Thanks for the link, that’s a lot more context than the usual reactionary “Andy Yen said one nice thing about a Republican therefore he’s fascist pro-Trump MAGA” takes I’ve been seeing. Not only does it more or less disprove that narrative, it makes me question how much of the hate against him lately is genuine and how much of it has been seeded and signal-boosted by nation-state actors who don’t want people to use encrypted communications.
Yen is clearly trying to be nonpartisan and praise what he sees as good for privacy while pointing out abuses of power, regardless of who has the power at the moment. He sees this as his way of adding weight to the scale in favor of better privacy and tearing down big tech. I know many in my country and on the web are hyper-polarized and addicted to anger, to the point that if someone says anything even slightly positive about their perceived political enemy, it’s seen as legitimizing and aligning with that enemy, but I don’t believe that’s a healthy or productive mindset to have. I believe that kind of divisive attitude is preventing us from uniting with those who should be agreeable to our cause, and that’s exactly what the oligarchs want. It’s making us weak.
I’ve been on the fence for a while since this whole thing started, because I do use a paid Proton email, and it sounded bad, but I kept getting this nagging feeling I wasn’t seeing the full picture. That’s gone now - Andy may be politically and/or socially inept, and he may have a different perspective on what it means to support privacy and democracy, but I think it’s clear his heart is in the right place, and the work he and Proton are continuing to do for tech privacy is helping to erode authoritarian power structures, including Trump’s.
I appreciate the links, but these are all about how to efficiently process an audio sample for a signal of choice.
Your stumbling block seemed to be that you didn’t understand how it was possible, so I was trying to explain that, but I may have done a poor job of emphasizing why the technique I described matters. When you said this in a previous comment:
I do think that they’re not just throwing away the other fish, but putting them into specific baskets.
That was a misunderstanding of how the technology works. With a keyword spotter (KWS), which all smartphone assistants use to detect their activation phrases, they they aren’t catching any “other fish” in the first place, so there’s nothing to put into “specific baskets”.
To borrow your analogy of catching fish, a full speech detection model is like casting a large net and dragging it behind a ship, catching absolutely everything and identifying all the fish/words so you can do things with them. Relative to a KWS, it’s very energy intensive and catches everything. One is not likely to spend that amount of energy just to throw back most of the fish. Smart TVs, cars, Alexa, they can all potentially use this method continuously because the energy usage from constantly listening with a full model is not an issue. For those devices, your concern that they might put everything other than the keyword into different baskets is perfectly valid.
A smartphone, to save battery, will be using a KWS, which is like baiting a trap with pheromones only released by a specific species of fish. When those fish happen to swim nearby, they smell the pheromones and go into the trap. You check the trap periodically, and when you find the fish in there, you pull them out with a very small net. You’ve expended far less effort to catch only the fish you care about without catching anything else.
To use yet another analogy, a KWS is like a tourist in a foreign country where they don’t know the local language and they’ve gotten separated from their guide. They try to ask locals for help but they can’t understand anything, until a local says the name of the tour group, which the tourist recognizes, and is able to follow that person back to their group. That’s exactly what a KWS system experiences, it hears complete nonsense and gibberish until the key phrase pops out of the noise, which they understand clearly.
This is what we mean when we say that yes, your phone is listening constantly for the keyword, but the part that’s listening cannot transcribe your conversations until you or someone says the keyword that wakes up the full assistant.
My question is, how often is audio sampled from the vicinity to allow such processing to happen.
Given the near-immediate response of “Hey Google”, I would guess once or twice a second.
Yes, KWS systems generally keep a rolling buffer of audio a few seconds long, and scan it a few times a second to see if it contains the key phrase.
How can you catch the right fish, unless you’re routinely casting your fishing net?
It’s a technique called Keyword Spotting (KWS). https://en.wikipedia.org/wiki/Keyword_spotting
This uses a tiny speech recognition model that’s trained on very specific words or phrases which are (usually) distinct from general conversation. The model being so small makes it extremely optimized even before any optimization steps like quantization, requiring very little computation to process the audio stream to detect whether the keyword has been spoken. Here’s a 2021 paper where a team of researchers optimized a KWS to use just 251uJ (0.00007 milliwatt-hours) per inference: https://arxiv.org/pdf/2111.04988
The small size of the KWS model, required for the low power consumption, means it alone can’t be used to listen in on conversations, it outright doesn’t understand anything other than what it’s been trained to identify. This is also why you usually can’t customize the keyword to just anything, but one of a limited set of words or phrases.
This all means that if you’re ever given an option for completely custom wake phrases, you can be reasonably sure that device is running full speech detection on everything it hears. This is where a smart TV or Amazon Alexa, which are plugged in, have a lot more freedom to listen as much as they want with as complex of a model as they want. High-quality speech-to-text apps like FUTO Voice Input run locally on just about any modern smartphone, so something like a Roku TV can definitely do it.
In general, Bazzite being immutable just means the core system isn’t modular to the end user to the degree that Arch is. You of course can use flatpaks or appimages like any distro, and there are still several ways to install traditional rpm/deb/aur programs (the usual Fedora method doesn’t work because dnf doesn’t exist). If it’s just an app that doesn’t require significant integration with the OS, the recommendation is to install them into a distrobox container (where dnf does exist) and then distrobox-export [program] to make them visible to the host system. VPNs need a little more integration so those are installed by layering with rpm-ostree and then enabling the systemd service(s). Layering makes updates take longer to install so it should be avoided when possible.
One of the interesting things about Universal Blue’s images like Bazzite is if you want the benefits of atomic while also having a more custom system than they offer without having to install a bunch of things in rpm-ostree, the process to build a custom image based on one of theirs is apparently quite easy to do and automate, though I haven’t done it myself.
In general, yes. Most of the difficulty is due to being on Linux and running games through the Proton/WINE compatibility layer, so there can be an extra layer of jank involved, but it’s very possible.
If modding consists of dropping files into the game directory, it will work almost exactly the same as in Windows. However, if some of those files replace the game’s DLLs, then whatever WINE runner you use might need to be told to use the DLLs in the game directory instead of its own.
If you need to use a mod manager, that situation is still not ideal - native Linux mod managers I know of are only the Nexus Mods app (very new, there’s some talk of it being integrated directly into the Heroic launcher) and Limo. Everything else, you’ll be running whatever bespoke Windows mod manager your game uses through Proton/WINE, probably with Steam Tinker Launch, possibly Lutris.
tl;dr There can be an extra layer of complexity over modding on Windows, but it’s otherwise comparable.
During boot, you’re presented with 4 snapshots you can choose between so if an update did happen to break something, it’s easy as just choosing an older snapshot after a reboot.
Those are actually just two snapshots, there’s a bug in GRUB that displays them twice. Purely visual, and you can fix it with a ujust script, run in the terminal with ujust configure-grub. There are lots of little scripted tweaks and installations available; you can get most of the list by running ujust by itself. Incredible work by the maintainers.
The dreaded onosecond happens to the best of us.
PCGameBenchmark seems to be exactly what you’re looking for.
It’s an intersection of two well-known memes, the first being a particular Nancy comic strip and the latter being Loss. Funnily enough, it’s actually featured in the KYM article on the Nancy strip.
Yep. In fact, Amazon devices can connect to other Amazon devices over their Sidewalk meshnet and get the wifi password that way. I’m never getting anything from Amazon more complicated than a screwdriver.
Router-level VPN is going to be more difficult to configure and cause more problems than just having it on all your devices. There are some games where online play just refuses to work if connecting through a VPN. Some mobile apps are the same. When a website blocks your currently selected server, and the usual solution is switching to another server, that’s going to be more difficult and more tedious when it’s configured at the router level. In addition, if you do something like using a self-hosted VPN in order to connect remotely to a media server on your home network, that becomes more difficult if your home router is on a different VPN.
If you’re trying to keep local devices in the building from phoning home and being tracked, a PiHole or router-level firewall might be a better solution. I think if you’re running a pfsense or opnsense router and are a dab hand with VLANs then maybe you could get what you’re looking for with router-level VPN, but it’s a huge hassle otherwise. Just put Mullvad on your computers and phones and call it a day.
PCIe gen 5 is for the PCIe slots and NVMe storage slots, but they’re backwards compatible; you can put a gen 3 component in a gen 5 slot and it will work at gen 3 speeds. Similarly, if you put a gen 5 component in a gen 4 slot, it will be limited to gen 4 speeds. Right now there’s very little appreciable difference between gen 4 and gen 5 unless you’re spending a lot of money on the component (GPU/storage). Another thing to note is that Gen 5 requires that both the CPU and motherboard support it; a CPU with gen 4 support in a gen 5 motherboard will limit all the slots to gen 4 speeds.
RAM is a totally different standard that must be matched exactly for what the motherboard has; if it’s a DDR5 motherboard then you have to use DDR5 RAM or it won’t even fit in the slots. You can get a PCIe gen 5 motherboard and just use gen 4 SSDs or GPUs, that’s perfectly fine and leaves you room to upgrade later.
Seems mostly fine to me, I game all the time on Linux (Bazzite gang 🤘) with a 3900X + 7900GRE, haven’t had any significant issues aside from needing to make sure clock speeds were configured correctly on the GPU. Two ram sticks is the way to go with these systems as sometimes they don’t support 4 sticks at full speed.
You’re right that GPU passthrough is definitely more for tinkering or advanced users with very specific needs (usually professionals who need Windows/Nvidia and choose to run it in a VM rather than dual-boot), with a budget to match. For a gamer couple, having fully separate systems is going to be much less hassle and more resilient against failure.
The one thing I would recommend changing is the power supply, it’s unironically the most important component in the computer because if it fails it can kill everything else, and the System Power 10 is known enough for being low-quality that discussions of that come up in web searches. Poor quality power supplies can damage your hardware and otherwise cause weird, intermittent issues even if everything seems to work fine most of the time, and will fail and shut off the computer when a good power supply would have just kept on chugging. Seasonic and Corsair are considered the best brands and have 10 year warranties - they’re more expensive, but they’re worth it. You want 80+ Gold or better these days, this is a buy once, cry once component.
If you don’t have a UPS, I would also recommend getting one at some point, either one big shared unit (if they’ll be close together) or two individual units. Having backup power will allow you to shut down the computers gracefully during a power outage, and prevents the worst-case scenario where the power goes out while the computer is installing updates and it turns into a brick.
Web ads are a security risk that even the FBI has acknowledged, so your friends should be aware that having uBlock Origin installed is nearly as important as having virus protection.
Regarding profiles, having two is generally recommended - your main profile with no Google services, and a secondary profile only for apps that absolutely require Google Play Services. Personally, I just dump everything in one profile and deny nearly every permission to anything Google, and on top of the sandboxing that’s enough of an improvement over stock Android that I don’t bother with two profiles.
They advertise E2EE as a feature
They can call it E2EE as much as they want, but it’s a lie. It’s encrypted in transit and at rest, at least on the user’s device, but unlike true E2EE, they can decrypt and view any conversation they want to.
You can add swipe (glide?) typing into HeliBoard. From their github readme:
- Glide typing (only with closed source library ☹️)
- library not included in the app, as there is no compatible open source library available
- can be extracted from GApps packages (“swypelibs”), or downloaded here (click on the file and then “raw” or the tiny download button)
The only reason HeliBoard doesn’t include this themselves is presumably legal liability plus their dedication to the app not having any network permissions at all.
This is the one of the few real things that make VPNs a security tool - security from thugs using a MITM attack on your phone. This is also a reason to avoid SMS messaging and port your number to a VoIP service instead of a direct cellular number, as VoIP traffic would be routed over the encrypted VPN tunnel with everything else instead of through the traditional cell network which is vulnerable to these attacks.
If government agents want to know what you’re saying and doing without your consent, you should leave them no choice but to get a warrant and do some actual work.
Not at all - you could just be a US citizen coming back from a brief trip across the border.
A few congress critters have been trying to get bills passed to curtail this overreach for almost a decade, but unless I missed the news, none of them have succeeded.
I mean, yes, I daily drive Firefox myself. If one must have a Chromium-based browser, however, Vivaldi is very much not-Google, very much not crypto, and is all around pretty based. It’s a solid choice for a secondary “I’m going to need something chromium on rare occasions” browser.
They’ve been shadowbanning VPN users for years. It’s not a policy I expect to change.
It’s stored with zero-knowledge encryption, which means the server only receives enough information to authenticate the user, but otherwise has no ability to decrypt the user’s files. Proton has an explainer.
A few months ago, Proton’s CEO Andy Yen was interviewed on The Linux Experiment and reiterated in the segment starting at 49:27 that he does want to have an F-Droid version, but because Proton encrypts notifications sent through Play Services such that Google can’t get at the metadata, and because third-party notification frameworks are typically much worse for battery life than Play Services, they consider F-Droid a lower priority than some of the other things they’re trying to get done, such as feature parity between their mobile and desktop apps. It’ll come eventually, especially as Yen himself seems to want it, but since they’re completely private and have no investors, they don’t have infinite money for developers, so they have to prioritize sustainable growth.
Highly recommend watching the full interview, Yen seems to have a good mindset about the whole thing, doing what he feels is best for privacy and ownership of identity in the long run, even if he has to temporarily compromise in some places in order to get there.
Not cars per se, but with a few tools and a kit, you can convert a bicycle into a pretty great pedal-assist e-bike from the comfort of your own garage, cost-competitively with pre-built e-bikes, especially if you already own the bike you’re converting. Everyone has their own preference for the ideal bicycle, and there are plenty of DIY e-bike build guides on the web, so that might as well be open source.
Authy is pretty bad. They had a data breach that exposed users, they make it really hard to migrate your secrets to another app (God help you if you lose your phone), and they’re completely closed source.
The best option is probably Aegis Authenticator, but at least do a cursory search for “[authenticator name] controversy” before choosing an authenticator.
90% with my normal setup, but I highly doubt it’s correct because:
- literally everything in uMatrix except first-party scripts is blocked
- it goes up to 93% when I turn off uBO, yet the page loads way more slowly which makes no sense
The site does say uBO on Firefox has unknown issues, so I’ll attribute it to that.
iOS up to at least version 16 has leaked VPN traffic for years. If you only turned on the VPN to make the purchase, that might be how Amazon still knew where you were. The only workaround (always-on VPN mode) apparently is an enterprise feature in iOS that most users don’t have access to.
Alternatively, since it worked on a desktop, your VPN’s mobile version or iOS support may be flawed. The ones I hear the most about from privacy advocates are Mullvad VPN, IVPN, and Proton VPN. If it’s a free VPN, well, you get what you pay for. If it’s one of the ones I mentioned, they might be interested to work with you to figure out how Amazon was bypassing them, if the issue can still be replicated, or they might already know.
For the photos, since you have a home server, have you heard of Immich? For anything else, there was a time when I could have recommended syncthing-android, but development on that has been discontinued, though you can still try using it. Some privacy-conscious cloud services may allow you to sync app folders, backing up WhatsApp that way, but I have no experience with that.
Instead of buying straight from Google, you can consider buying a refurbished 8a off ebay or something local - my last two Pixel purchases have been through that method. It tends to be substantially cheaper than buying new, even as little as 6 months after the product launch, and the 8a launched 9 months ago. Just be cautious of seller ratings, reputations, and consistency - prices are lower there because it’s more of a risk for the buyer.