If you aren’t already using it, https://vencord.dev/ is a good Discord client mod that lets you get rid of some of the annoying features.
Might be against ToS, but so far I don’t think people had any issues with it.
Another option (that I use when I don’t need voice) is having your own Matrix server with Discord bridge. With double puppeting it can bridge both servers and DMs, and post in your name (without needing a bot on the server).
As far as I know you can do double puppeting with Matrix discord bridges, or whatever it is called.
As in “the bridge posts using your account, and not a bot”. I have it set up on my own Matrix server, and I have servers and DMs bridged without issues.
Also, setting up a server with the ansible project is super easy, it’s one of those rare cases where the ansible is robust, easy to use and actually doesn’t break.
I have no experience with React, so I couldn’t tell. Thanks for the info, I’ll keep it in mind.
I think I’ve seen it mentioned that in case RSC isn’t used, it might be vulnerable but it’s not really confirmed, but you’re right that it probably doesn’t warrant shutting down the server.
I don’t really need it that much, though, so I’ll just wait for the update, take a scour through logs and use it as a learning opportunity for forensics, and skip the reinstall.
Well, Element seems to still be running at the unupdated version even after update, so I’m just shutting the server down.
I’m bummed that it took me 5 days to learn about it, does anyone have some tips how to get early warnings for techs you’re using? I’m guessing there’s a way with npm.
Also, anyone has some tips how to properly compromise-check your server? I’m guessing there are logs to check for compromise, and audit your startup scripts for persistence? Any tools that could help with that?
Fuck, Element for Matrix is apparently build on React, and I was updating like 4 days ago after few months.
Well, time to update again, I hope it’s fine. Never really learned how to properly compromise-check your server.
First time I’m seeing Uiua, and I like it. It’s kind of cute, even though I know I’ll probably never use it.
However, seeing one of their goals being “code that is as short as possible while remaining readable” is kind of ironic, given how it looks and reads. But I don’t mind, it’s still pretty adorable.
It looks like it’s hell to learn and write. It’s possible that once you learn all the glyphs (which IMO adds unneccessary complexity that goes against their goal of being readable), it might be easier to parse. I’m probably not the target audience, though.
This is my most used app on my phone. It does comes with a little extensive setup, because you need to have your own Matrix server, but thanks to the amazing Matrix Ansible Project, which is one of those rare docker/ansible projects that actually work and are very robustly set-up, deploying a server took me like an hour max, incuding bridge setup and getting hosting (for around 8$ a month on Hetzner).
I replaced Messenger, Discord, WhatsApp and Telegram apps with this, by setting up bridges in Matrix. The setup was relatively simple, the ansible is well documented and I mostly had to just add lile two config lines into the ansible. So far I haven’t had much issues and I’ve been using it for the past few years.
There might be better clients than Element, haven’t really looked into it. It’s not frictionless and it took some getting used to, but not having a ton of spyware appson my phone is worth it.
I don’t really use YT that often on my phone, so I can’t vouch for how often it breaks, but I use FreeTube on Desktop and having a YT client that can subscribe creators without an account, can turn off all the recommended distractions, has an adblock, can play with screen off and the like is amazing.
Judging by my experience with Freetube, you do have to update it regularly since YT is actively fighting it, but so far every time I needed to watch a video on my phone, I could just update NewPipe and it worked.
Someone once posted here in a comment an app they are working on that is an K2K (keyboard to keyboard) encrypted keyboard app for android
I don’t remember how it worked and only skimmed the repo, since I didn’t think I’d need it, but given recent developments it might be good to have.
Does anyone remember what it was?
IIRC the idea was that you have a separate input box, and encryption keys saved in the keyboard app, and it just does I assume PGP before pasting the text into the app your inputing into. I’m curious how it did key exchange and how usable it was, but I lost the link and couldn’t find it.
People whose thread model requires high stakes and serious encryption are probably using PGP with hardware keychain, with Tails or something similar on a live USB.
Adding a high-profile law like this will probably just cause them to increase their op-sec and make it even harder to actually get any evidence where it really matters, while having a huge PR cost and abuse potential. But it’s very probably not about catching criminals anyway.
Also, it’s kinda funny that they moved from SS to AA :D
If I understood it right, one of the projects he was working on as part of the experiment was the website.
Figures.
I’ve been using Matrix for a few years by now, mostly only for the bridges, and the setup experience was actually way more straitforward than I expected.
Did you use the matrix ansible project for setting it up? Enabling bridges was just adding like two lines of config parameters per bridge max, and adding my accounts was just like two back to back messages with a bot and it worked. The whole server setup with the ansible took like an hour max, including getting hosting (I used Hetzner for like 8$ a month) and domains.
I was planning to look into Zig for this year’s Advent of Code. Haven’t really looked at it yet, but I’ve heard good things about it. Nowadays I mostly write in C# or Python for smaller scripts, so I kind of expect getting back to C-style code might have some friction, but it’s about time to refresh my memory. I had a pretty good time with Rust for AoC in the previous years (not that I ever used it for anything else), but I guess it’s time to try something else.
If you mean PhotoGimp, it’s just a config file thst rebinds keybinds and sets up UI layout, like location of tools and windows, to be similar to photoshop.
To be honest, I’m only using Matrix for the bridges into every other service, so I can talk to people on messenger, signal, telegram, discord and whatsapp through a single app, the Matrix client, so I at least don’t have spyware on my phone, even though they’ll get my messages. And E2E encryption doesn’t apply in that case, so I never had to deal with it.
With self-hosted solution, your main advantage is that you can simply create the accounts on the server side, and don’t need any verification. After the first login, it usually asks for every new device, that you have to confirm the session on a device that’s already confirmed, but I never had issues with that.
But I don’t have experience with actuall Matrix to Matrix communication, I just used the bridges. Haven’t tried DeltaChat yet, but tbh I’ve just given up convincing people to switch and am glad I can at least have the bridges working, so I never have to login or use any apps or websites of FB/Discord/whatever.
By the way, if you are using Gmail for Email, have files stored on GDrive, OneDrive (Documents are by default in OneDrive on Windows) or iCloud, use Messenger, Whatsapp, Skype, Snapchat, Xbox or Instagram to communicate, your files and messages are already being scanned for the last 5 years, since 2021.
ChatControl was already voluntary, and the products I mentioned villingly joined and are already doing it. For most of the people suddenly complaining, not much actually changes. They could do something about it for the past 5 years - not use the apps that do it, but “I don’t want to install another chat apps, I have everyone on messenger” have been forcing people like me to choose between privacy and having a way how to contact friends and familly. And I’m 90% sure that most of them vouldn’t switch even if this new law did not pass.
Anyway, if you haven’t already, look up “Matrix ansible project”, it’s an extremely easy way how to set up a server, with awesome guides and actually a very robust implementation. It will save you a lot of time. I"m just paying 6$ a month for Hetzner cloud, and setting it up took like an hour tops.
Self-hosted open source solutions will always be an alternative, the major problem is that they will soon ban side-loading of apps to phones, so you won’t be able to install a FOSS messenger that connects to your solution, or a browser that doesn’t scan you, unless you have something like GrapheneOS.
I was doing cybersecurity for a few years before I moved to gamedev, and I vaguely remember that at least the older versions of GUID were definitely not safe, and could be “easily” guessed.
I had to look it up, in case anyone’s interrested, and from a quick glance to the GUID RFC, it depends on the version used, but if I’m reading it right, 6 bits out of the 128 are used for version identification, and then based on the version it’s some kind of timestamp, either from UTC time or some kind of a name-space (I didn’t really read through the details), and then a clock sequence, which make it a lot more guessable. I wonder how different would the odds be for different versions of the UUID, but I’m too tired to actually understand the spec enough to be able to tell.
However, for GUID version 4, both the timestamp and clock sequence should instead be a randomly generated number, which would give you 122 bits of entropy. It of course depends on the implementation and what kind of random generator was used when generating it, but I’d say it may be good enough for some uses.
The spec also says that you specifically should not use it for auth tokens and the like, so there’s that.
Not mine, but svn-based JDSL is the best related story that’s always worth sharing.
Aren’t UUIDs designed to prevent collisions, rather than be cryptographycally secure? Not that it’s doing a great job here :D
Edit: Nvm, that was guid.
I hope this will bacfire heavily and shuts down their tourist industry.
I’ve had a few people around me who were to US, or planned to go. All of them has lost all desire to do so. I can’t imagine why would anyone who doesn’t have to (i.e for work, and even then I’d really reconsider it) volunteraly go to US at this point, for a vacation of all things.