If I’m going for this interpretation, then I just send the GIF.

👍

Mozilla agrees that we need to improve search competition, but the DOJ’s proposed remedies unnecessarily risk harming browser competition instead.

The only one hurting browser competition is Mozilla. They want to keep sucking at the teat of BigTech. They don’t want to be a non-profit with a focused mission, constrained by recurring and one-off revenues. They want to be an adtech company, bUt wiTH pRivAcY. The judge should absolutely rip the band-aid off. If Mozilla sinks, it sinks.

The Thunderbird team spent a good chunk of time a few days ago replying everywhere they were mentioned on Mastodon, insisting that the problems did not apply to them:

The Firefox Terms of Use do not apply to Thunderbird or any other products we develop (e.g. Appointment, K-9 Mail)

You can check out their replies here: https://mastodon.online/@thunderbird/with_replies. Lots of the same, or similar, verbiage across replies.

Support for Ukraine is a foregone conclusion generally

The libs are losing their minds right now in the fallout of the Trump-Zelensky meeting. It’s what no materialism does to a political ideology.

Just gonna leave this here…

https://blog.brixit.nl/developers-are-lazy-thus-flatpak/

Dedicate no more than two or three replies unless you’re absolutely sure that the person is engaging in good faith. The single biggest tip-off that they are not is that they do not engage with the core of your case, and instead do any number of other things: (1) snipe at edge cases or other minutea (2) change the subject (3) move the goalposts (4) etc.

I.e., you didn’t create the @claymore username for the bit a few hours ago. You’re legit @claymore.

Joined 2 years ago

Hide?

Can you explain more about how this relates to alleviating the problem? I’m curious and admittedly, when I read “crypto”, I think of big tech grifters, but I know that’s not all of cryptography as a field.

Cryptocurrency has forever ruined “crypto” :(

But in any case, m-of-n cryptography (Shamir Secret Sharing) permits “m” keys out of a total “n” keys to unlock a secret, such as the login credentials for a domain registrar. So long as “m” keys are available, the login credentials can be recovered. This avoids having a single point of failure, for example, where only one person knows the login credentials and is AWOL. So long as “m” other folks are still around and active, they can recover the login credentials without the AWOL person.

I’m curious.

What happened here?

The one person with the keys to the building went AWOL.

This is one of the things that bugs me about the design of a lot of the internet. Far too much that ultimately comes down to one single person, with zero accountability process. … I don’t know what the answer is there because it’s hard to have accountability and a stable structure in disjointed borderline anonymous environments, but it has long bothered me.

Part of the answer is m-of-n cryptography (and other crypto), but the tools around it are barely usable for technically inclined people, much less those that aren’t. It’s a common enough story, unfortunately. Theoretically, the tech is all there to ameliorate these problems. Practically, only people with encyclopedic knowledge of esoteric tooling have access. And typically, there aren’t enough of those people to go around.

You know, the thing that always seemed really scary about the OG Nazis is that they were competent, intelligent, put-together people that were just fucking evil. Then you look at the US Nazis and the fucking bozo density is off the charts, but they seem to be succeeding anyway.

Not every fascist and Nazi needed to be competent, intelligent, and put-together. Just enough of them. I suppose we’ll find out in real-time if they have amassed sufficient numbers this go 'round.

NoSQL is web-scale.

Hellwig could have been more tactful, but like it or not, arguments against a cross-language codebase have merit. Framing it as a ‘clear confession of sabotage of the r4l project’, attempting to weaponize the CoC, and trying to drum up an army via social media was all out of line.

When a maintainer calls somebody’s efforts “cancer” – “spreading this cancer to core subsystems” – and that they’ll do everything they can to halt those efforts – “I will do everything I can do to stop this” – that’s as clear an indication of sabotage as you will ever get.

Martin seems to understand that adding a second language to the kernel is not only a technical concern, but a political one as well. Everyone else wants to pretend politics isn’t at play and that their objections are “purely technical.” They aren’t. I definitely understand Martin’s frustration here.

for it to be plain sailing adding it to the kernel some of the worlds’ foremost domain experts on operating systems would have to re-learn basically everything.

This is the core problem. It’s a social problem, not a technical one.

Billions of folk’s keyboards are connected to the internet and the vast majority of them have no idea. It’s absolutely ludicrous that we’ve gotten to this stage with surveillance capitalism. Internet-connected keyboards are malware, plain and simple.

Yeah, Signal is more than encrypted messaging it’s a metadata harvesting platform. It collects phone numbers of its users, which can be used to identify people making it a data collection tool that resides on a central server in the US. By cross-referencing these identities with data from other companies like Google or Meta, the government can create a comprehensive picture of people’s connections and affiliations.

This allows identifying people of interest and building detailed graphs of their relationships. Signal may seem like an innocuous messaging app on the surface, but it cold easily play a crucial role in government data collection efforts.

Strictly speaking, the social graph harvesting portion would be under the Google umbrella, as, IIRC, Signal relies on Google Play Services for delivering messages to recipients. Signal’s sealed sender and “allow sealed sender from anyone” options go part way to addressing this problem, but last I checked, neither of those options are enabled by default.

However, sealed sender on its own isn’t helpful for preventing build-up of social graphs. Under normal circumstances, Google Play Services knows the IP address of the sending and receiving device, regardless of whether or not sealed sender is enabled. And we already know, thanks to Snowden, that the feds have been vacuuming up all of Google’s data for over a decade now. Under normal circumstances, Google/the feds/the NSA can make very educated guesses about who is talking to who.

In order to avoid a build-up of social graphs, you need both the sealed sender feature and an anonymity overlay network, to make the IP addresses gathered not be tied back to the endpoints. You can do this. There is the Orbot app for Android which you can install, and have it route Signal app traffic through the Tor network, meaning that Google Play Services will see a sealed sender envelope emanating from the Tor Network, and have no (easy) way of linking that envelope back to a particular sender device.

Under this regime, the most Google/the feds/the NSA can accumulate is that different users receive messages from unknown people at particular times (and if you’re willing to sacrifice low latency with something like the I2P network, then even the particular times go away). If Signal were to go all in on having client-side spam protection, then that too would add a layer of plausible deniability to recipients; any particular message received could well be spam. Hell, spam practically becomes a feature of the network at that point, muddying the social graph waters further.

That Signal has

1. Not made sealed sender and “allow sealed sender from anyone” the default, and
2. Not incorporated anonymizing overlay routing via tor (or some other network like I2P) into the app itself, and
3. Is still in operation in the heart of the U.S. empire

tells me that the Feds/the NSA are content with the current status quo. They get to know the vast, vast majority of who is talking (privately) to who, in practically real time, along with copious details on the endpoint devices, should they deem tailored access operations/TAO a necessary addition to their surveillance to fully compromise the endpoints and get message info as well as metadata. And the handful of people that jump through the hoops of

1. Enabling sealed sender
2. Enabling “allow sealed sender from anyone”
3. Routing app traffic over an anonymizing overlay network (and ideally having their recipients also do so)

can instead be marked for more intensive human intelligence operations as needed.

Finally, the requirement of a phone number makes the Fed’s/the NSA’s job much easier for getting an initial “fix” on recipients that they catch via attempts to surveil the anonymizing overlay network (as we know the NSA tries to). If they get even one envelope, they know which phone company to go knocking on to get info on where that number is, who it belongs to, etc.

This too can be subverted by getting burner SIMs, but that is a difficult task. A task that could be obviated if Signal instead allowed anonymous sign-ups to its network.

That Signal has pushed back hard on every attempt to remove the need for a phone number tells me that they have already been told by the Feds/the NSA that that is a red line, and that, should they drop that requirement, Signal’s days of being a cushy non-profit for petite bourgeois San Francisco cypherpunks would quickly come to an end.