is hot right now so that’s the buzzword.

I don’t get the impression technical competency is something Google values anymore…


There’s an issue at play here that I think we’re not confronting enough. America has been on a steady march of deregulating in the name of corporate greed. Some of the most functional countries in the world are also the ones with the strongest regulatory bodies (granted they’re also largely petrochemical profiteers, I do have criticisms even of countries that I think are doing better than the US) because there’s a presumption built into the system that if left unchecked, the forces of greed will violate the liberties of the populace. Its not a coincidence that the only countries that faced major Y2K bug issues were the UK and the US. Germany, Nordic countries, and Benelux countries all ALSO faced this bug, but in those countries the consequences for fucking up banking data was fines. In the US and UK, the consequences were someone might sue in civil court. Much less scary for banking institutions so they continuously acted like the problem was someone else’s problem until the last minute.

My point is this: regulations work. We have case studies in other countries that they work. We don’t implement them not because they don’t work but because they require long view systems change and the political system we live in doesn’t encourage thinking long term. Political funding efforts encourage thinking of policy in 2-6 year terms instead of the actual 30 year time frames it requires to plan them. Its much easier to pull a quick grift with political power weakening the overall system than it is to FIX the system. It incentivizes corruption. THAT is the issue that needs addressing and one we should really be trying to assess what the Benelux countries are doing so well


There’s a ton of far right wing privacy advocates. For me personally, a social libertarian / anarcho communist, it seems like theyre drawing the same conclusions about privacy advocacy and open source from a completely different set of premises. For me, I view privacy as a right that’s been eroded ever since the advent of the concept of total war, to the point now that capitalists engage in surveillance espionage casually to sell collected data not even to the highest bidder, but instead at commodity prices. What’s the inflection point of supply and demand, basically

Meanwhile a lot of people on the right wing don’t view open source as a great equalizer, benefiting all of society, but rather as a tool for themselves for personal benefit. I honestly never fully find myself understanding their premises to be honest. But I’ve for sure seen antisemitism and racism arguments bandied about, which is a Y I K E S.

As far as public perception goes, I don’t really know what to say there. Yeah, I guess, it is indeed frustrating to have your average John or Jane assuming anyone using an encrypted messenger is probably a terrorist. I don’t think the solution is give up, but instead explain your stance and premises


They hold back security patches. That’s a 1000% nope distro


Its not a privacy problem, its a software being up to date problem. Elementary is slow to be updated so you’re going to spend a lot of your time debugging and troubleshooting why your wifi isn’t working, what’s the deal with your font rendering, why is the login screen acting like that?


No more add blockers. No more accessibility tools. Only what google wants you to see.