jokeyrhyme

joined 4 years ago
sorted by: new top controversial old
Is F-droid insecure? in c/privacy@lemmy.ml
[–] jokeyrhyme@lemmy.ml 3 points 1 month ago

Yeah, that's going beyond the software and making the physical supply chain possible to validate by a sufficiently equipped and educated consumer

The trade off here is that it's very difficult to produce verifiable circuitry that is also fast

*Permanently Deleted* in c/linux@lemmy.ml
How to Avoid US-Based Digital Services—and Why You Might Want To in c/technology@lemmy.ml
[–] jokeyrhyme@lemmy.ml 8 points 3 months ago

I'm currently using Signal, and happy with it, but they still don't have reproducible builds, making it impossible to confirm that the code we can read on GitHub is actually what is running on my device

So, even now, it could be doing something that isn't able to be audited

I guess Element/Matrix or Briar are the better options from this perspective, without losing any end to end encryption

Can I ignore flatpak indefinitely? in c/linux@lemmy.ml
[–] jokeyrhyme@lemmy.ml 18 points 4 months ago (9 children)

Can I ignore flatpak indefinitely?

Sure, at least until software you want to use is flatpak only, e.g. Bottles

Firefox alternatives? in c/privacy@lemmy.ml
Firefox alternatives? in c/privacy@lemmy.ml
WHO calls for cigarette-style cancer warnings on alcohol packaging in c/worldnews@lemmy.ml
[–] jokeyrhyme@lemmy.ml 2 points 4 months ago (1 children)

I agree that there are much bigger problems, but those bigger problems have solutions that are not allowed under capitalism and USA imperialism, so labels is all we're allowed to fix 🤷

The legal drinking age in Australia is 18 years old, and it has always struck me as odd that it's so high in the USA

WHO calls for cigarette-style cancer warnings on alcohol packaging in c/worldnews@lemmy.ml
[–] jokeyrhyme@lemmy.ml 6 points 4 months ago (4 children)

Australian sports fields are covered in alcohol logos So the entire time you are watching football with your children, they are exposed

WHO calls for cigarette-style cancer warnings on alcohol packaging in c/worldnews@lemmy.ml
[–] jokeyrhyme@lemmy.ml 56 points 4 months ago (37 children)

Ban all advertising for alcohol, too, please

google is not and never was your friend, it is a dictator tool: Degoogle in c/degoogle@lemmy.ml
[–] jokeyrhyme@lemmy.ml 56 points 4 months ago (1 children)

Planet America, orbiting the American sun, in the galaxy called America

Since Andy Yen's unfortunate comments, have any of you left Proton? And if so, what alternative did you choose? in c/protonprivacy@lemmy.world
[–] jokeyrhyme@lemmy.ml 6 points 5 months ago

I highly-valued the cohesion and simplicity of having a suite of tools provided by a single vendor and all on a single bill, despite how often this turns into a vendor-lock-in strategy

Proton was part of my attempt to de-Google, precisely because it offered email (with custom CNAMEs), calendar, and storage, and because they open-sourced their clients and tools

Despite the UX and feature set being quite bare, I was okay with justifying this with the added privacy (which was a nice-to-have but not a deal-breaker for me)

It seems like all the alternatives are either less open-source, have even fewer features, are even less cohesive (indeed, I'd have to select entirely separate solutions and give up all integrations) or seem to have even fewer resources for development and project sustainability

Since Andy Yen's unfortunate comments, have any of you left Proton? And if so, what alternative did you choose? in c/protonprivacy@lemmy.world
[–] jokeyrhyme@lemmy.ml 4 points 5 months ago (1 children)

I'd moved from Bitwarden to Proton Pass only 6 months ago, so moving back wasn't too much of a difficult choice (both services have great import/export and Bitwarden even offers self-hosting)

61
Is anyone else concerned about internet-connected 3D printers? (lemmy.ml)
 

Howdy, folks!

I'm teetering on the brink of connecting my Sovol3D S06 ACE to my wireless network, but I'm pausing because this device can make physical real-world actions like:

  • record photos and videos using its built-in camera
  • shaking so much that it manages to knock itself on the floor
  • melting so much plastic that it dribbles all over itself and then all over everything around and beneath it
  • consume lots of electricity and cost me a fortune on my utilities bill
  • burn the house down

None of this happens in normal usage, of course, but watching it self-calibrate did make me wonder:

  • how safe the firmware is?
  • is it retrieving instructions from Sovol3D or some other party by itself?
  • is it sending records of my print jobs to a 3rd party?
  • is it sending photos and videos to a 3rd party?
  • how safe the firmware is once its receiving arbitrary network traffic?

All IPv4 traffic from the internet goes through a NAT/firewall that I conceivable control, but my devices all get public-facing IPv6 addresses, and the default SSH password on all of these printers is publicly-documented

It looks like the Sovol3D S06 ACE firmware is https://www.klipper3d.org/ + https://www.obico.io/ + some unknown amount of stuff that Sovol3D adds on top, and it doesn't seem like they've kept the public source code up-to-date: https://github.com/Sovol3d/SV06-ACE

I do already self-host https://www.home-assistant.io/ and plan to integrate the 3D printer with it, avoiding any cloud behaviour as much as possible, but I'm wondering if anyone else has already done this and has any advice on what to avoid?

Cheers! <3

24
first timer here, Sovol3D S06 ACE arriving this week, open to suggestions :) (www.sovol3d.com)
 

After immersing myself in 3D printer content on YouTube and Lemmy, I'd talked myself all the way up to spending AU$2000 which is just absurd for a first timer, but then talked myself into the Sovol3D S06 ACE as a decent starting point, haha

Anyhow, I'll be running this in my garage (garage door open) and I think the first batch of filament in the pack is either PLA or PETG, which seems beginner friendly

I've been wondering about 3D printer profiles and calibration in slicer apps... is there a way to print as many benchies that will fit on the bed, but each which different profile parameters, so I can see which profiles do or don't work best? Or do current slicer apps always produce a plan that uses the same parameters for the entire job?

Note that I'm 100% on Linux (no Windows here), so I'm probably limited to https://github.com/prusa3d/PrusaSlicer or https://github.com/SoftFever/OrcaSlicer (or maybe https://github.com/GladiusSlicer/GladiusSlicer if I'm in the mood for contributing my own code)

I've consumed probably too much YouTube at this point, but any especially important hints and tips for a first timer would be appreciated!

P.S. oh, just noticed, https://lemmy.ml/post/23597074 thanks!

75
Wi-Fi connectivity issues resolved by dropping wpa_supplicant in favour of iwd (lemmy.ml)
 

My desktop PC is the only machine in the house having Wi-Fi connectivity issues (connects fine, but drops out randomly after a few minutes or sometimes a few hours)

I think wpa_supplicant is getting confused and thinks signal strength is poor (I have a Netgear mesh, but this seems increasingly common, so it's weird for that to be the issue)

I did pick up a TP-Link USB Wi-Fi adapter, but can reproduce the same connectivity issues

The fix was switching away from wpa_supplicant in favour of iwd, which seems rock solid in comparison

I'm sure there's a way to fix wpa_supplicant, but it's man pages only seem to list the options without actually describing what they do, which seems sort of poor considering how old the project is 🤷

168
Quantum Resistance and the Signal Protocol (signal.org)
submitted 2 years ago* (last edited 2 years ago) by jokeyrhyme@lemmy.ml to c/privacy@lemmy.ml
20 comments fedilink
 

We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.

...

Our new protocol is already supported in the latest versions of Signal’s client applications and is in use for chats initiated after both sides of the chat are using the latest Signal software. In the coming months (after sufficient time has passed for everyone using Signal to update), we will disable X3DH for new chats and require PQXDH for all new chats. In parallel, we will roll out software updates to upgrade existing chats to this new protocol.

94
Migrating Arch Linux's packaging infrastructure to GitLab (about.gitlab.com)
319
Montana loses fight against youth climate activists in landmark ruling (arstechnica.com)
24
Rust fact vs. fiction: 5 Insights from Google's Rust journey in 2022 (opensource.googleblog.com)
 

Rumor 1: Rust takes more than 6 months to learn – Debunked !

...

Rumor 2: The Rust compiler is not as fast as people would like – Confirmed !

...

Rumor 3: Unsafe code and interop are always the biggest challenges – Debunked !

...

Rumor 4: Rust has amazing compiler error messages – Confirmed !

...

Rumor 5: Rust code is high quality – Confirmed! ...

2
Passkeys may not be for you, but they are safe and easy—here’s why (arstechnica.com)
 

cross-posted from: https://lemmy.ml/post/1073275

Great explainer / FAQ

I'll probably still use my Precursor and Yubikeys for the most part, but I'll definitely enable Passkeys wherever they are an option

1
Passkeys may not be for you, but they are safe and easy—here’s why (arstechnica.com)
 

Great explainer / FAQ

I'll probably still use my Precursor and Yubikeys for the most part, but I'll definitely enable Passkeys wherever they are an option

4
Google is activating their own Bluetooth-based tracking network (blog.google)
 

That’s why later this summer, we're launching a refreshed Find My Device experience that makes it easier than ever to locate your devices and belongings quickly and securely by ringing compatible devices or viewing their location on a map in the app – even when they’re offline. The new Find My Device network will harness over a billion Android devices across the world to help you locate your missing belongings like headphones, tracker tags, or even your phone via Bluetooth proximity.

This earlier announcement about a joint effort with Apple to work out how stop stalkers and other criminals from abusing these networks now makes a bit more sense: https://security.googleblog.com/2023/05/google-and-apple-lead-initiative-for.html

6
Bloatware pushes the Galaxy S23 Android OS to an incredible 60GB (arstechnica.com)
 

We can take a few guesses as to why things are so big. First, Samsung is notorious for having a shoddy software division that pumps out low-quality code. The company tends to change everything in Android just for change's sake, and it's hard to imagine those changes are very good.

...

Unlike the clean OSes you'd get from Google or Apple, Samsung sells space in its devices to the highest bidder via pre-installed crapware. A company like Facebook will buy a spot on Samsung's system partition, where it can get more intrusive system permissions that aren't granted to app store apps, letting it more effectively spy on users.

Urgh, it's so frustrating that Samsung is the leading Android manufacturer, the market is rewarding greed and incompetence

4
Google plans AirTag clone, will track devices with 3 billion Android phones (arstechnica.com)
 

Huh, I have mixed feeling about Google doing this

Yay that Apple isn't the only game in town for this functionality

But then it's this functionality in particular with all the horrible stalking that it facilitates

view more: next ›