kixik

joined 3 years ago
[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

Just a minor suggestion. When looking for something different than what you're currently familiar with, do so in very open minded way, hopefully no looking for clones to what you were used to, but willing to experience and learn new stuff (there's no failure, just something new that had to be learned and experienced).

I know it's easier saying than doing...

Looking for advice on giant communities is sort of hard, and in the end you won't know what works better for you if you don't try it. The open mind needs to come with some time to be able to play, and enjoy during the play, so it's not a whole series of frustrations.

On this same forum (different threads/posts/converstions) I've read very different recommendations. Even though Manjaro has been recently getting a lot of bad reputation because of letting some certs expire, it's still considered an "introductory" gnu + linux distribution. I've also read Mint is a pretty good "introductory" gnu + linux distribution as well, specially now that ubuntu has finally shown its inclination towards its snap store, rather than the good and solid dpkg + apt, which allowed it to grow on users to where it's currently at.

I myself prefer rolling release models for distributions, and being as vanilla as possible, to be closer to upstream as possible. However I dislike systemd, which is just a personal taste, so I don't have a specific recommendation. It used to be Manjaro offered openrc, but they dropped it, and the distributions I know are Artix (it has gui installers if that's considered "introduction" level distribution, but one still need to handle the configuration mismatches with upgrades as with Arch), Gentoo (I wouldn't say it's not for starters, but for sure it has its learning curve, but more importantly you need to be aware that it's a source based distribution), and Void. If you don't really care, rolling release distributions, which might have an easy ramp up might be Manjaro as mentioned, and now I believe openSUSE Tumbleweed. maybe even fedora come close... Rolling release models might come even easier for newcomers, in my opinion, since there's no need to think on what happens on major updates, but rather one needs to keep updating periodically, but hopefully the distribution helps supporting the safest and saner configurations natively so the user, and particularly newcomer to the distribution don't have to deal a lot to get such safe and sane configurations, at least to start with. And that's to me the important part to call it "introductory" distribution, easy installation might be part of it, but it's hardly the majority of it, and this is perhaps the sad part of what I like about being as vanilla as possible, some distributions even take that as a mantra for configurations, and upstream developers don't always have the safer, or the saner configurations by default. I believe Manjaro and some others take that into account to make things smoother to start with. Maintaining the distribution, keeping it up to date, being able to install stuff, has it's learning curve, no matter the tools/frameworks to do so, and it might be harder if one has to deal with how to make things work because the software doesn't work as it should (configuration required upfront), and it's not hardened enough as well so the user needs to know that and do additional configuration upfront as well.

[–] [email protected] 1 points 1 month ago

I'm missing emoji reactions (not replies), jeje

[–] [email protected] 0 points 1 month ago

For some time the alternative is freetube, though I don't like is electron, is what we can somehow reliably use

[–] [email protected] 1 points 2 months ago

Sorry about that. I was not aware of other meanings. I'll try to remember to use the complete "software" word instead of its acronym I was used to since the 90s... Hopefully under the context what I wrote doesn't get misinterpreted. Thanks !

[–] [email protected] 8 points 2 months ago

If talking about non proprietary kernels' drivers, such as linux, then again, profit is what regulates it. No wonder why now nvidia finally cares about linux, being the most used kernels behind the cloud, behind servers of whatever. Meaning, it's not profitable not to support linux now a days for Nvidia.

The other fundamental factor is lock-in, which is abused by some big corps, such as MS.

But the profit idea es even wrong, but it's what we have been educated with. For an OEM, providing FOSS drivers or FOSS FW doesn't mean to have less profit, but somehow it's interpreted as such. And there's also our culture, backed by corps again, that tends to make us believe that everything profitable enough has to be corporate secret, and if not, others would take advantage of you business. That way of thinking really prevents for more FOSS adoption at the OEMs level. I don't agree with it. It might be the presence or lack of some HW features might be inferred by the drivers/FW, but it doesn't mean your competitors will know how exactly you provide such feature, and even less how to make it with the performance you do. And usually once released, you really want to show off your features, your innovation and so on, not keep it secret. So in general, really see no issue for OEMs not to offer drivers and FW as FOSS, even as free/libre SW.

I can imagine OEMs offering FOSS drivers and FW, but that not being as convenient for the major players in the market, since that would risk their position in the market. Just a thought...

Remember the lock-in mechanisms by the corps that feel being threatened if open sourcing dirvers... Some of which no longer say it out loud, but still think GPLed licences are a cancer...

[–] [email protected] 1 points 2 months ago (1 children)

I'm not aware of any, do you mind sharing anyone, better if not requiring account?

BTW I can easily find blogs about p2p solutions for whatever, but not about p2p blogging solutions...

[–] [email protected] 1 points 2 months ago (1 children)

The issue with social networks is the account requirement. Even though decentralized, they still require servers with accounts. If you, to prevent not being able to access at some point included an email, and the server gets hacked, then there you go.

Perhaps is a mistake of mine, to think social networks are not anonymous enough. Maybe they are. But tracking mechanisms are so sophisticated now a days, than the need for an account make me think they won't ever be. That's why I excluded social networks. Perhaps it's the only option as of Today though.

[–] [email protected] 16 points 2 months ago* (last edited 2 months ago) (6 children)

I have never bought the idea that free/libre SW in general is just not as easy, including GNU+Linux. I'll leave out open source initially, and come back to it later, not because it doesn't experience the same, but because corporate wide it doesn't suffer the same fate. And linux itself is one of the most widely used kernel if not the most, it happens similarly to openssl, and so many other open source components. So I see no issue with linux adoption, I can't think of any kernel more adopted than linux...

To me what has really affected free/libre SW is the monopolistic abuse of the corporations, plus their ambitions, and how in Today's world, they have created the illusion that being a technologist is the same as being a technology consumer, which gets into the hearts of governments and education systems (more hurting, public education systems). Let me try some practical examples:

  • Educations systems translate the need to educate students about technology into making them familiar with MS different SW, like the windows OS, MS outlook, MS office, MS project, MS visio. Even on the higher levels of education, colleges and universities prefer to use matlab over octave for example, even for just matrix operations scripting. Office covers spread sheets BTW, so people specialized on accounting know excel, but no other spread sheet.
  • On public education systems, where one would be inclined to think it might get more interest on developing the expertise to not depend on proprietary SW only, it's where corporate reach deeper offering "cheap" educational licences.
  • From the prior two keep in mind that educational licenses from proprietary SW usually means future professional and people depending on proprietary SW in general. They are meant not to educate, but rather generate the future dependent population.
  • Governments, whether local or nation wide, instead of adhering to open standards, for any kind of form submission, and even further to adhere to use of free and open source SW, to build the technical and competency expertise required to have a criteria about different technologies, about SW, infrastructure, DBs, and so, they prefer to require citizens to use non free or open source SW to create required forms, and prefer to pay for SW solutions which totally lock in the entire solution, usually coming from big corps, or other companies actually making use of SW and technologies coming from big corps.
  • In their effort to discredit free/libre SW, the idea that the fundamental principles behind free/libre SW hurt the SW industry, or that are irrelevant to Today's world or even worse than that, there were claims that the GPLed kernel was a great threat and GPLed SW a cancer. Now that open source usage has totally overcome free/libre SW, there are no such claims, but the damage is done. There's nothing wrong with people wanting some compensation from corps, when developing SW, and thus not using free/libre licenses like GPL-3+ or AGPL, but in the end that eventually might hurt the users rights protected by such licenses, which such corps don't really care that much (their profit has higher priority for sure), and experience shows that just because SW is licensed open source doesn't guarantee any compensation for the development whatsoever, so if volunteering SW, doing so as open source is not even close to get every developer a decent income out of their contributions. Well, except for the big corps backed SW, linux included, but that's not the majority of open source SW.
  • The discredit of free/libre SW, which allowed the eventual creation of open source, is such that the banning of individuals ends up being an attack to the organizations behind it and even their principles and motivation.
  • Moving away from the free/libre SW observations, even now with open source, from the big corps, which barely compensate the open source developers, complain about the open source supply chain, campaigning against not well maintained SW and such, there's the famous image of a complex and heavy structure depending on a weak and deficient leg. Whatever truth around that figure, it of course hides the overall picture of the developer of such leg not ever being compensated (not to mention paid) for his library or SW component, and perhaps that's one of the reasons the project got even abandoned, but now it's easy to blame such situation when talking about FOSS in general.

Paid SW might be more intuitive to use at times, I can understand that. There are paid developers making the UIs more intuitive and attractive, in the end it needs to be bought or massively consumed to get earning through its use. But if you look deeper, perhaps it's not just that free/libre or open alternatives are non intuitive at all, perhaps people gets used to that UI when attending basic or high school, or college/university. Perhaps even when exposed to mobile devices even when they can barely walk. Everything else, different in nature, will look alien to the future "technologists"...

On a sad (lacking hope) note, I don't think there's any indicator of things changing. My only hope is changes in educational systems, which are nowhere happening, and not the parents, as mentioned they are already convinced that using google, ms, apple, oracle or whatever prepare their kids for the future and will make them the technologists of the future.

On a funny note, I would answer the motivating question with: Linux is so good that it's actually most probably the most used kernel world wide, :)

[–] [email protected] 1 points 3 months ago
[–] [email protected] 1 points 3 months ago (2 children)

umap on french servers, and umap is between other things an API on top of open streetmap...

Is that correct?

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago) (5 children)

Well, there is something mentioned about latest version of omemo:

OMEMO doesn’t attempt to provide even the vaguest rationale for its design choices, and appears to approach cryptography protocol specification with a care-free attitude.

To put it mildly, this is the wrong way to approach cryptography

...

Because there is no rationale given for this sudden square-root reduction in security against existential forgery attacks, we kind of have to fill in the gaps and assume it was because of some kind of performance or bandwidth considerations.

But even that doesn’t really justify it, does it?

You’re only saving 16 bytes of bandwidth by truncating the MAC. Meanwhile, the actual ciphertext blobs are being encoded with base64, which adds 33% of overhead.

For any message larger than 48 bytes, this base64 encoding will dominate the bandwidth consumption more than using the full HMAC tag would.

...

Is truncating the HMAC tag to to 128 bits still secure? According to Signal, yes, it is. And I offer no disagreement to Signal’s assessment here.

The problem is, as I’ve said repeatedly, OMEMO’s specification makes no attempt to justify their design decisions.

Then on one of the comments, there's an interesting comment on something signal has mentioned it's working on quantum resistance, that it's no clear is something omemo will support, and even less when clients might adopt if eventually available:

Indeed quite often someone compares the two protocols and implies OMEMO is as mature as the current state of the art Signal protocol. Allow me to throw in the emerging post-quantum support that Signal is adding or already has in libsignal.

Somehow is implied on the comment that omemo is immature compared to libsignal...

At any rate, dino uses libsignal-protocol-c (on Artix/Arch 2.3.3), not libomemo, and conversations uses libaxolotle-java (according to the "about" section in the settings). So somehow using signal library underneath. Although I have no idea how up to date with regards to the signal library those might be (though the axolotl dependency on conversations allows to think it's outdated). And for conversations the author mentions:

To be clear: These aren’t separate dependencies that Conversations pulls in to implement plugin supports. They’re first-party cryptographic implementations all within this Android app’s codebase.

I guess by 1st party the author means like copy/paste the code (with local twists, which might be dangerous but perhaps necessary) to have a local version of the libraries. This sounds like a non version related criticism, but it's client related rather than protocol related, however the author mentions other clients are way worse, leaving no hope...

I don't see on dino an option to always use omemo BTW, not sure if dino just it implies omemo by default, but it doesn't have a way to force it. Perhaps a feature to ask dino developers...

At any rate, according the post there's little hope for xmpp + omemo. Which was actually something I was still hoping for, well, besides getting jami working at some point (but it has crypto issues on its own, including lack of auditing).

[–] [email protected] 1 points 4 months ago

betterbird tray solution doesn't work on wayland, given a bug on common code (affects both, Firefox, Thunderbird and derivatives). Just in case that's one of the motivations of using betterbird. That by the way was the only feature that really made me look at betterbird, and as it didn't work, I went back to TB. And if you're wondering, birdtray doesn't work on wayland, 😑.

 

r/StallmanWasRight

cross-posted from: https://feddit.it/post/238648

The entire academic board of the journal 'Neuroimage', including professors from Oxford University, King’s College London and Cardiff University resigned after Elsevier refused to reduce publication charges. Academics around the world have applauded what many hope is the start of a rebellion against the huge profit margins in academic publishing, which outstrip those made by Apple, Google and Amazon.

0
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
 

Not sure how that will affect libreddit or teddit. That'd would prevent me to get some news on specific channels, which when interesting enough, I brought to lemmy, :)

Reddit Wants to Get Paid for Helping to Teach Big A.I. Systems

r/technology

r/programming

r/privacy

view more: ‹ prev next ›