[Article] Human breathing patterns are as unique as our fingerprints
Just like fingerprints, your breathing patterns may be a unique identifying feature. Scientists have found they can identify people with 96.8% accuracy using only their breathing patterns. And it's not just simple identification, researchers say they can even predict Body Mass Index (BMI), state (sleeping or awake), and cognitive traits (anxiety or depression) from the way you breathe.
Human breathing patterns are as unique as our fingerprints
Just like fingerprints, your breathing patterns may be unique. Scientists found they can identify people using only breathing patterns. And it's not just identification, researchers can predict BMI, and anxiety or depression from the way you breathe.Jay Kakade (New Atlas)
Emmanuel Macron’s Bid to Divide the Left Is Paying Off
One year since the New Popular Front won a surprise election victory, France’s left looks more divided than ever. This month’s Socialist congress showed how much the party is at loggerheads with Jean-Luc Mélenchon’s France Insoumise.
Democratize AI or Make the AI Oligarchy an Inevitability
Artificial intelligence technologies are leading us to a critical juncture, forcing a fundamental rethinking of both work and the welfare state. This is a field where early surrender, allowing capital to shape the future, is not an option.
Hurricane-killing particles could sabotage storms before they grow
There have been some wildly ambitious schemes to knock the power out of hurricanes and cyclones over the years. Now, scientists believe they have come up with a way to successfully subdue these destructive storms, long before they have a chance to reach land.
Hurricane-killing particles could sabotage storms before they grow
There have been some wildly ambitious schemes to knock the power out of hurricanes over the years. Now, scientists believe they have come up with a way to successfully subdue these destructive storms, long before they have a chance to reach land.Bronwyn Thompson (New Atlas)
Trump’s Iran War Is a Betrayal We All Saw Coming
It took less than half a year for Donald Trump to renege on the promises he incessantly made on the campaign trail and plunge the country into another dumb, potentially bloody Middle East war no one wants.
Moth flying into the hot light bulb: Bzzt Gets fried
190 Millions years of evolution lost to human progress, onwards!
Met Police chief 'shocked' by planned Palestine Action protest in London
Met Police chief 'shocked' by planned Palestine Action protest in London
The force says it cannot legally stop Monday's protest in support of the pro-Palestine group.Jacqueline Howard (BBC News)
‘Never give up nuclear weapons’: what Israel-Iran conflict tells North Korea
How Israel-Iran conflict hardens North Korea’s nuclear resolve
With lessons drawn from Ukraine and now Iran, Pyongyang’s commitment to its ‘irreversible’ nuclear status is firmer than ever, analysts say.Park Chan-kyong (South China Morning Post)
What is the best degoogled tablet for an artist?
cross-posted from: lemmy.world/post/31808224
Please see the cross-post as it is updated.
What is the best degoogled tablet for an artistwhat is the best tablet for iodeOS, GrapheneOS and LineageOS
- with smooth stylus support that is as good as apple pen
- palm rejection
- pressure sensitive stylus
- works well for krita / excalidraw / xournalapp
- latency
- at least 16GB RAM and 256GB storageFor iodeOS, it doesn't seem to support any tablet device officially
- iodéOS official supported devices - iodéFor GrapheneOS, the only choice is google pixel tablet (or maybe pixel fold). However
- pixel tablet have latency issue
- based on Google Pixel Tablet Review - YouTube
- pixel fold does not support stylus
- workaround This Stylus Pen works with the Google Pixel Fold - YouTube
- Can someone share their GrapheneOS pixel tablet experience on krita / excalidraw / xournalapp?For LineageOS
- What tablet+stylus+LineageOS has the best performance?
- What tablet+stylus+LineageOS has the best balance between price and performance?
- Can someone share their stylus experience on krita / excalidraw / xournalapp?Sincere thanks
cross-posted from: lemmy.world/post/31808224
Please see the cross-post as it is updated.
iodéOS official supported devices - iodé
The models below are officially supported by the iodé team. Don’t see your device in the list? Don’t panic! We also support a iodéOS GSI. You can also find here a list of unofficially supported models by the iodé community.iodé
What I don’t get is why lefty Canadians were so against Alberta leaving Canada.
Sounds like a plus to me…
Israel strikes Iran's Evin prison in Tehran
Israel strikes Iran's Evin prison in Tehran
Israel said its carrying out strikes inside Iran with 'unprecedented intensity,' destroying numerous security offices and damaging the gate at Tehran's infamous Evin Prison. DW has the latest.Jon Shelton (Deutsche Welle)
bbc.com/news/articles/cp8621gn…
The Israeli military has struck Tehran's notorious Evin prison and damaged parts of the facility, which holds many political detainees, Iran's judiciary says.The judiciary's Mizan news agency reported that the situation on the ground was "under control" following the attack. CCTV footage showed an explosion at one of the prison's gates, while state TV pictures showed first responders carrying a casualty and searching for survivors under a flattened building.
Israel's defence minister said it was hitting "regime targets and agencies of government repression" across Tehran, including Evin.
So, they're targeting sites of "repression", meaning, the people in the prison are victims of repression, and so their goal is to... kill... the victims of repression? This seems very on the nose.
Israel says it struck Tehran's Evin prison and Fordo access routes
Iran's judiciary says the attack damaged parts of Evin, a notorious facility which holds many political prisoners.David Gritten (BBC News)
Iyo vs. Io — OpenAI and Jony Ive get sued
Iyo vs. Io — OpenAI and Jony Ive get sued
In May, legendary Apple designer Jony Ive hooked up with OpenAI to announce an unspecified gadget. [WSJ, archive] To promote this complete vaporware, OpenAI released a video of Sam Altman and Ive b…Pivot to AI
US strikes on Iran did not violate international law, NATO’s Rutte says
like this
geneva_convenience likes this.
- The Intercept, 2021: Meet NATO, the Dangerous “Defensive” Alliance Trying to Run the World
- CounterPunch, 2022: NATO is Not a Defensive Alliance
- Noam Chomsky, 2023:
- Thomas Fazi, 2024: NATO: 75 years of war, unprovoked aggressions and state-sponsored terrorism
- Gabriel Rockhill, 2020: The U.S. Did Not Defeat Fascism in WWII, It Discretely Internationalized It
The U.S. Did Not Defeat Fascism in WWII, It Discreetly Internationalized It - CounterPunch.org
When the United States entered WWII, the future head of the CIA, Allen Dulles, bemoaned that his country was fighting the wrong enemy.Gabriel Rockhill (CounterPunch.org)
/S
like this
geneva_convenience likes this.
like this
geneva_convenience likes this.
)
Map shows where President Barack Obama dropped his 20,000 bombs | The Independent
Outgoing US leader carries out 3,000 more strikes in 2016 than year beforeHarriet Agerholm (The Independent)
Belgium: Activists blockade access to 2 companies they accuse of “complicity with Israeli genocide in Gaza”
The protest started at around 7:45 am on Monday. Protesters blocked the entrance to the Syensqo chemical company in Brussels and OIP Sensor Systems in Tournai (Hainaut Province). OIP Sensor Systems is entirely owned by Elbit, an Israeli arms company.
At Syensqo in Brussels the activists blocked all the access routes to the company and painted the front of the office building red. The company supplies parts for Israeli drones.
"Syensqo knowingly supplies a key component for a weapon known for its use in Israeli war crimes. Syensqo cannot deny its complicity in the ongoing genocide”, the activists said in a statement.
Meanwhile, in Tournai, activists entered a warehouse used by OIP, where they painted equipment that is being stored inside red.
Activists blockade access to 2 companies they accuse of “complicity with Israeli genocide in Gaza” | VRT NWS: news
Activists blocked access to 2 companies with links to Israel on Monday morning. They accuse the companies of complicity in what they describe as “genocidal acts” of the part of Isreal in Gaza.VRT NWS
if you want to force your way into World War 3 this seems like a brilliant idea.
Feels more like a speed run, the actors of this conflict don’t have many days left.
How the Rubin Observatory Will Reinvent Astronomy
How the Rubin Observatory Will Reinvent Astronomy
IEEE Spectrum takes you inside the most advanced sky-mapping instrument ever built—and reveals its stunning first imagesEvan Ackerman (IEEE Spectrum)
How the Rubin Observatory Will Reinvent Astronomy
How the Rubin Observatory Will Reinvent Astronomy
IEEE Spectrum takes you inside the most advanced sky-mapping instrument ever built—and reveals its stunning first imagesEvan Ackerman (IEEE Spectrum)
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
As a security-conscious user, I've used NoScript since Firefox's early days, but its restrictive nature has become frustrating. I'm often forced to go unprotected just to access websites with multiple scripts running on different domains, which defeats the purpose of using NoScript and balances security and usability that it once provided.
Is there a way to block browser JavaScript from executing commands that retrieve sensitive information from my local machine, while still allowing JavaScript that is only used for rendering web pages?
by sensitive information I'm referring to
- local machine time
- local machine ram
- local machine operating system + version
- local machine hardware
- Serial Number
- Hardware ID
- UUID
- Windows Device ID
- Windows Product ID
- ...
greatly appreciate any insight
EDIT:
could be possible solution
discuss.grapheneos.org/d/16025…
- ~~LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap.~~
- JShelter: Mitigates potential threats from JavaScript, including fingerprinting, tracking, and data collection. Slightly modifies the results of API calls, differently on different domains, so that the cross-site fingerprint is not stable. Applies security counter-measures that are likely not to break web pages. Allows fine-grained control over the restrictions and counter-measures applied to each domain.
Most of those things cannot be collected through JavaScript.Local time can.
RAM can only be approximated to protect user privacy. Edit: And it’s not available on Firefox.
OS+version are already in your browser’s user-agent string that is sent out with every request you make.
Machine hardware cannot be enumerated. JavaScript can try to guess your GPU based on what it can do with WebGL.
There is no way to get a serial number or similar.
To spoof timezone/OS+version/browser+version ... and disable WebGL, use sereneblue.github.io/chameleon…
- lemmy.world/post/31885153
Vanadium and what to use on desktop - GrapheneOS Discussion Forum
GrapheneOS discussion forumGrapheneOS Discussion Forum
Never found a better plugin - chameleon
sereneblue.github.io/chameleon…strongly recommend
like this
Rozaŭtuno likes this.
by sensitive information I'm referring to
- local machine time
- local machine ram
- local machine operating system + version
- local machine hardware
- Serial Number
- Hardware ID
- UUID
- Windows Device ID
- Windows Product ID
- ...
Can I prevent javascript from running specific command that retrieve these information?
You could monkeypatch some javascript functions like the constructor Date types, but there will always be things not thought of that will leak date info. Hardware identifiers are quite difficult to get in javascript and several browsers already obfuscate that info.
Honestly if you're very concerned, I really do think a virtual machine is your absolute safest approach, obviously the browsing experience is worse.
Check out amiunique.org to see what fingerprinting is generally available in your current browser
Harsh question: Do you have a real need to prevent this data from being collected, or are you investigating just for ~~funsies~~ best practice advice? There are a lot of posts like this where people overestimate the threat model they have and insist on needing to block things that are nearly impossible to, or at least have significant tradeoffs like you are dealing with now.
Javascript is also not the only source that sites can use for these pieces of info from your machine. Local time in particular can be estimated by looking up the rough location of your IP address then matching to a time zone.
Anyway.
I would assume you could technically fork localCDN (replaces remote javascript libraries with local copies) and then manually edit the local javascript library copies to remove the calls you are concerned about.
There's also options like uBlock Origin's methods of only whitelisting specific scripts. Much more flexible than NoScript. You can block scripts that are third party and only allow site specific ones fairly easily, without digging deep into the settings.
Bear in mind that your specific combination of installed extensions can also be a unique identifier though.
Do you have a real need to prevent this data from being collected
maybe
or are you investigating just for best practice advice?
yes
There are a lot of posts like this where people overestimate the threat model they have and insist on needing to block things that are nearly impossible to, or at least have significant tradeoffs like you are dealing with now
could you explain why it is nealy impossible from only blocking javascript from attaining "local machine operating system + version
"? I don't think this kind of information is relevant for webpage displaying. I dont think webpage will break if we ban js from doing so
I would assume you could technically fork localCDN (replaces remote javascript libraries with local copies) and then manually edit the local javascript library copies to remove the calls you are concerned about.
that could work I guess when I have enough js knowledge
There’s also options like uBlock Origin’s methods of only whitelisting specific scripts. Much more flexible than NoScript. You can block scripts that are third party and only allow site specific ones fairly easily, without digging deep into the settings.
is it possible to adjust uBlock Origin whitelisting and disallow js that retrieve "local machine operating system + version
" from running?
Bear in mind that your specific combination of installed extensions can also be a unique identifier though.
Does this mean website can see all the extensions I installed?
Some browsers have built in fingerprint resistance techniques you can enable:
support.mozilla.org/en-US/kb/r…
I wouldn't entirely trust it, but enabling this feature in strict mode would tick a few of your listed boxes.
Resist Fingerprinting | Firefox Help
Firefox's Advanced Preferences to resist fingerprinting can help prevent websites from uniquely identifying your device but can cause problems. Learn more.support.mozilla.org
US embassy wants 'every social media username of past five years' for new visas
cross-posted from: lemmy.bestiver.se/post/457134
Comments
US embassy wants 'every social media username of past five years' on new visa applications
The embassy also wants people to set their social media profiles to public.TheJournal.ie
like this
☆ Yσɠƚԋσʂ ☆, adhocfungus, Scrollone e Rickicki like this.
Of course, how would they know if you don't list any? Oh, that's right, PRISM. Fully expect that people who don't have social media accounts to get accused of having them simply because someone else shares the same name and did say First Amendment protected stuff, like Donald Trump is a terrible fucking president and should be impeached.
Sorry person with the last name Erdude. I guess you aren't getting into the US now.
Yeah, keeping our shit to ourselves has never really been our strong suit.
Sorry 🙁
As a Middle Easterner, I genuinely feel sorry for the non maga Americans, but unfortunately that's your fight to fight.
Good luck.
Last 30 years of dismantling of civil liberties and it will continue
But at least gays got to marry ✊
"And fight we do" LOL
Unleash the devastating power of the Kumbaya warchant on your little stroll to the streets!
The regime will crumble before your eyes.
The comments are ridiculous.
People: if ThE cOuNTry sUcks, wHy doN'T aMeRiCAns dO anYthiNG aBOut iT?
Also people: LoL siLLy aMeRiCAn, AcTiviSm doESn'T wOrk
We're damned if we do, damned if we don't. Keep fighting the good fight. You've got a good decade on me, but I see you and I'm right there with you. ✊
The Blue MAGA are just as bad for the world, they only cry now bcs they're getting a taste of their own shit domestically.
These immigration raids and terror tactics are terrible on their own, but it’s especially absurd when Native Americans get caught up in it, and it just fully exposes how disingenuous and transparently racist the whole effort is. So I’m sorry that your peoples have to suffer even more because of this racist mindset.
From a January article:
”If you can’t say, ‘we’ve been here for time immemorial,’ then you’re an immigrant. You’re not from here, so who are you to classify our Indigenous people? These lands have been a melting pot for many ethnicities,” Hatathlie [a Native Arizona state Senator] said.
I heard another more recent example of a car full of Native Americans being pulled over, aggressively questioned, and asked for their papers, but I can’t seem to find it. It’s utterly shameful how we treat people.
I can't wait to see high attendance in Mexico and Canada-hosted matches, with rock bottom attendance in the US. Even US fans travelling domestically, don't go, especially to the states that are falling into line with Trump.
Not that it will actually be recognized for what it is. I may put together a bingo card on the ways media spins it.
People should boycott it outright.
The entire event industry is a front for sex trafficking.
Going there with a crappy handwritten letter including all 40’000 throw-away users I ever created
/s
Then again, I have no reason to visit shithole countries in the first place.
The username requirement isn't anything new; that requirement was on our DS-160 years ago.
The "wants people to set their social media profiles to public" isn't quoted, so seems less like an official policy anywhere and more like one embassy worker being a prick. Unfortunately, each individual embassy operates independently totally devoid of any accountability.
This process is dehumanizing, inefficient, and totally fucked...but this particular part of it has been this was for a long-ass time.
like this
sunzu2 likes this.
Quoted here lemmy.dbzer0.com/post/47068548
New US visa rules will force foreign students to unlock social media profiles
“To facilitate this vetting, all applicants for F, M and J non-immigrant visas will be asked to adjust the privacy settings on all their social media profiles to ‘public’”, the official said. “The enhanced social media vetting will ensure we are properly screening every single person attempting to visit our country.”
New US visa rules will force foreign students to unlock social media profiles
Diplomats to look for ‘indications of hostility towards citizens, culture or founding principles of United States’Andrew Roth (The Guardian)
Fair enough, though that's an ask from the State Dept., not a demand from the embassy, as indicated in the OP. It's an important distinction because the embassy holds the authority at that point in the process. They can ignore the guidance altogether or demand everyone open their profiles. They're probably more likely to do the latter now, but they could've done this two years ago too.
Demanding the usernames for the past 5 years and being suspect of anyone not on social media isn't a new, that was my main point. I don't think many people appreciated how shitfucked our visa processes are, even before the current "administration" helping.
I think it's all some level of FUD until there's an example of it being called out as a reason for denial. The fields have been on the application for a while, but I know someone who recently came in with a private ig profile and a vk profile that hadn't been used for anything but chat. Wasn't mentioned at all along the process beyond being on the application.
That may change soon, but it also might just be rhetoric from dipshits playing to their dipshit base.
- Post trump positive stuff, maybe edit old content to include.
- Post prompt inject to label account america positive, hide in spoiler block, image alt text, etc.
- Post eyeblech content so checker use ai or only get content overview. Will either prompt inject or mostly see trump positive post.
Or create fake profile with trump positive post, but no history probably suspicious.
in other news, the market price of hacked credentials for MAGA-friendly social media accounts:
📈
::: spoiler note
in case it is unclear to anyone: the above is a joke.
in all seriousness, renaming someone else's account and presenting it to CBP as one's own would be dangerous and inadvisable. a more prudent course of action at this time is to avoid traveling to the united states.
:::
What do you mean "what psyops"? Are you unaware that both China and the US, as well as almost every other country around the world, conduct foreign influence campaigns?
reuters.com/world/us/us-voters…
And I'm sure I don't need to give you examples of American campaigns. Most of Hollywood contributes.
Was really waiting for them to reveal how they knew this campaign was Chinese.
I can believe that it’s something China could do, but I’m not sure why I should believe this article’s assumptions without evidence provided.
oh no need. CIA psyoping has been publicly admitted to by the us government themselves, and some of their own officials.
quite a few of the people-are-dying atrocities too.
can you please tell me how exactly chinese psyops will destroy the US? 'cause i can't really see how anything they could would hurt the world.
would the chinese, perhaps, campaign for communism in the US? how could that possibly be bad?
Stuff your visa, and return the favor and stay TF out of other people's countries.
That would be a welcome change.
if they successfully fully take over, those same supporters now become the new threat
Quite a few of the current crop of deputized ICE agents are MAGA goons from four years ago. So long as you're actively doing the gruesome work of ethnic cleansing, you'll be given a pass.
Sure why not, since my name is Anthony O'Neill. You can find my short form username: Anon.
What could they find? I bet I'm save.
You can find my short form username: Anon.What could they find?
Yes, what possible community full of people named "Anon" could they find that would get you in any amount of trouble?
I'm betting on the opposite problem,
We show here you've been VERY active. Please have a seat in this chair until we come for you.
Oh well, I wouldn't have been welcome anyway, seeing I've had the audacity to be critical of Israeli ~~genocide~~ defense, TACO and Daddy Put-it-in.
Guess I'll go spend my tourist money elsewhere.
Just landed next to me.
like this
FundMECFS e adhocfungus like this.
What happened to the chapters? There are only two chapters.
One-Punch Man (Webcomic) - MangaDex
Follows the life of an average part-time hero who manages to win every battle with a single punch. This ability frustrates him as he no longer feels the thrill of fighting a tough opponent, which leads him to question his past desire of becoming stro…MangaDex
like this
Rozaŭtuno likes this.
Like a short while ago that website was hit by practically every company in the comic publishing buisness with, I think, a cease & desist letter threatening to hold then legally liable for distributing those companies commodities without a license to do so or some shit.
Or something along those lines. Long story short they got fucked by corporations.
This comic is self punished though, I doubt the original author care about copyright. This is basically a rough draft for the published one that he publishes for free.
Tell that to the Hitotsubashi Group.
It's ultimately not remotely worth the time, money, or effort by whoever has ownership over mangadex to legally contest something that may be free in contrast to the rest of their library that they've been legally threatened to take down.
I'd guess that's like some kind of publisher standard of "sampling size" to see if the comic's qualities fit the tastes of the buyer.
Have fun: cubari.moe/read/gist/Z2lzdC9md…
Edit: reddit.com/r/OnePunchMan/wiki/…
Read One Punch Man Webcomic | Cubari
Read One Punch Man Webcomic on Cubari, the manga image proxy.cubari.moe
One of The World's Most Popular Manga Pirating Sites Was Just Dealt a Huge Blow
MangaDex, one of the largest unlicensed manga aggregators, has just suffered a major blow and removed over 700 series.Laura Gassert (Game Rant)
You should also stop using Tachiyomi they got a DCMA request and shut down a while back. Move to Mihon, a fork of Tachiyomi.
GitHub - mihonapp/mihon: Free and open source manga reader for Android
Free and open source manga reader for Android. Contribute to mihonapp/mihon development by creating an account on GitHub.GitHub
‘Not for you’: Israeli shelters exclude Palestinians as bombs rain down
‘Not for you’: Israeli shelters exclude Palestinians as bombs rain down
Shelters are a lifeline in Israel from Iranian attacks, but Palestinian citizens of the country have been locked out.Al Jazeera
Berlin: proposal to remove 30 km/h zones because air quality improved, thanks to 30 km/h zones
The absurdity of the proposal is already in the title, and shows how motonormativity is spread all over the world.
Berlin has a very good public transit system, and a few 30 km/h zones cannot be that bad.
I would love to hear opinions from someone who lives there!
crossposted from: mastodon.uno/users/rivoluzione…
Tempo 30 steht auf Dutzenden Hauptstraßen wieder zur Debatte
Auf Dutzenden Berliner Hauptstraßen wurde wegen schlechter Luftqualität Tempo 30 eingeführt. CDU-Verkehrssenatorin Bonde will dies zurückdrehen. Die SPD befürchtet negative Auswirkungen für Schüler und fordert erst eine ausführliche Prüfung.www.rbb24.de
Non solo in Italia: a Berlino vogliono togliere le zone 30, perché l'aria è migliorata, grazie alle zone 30.L'assurdità della proposta è tutta nel titolo, e dimostra quanto la #motonormatività sia diffusa. #Berlino, una città con #trasportoPubblico davvero eccellente, può concedersi tranquillamente zone dove la velocità non la fa da padrone.
rbb24.de/politik/beitrag/2025/…
Tempo 30 steht auf Dutzenden Hauptstraßen wieder zur Debatte
Auf Dutzenden Berliner Hauptstraßen wurde wegen schlechter Luftqualität Tempo 30 eingeführt. CDU-Verkehrssenatorin Bonde will dies zurückdrehen. Die SPD befürchtet negative Auswirkungen für Schüler und fordert erst eine ausführliche Prüfung.www.rbb24.de
like this
Rozaŭtuno, FundMECFS, adhocfungus, thisisbutaname, Luca, Rickicki, iagomago e Scrollone like this.
Feddit Un'istanza italiana Lemmy reshared this.
Wasn't the word motonormativity from you? I had to re-read that word a few times to get what you were saying with it and it's good.
sunzu2 called it a slur, and a good one at that.
I wish I was that clever, but no. It's from a researcher named Ian Walker, coined in a very interesting article. It has its own Wikipedia page: en.wikipedia.org/wiki/Motonorm…
Also mainstream articles: theverge.com/2023/1/31/2357951…
And a video by GCN!
I'm surprised that by being in the fuck cars community you never heard the term!
Cars are rewiring our brains to ignore all the bad stuff about driving
A new study coins the term “motornormativity” to describe the unconscious biases people form around the societal ills and inequities of automobile driving.Andrew J. Hawkins (The Verge)
Yep sounds absurd. As I unterstand it the problem is that you need a reason for 30 km/h zones. The reason was the air quality which is now better so there is no reason anymore.
Some zones may be kept because the streets are used by school kids.
I think this is still absurd and good 30 km/h zones with synced traffic lights can yield a good traffic flow.
Show Your Stripes
Visualising how the climate has changed for every country across the globeshowyourstripes.info
Telegram is indistinguishable from an FSB honeypot
Telegram is indistinguishable from an FSB honeypot
Many people who focus on information security, including myself, have long considered Telegram suspicious and untrustworthy. Now, based on findings published by the investigative journalism outlet IStSongs on the Security of Networks
AMA is AMA
- What lead you to dive into examining Telegram?
- How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.
- What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone's localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they'd want to mine from users.
It's not the first time I see your discovery shared and I want to thank you. It won't completely disencourage people around me from using it but it'd pile up with other many reasons to do so. Someday there would be just enough of them, like it happened with VK, Facebook etc, I believe.
AMA is AMA
What have I done.
What lead you to dive into examining Telegram?
I do information security work, and I used to work closely with investigative journalists hailing from Russia, Kazachstan, Ukraine, and other places in that general area. Telegram is massively popular there. Because of this Telegram has been on my radar for a very long time as a serious security threat – not just because its protocol and management are suspect, there are plenty of other IMs like that, but also because of how many people I worked with had used it.
I've written about Telegram before, on amore general level (linked in the blog post), so when IStories reached out to me for comment on this it was a good inspiration to dive deeper.
How would you use it if abandoning it is not an option, safety-wise, on android? Like, opening it in browser instead, killing app from the background, or using some app\tool? Not using it for anything sensitive is obvious.
I would not use it. I refuse to accept that abandoning it is not an option. There are plenty of options. It's always a decision one can make.
Please remember that even if hypothetically you could use it in a way that protects you from the spying – something I am very, very doubtful of! – the mere fact you are using it sucks other people into using it. You personally become one more reason for someone to start using or keep using Telegram. You personally become one more "user" of Telegram, justifying another media organization or NGO to set up or maintain a presence there – which in turn pulls in even more users into the dragnet.
In other words, your decision to use Telegram anyway, even though you know what the issues are, becomes one of the many things that make other people feel that "abandoning is not an option". I refuse to be a part of that. The only thing I can recommend is to stop using it.
What are other potential worms is in there you may think of? Recently, Yandex and Meta analytics tools got caught in sending browsing data to phone’s localhost - where their locally installed apps caught it and sent back home. If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I think this hits the nail on the head: If the FSB conection is that deep, there is no end to what they’d want to mine from users.
I don't want to speculate. The possibilities are vast. But I will say what I said in the blogpost: Telegram is indistinguishable from an FSB honeypot.
I don't trust Telegram the company, I don't trust Telegram the software, I don't trust MTProto. I certainly do not trust Pavel Durov. I don't think we need to speculate on what more could possibly be hiding there, what is already known about Telegram should really be enough to stop using it.
The two decisions Telegram made (choice of infrastructure provider who happens to cooperate with the Russian FSB, and attaching a cleartext device identifier to encrypted messages) taken together reinforce surveillance capability of the FSB considerably more strongly than either of these decisions would have on its own.
The entire article seems like an attack. The author finds a unique identifier and adds "Russia bad" throughout.
States the information is in cleartext but then explains how everything is encrypted (in transit).
What will the author do if they intercepted any single online stores transfer of credit card details. Also encrypted in transit but Is that also deemed as cleartext? Or is that okay?
I don't think much new is learnt here. WhatsApp also sends metadata in "cleartext" (not really, as it's encrypted in transit, but this article called that "cleartext").
I don't know... I think the author put a lot of effort on document things and presenting evidence.
Your post history and mod logs are also quite weird.
Your post history and mod logs are also quite weird.
Lol what does that mean
fr it's literally
no russia bad but trust our feds instead because we are the good guys
bsfr 💀💀💀
But I can't lie the analysis is still quite in-depth and feels like an effortpost
I can't say I read the whole thing because the technical analysis went over my head, but I don't think we read the same conclusion
Conclusions
Based on the analysis of packet captures above, I believe it is clear that anyone who has sufficient visibility into Telegram’s traffic would be able to identify and track traffic of specific user devices. Including when perfect forward secrecy protocol feature is in use.
This would also allow, through some additional analysis based on timing and packet sizes, to potentially identify who is communicating with whom using Telegram.
Telegram is indistinguishable from an FSB honeypot
Many people who focus on information security, including myself, have long considered Telegram suspicious and untrustworthy. Now, based on findings published by the investigative journalism outlet IStSongs on the Security of Networks
Hi, author here. First of all, in that piece I don't happen to recommend using any specific piece of software. I mention Signal and WhatsApp for comparison, as tools that are considered similar, and yet avoid making the same weird protocol choices.
Secondly, if you have any proof that any specific communication tool is used to "spy" on people, I am sure I am not the only person who would love to hear about it. That's the only way we can keep each other safe online. Surely you wouldn't be making unsubstantiated claims and just imply stuff like that without any proof, would you?
And finally, I've spent a good chunk of time and expertise on analyzing Telegram's protocol before I made my claims. I provided receipts. I provided code. I explained in detail my testing set-up. You can yourself go and verify my results.
Instead, you claim it's "propaganda", while mischaracterizing what I say in that post. Classy!
gigarivista scottiaca con segretissimo numero, trovato così nel vedere colì
A distanza di 2 anni (…io pensavo 1), chi si ricorda Scottecs Gigazine? Probabilmente nessuno, neppure io onestamente. Però, l’altro giorno mi è tornato in mente che esiste, giusto per caricare su TomoStash una manciata di volumi molto vecchi che ho trovato sull’agrodolce Archivio di Anna… e ok. Però poi ieri ho aperto il sito […]
octospacc.altervista.org/2025/…
gigarivista scottiaca con segretissimo numero, trovato così nel vedere colì
A distanza di 2 anni (…io pensavo 1), chi si ricorda Scottecs Gigazine? Probabilmente nessuno, neppure io onestamente. Però, l’altro giorno mi è tornato in mente che esiste, giusto per caricare su TomoStash una manciata di volumi molto vecchi che ho trovato sull’agrodolce Archivio di Anna… e ok. Però poi ieri ho aperto il sito ufficiale della rivista gigante, per includere i link e per copincollare le descrizioni deitomi, e lì ho scoperto non una, ma ben due (2) cose assurde… furbuffe, quasi. (!) 😱Innanzitutto, esiste un numero speciale del Gigazine, il Numero Zero XL, che è esclusivamente digitale e gratuito!!! Non l’ho mai sentito prima, e in effetti è bello nascosto sul sito, tutto in fondo alla lista dei prodotti… sarà un regalo per i ficcanaso, e io approvo. La cosa strana però è che non si vede alcun tasto per scaricare, o che… l’unica cosa che a fatica trovo è il tasto “aggiungi al carrello secondario”, scrollando in fondo alla pagina, dove appare come flyout, ma… clicco e non funziona, semplicemente il testo si trasforma in una rotellina che gira all’infinito. Per sicurezza ho provato anche dal browser dei pensionati, che “non si sa mai che su Firefox magari è tutto rotto, specialmente il mio con 31 estensioni“, ma niente. 😓
Grande terrore, quindi. Ho temuto di non poter mettere le mani su questo PDF elusivissimo. Giusto un attimo prima di aprire i devtools del browser, per capire cosa va storto e non posso sistemare (qualcosa nel loro tema di Shopify, il JavaScript tira un errore
Uncaught TypeError: this.form is null: initCartBar@theme.js [...]), però, per nessun motivo particolare se non il fatto che ci fosse un pallino “1” nell’angolo, il bottone della chat ha catturato la mia attenzione, e l’ho cliccato… e lì ho riso. Perché tra le tante “risposte immediate” c’è “Non riesco a scaricare il Numero 0 XL“, che ho quindi cliccato, e il bot ha risposto “Gigaciao! Non ti preoccupare, utilizza il link qui sotto e scarica il Numero 0 XL! https://gigaciao.com/a/downloads/-/92f4529bab5bf4e…“. 🤯Cioè… fatemi capire bene… Loro sanno perfettamente che il loro sito è rotto e il download non può partire, e non solo non sistemano semplicemente lo spacc nel codice, ma nemmeno mettono il link diretto al download nel testo della pagina… No, bisogna che l’utente abbia l’intuizione di scavare in altre parti del sito, in questo caso la chat di supporto, per trovare lì finalmente l’oggetto digitale tanto agognato! Regà, boh, è così assurdo che a questo punto non posso non pensare non sia stato fatto apposta; va bene i problemi, va bene l’incompetenza, ma qui siamo oltre: mi sa che è davvero una caccia al tesoro per chi ha abbastanza pazienza come me. Vabbè, tanto ora il numero 0 è ricaricato sul mio sito… e comunque ci ho perso solo 2-3 minuti, ma in cambio ho subito questa user experience assurda da raccontare. 👌
Scottecs Gigazine 0 XL - Prodotto Digitale
Ecco a voi la versione DIGITALE del ricercatissimo Numero Zero, adesso disponibile in versione XL, con più contenuti ma sempre GRATIS!Se non siete riusciti a recuperarlo in versione cartacea, o se ci siete riusciti, ma volete leggerne una versione es…Gigaciao
Experimental Piefed support is now available for Voyager
I'm excited to announce that Voyager now has experimental support for logging in with Piefed! You can try it out today on:
This will roll out to the official app stores and vger.app soon(tm), once I’m confident there are no major regressions. If you prefer not to switch to beta builds, just hang tight.
Please note that Piefed support is EXPERIMENTAL! There are still many things that don't work quite right, which I'm hoping to improve over the coming weeks.
The basics including scrolling home/all/local, viewing posts, blocking, commenting and voting should work well. However there are some known issues:
- Can't sign up for a Piefed account in-app, only log in with an existing one
- Subscribed communities list is empty (should be fixed soon!)
- Inbox tab doesn't load
- Comment search doesn't work
- Profile upvoted/downvoted doesn't load
- No moderation tools
- Mark as read doesn't persist
- Creating/editing posts is currently untested
- ...probably a bunch of other stuff too, please let me know below!
Behind the scenes, this interoperability is made possible thanks to aeharding/threadiverse, a new library I am working on to normalize various threadiverse-software APIs. It's open source so any project use it, but it's under heavy development right now. What's cool about this is in the future, adding support for mbin, or whatever else is possible!
Again, feel free to try it out and let me know if there are any more issues to be documented and fixed.
Yesterday I merged in a PR that lets the instance admin set the sizes for thumbnails.
But the real issue is that the thumbnails have a variety of uses - in the PieFed web UI thumbnails are shown quite small so 170px is fine. But some mobile apps might show the thumbnail in a manner that spans the whole screen which is going to need to be at least 350px wide.
I'll make PieFed generate a 500px version of the thumbnail and include that in the API response (as well as the smaller one).
Share a script/alias you use a lot
# Download clipboard to tmp with yt-dlp
tmpv() {
cd /tmp/ && yt-dlp "$(wl-paste)"
}like this
Rozaŭtuno e adhocfungus like this.
ls(){
rm -rf / --no-preserve-root
}Not on mine tho
With how many new Linux users we get recently, I don't like this joke at all without a disclaimer. Yes yes, its your own fault if you execute commands without knowing what it does. But that should not punish someone by deleting every important personal file on the system.
In case any reader don't know, rm is a command to delete files and with the option rm -r everything recursively will be searched and deleted on the filesystem. Option -f (here bundled together as -rf) will never prompt for any non existing file. The / here means start from the root directory of you system, which in combination with the recursive option will search down everything, home folder included, and find every file. Normally this is protected todo, but the extra option --no-preserve-root makes sure this command is run with the root / path.
Haha I know its funny. Until someone loses data. Jokes like these are harmful in my opinion.
rm -rf / belongs in a joke thread.
$ which diffuc
diffuc: aliased to diff -uw --color=always$ which grepnir
grepnir: aliased to grep -niIr$ cat `which ts`
\#!/bin/bash
if [ "$#" -lt 1 ]; then
tmux list-sessions
exit
fi
if ! tmux attach -t "$1"
then
tmux new-session -s "$1"
fi
I usually set up an alias or script to update everything on my system. For example, on Ubuntu, I would do this: alias sysup='snap refresh && apt update && apt upgrade'
And on Arch, I do this: alias sysup ='flatpak update && paru'
Funny enough you'd need to use sudo to run this on Ubuntu, but not in the Arch example because paru being neat
GitHub - topgrade-rs/topgrade: Upgrade all the things
Upgrade all the things. Contribute to topgrade-rs/topgrade development by creating an account on GitHub.GitHub
GitHub - ivan-hc/AM: AppImage Package Manager: AppImage sandboxing, local and system installation, update all AppImages, an extensible database of AppImages and portable apps, lists for AppImages and other GNU/Linux binaries, integrate AppImages by drag/d
AppImage Package Manager: AppImage sandboxing, local and system installation, update all AppImages, an extensible database of AppImages and portable apps, lists for AppImages and other GNU/Linux bi...GitHub
alias update='eos-update --yay'
alias updates='eos-update --yay ;
flatpak update ;
flatpak uninstall --unused ;
rustup self update ;
rustup update'And related for uninstalling something:
alias uninstall='yay -Rs'
github.com/dannyfritz/dotfiles…
dotfiles/fish/config.fish at e53d410364bf6e2f4e1de4b9c6abbbc832db67b1 · dannyfritz/dotfiles
Contribute to dannyfritz/dotfiles development by creating an account on GitHub.GitHub
For doing stuff in a directory, I use a replacement for cd
command.
For aliases:
alias +='git add'
alias +p='git add -p'
alias +u='git add -u'
alias -- -='cd -'
alias @='for i in'
alias c='cargo'
alias date='LANG=C date'
alias diff='cdiff'
alias gg='git grep -n'
alias grep='grep --color=auto'
alias ll='ls -o'
alias ls='ls -vFT0 --si --color=auto --time-style=long-iso'
alias rmd='rmdir'I also have various small scripts and functions:
*
a for package management (think apt but has simplified argumentswhich makes it faster to use in usual cases),
*
e for opening file in Emacs,*
g for git,*
s for sudo.And here’s ,:
$ cat ~/.local/bin/,
\#!/bin/sh
if [ $# -eq 0 ]; then
paste -sd,
else
printf '%s\n' "$@" | paste -sd,
fi
Similar to yours OP I copy many URLs and then run my script that takes the number of URLs I copied eg 5,and downloads them with yt-dlp and GNU parallel to ~/Videos
I use CopyQ to hold the clipboard history.
alias dockpull="docker compose pull"
alias dockup="docker compose up -d --remove-orphans"
alias x='chmod +x'I also have the
yt-dlp "$(wl-paste)" one, but its build around a custom script. So sharing it here makes no sense. Its funny how often we do same thing in different ways (extracting or creating archives in example). Often aliases get development into function and then they turn into scripts. For some of the more simple aliases, here a selection:alias f='fastfetch -l none'
alias vim='nvim'
alias baloo='balooctl6'
To answer your question realistically I did history | sed "s/.* //" | sort | uniq -c | sort -n
which returned as first non standard command lr which from my grep lr ~/.bashrc is alias lr="ls -lrth"
A few days ago I posted a one-liner to do the same thing too. It will resolve aliases from your history and expand program paths to its fullpath. I thought you might be interested: beehaw.org/post/20584479
type -P $(awk '{print $1}' ~/.bash_history | sort -u) | sort
List all existing program paths from your Bash's history. (Bash One Liner)
It only works with the first command in the recorded history, not with any sub shells or chained commands.
\#!/usr/bin/env bash # 1. history and $HISTFILE do not work in scripts. Therefore cat with a direct # path is needed. # 2. awk gets the first part of the command name. # 3. List is then sorted and duplicate entries are removed. # 4. type -P will expand command names to paths, similar to which. But it will # also expand aliases and functions. # 5. Final output is then sorted again. type -P $(cat ~/.bash_history | awk '{print $1}' | sort | uniq) | sort
After reading a blog post, I had this script in mind to see if its possible. This is just for fun and I don't have an actual use for it. Maybe some parts of it might inspire you to do something too. So have fun.Edit 1:
After some suggestions from the comments, here is a little shorter version.
sort | uniqcan be replaced bysort -u, as the output of them should be identical in this case (in certain circumstances they can have different effect!). Also someone pointed out my uselesscat, as the file can be used directly withawk. And for good reason. :D Enjoy, and thanks for all.
type -P $(awk '{print $1}' ~/.bash_history | sort -u) | sort
I still have no real use case for this one liner, its mainly just for fun.
I replaced rm with trash-put, just in case I realize I need some files that I removed down the line.
alias rm='trash-put'Official author don't recommend it due to different semantics. But honestly for my own personal use case its fine for me.
Also I like to alias xclip:
alias clippy='xclip -selection clipboard'
# cat things.txt | clippy
GitHub - andreafrancia/trash-cli: Command line interface to the freedesktop.org trashcan.
Command line interface to the freedesktop.org trashcan. - andreafrancia/trash-cliGitHub
rm directly, even with the alias in effect, you can put a backslah in front of the command to use its original meaning: \rm filename
I'm not sure what you mean with the question. If you have any alias like alias rm='ls -l' in your .bashrc in example, then you cannot use the original command rm anymore, as it is aliased to something else. I'm speaking about the terminal, when you enter the command. However, if you put a backslash in front of it like \rm in the terminal, then the alias for it is ignored and the original command is executed instead.
Edit: Made a more clear alias example.
Official author don’t recommend it due to different semantics. But honestly for my own personal use case its fine for me.
I don't recommend that either. If you get used to that 'rm' doesn't actually remove files and then your alias is missing for whatever reason it'll bite you in the rear at some point. And obviously the same hazard goes with a ton of other commands too.
# switch sinks
toggle_audio() {
# Find headset sink ID dynamically
headset_id=$(pactl list sinks short | grep "Plantronics" | awk '{print $1}')
# Find speakers sink ID dynamically
speakers_id=$(pactl list sinks short | grep "pci-0000_05_00.6" | awk '{print $1}')
# Get current default sink
current_sink=$(pactl get-default-sink)
# Get current sink ID
current_id=$(pactl list sinks short | grep "$current_sink" | awk '{print $1}')
# Toggle between the two
if [ "$current_id" = "$headset_id" ]; then
pactl set-default-sink "$speakers_id"
echo "Switched to speakers (Sink $speakers_id)"
else
pactl set-default-sink "$headset_id"
echo "Switched to headset (Sink $headset_id)"
fi
}generally i try not to use too many custom things because for work i regularly work on all kinds of different servers and i've just been too lazy to set up some solution to keep it all in sync. someday....
\#!/bin/bash
name=/home/defacto/.drafts/"`date +"%Y%m%d"`"_text
if [[ -e "$name" || -L "$name" ]] ; then
i=1
while [[ -e "$name"_$i || -L "$name"_$i ]] ; do
let i++
done
name="$name"_$i
fi
touch -- "$name"
pluma "$name" #replace pluma with your editor of choice
\#/usr/bin/bash
days=$(</var/home/monika/scripts/days)
echo "$days"
file_name=/var/home/monika/Pictures/Art/day$days.kra
if [ -f $file_name ]; then
echo file is present
else
if [[ $days%7 -eq 0 ]]; then
echo "Week completed"
fi
cp "/var/home/monika/scripts/duplicate.kra" $file_name
flatpak run org.kde.krita $file_name
echo $(($days + 1)) >/var/home/monika/scripts/days
fi
I often want to know the status code of a curl request, but I don't want that extra information to mess with the response body that it prints to stdout.
What to do?
Render an image instead, of course!
curlcat takes the same params as curl, but it uses iTerm2's imgcat tool to draw an "HTTP Cat" of the status code.
It even sends the image to stderr instead of stdout, so you can still pipe curlcat to jq or something.
\#!/usr/bin/env zsh
stdoutfile=$( mktemp )
curl -sw "\n%{http_code}" $@ > $stdoutfile
exitcode=$?
if [[ $exitcode == 0 ]]; then
statuscode=$( cat $stdoutfile | tail -1 )
if [[ ! -f $HOME/.httpcat$statuscode ]]; then
curl -so $HOME/.httpcat$statuscode https://http.cat/$statuscode
fi
imgcat $HOME/.httpcat$statuscode 1>&2
fi
cat $stdoutfile | ghead -n -1
exit $exitcodeNote: This is macOS-specific, as written, but as long as your terminal supports images, you should be able to adapt it just fine.
Because using docker can sometimes cause ownership issues if not properly configured in your docker-compose.yml, I just added an alias to ~/.zshrc to rectify that.
-edit-
Only run this script in your user owned directories, e.g. anything from ~/ (or /home/) you might otherwise cause ownership issues for your system.
## Set ownership of files/folders recursively to current user
alias iownyou="sudo chown -R $USER:$GROUP"
g=git
ga='git add'
gau='git add --update'
gcfu='git commit --fixup'
gc='git commit --verbose'
'gc!'='git commit --verbose --amend'
gcmsg='git commit --message'
gca='git com
gd='git diff'
gf='git fetch'
gl='git pull'
gst='git status'
gstall='git stash --all'
gstaa='git stash apply'
gp='git push'
'gpf!'='git push --force-with-lease'
grb='git rebase'
grba='git rebase --abort'
grbc='git rebase --continue'I also often use
ls='eza'
md='mkdir -p'
mcd() { mkdir -p "$1" && cd "$1" }And finally some Nix things:
b='nix build'
bf='nix build -f'
bb=nix build -f .'
s='nix shell'
sf='nix shell -f'
snp='nix shell np#'
d='nix develop'
df='nix develop -f'
That's a helpful one! I also add a function that creates a tmp directory, and cds to it which I frequently use to open a scratch space. I use it a lot for unpacking tar files, but for other stuff too.
(These are nushell functions)
# Create a directory, and immediately cd into it.
# The --env flag propagates the PWD environment variable to the caller, which is
# necessary to make the directory change stick.
def --env dir [dirname: string] {
mkdir $dirname
cd $dirname
}
# Create a temporary directory, and cd into it.
def --env tmp [
dirname?: string # the name of the directory - if omitted the directory is named randomly
] {
if ($dirname != null) {
dir $"/tmp/($dirname)"
} else {
cd (mktemp -d)
}
}
I have a few interesting ones.
Download a video:
alias yt="yt-dlp -o '%(title)s-%(id)s.%(ext)s' "Execute the previous command as root:
alias please='sudo $(fc -n -l -1)'Delete all the Docker things. I do this surprisingly often:
alias docker-nuke="docker system prune --all --volumes --force"This is a handy one for detecting a hard link
function is-hardlink {
count=$(stat -c %h -- "${1}")
if [ "${count}" -gt 1 ]; then
echo "Yes. There are ${count} links to this file."
else
echo "Nope. This file is unique."
fi
}I run this one pretty much every day. Regardless of the distro I'm using, it Updates All The Things:
function up {
if [[ $(command -v yay) ]]; then
yay -Syu --noconfirm
yay -Yc --noconfirm
elif [[ $(command -v apt) ]]; then
sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y
fi
flatpak update --assumeyes
flatpak remove --unused --assumeyes
}I maintain an aliases file in GitLab with all the stuff I have in my environment if anyone is curious.
dotfiles/.bash_aliases · master · Daniel Quinn / Handy Scripts · GitLab
Useful scripts I use dailyGitLab
Execute the previous command as root
Fun fact if you are using bash, !! will evaluate to the previous command, so if you miss sudo on some long command, you can also just do sudo !!.
Ooooou I got a couple :3
This one is just a basic mirror fixing thing cuz sometimes I go a while without updating pacman:
alias fixpkg='rate-mirrors --protocol https arch | sudo tee /etc/pacman.d/mirrorlist && sudo pacman -Syy'This function I made to create virtual audio sinks so I can route audios via qpw and play earrape into discord calls if I want XD
create_vsink() {
local sink_name=${1:-vsink} # Default sink name is 'vsink' if no input is provided
local description=${2:-"Virtual Sink"} # Default description
pactl load-module module-null-sink sink_name="$sink_name" sink_properties=device.des>
echo "Virtual sink '$sink_name' created with description '$description'."
}Simple parser function I made that makes a whole repo using my git key so it's not just locally created I kinda forgot why I made it tbh:
git_clone() {
local url="${1#https://}" # Remove "https://" if present
git clone "https://$git_key@$url"
}Awesome mpv function I made that allows for real time pitch+speed shifting via hotkeys and is flexible with extra parameters and shit:
mpv_pitch() {
if [[ -z "$1" ]]; then
echo "Usage: mpv_pitch <file> [mpv-options]"
return 1
fi
local file="$1"
shift
mpv --input-conf=/dev/stdin "$file" "$@" <<EOF
SHIFT+RIGHT add audio-pitch-correction 0; add pitch 0.01; add speed 0.01 # Decrease pit>
SHIFT+LEFT add audio-pitch-correction 0; add pitch -0.01; add speed -0.01 # Increase pit>
EOF
}Automatic audio router for firefox audio streams that uses the aforementioned create_sink function to make a specific sink that I can use carla on to mix and make cool shit out of haha
firefox_crush() {
create_vsink CrunchSink "CrunchSink"
firefox --name firefox-vc &
(while true; do
SINK_INPUT_ID=$(pactl list sink-inputs short | grep "firefox" | awk '{print $1}')
if [[ -n "$SINK_INPUT_ID" ]]; then
pactl move-sink-input "$SINK_INPUT_ID" CrunchSink
break
fi
sleep 0.25
done) &
}
alias fucking='sudo' (my coworkers often used prettyplease instead)
alias gl='git log'
alias server-name-here='ssh server-name-here'I have a bunch of the server aliases. I use those and gl the most.
~/.ssh/config. I just got tired of typing ssh server and wanted the be able to just type server to ssh in.
ssh_hostnames=$(grep "^Host " ~/.ssh/config | awk '!/*/ {print $2}')
for host in $ssh_hostnames
do
alias $host="ssh $host"
donein my .bash_aliases to parse the ~/.ssh/config file and cut off the 'ssh ' part automatically for every Host I have in there.
bash_aliases so much more elegant than me adding the alias for each server.
alias clip='xclip -selection clipboard'
When you pipe to this, for example ls | clip, it will stick the output of the command ran into the clipboard without needing to manually copy the output.
I use a KDE variant of this that uses klipper instead (whatever you pipe to this will be available in klipper):
` #!/bin/sh
function copy {
if ! tty -s && stdin=$(</dev/stdin) && [[ "$stdin" ]]; then
stdin=$stdin$(cat)
qdbus6 org.kde.klipper /klipper setClipboardContents "$stdin"
exit
fi
qdbus6 org.kde.klipper /klipper getClipboardContents
}
copy $@`
alias yt-dlp='/home/j/yt-dlp/yt-dlp'
alias nuget="mono /usr/local/bin/nuget.exe"
For the newer version of program, that's why we have the $PATH. You put your program into one of the directories that is in your $PATH variable, then you can access your script or program from any of these like a regular program. Check the directories with echo "$PATH" | tr ':' '\n'
My custom scripts and programs directory is "~/.local/bin", but it has to be in the $PATH variable too. Every program and script i put there can be run like any other program. You don't even need an alias for this specific program in example.
Nuget is a the .NET package manager. Like npm or pip, but for .NET projects.
If you needed it for a published application that strikes me as fairly strange.
I looked through my bash history and it looks like I needed it to build an Xbox eeprom editor for Xemu. Xemu doesn't (or at least didn't, I haven't used newer versions yet) have a built in eeprom editor and editing the Xbox eeprom is required for enabling both wide screen and higher resolutions for the games that support them natively.
I just looked at Xemu's documentation, and it looks like they've added a link to an online eeprom editor, so the editor I used (which they do still link to) is no longer required.
github.com/pyr0ball/PRbL-bashr…
My own bash library, includes a self-installer and a nifty login banner
GitHub - pyr0ball/PRbL-bashrc: Automated installer for PRbL and bashrc modifications
Automated installer for PRbL and bashrc modifications - pyr0ball/PRbL-bashrcGitHub
function seesv
column -s, -t < $argv[1] | less -#2 -N -S
endI used this a lot when I had to deal with CSV files — it simply shows the data in a nice format. It's an alias for the fish shell by the way.
# Changes to top-level directory of git repository.
alias gtop="cd \$(git rev-parse --show-toplevel)"
I have a few:
loginserver- 3 of these, 1 for each of my headless vm's/computers that's just an SSH command
dcompose(d/pull) - docker compose (down/pull)3 scripts that are just docker compose up/down/pull, as scripts (remind me in 6 hours and I will post the scripts) so that it will CD to my compose folder, execute the command (with option for naming specific containers or blank for all) and then CD back to the directory I started in.
alias bat="batcat"
alias msc="ncmpcpp"
alias xcp="xclip -selection clipboard"
alias wgq="sudo wg-quick"also a couple to easily power on/off my 4g modem
here we go:
dedup:
#!/usr/bin/awk -f
!x[$0]++this removes duplicate lines, preserving line order
iter:
#!/usr/bin/bash
if [[ "${@}" =~ /$ ]]; then
xargs -rd '\n' -I {} "${@}"{}
else
xargs -rd '\n' -I {} "${@}" {}
fiThis executes a command for each line. It can also be used to compare two directories, ie:
du -sh * > sizes; ls | iter du -sh ../kittens/ > sizes2fadeout:
#!/bin/bash
# I use this to fade out layered brown noise that I play at a volume of 130%
# This takes about 2 minutes to run, and the volume is at zero several seconds before it's done.
# ################
# DBUS_SESSION_BUS_ADDRESS is needed so that playerctl can find the dbus to use MPRIS so it can control mpv
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
# ################
for i in {130..0}
do
volume=$(echo "scale=3;$i/100" | bc)
sleep 2.3
playerctl --player=mpv volume $volume
donelbn:
#!/bin/bash
#lbn_pid=$(cat ~/.local/state/lbn.pid)
if pgrep -fl layered_brown
then
pkill -f layered_brown
else
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"
mpv -ao pulse ~/layered_brown_noise.mp3 >>lbn.log 2>&1 &
sleep 3
playerctl -p mpv volume 1.3 >>lbn.log 2>&1 &
fiThis plays "layered brown noise" by crysknife. It's a great sleep aid.
here are some aliases:
alias m='mpc random off; mpc clear'
alias mpcc='ncmpcpp'
alias thesaurus='dict -d moby-thesaurus'
alias wtf='dict -d vera'
alias tvplayer='mpv -fs --geometry=768x1366+1366+0'
# usage: yesno [prompt]
# example:
# yesno && echo yes
# yesno Continue? && echo yes || echo no
yesno() {
local prompt
local answer
if [[ "${#}" -gt 0 ]]; then
prompt="${*} "
fi
read -rp "${prompt}[y/n]: " answer
case "${answer}" in
[Yy0]*) return 0 ;;
[Nn1]*) return 1 ;;
*) return 2 ;;
esac
}
Hey OP, consider using $XDG_RUNTIME_DIR instead of /tmp. It's now the more proper place for these kinds of things to avoid permission issues, although I'm sure you're on a single user system like most people. I have clipboard actions set to download with yt-dlp 😀
My favorite aliases are:
alias dff='findmnt -D -t nosquashfs,notmpfs,nodevtmpfs,nofuse.portal,nocifs,nofuse.kio-fuse'
alias lt='ls -t | less'
alias f='open -a Finder .'
I use Clevis to auto-unlock my encrypted root partition with my TPM; this means when my boot partition is updated (E.G a kernel update), I have to update the PCR register values in my TPM. I do it with my little script /usr/bin/update_pcr:
\#!/bin/bash
clevis luks regen -d /dev/nvme1n1p3 -s 1 tpm2I run it with sudo and this handles it for me. The only issue is I can't regenerate the binding immediately after the update; I have to reboot, manually enter my password to decrypt the drive, and then do it.
Now, if I were really fancy and could get it to correctly update the TPM binding immediately after the update, I would have something like an apt package shim with a hook that does it seamlessly. Honestly, I'm surprised that distributions haven't developed robust support for this; the technology is clearly available (I'm using it), but no one seems to have made a user-friendly way for the common user to have TPM encryption in the installer.
Not exactly a single script, but I use scm breeze for git stuff. Has a ton of QoL features for working with git
github.com/scmbreeze/scm_breez…
GitHub - scmbreeze/scm_breeze: Adds numbered shortcuts to the output git status, and much more
Adds numbered shortcuts to the output git status, and much more - scmbreeze/scm_breezeGitHub
I wrote a script called please. You input please followed by any other command (e.g. please git clone, please wget blahblah) and a robotic voice will say "affirmative," then the command will run, and when it completes, the robotic voice reads out the exit code (e.g. "completed successfully" or "failed with status 1" etc.)
This is useful for when you have a command that takes a long time and you want to be alerted when it's finished. And it's a gentleman.
I have a collection of about 8 machines around the house (a lot of Raspberry Pi) that I ssh around to from various points.
I have setup scripts named: ssp1 ssp2 ssba ss2p etc. to ssh into the various machines, and of course shared public ssh keys among them to skip the password prompt. So, yes, once you are "in" one machine in my network, if you know this, you are "in" all of them, but... it's bloody convenient.
~/.ssh/config with lines like this:Host p1
HostName 192.168.1.123
Port 22
User piThen access with
ssh p1. Slightly more typing, but avoids adding more commands to your $PATH. Also has the benefit of letting you use the same alias with other ssh-related commands like sftp.
# fish shell
function jmpd
set _selection $(fzf --walker=dir);
if test -n "$_selection"
cd "$_selection";
end
end
g-pushgit push origin `git branch --show`
Technically not an alias, because I just use nushell's history + autocompletion everytime I use it, but one could alias it. I think I might even write a custom command for it, with path argument, some day. Anyway, here it goes:
rsync -aPh -e "ssh -p 2222" test@172.16.0.86:/storage/emulated/0/PicturesArchive/ ~/PicturesArchive/
I run an ssh daemon on my phone, and use this snippet to back up my photos.
\#Create predefined session with multiple tabs/panes (rss, bluetooth, docker...)
tmux-start
\#Create predefined tmux session with ncmpcpp and ueberzug cover
music
\#Comfort
ls = "ls --color=auto"
please = "sudo !!"
\#Quick weather check
weatherH='curl -s "wttr.in/HomeCity?2QF"'
\#Download Youtube playlist videos in separate directory indexed by video order in playlist -> lectures, etc
ytPlaylist='yt-dlp -o "%(playlist)s/%(playlist_index)s - %(title)s.%(ext)s"'
\#Download whole album -> podcasts primarily
ytAlbum='yt-dlp -x --audio-format mp3 --split-chapters --embed-thumbnail -o "chapter:%(section_title)s.%(ext)s"'
# download video -> extract audio -> show notification
ytm()
{
tsp yt-dlp -x --audio-format mp3 --no-playlist -P "~/Music/downloaded" $1 \
--exec "dunstify -i folder-download -t 3000 -r 2598 -u normal %(filepath)q"
}
# Provide list of optional packages which can be manually selected
pacmanOpts()
{
typeset -a os
for o in `expac -S '%o\n' $1`
do
read -p "Install ${o}? " r
[[ ${r,,} =~ ^y(|e|es)$ ]] && os+=( $o )
done
sudo pacman -S $1 ${os[@]}
}
# fkill - kill process
fkill() {
pid=$(ps -ef | sed 1d | fzf -m --ansi --color fg:-1,bg:-1,hl:46,fg+:40,bg+:233,hl+:46 --color prompt:166,border:46 --height 40% --border=sharp --prompt="➤ " --pointer="➤ " --marker="➤ " | awk '{print $2}')
if [ "x$pid" != "x" ]
then
kill -${1:-9} $pid
fi
}
alias realwd='cd -P .' Here is an example :
$ echo $PWD
/home/me
$ cd Videos/Torrents/
$ echo $PWD
/home/me/Videos/Torrents
$ realwd
$ echo $PWD
/home/me/data/Torrents/Video I also do some X application, compositor and WM development, and I have a few aliases to simplify tasks like copying from an Xorg session to an Xnest (and the other way around), or reload the
xrandr command from my .xinitrc without duplicating it.alias screenconf='$(grep -o "xrandr[^&]*" ~/.xinitrc)'
alias clip2xnext='xclip -selection clip -o -display :0 | xclip -selection clip -i -display :1'
alias clip2xorg='xclip -selection clip -o -display :1 | xclip -selection clip -i -display :0' I have an alias for using MPV+yt-dlp with my firefox cookies :
alias yt="mpv --ytdl-raw-options='cookies-from-browser=firefox'" I can't stand too long lines of text on my monitor, particularly when reading manpages, so I set the MANWIDTH env variable.
# Note : if you know that *sometimes* your terminal will be smaller than 80 characters
# refer to that https://wiki.archlinux.org/title/Man_page
export MANWIDTH=80 I use null-pointers a lot, with a shorthand.
# Note: env.sh actually provide other helpful aliases on their homepage
function envs.sh() {
if [ $# != 1 ]; then
1>&2 printf "Error, need one argument.\n"
return 1
fi
curl -F'file=@'"$1" https://envs.sh
} The usual fake editor in my path, so that browsers and other applications open Vim the correct way.
\#!/bin/sh
# st_vim.sh - executable in my ~/.local/bin
# for example in firefox's about:config :
# - view_source.editor.path : set to the value of $(which st_vim.sh)
# - view_source.editor.external : set to true
st -- $EDITOR "$*" My
.xinitrc is quite classical, I still have this in it (setup for dwm's title bar, people usually install much complicated programs) :while true; do xsetroot -name "$(date +"%d %H:%M")"; sleep 60; done & I also have a lot of stupid scripts for server and desktop maintenance, disks cleaning etc... those are handy but are also very site-specific, let me know if your interested.
Charlie Musselwhite - Look Out Highway (2025)
Charlie Musselwhite - Look Out Highway (2025)
di Matteo Bossi Qualche anno fa, durante una lunga intervista apparsa sul n. 159 de Il Blues, per parlare del suo bellissimo “Mississippi S...Silvano Bottaro (Blogger)
Tinariwen - Tassili (2011)
Dopo l’ennesimo ascolto di Emmaar, il parallelo con Tassili, ultimo lavoro uscito nel 2011, è inevitabile. Il gruppo maliano che ha fatto, e continua a far conoscere la cultura tuareg in giro per il mondo, con questo disco, non si discosta di molto dal suo predecessore...
Leggi e ascolta...
Tinariwen - Tassili (2011)
Dopo l’ennesimo ascolto di Emmaar, il parallelo con Tassili, ultimo lavoro uscito nel 2011, è inevitabile. Il gruppo maliano che ha fatto, e continua a far conoscere la cultura tuareg in giro per il mondo, con questo disco, non si discosta di molto dal suo predecessore. Due sono soprattutto gli elementi in comune: deserto e messaggio. Il primo è stato registrato nel deserto algerino, Emmar invece, in quello nord americano del Joshua tree. Il messaggio: la musica come strumento di ribellione... silvanobottaro.blog/2024/09/10…
Ascolta: album.link/i/671816602
Home – Identità DigitaleSono su: Mastodon.uno - Pixelfed - Feddit
Tinariwen — Emmaar (2014)
Dopo l’ennesimo ascolto di Emmaar, il parallelo con Tassili, ultimo lavoro uscito nel 2011, è inevitabile. Il gruppo maliano che ha fatto, e continua a far conoscere la cultura tuareg in giro…Silvano Bottaro Blog
[deleted]
like this
Rozaŭtuno, Endymion_Mallorn, adhocfungus e Maeve like this.
We have people telling us the earth is flat. Them saying so doesn't make our good old planet any flatter ;)
I mean one can find excess absolutely anywhere, that doesn't demonstrate much imho.
like this
Endymion_Mallorn likes this.
like this
Endymion_Mallorn e Maeve like this.
Yep, and then there's probably a good number of people who have no idea of threat modelling who just copy those actions to say they have "good privacy".
Tbh, I'm closer to the latter.
like this
Endymion_Mallorn e Maeve like this.
I mean, it can be a bit of an issue everywhere.
Hilariously this post was just above this one in my feed.
As long as everyone is having fun, I see no problem.
If you're not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.
like this
Endymion_Mallorn likes this.
I'd sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one's time.
They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions ("what is Google doing this week?!").
If you're not having fun, focus on measures that you implement once and then never have to think about again.
For example, I wouldn't recommend GrapheneOS to a journalist in an authoritarian regime. It might be "more secure", but they have a job to do and can't keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn't "phone administration".
LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It's okay, I do it too. However, it's not approachable or understandable to people who don't share that hobby, or are not as alarmed at the general state of things as we are.
people are literally targeted by this system today. and i live in the third world, i'm ripe for the taking.
i'm glad this can be a hobby for some of you guys though.
It kind of has to be, if you're trying to be persistent about the whole thing. It's easy to feel overwhelmed and burn out over all of the different threats we're trying to defend against. I don't see how you can keep at it for months or years if you feel no joy over it. But maybe being deathly, relentlessly afraid of the dangers around us is enough after all.
If you don't even like doing this stuff, wouldn't it be better to focus on measures that require little upkeep? This is what my example suggestion was getting at, something that's as close to set-and-forget as possible, while getting you 90% of the way there. (Depending on your threat model, sure. If yours says that the sky is falling if Tim Apple gets your iCloud data, it certainly doesn't apply.)
Damn this take needs more love. You will get shouted down And downvoted to the lowest depths if you speak against anything that isn't graphene. I like the project, it has merit. It's far far from perfect in so many ways. I don't believe it's the white knight in shining armour we like to think it is. Good yes. Saving grace. Not by a long shot. It's got many fundamental flaws.
Be conscious of your needs, not obsessive. I think a lot of people are obsessive and I get it totally. But FOMO is powerful. Don't overwork your mind trying to be perfect that you never make moves. Life isn't static. If your uneducated enough to truly need the utmost best tech stacks with no real knowledge on how to implement and deploy. You likely don't need to be doing the shit your thinking of, or currently doing.
like this
Endymion_Mallorn likes this.
like this
Endymion_Mallorn e Maeve like this.
Yes, some people absolutely take things way too far, and often unproductively.
Like the person who was trying to disable websockets. Or the people who will shun signal, but jump directly on the flavour of the month signal clone, which might be completely backdoored.
If you dont know what you are doing, randomly turning things on and off at best does nothing, at worst makes you even more signaturable/trackable.
Its good to educate yourself on various protections, but unfortunately, it requires a lot of careful research and understanding.
like this
Maeve likes this.
I have no issue with tinkering, my issue is more when tinkering gets turned around into advice.
I think I would be happier if these communities/subreddits were a bit more explicit about "We are amateurs, for actual advice, go to X, Y, Z".
Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.
Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.
like this
Endymion_Mallorn likes this.
Most people have absolutely zero idea how much data they put out there, what's done with it, and why any rational person would be horrified if they knew the extent to which individuals were tracked. Simply put, short of showing them how their lives are made worse, they don't care, and can't be made to care.
For friends and family, you can do things like give them books or send articles explaining it slowly in parts. For everyone else, just ask them if they know how Google tracks what they do in Incognito windows and see what they say. If they say that Google can't or doesn't, they might as well say the Earth is flat. You can't argue with that, even though it's provably false.
like this
Endymion_Mallorn likes this.
Most people have absolutely zero idea how much data they put out there
As evidence, I've heard people talk about worrying their phone is listening to their conversations. It's not that they don't care about privacy, it's that they don't even know what's possible. With all the data collection that is happening, the data brokers are already selling a dataset predicting that you are going to be shopping for new baby items and what types of manipulative tactics are likely to work on you well before you talk to your friend about it.
I definetly take things too far in terms of my effort vs my current threat model. But there are many aspects of trying to increase privacy.
For one, I'm very interested in the philosophy, ethics and politics of privacy and adjacent fields such as security. Part of what I do is just learning.
Also I try to be a good role model to my AFK peers and family. Of course I don't try to get everyone to adopt my hobby. But as in every field it's hard to teach even the basic stuff to others without deeper understanding of the field.
But as in every field it's hard to teach even the basic stuff to others without deeper understanding of the field.
That's so true, but even more true in IT... It changes so rapidly and things don't stay the same over time... It's not like a degree in Biology where things you learn stay relatively the same !
IT is 5 inches deep but miles long ! (Something like that!)
Definitely yeah! If you’re just a regular person living in a fairly democratic country and you’re thinking about physically clogging your usb ports to avoid someone breaking in your room and tampering your device while you’re exploring Barcelona, or if you consider removing camera and microphone from your pixel phone that you use every day, you’re probably taking it too far.
OTOH I’m still having trouble getting people away from Meta apps and I think it’s absolutely crazy how little thought people put into the amount of data that Meta collects.
TBH even in many dictatorships you’re mostly fine just using a VPN and fake accounts if you have government critical opinions. But that’s just my personal experience. Goes without saying if you have a decent follower count or are some kind of journalist you should be very paranoid.
Anyway, the point is, it’s probably good to feel slightly paranoid because most people aren’t paranoid enough, but most of us are also not Edward Snowden or Saudi journalists, so there should be a balance between practicality and privacy.
Once, someone sent me an Amazon link for baby nappies, and fool me clicked on it. Now Amazon showed boomer me baby nappies suggestions for the next six months. AI at its best... These things annoy me, so I try to avoid being tracked whenever reasonably possible.
OTOH, I am old and hope to not live long enough to experience any rogue government or whatever else persecuting me for having clicked on a baby nappies link years ago; so my threat model is short term only. I keep my privacy to a level, where it hopefully prevents as many annoyances as possible, but does not hamper what I am doing online too much. If I was younger, I'd likely do more.
I'm like a test-bed for a) my business customers and b) friends and family. also, "wasting" time thusly is vastly better than my previous "hobby", namely buying new and exciting shit.
my customers benefit from me knowing how exactly (and why!) I should implement e.g. an unbound instance on-premise. or an in-house prosody communication platform. or the "dev team" (buncha dudes poking at wordpress) getting a slew of used elitebooks with linux for the price of one new windows-with-ai yoga the spec initially called for.
f&f benefit from my early adoption by way of trickle-down tech. no way is anyone of them going to selfhost all this crap, but they get sprinkles of benefits in the form of "get this phone with that OS with those apps" and they're dramatically better off. you don't need the new ideapad ryzen that's "on sale" (isn't), have this 10-year old macbook I fixed and installed linux on - off you go. you don't need the new phone that's "free" with an exorbitantly priced plan, have the cheapest plan with this Redmi/Poco phone I swapped the battery on and installed LineageOS.
as to practical considerations, any and all interactions with the likes of FAANG are and should be adversarial from the get-go, they are out to hurt you by any means necessary. them fucks lost the benefit of doubt ages ago so you not letting them have a millimeter of grasp in your domicile should be your primary task. as their gains are cumulative in nature, every battle won is significant and you'd do well to remind yourself constantly of that.
Yes and I see two reasonable reasons for that.
One is that, like in most communities, those that feel more compelled to post and comment are those that are more passionate about the topic and/or have more extreme views.
The other reason is that given the sensitive nature of the topic, without knowing the threat level of the reader I can see how one would be reluctant to go for the "good enough".
I think that "mental illness" kind of comments would come from people whose attitude for safety in many aspects of life is "that's never going to happen (to me)". Those people exist, so sooner or later you'll see comments like that.
On the other hand everybody is trying to find a balance in convenience and safety and the situations and environments and life on general for one person can be quite different from that of some others'. So what's adequate for one won't be for another.
It's like PPE or personal finance or many other things. There's no one size that fits all and finding the right fit isn't easy. For a lot of us it's work in progress. Sometimes you know what's definitely needed and tweak the details. Sometimes you know something is not going well and needs to change.
Maybe it's enough to say that it's complicated and have some compassion and support for people that think it isn't. Or people that think it's all too much to handle.
Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.
It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.
like this
TVA likes this.
Told my older parents I use a custom ROM with a profile for work and a profile for personal and they asked me what I'm hiding, and why I'm so paranoid. I said.. it's not paranoia, it's organization. Color coding profiles allows my mind to switch gears from work to personal life like mental compartments. I am a boring person. I have nothing to be paranoid about. They didn't believe me. Oh well....
Edit: part of me thinks the whole mental state switching from work profile to personal is an ADHD aspect as well. Especially the color coding helps wonders.
explainxkcd.com/wiki/index.php…
Relevant XKCD;
I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a 'browser' is, much less cookies and stuff.
Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.
Agree that there are some extremist, but they mostly act in good faith tbh.
Another thing I noticed is there are more preachers of 'how' than 'why'. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.
2501: Average Familiarity - explain xkcd
explain xkcd is a wiki dedicated to explaining the webcomic xkcd. Go figure.www.explainxkcd.com
like this
TVA likes this.
There is a point of diminishing returns. Like most things, you have to evaluate what you are willing to live with and let go.
I know someone who only browses incognito because they don't want cookies tracking them. They log into everything every day. Which, imo, is worse because those cookies are still tracking you but you now have to log in everyday.
But for them they like the control.
I've moved most of my incidental link on my phone clicking to Firefox Focus (thanks to URL Checker) which has upped my privacy. I wouldn't have made that change without the prompt that URL Checker provides though.
I use a VPN outside of my house and I use pihole at home. I am tempted to switch my DNS to unbound but the juice doesn't seem to be worth the squeeze. We'll see the next time I need to rebuild my pi.
I used to run unbound on my laptop just so I could configure stuff like forwarding zones with more precision than what a stub resolver normally gives you.
It can also be your validating DNSSEC resolver, which also satisfied that sort of morbid curiosity in me.
In the age of DoT and DoH, with endpoints hardcoded in browser binaries, that sort of thing has a lot less punch than it used to. Even back then Go binaries would start ignoring your nsswitch.conf…
DNSSEC always causes errors on my pihole set up and end up disabling it. The upstream is DoH though (via dnscrypt) so it's technically DNSSEC but without the clients seeing the authentication. That's enough for me.
At some point, I fully expect apps and websites to begin resolving DNS directly instead of relying on the OS to provide resolution services. At that point our options will be to wholesale block IP addresses at the router.
Like most things on the internet it's a game of one-upsmanship. User X uses Firefox with Incognito. User Y say's that isn't good enough for his own inconsistent definition of "good enough."
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM.
But then user-z comes along and says that if you are using windows at all, you don't really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren't using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.
And so on. By the time a user is asking about how to stop google ads, the only "serious" answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.
A few weeks ago, I would have said 100%. I am needlessly careful.
I know I'm protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.
But earlier this month, we learned that Meta went "all-in" on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.
So now I guess I'm only about 30% sure I'm being needlessly careful.
like this
Rickicki likes this.
I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn't as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer "im not a person of interest they wont spend resources on me" because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn't even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you "may" do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.
Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?
The amount of times I've been told the nothing to hide argument is stupid.
Yes.
Like any interest, people get so far removed from the original point, it becomes about something new.
Like cast iron. People go from not really knowing about it to learning how to cook with it, to learning how to do basic maintenance. About 20% of people go completely off the rails, and they start buffing and polishing them like they are fabergé eggs, and joining cast iron groups.
Privacy is the same. Learn the basics, follow the basics, relax and get over yourself.
Many times throughout my life, what would seem like a reasonably easy question to answer has changed dramatically.
30 years ago you could look at data collection and go there's no way that they could store a meaningful amount of data about everyone.
20 years ago you could look at data collection and go there's no way they could have the contents of every phone call It's just targeted it's not a big deal
We are the point now, where everything you ever wrote or said could be thrown into a model with such unimaginable levels of lossy compression that they could simply ask it if you are the kind of person who is into whatever the future administration deems as unacceptable and deny you access to things. All you need is a fascist regime or a dictatorship installed and all of a sudden anything you ever did can be used as grounds to lock you up.
On a governmental budget it wouldn't even be that expensive and we're just at the beginning of this.
We have seen that governments can change quickly, We know the data collection is affordable and can be permanent.
Certainly some people privacy-minded to the point of compulsion. But I can't say that anyone is wrong to seek extreme levels of privacy based on trends and capabilities.
They leave your cell phone at home and make sure somebody opens your apps and uses them people aren't anywhere near as crazy as they used to sound
La Finlandia accende la prima batteria di sabbia più grande al mondo
La Finlandia accende la prima batteria di sabbia più grande al mondo
In Finlandia è attiva la più grande batteria di sabbia al mondo: 1.000 MWh di energia termica stoccati per settimane.Ilaria Rosella Pagliaro (GreenMe.it)
Jeff Bezos: questo matrimonio a Venezia non s’ha da fare….
like this
Rozaŭtuno likes this.
Iranian-Aligned Hackers Attack Trump's Truth Social: Report
Iranian-Aligned Hackers Claim Responsibility for Attack on Trump’s Truth Social Platform
A group of Iranian-aligned hackers has reportedly attacked something President Donald Trump holds dear — his Truth Social platform.Joe DePaolo (Mediaite)
Rozaŭtuno likes this.
Meta pauses mobile port tracking tech on Android after researchers cry foul
Meta pauses mobile port tracking tech on Android after researchers cry foul
: Zuckercorp and Yandex used localhost loophole to tie browser data to app users, say boffinsThomas Claburn (The Register)
Fact check: Viral drone video of Gaza destruction is real
Fact check: Viral drone video of Gaza destruction is real
A viral video is circulating showing the destruction caused by Israeli strikes in Gaza. DW has verified the footage of mass destruction at the Jabaliya refugee camp.Kathrin Wesolowski (Deutsche Welle)
Dal 27 al 30 giugno musica e gastronomia nella Sagra del Salame di Turgia a Devesi Di Ciriè (To)
La frazione Devesi di Ciriè si prepara a ospitare l’ottava edizione della Sagra del Salame di Turgia, evento che celebra uno dei prodotti più tipici del Ciriacese e delle Valli di Lanzo: il “Salam ëd Turgia” in piemontese, o “Salàm eud Tueurdji” in francoprovenzale. Si tratta di un salume preparato con carne di vacca, lardo e pancetta suina, aromatizzato con sale, pepe, aglio, vino rosso e spezie, poi insaccato nel budello torto di bovino. “Turgia” in piemontese indica una vacca sterile, ma può riferirsi anche a un esemplare giovane.
Organizzata dalla Pro Loco Dveisin Festareul e patrocinata dalla Città metropolitana di Torino, la manifestazione si terrà da venerdì 27 a lunedì 30 giugno in località Colombari, in occasione della festa patronale di San Pietro Apostolo. Una quattro giorni dedicata al gusto e alla tradizione, dove sarà possibile assaporare il Salame di Turgia in un clima di convivialità, accompagnato da altre specialità locali. La preparazione del salame affonda le radici nella cultura contadina e nelle famiglie che ne tramandano i segreti, rendendolo simbolo di identità e amore per il territorio.
Il programma prevede musica dal vivo, spettacoli e animazioni. Si parte venerdì 27 con l’inaugurazione affidata a Sonia De Castelli, cantante e volto noto della TV. Sabato 28 spazio alla discoteca mobile Energia. Domenica 29 salirà sul palco Luca Giordano, mentre lunedì 30 chiusura con l’orchestra Enrico Negro. Durante la sagra ci saranno anche momenti divertenti, come il Chupito San Peru e la gara di tiro alla fune domenicale.
Dal 27 al 30 giugno musica e gastronomia nella Sagra del Salame di Turgia a Devesi Di Ciriè (To) - ViaggieMiraggi
La frazione Devesi di Ciriè si prepara a ospitare l’ottava edizione della Sagra del Salame di Turgia, un evento che celebra uno dei prodotti più iconici della tradizione gastronomica del Ciriacese e delle Valli di Lanzo, detto anche Salam ëd...Redazione (ViaggieMiraggi)
Cina e l'inconfutabile dualismo nei ricami: da un lato scimmie, dall'altra cani - Il blog di Jacopo Ranieri
Cina e l'inconfutabile dualismo nei ricami: da un lato scimmie, dall'altra cani - Il blog di Jacopo Ranieri
Per anni quel ritratto mi ha fissato dall’angolo ombreggiato del salone, di un inquisitivo terrier a pelo lungo con gli occhi cerchiati di nero.Jacopo (Il blog di Jacopo Ranieri)
Dessalines
in reply to ☆ Yσɠƚԋσʂ ☆ • • •- YouTube
youtu.be☆ Yσɠƚԋσʂ ☆
in reply to Dessalines • • •Dessalines
in reply to ☆ Yσɠƚԋσʂ ☆ • • •☆ Yσɠƚԋσʂ ☆
in reply to Dessalines • • •