No, most of what OP posts is fine, like 99% of what is posted on Lemmy.ml. I'm a communist, I'm happy with communist perspectives. This, however, is something I had already seen circulating and had suspected it was false because it's out of character for the DPRK.
The DPRK can do nuclear war safely because afterwards they can just use Juche Necromancy on the whole world. So when you see the mushroom clouds just relax. You'll be waking up in Pyongyang soon.
Quite impressive choice of apps, usually when I look at screenshots of privacy enthusiasts they look more or less like my own phone, and with you I share 3, maybe 4 apps only
Accrescent: Store ~~run~~ (edit: advocated) by the GrapheneOS team for third-party apps
Aegis: 2FA TOTP code generator
AirGuard: Scans for persistent AirTags in the vicinity, notifies if I may be victim to AirTag tracking
AntennaPod: Podcast manager, also supports importing local folders of podcasts
AudioMonitor: Measure sound level
Binary Eye: Support for many types of 1D and 2D barcodes
ByeDPI: routes internet traffic through the DNS port to bypass certain types of filtering
Canvass: doodle app, useful for mid-conversation diagrams and clarifying things visually in the absence of pen and paper
ClassiCube: Minecraft Classic clone
Conversations: XMPP client
Editor: raw text editor
Elementary: periodic table
SimpleEmail: minimalist e-mail app that does not automatically fetch linked images. Refereshes in the background every 15 minutes and sends notifications without need for Play Services or equivalent
FakeStandby: for edge cases when I want something to keep running in the foreground, but don't want to keep the screen on
Feeder: RSS client
Fintunes: Jellyfin client optimized for music
FlorisBoard: customizable keyboard
Fruity Game: Suika but with MS-Paint art style
Graph 89: Graphing calculator emulator
Invizible: Tor and DNS client
Kiwix: Offline Wikipedia (you can download just the parts useful to you, e.g. medical articles without storage-hungry media files)
Lemuroid: GBA emulator
LocalSend: instant P2P filesharing over WLAN
Markor: notes app with markdown
Material Files: files app with SMB share support and various handy features
Molly: Alternative Signal client
Fossify Messages: I use it over the default messages app since it is easy to block numbers by pattern
Notally: notes app with nice checklists
Open Camera: as easy to use as the regular camera, but with a bunch more features below the surface
OpenContacts: saves contacts as individual .vcf files to a directory for easy backup and allows dropping unknown callers without bothering me with a notification
Organic Maps to be replaced with CoMaps later
OSS Document Scanner: best FOSS scanning app I've found so far. Includes auto-cropping (given enough contrast) and adjustable B&W filter to eliminate off-white background colors.
phyphox: view output of sensors like the barometer, magnetometer, accelerometer, etc.
PipePipe: NewPipe but better (except for the occasional memory leakage)
QDict & QuickDic: offline dictionaries and bilingual wordbooks
RadioDroid: IP radio client. Can tune in to international news, music, sports broadcasts
RHVoice: TTS app
RiMusic: NewPipe, but for ~~Spotify, etc.~~ YT Music
SecScanQR: QR scanner and generator with history, useful to save QR addresses for later use since I don't want to fill out forms or read documents on my phone
SuperTuxKart: the only [edit: other] game on my phone
Symphony: Music app with a slick UI
Trail Sense: Compass with various goodies useful for outdoor activities
Breezy Weather: weather app and homescreen widget with a slick UI
MicroMathematics: Math engine, but I never learned how to use it
Ahhh....I am of the generation that remembers when there were no calculators. When they started becoming available, yes they were quite expensive. All my teachers would say 'what do you think? You think you're just going to have a calculator in your pocket all the time?' Well, yes Mr Mizelle in engineering, I will be walking around with a calculator in my pocket that links to a satellite in outer fucking space.
Fossify Paint does the same thing without adding the IzzyOnDroid repo, I just happen to have Canvass since it was the first thing that showed up when I searched.
Honest question: I see a lot of people here use their mobile phones as a computer platform. I have a general uneasiness about doing so. Not throwing any shade whatsoever, I just feel there is too much out of my control on a mobile phone, for me to trust it more than I do. My general policy is not to use my phone as a mobile computing platform even tho I have a VPN installed and use Firefox as a browser.
My local network for instance. There is one pipe in and out. I can easily see what is coming in and what's going out and I can control that with the granularity of a gnat's ass. I know what my software is doing or not doing. I can allow or disallow anything I want. On a mobile phone, I feel that the control I have on my PC is not equal to the control I have on my phone.
How have you come to terms with what you can't control on your mobile phone?
On occasion, I do leave the compound, but it's usually to get staples I don't grow/produce on the farm. Rarely does that process need a mobile computing platform. (I guess that's what you're asking)
Touch grass? Not OP, but when I’m out of the house, it’s because I need to do something, so I’m barely on my phone except for navigation, the occasional text/call, and paying for stuff. Otherwise, I use my laptop most of the time (at home and at work).
I definitely agree with you on this. My pet theory is that phones have been getting uncomfortably big, at least from my perspective, since the average consumer is expecting it to serve as a computing and productivity platform, while all I want is a nice little digital Swiss army knife. I'm only logged into my messaging apps and personal email, and don't expect to do any sort of "productivity" on my phone. When my friends and colleagues assume I'm logged in to this-or-that on my phone, all I can think about is how afraid I would be if I were logged in to so many things on my personal phone. It's so much harder to inspect what's going on in the background of mobile devices.
One of the compromises I've had to accept is the closed, yet exploitable nature of the baseband and firmware. Also how much more spying it could do compared to any PC if an exploit were to get through. Compiling Coreboot and neutering the Intel ME taught me a lot about who's really in control - and how much control we all lose to smartphone manufacturers and telecom companies.
I run an older android version, no google apps, rooted, and use AFWall/AdAway. I'm sure it's not as secure with root and older software but I can mostly trust it to not send weird network packets etc.
Forgot to put that on my list earlier, it scans for nearby WiFi access points and returns the signal strength, band frequency, and various details about each.
Pixel 5, unfortunately a bit out of date since I'm putting off the repair of my 7a. Same app selection on the 7a though since I've maintained this as my backup.
That's how my GrapheneOS phone is zero proprietary apps in the main profile and then my own separate Google profile. Essentially get to carry two cell phones with one device.
What does maintaining a separate profile for Google stuff buy you? I'm familiar with GrapheneOS, but haven't internalized the separate profile thing yet.
Then when it's locked down it shuts down play services and apps to complete non functionality.
Go into system and create a new user. Set up that user exactly like you would a standard smart phone. And any apps you have on your main profile completely open source. That way it's 100℅ Google free
Got that part, but what throws me is, in order to install a Google app on that secondary "google" profile, don't you have to first install the Google app on the main profile so that you can then push it to the secondary profile?
Oh, I see. I must've misread a tutorial at some point then. I did not realize one could install an app directly into profile #2, I thought root had all the apps and then specific apps had to be pushed to the other profiles. Thanks for clarifying that.
There is a guy in YouTube who does this. Side of Burritos? He has Google play on his main profile and then has a degoogled account for the second profile and transfers all the play store apps to the second profile. (Essentially making it his main).
Pull down your notification bar twice. In other words expand it all the way. There is a small person Inside of a circle icon. That is how you can select the other profile. It's super fast and easy.
Then when you are done inside the profile. Hold the power button and select "Lock Out" and this will completely close down the second profile and put you back in the Main profile with the other completely shut down.
Downside is you wont get notifications in one area or the other from the opposing profile when it's not in use.
An alternative that is pretty secure too instead of profiles is to do the same thing in Private Space. This is found in the settings under the Security tab. This WILL get notifications to your main profile and when you shut down Private Space all apps stop completely including Play Services. But it's not as isolated as profiles
Wow, this is impressive. I had heard about profiles but never got into the detail and never really understood the benefit. So, a cool way of using this it to have a FOSS only space under the main admin profile and the build up a second "big brother" profile where I stack some annoying apps that in a way or another I'm forced to use like banking app and what's app. When the "big brother" profile is shut down, nobody tracks you. Would that be correct? If this is true I'm here asking myself why on earth people are not harnessing this more.
Yes, when you google profile is shut down.... It is completely isolated. You could install an application that is 100℅ malware and it would be completely closed down the moment you lock down that profile.
If you need what's app, I would either check your side profile a few times a day for messages OR you can stick What's App on the Private Space area of your FOSS profile so that it's Super easy to check. Private space works the same way in that when it's shut down..... The apps are 100℅ turned off including Play Services.
It still can't be done 100% unless you make significant sacrifices to the usefulness of your smartphone...there's plenty of really useful (and sometimes necessary) things with no FOSS or open source alternatives.
Not to mention drivers... many driver blobs are proprietary and if you can find an open source one, there is a chance it works partially or not at all. I have a spare phone and I've been hesitating between flashing either PostmarketOS (all FOSS drivers but without the android ecosystem) or LineageOS, or maybe both if I can achieve that.
...your modem runs it's own firmware with a lot of extremely shady behavior, and you can't touch that regardless of which OS you install. Even your SIM card can arbitrarily execute Java applets and fetch from the network without your command, but at least it's somewhat contained. Your modem though, it can do a lot without your control and people like Qualcomm have been caught doing nasty stuff with it (plus, of course, giving the US the data whenever they ask for it).
This is why people like Stallman and Snowden often talk about teaching users how to use libre software on their computers, but rather than pushing for the same with smartphones, they tell you to not touch these at all instead. They're fundamentally anti-privacy devices, built this way.
Of course I carry one, it's fairly hard to live without a phone nowadays, but we must be aware of the impossibility of fully containing the data harvesting they do.
I agree with you on all your points. I just wanted to add that there's openWRT, a linux distro for routers and embedded systems (never used it before and the router I use is not mine), maybe that can solve the router part, I may be wrong though.
I just ran the two apps side-by-side and barely found any differences other than some subtle UI changes. How exactly is it different? And how is Organic Maps being enshittified?
I haven't been keeping up with Organic Maps updates to see if they differ but I'd assume they're basically functionally the same, except for potentially Kayak results.
Of course, I don't mean speed, I meant the search format. On Google I can search for an address with the usual format of 123 Street, City. If I search that way on Organic/Co, it doesn't pop up results the same way. I just never understood it besides being an offline map for my reference.
I don't know about other countries but here in germany I just type the street and the number of the house and it takes me to it. (as in Street 123, City)
To be fair, I only have a few of my friends and some of my family on XMPP. I'm also guilty of having WhatsApp on my work phone for colleagues and the rest of my friends.
Last I tried RHVoice is was very unnatural sounding.
Sherpa-onnx is a much much more natural option. I personally use vits-piper-en_GB-southern_english_female-medium because I thought it sounded the most natural. You can also use Glados from Portal
In May, Hegseth ordered that the military cut 20% of its four-star general officers, directed an additional 10% cut from all general and flag officers across the force, and told the National Guard to shed 20% of its top positions.
In February, Hegseth fired Adm. Lisa Franchetti, the Navy's top officer, and Gen. James Slife, the Air Force's second highest officer, without explanation. He also relieved the military's top lawyers.
Since then, Hegseth has fired other military leaders without saying why. Most recently it was a general who led a military intelligence agency whose initial assessment of U.S. damage to Iranian nuclear sites in American strikes angered President Donald Trump.
Defense Secretary Pete Hegseth has summoned the military's top officers to a base in northern Virginia for a sudden meeting next week, according to two people familiar with the matter.
TLDR: the paper introduces the use of a Repository Planning Graph to overcome the planning and consistency problems that have prevented LLMs from generating complete, complex software projects.
The graph allows reliably generating codebases 3.9x larger at 36K lines of code with far more correct pass rate at 69.7% compared to mere 33.9% before. Replacing ambiguous natural language with a structured graph allows the LLM to plan and execute long-horizon tasks reliably and at scale.
Large language models excel at function- and file-level code generation, yet generating complete repositories from scratch remains a fundamental challenge.
Uefa could decide as early as next week whether to suspend Israel from its competitions, with the governing body facing growing pressure from inside and outside the game.
Reports on Thursday, initially in the Times, suggested a vote that would determine Israel’s participation in World Cup qualifying and that of Maccabi Tel Aviv in the Europa League could be held by Uefa’s executive committee before the international break begins on 6 October.
When I moved to Coreboot, I also elected to encrypt my /boot partition, which is decrypted by the GRUB payload of Coreboot. I mostly worked on this by trial-and-error, which resulted in the workflow:
GRUB unlocks /boot
Keyfile in /boot opens /
Partition for /boot is listed in /etc/crypttab, with another keyfile to unlock /boot again from within Linux
/boot is mounted via /etc/fstab
Steps 3 and 4 always seemed inelegant to me, but after doing systemd-analyze, I realized how much those steps consume when booting (9 sec).
My questions:
After GRUB unlocks /boot and boots into Linux proper, is there any way to access /boot without unlocking again?
Are the keys discarded when initramfs hands off to the main Linux system?
If GRUB supports encrypted /boot, was there a 'correct' way to set it up?
Or am I left with mounting /boot manually for kernel updates if I want to avoid steps 3 and 4?
After GRUB unlocks /boot and boots into Linux proper, is there any way to access /boot without unlocking again?
No. The "unlocking" of an encrypted partition is nothing more than setting up decryption. GRUB performs this for itself, loads the files it needs, and then runs the kernel. Since GRUB is not Linux, the decryption process is implemented differently, and there is no way to "hand over" the "unlocked" partition.
Are the keys discarded when initramfs hands off to the main Linux system?
As the fs in initramfs suggests, it is a separate filesystem, loaded in ram when initializing the system. This might contain key files, which can be used by the kernel to decrypt partitions during boot. After booting (pivoting root), the keyfiles are unloaded, like the rest of initramfs (afaik, though I can't directly find a source on this rn). (Simplified explanation) The actual keys are actively used by the kernel for decryption, and are not unloaded or "discarded", these are kept in memory.
If GRUB supports encrypted /boot, was there a 'correct' way to set it up?
Besides where you source your rootfs key from (in your case a file in /boot), the process you described is effectively how encrypted /boot setups work with GRUB.
Encryption is only as strong as the weakest link in the chain. If you want to encrypt your drive solely so a stolen laptop doesn't leak any data, the setup you have is perfectly acceptable (though for that, encrypted /boot is not necessary). For other threat models, having your rootfs key (presumably LUKS2) inside your encrypted /boot could significantly decrease security, as GRUB (afaik) only supports LUKS1.
Or am I left with mounting /boot manually for kernel updates if I want to avoid steps 3 and 4?
Yes, although you could create a hook for your package manager to mount /boot on kernel or initramfs regeneration. Generally, this is less reliable than automounting on startup, as that ensures any change to /boot is always made to the boot partition, not accidentally to a directory om your rootfs, even outside the package manager.
If you require it, there are "more secure" ways of booting than GRUB with encrypted /boot, like UKIs with secure boot (custom keys). If you only want to ensure a stolen laptop doesn't leak data, encrypted /boot is a hassle not worth setting up (besides the learning process itself).
Thanks for the explanation. And you're right - it's was a nice learning exercise and a "satisfying" stopgap while I figure out how to compile either Libreboot, which has a variant of GRUB patched with proper LUKS2 and Argon2 support, or TianoCore, which is rather involved and scantily documented for the old X230 hardware.
Senza nulla togliere ai farmaci, se vogliamo diminuirne l'uso, se ne prendiamo troppi e non vogliamo aggiungerne altri, due sostanze naturali, piacevoli, buone e, anzi, irresistibili potrebbero aiutarti moltissimo. Provare per credere
TLDR: the paper introduces the use of a Repository Planning Graph to overcome the planning and consistency problems that have prevented LLMs from generating complete, complex software projects.
The graph allows reliably generating codebases 3.9x larger at 36K lines of code with far more correct pass rate at 69.7% compared to mere 33.9% before. Replacing ambiguous natural language with a structured graph allows the LLM to plan and execute long-horizon tasks reliably and at scale.
Large language models excel at function- and file-level code generation, yet generating complete repositories from scratch remains a fundamental challenge.
g isn't the unit of weight, it's the unit of mass, the unit of weight is N(ewton) and depends on the gravity, only the mass of an object is always the same, not the weight. Your weight on sea level is higher than on the Mount Everest. This is one of the biggest fail in the imperial system, there isn't a difference of weight and mass and the cause of even deathly accidents.
Yeah. I'm over 40 years into the metric system and I keep making this mistake intuitively. I don't make it when doing calculations bit just when quick guessing.
Brits need to stop implementing inferior (though accessible) standards, then after abandoning them when realizing their mistake, make fun of others using the previous standard. Don't let anyone find out you used to call association football "soccer" to be distinct from rugby football or still measure some things in imperial stones.
Non-brits, this isn't directed at you lol. I know imperial measurements suck
Yes, but even those had changed to the SI system decades ago. Apart the US don't use even the same Imperial system of the british pirates, the units are different.
Imperial system not even make difference between weight and mass, it is the most outdated system worldwide and the cause of a lot of desastres with even victims, because due to calculation errors, inherent in this system.
For day to day life, weight and mass might as well be the same. I love science and astronomy but I'm not buying a pound of lunch meat at the deli counter to take into space.
Well, when I buy a pound of lunch meat in the EU, they give me 500 g of lunch meat, because this is what for us is a pound. The SI system are round clear and related numbers which make it easy to calculate, the Imperial system isn't, nothing to do with going in space or building a quantum computer, but simply calculating the amount of plants with a distance of 2 inches in a garden with 20 feets.
I grew up with metric and moved to an imperial country as an adult. I now have a different view of the systems and honestly prefer imperial. Hear me out.
Imperial organically evolved over centuries to better match the lived human experience. The major units used now are more useful to the average person. The fact they are not base 10 is due to the fact that the main uses for each aren't related in that way.
For temperature, 1 degree Fahrenheit is the minimum I can feel. 50 F is a middle temperature outdoors for many temperate climates: 0 F is very cold and 100 F is very hot. The temperature at which water boils or freezes at sea level is not as useful to my daily experience and the difference in a degree Celsius is too large.
I like inches, yards, and miles. I prefer ounces and pounds. Pints, quarts, and gallons now make more sense to me. I am not a scientist or engineer (who absolitely should use metric), but a guy trying to deal with weather, get places, and buy things to eat/drink.
Of course, if I learned an aircraft type was designed in imperial only, I wouldn't get on it. Metric has its purpose. It's just not as good for daily life.
You just used to use imperial system and thats why its convenient to you. If you used metric the whole life you would also feel it suits you. Its just the matter of remembering key temperatures and have a feeling of it. The key difference in metric is, you can do the conversion easily if you ever have to, but in the normal use its no different than imperial. If you feel (have memories related to) the unit, like 1kg - 1L of water, 0 celsius - water frozen, 1000L - 1m3. I tell you, if you used to use metric and have a feeling of it, you would never ever want to go back to imperial
To me, kilometers and miles are in a similar class; I don't have a reason to prefer one over the other. Same with kilos/pounds. Even though a kilo is more than double a pound, it's used to measure the same kinds of things. As with Centimeters/inches, quarts/liters, yards/meters.
Metric seems to do better at measuring very small things, or very precise things, but lacks middle measures that help with day to day life like Ounces and Feet. If there was a metric foot, like a quarter or third of a meter, it would be more useful. Same if there was a metric ounce, lets say 25 grams (an actual ounce is slightly over 28 grams).
I have a growing sense of optimism about the political situation in the United States. But it’s not necessarily because I’m more confident about the outcomes…
Mastodon has a concept called "featured statuses", which is a special collection attached to a Person actor.
[url=https://docs.joinmastodon.org/spec/activitypub/#featured]https://docs.joinmastodon.org/spec/activitypub/#featured[/url]
It wasn't readily k
Mastodon has a concept called "featured statuses", which is a special collection attached to a Person actor.
It wasn't readily know how this collection is updated and federated (not without code achaeology), but claire@social.sitedethib.com recently shared some additional info :smiley:
The actor itself will issue an Add activity targeting the collection with the status in object.
This activity is sent to all followers of the actor.
No activity is sent if the actor has no remote followers.
Every single browser sync solution requires some sort of storage at the company, something to keep in mind when it comes to privacy.
Yes, FF fanbois, even self-hosted Firefox sync server needs the Mozilla account verification server and it's ridiculously difficult to set it up compared to just self-hosting the data storage component.
But people in China certainly seem to think this is an example of AI. China Digital Times reports that it wasn’t just the same-sex image that was altered, but the distributor did also cut out some straight sex scenes from the film... As one user implies, the AI is a more sophisticated and “terrifying” form of censorship because smart viewers have figured out ways to get around obvious censorship or can tell the difference, but that’s much harder with AI. Here’s a smattering of some of the comments, sarcasm implied on the last one:
...in the future, we won’t even be able to tell if we’re watching the original film or not.
...This is nauseating because it not only interferes with the integrity of the plot, it disrespects the sexual orientation of the actors....
...Awesome! Next, let’s use one-click AI to re-release “Brokeback Mountain,” “God’s Own Country,” “Lan Yu,” and “Happy Together” as “restored” hetero romances...
Microsoft has terminated the Israeli military’s access to technology it used to operate a powerful surveillance system that collected millions of Palestinian civilian phone calls made each day in Gaza and the West Bank, the Guardian can reveal.
Microsoft told Israeli officials late last week that Unit 8200, the military’s elite spy agency, had violated the company’s terms of service by storing the vast trove of surveillance data in its Azure cloud platform, sources familiar with the situation said.
The decision to cut off Unit 8200’s ability to use some of its technology results directly from an investigation published by the Guardian last month. It revealed how Azure was being used to store and process the trove of Palestinian communications in a mass surveillance programme.
Ryan Walters, the state’s superintendent of public instruction, released a video address on Tuesday saying that “every Oklahoma high school will have a Turning Point USA chapter.”
“For far too long we have seen radical leftists with the teachers unions dominate classrooms and push woke indoctrination on our kids,” Walters said in the video posted to social media.
The state-mandated chapters of “Club America,” Turning Point’s high school program, will ensure students “understand American greatness” while enabling them to “engage in civic dialogue and have that open discussion,” said Walters.
State school superintendent Ryan Walters said public high schools across the state must partner with late activist Charlie Kirk's organization to counter "woke indoctrination."
I meant that this is the Achilles heels. A lot of us have it. It has the meta AI on it that we can't deactivated. It is EEE and GOS does a good job isolating it but still a non privacy app.
I mean bro, they aren't really defending Proton here but rather they are calling out childish behaviour. Since why should I be downvoted for using an app? I didn't even know Proton was so controversial up until now
Just because you don't agree to something doesn't mean you should try to make it unpleasant for the other person, you could of just called out Proton without encouraging people to grief me
Great, hating on people because they don't know something is surely the right thing to do. Just like how people beat children for making mistakes, they need to learn the hard way right?
Ah so now I'm orchestrating downvote bots at you? Let me tell you something, just because you would do something doesn't mean others will do the same thing. I am not you bro. Really it's hilarious how a minute ago you said I'm acting like a victim but now somehow everything is purely my fault
If you were to take a look you would see that in another comment here I was already considering switching to Tuta. And guess what that person didn't try to grief me
Also I don't have time to list every time everything wrong with Proton or other crappy company. It's all over the internet, use the search button as I already told you.
Never said it was, you don't need to. You are yet again missing the point. Hate on Proton all you like but why hate on me for the simple reason I was using an app that might be controversial. This setup is leagues ahead of a normal consumer setup
My take is that Proton CEO Andy Yen's pro-Trump comments were born out of naïvety, not the same mindset that plagues tech CEOs in the US. Combining that with Proton's benign actions since then, I think it's a good time to diversify, become familiar with alternatives like Tuta as you say, and make a backup plan should they enshittify, but don't rush to jump ship now.
What you mean? You do realise most of us degoogle to get away from American grasp on technology, what's the purpose of switching to Proton if there's services even more independent?
The problem is I have been using proton for years and I have 385 entries so switching to say Tuta would be a drag (unless there is an option to migrate, I haven't checked) Proton IIRC is also the cheaper of the two. Or would you say I should suck it up and make the switch?
I'm not sure, does managing two email accounts would be difficult for you? It wouldn't be too bad having one extra, having some accounts on a different mail might work for you, if one gets hacked you don't lose access to everything right away. Also you don't have to migrate all the entries right away, you can always just make new accounts on a new email provider, and if you do use password expiry in your pw manager you can migrate emails right then
I didn't say anything about the Trump tweet. I only mentioned the journalist comment, which there is more information an nuance to it than you allow for.
But you assume because I say one thing I must be your enemy. You call me names. You refer to me as a group instead of a person.
So clearly you are an island to yourself. I hope your relationships in real life are far more fruitful.
NanoGPT is more "no-logs" from what I understand buttt you can pay in XMR and have a dedicated "account" (you get a sign in link to keep safe) and run it under tor
In NanoGPT You also got TEE (Trusted Execution Environment) models which are more private/secure from my understanding. From GPT-OSS 120B TEE:
"TEE‑based AI models run their inference or training inside a Trusted Execution Environment (TEE), a hardware‑secured enclave that isolates code and data from the rest of the system. This provides data confidentiality, protects the model’s IP, enables cryptographic attestation of the exact model version, and satisfies regulatory privacy requirements, making AI services trustworthy and suitable for secure multi‑party or decentralized applications." One downside is that they are usually pretty expensive to run
KeePassDX, nice choice! I really wish I could have DX or XC on both phone and desktop. Love both but would prefer to donate to one. Wallet is unhappy but I really try to donate to all FOSS apps I use...
I do back it up with the rest of my stuff to an external hard drive, but that's... Like once in a year so could be better.
I have my keepass database file in my cloud that i use to sync it between phone and PC. I create a backup of all of my files on my PC + cloud folder once a year to an external hard drive. Better than nothing but probably would be better to do this more frequently 😄
I also empty my phone from time to time and move everything I want to keep to my PC (like photos).
Wait isn't that defeating the purpose of KeePass? I strictly use it as a local password manager (no cloud backups and such), since I thought that was the main spelling point
Or is the database file encrypted with a password? If not you might want to use something like VeraCrypt to encrypt and password protect the database files on the cloud
Didn't see this comment but: I trust enough my cloud provider + the database file is encrypted with the masterpassword you set for your keepass.
I also use this cloud to host my Joplin notes, which are also E2EE (joplin supports it) so even if my cloud provider would take a peek it's all encrypted.
You can of course. I think the selling point is that you control it and it's a single file that you can decide where you'll keep it, how you access it, and what app you use to interact with it.
I can copy, delete, move it all without needing a service for it. Can modify it offline and everything!
I don't host the file on a password manager dedicated cloud, it's my own cloud space with other files I have there as well. So the file is just in my cloud space, with other files, and i have a synced folder on my phone + pc and just access that cloud folder with the file from keepassXC on my PC and keepassDX on my phone 😀
For me keepass offered a single databae file that I can decide where and how I keep it. Also works offline because the cloud syncs folders and even without internet a version exists on my phones cloud folder (until it gets synced again with internet).
I had not heard of ubicloud, that's pretty cool! Thanks for the tip!
And sure:
I don't self host it, I got managed owncloud space from a domain and web host provider.
I manage my own VPS that I got from them but the cloudspace came extra with buying the domain + email services (I've managed email server at my job and no way in hell will I do that for myself, too much headache).
So basically, in short, I have a managed email + owncloud space (just 5gb, don't honestly need more) from a commercial provider and just use owncloud app on my phone and PC to sync folders on both. I keep my encrypted joplin notes and (encrypted by default) keepass database on this cloud. Owncloud takes care of syncing and I just use Joplin and KeePass on both devices and set them to use the files in owncloud folder. Never had an issue in 2 years with anything.
Technically my provider could scan my stuff, but they won't get anything out of joplin notes or keepass.
Your idea for a setup sounds way more private, but i think for my usecase I've been happy since it's so low effort and still does what I want it to do.
I have seen on lemmy people recommend syncthing (syncthing.net/) for keepass, which directly synchronizes a folder between devices without a middleman if you wanr. But everytime you want to sync you need to have both devices on for that as there is no automatic middleman that is always available. Maybe that could be done with a raspberry pi?
Anyway: you can easily set this up with proton if you already have proton cloud no?
BTW I find SimpleX is great for syncing between your phone and PC. I used it with multiple computers/profiles on GOS and just created an incognito group without history and with disappearing message and that's how I moved stuff like addresses and passwords to my PC. The app is also great for communication ofc
It's AMAZING, so many settings, and I use Orbot proxy (doesn't take VPN slot) and configure SimpleX to use it for that extra extra protection (and concurrently I use mullvadVPN for that extra extra extra protection)
Are those green mini icons an indication of a PWA shortcut?
I use the app Hermit to run isolated websites, usually as PWAs. It's replaced quite a few apps, but I've noticed that many companies are intentionally making their web experience shit so they force you to use invasive apps.
Anyway, it can create home icons for those sites, and they run separately (i.e. in your task switcher), so it works better than browser shortcuts.
I mean currently I only have protonpass and whatsapp from aurora so I'm chilling, everything else is from obtainium. But I'll try it out (last time I didn't understand how it works, idk If it's bugged for me but the apps I put in the private space stayed on my "desktop")
Some apps that you use are not safe. Aurora store doesnt send too much data to google but it doesnt verify app signatures which can lead to installing malicious apps, use normal play store instead which verifies app signatures (its also suggested to use by grapheneos devs). Whatsapp, collects data about you. Cromite, uses adblock plus which is really bad. Also here is another reason why cromite is bad:
“Cromite has very problematic changes included which substantially reduce privacy and security. It reduces security more than it improves it. For example, it includes the highly problematic Eyeo filtering engine from the company behind Acceptable Ads, Adblock Plus, etc. which took over the forked uBlock extension misleading people with the name pretending to be the uBlock Origin project among other extensions. Eyeo’s C++ code is low quality and has memory corruption issues… Cromite including the incredibly sketchy Eyeo content filtering engine and stuff like additional codecs goes against what we’re trying to achieve. We also don’t think the randomization-based anti-fingerprinting approach works, among other issues”.
Ah fuck, I use Cromite because I find vanadium PWA for the stuff I use are buggy and slow. I used to use brave for this purpose, should I go back? Damn I guess I will need to link this phone to my throwaway gmail account (which still has private data) WhatsApp I can't ditch due to family and Signalphobic friends
On grapheneos you should be using vanadium since its most secure browser on phone. On other android devices, use brave instead. Also if family and friends dont want to use signal but want to use whatsapp then uninstall whatsapp, one way or another they would have to either end up using sms or other form of contact
Hmm I might do that actually, I've been wanting to get rid of WhatsApp for a while now, I think I'm still gonna use a second browser (Brave now) for my PWAs, my threat model allows it
On the contrary if in the end everyone moves to SMS and normal calls wouldn't that actually be pretty bad? Since WhatsApp is E2EE (with the major flaw of default unencrypted backups which are shoved down your throat). But maybe it's not that big a deal since I assume most if not all of the people I'm talking to likely have unencrypted backups
"Casually reminds you thatIronfoxexists & it's a lot more "private" than most chromium-based browsers, & has ublock origin. (slow by default tho)
also while aurora store doesn't verifies signatures, is has Exodus integrated which dynamically analyses & warns about spyware, tracks and telemetry so you more caucious about the littered "free" apps...
Yes, ironfox is good too (i forgot to mention it) but on grapheneos you will want to end up using their browser
Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
Also, having exodus integration in app downloader is good but not worth it for exchange of no signature verification, so it's better to just check it in browser instead or use their app to check trackers
I'm thinking if I need to use WhatsApp again I'll try to download it, connect to WhatsApp web on my laptop and then delete it from my phone. Idk if it'll work but it's worth a shot
I am, it's just that for some of my PWAs, they are unusable/buggy/slow on Vanadium. And lol I'm going around in circles. Do I reinstall Cromite now haha?
Don't! Your whatsapp session will expire over time & you gonna need to reinstall it on your phone. Ether install whatsapp on private space or, if you feel adventurous, selfhost a Matrix-Whatsapp bridge.
Alternatively, convince your socials to use smh foss & more reliable, Maybe telegram if they insist on mainstream, It got a foss client but telegram doesn't enable E2EE by default (Secret Chat).
Signal would be better for a mainstream secure communication as Telegram has its flaws, and E2EE is not enabled by default. It's also not available in channels.
WARNING: this reply have 2 ounces of opinion-like ""facts"", a pinch of logic that make 0 sense & a whole bottle of chunky post, Read, at your own warrenty...
Of course, signal, molly&unipush or even threema or anything more practical / security-audited is more worthy of your phone number and storing your data in an encrypted form, I'd recommend conversation or matrix even more so they don't require a phone number(but for some reason, they're more scarce in usage)
Since messaging apps have to do with, well, messaging people & socializing, going to a person that doesn't have your app & genteelly asks them to install an app is an inconvenience that people want to avoid...
Don't get me wrong, I'd spend an hour talking messaging apps their differencies & cons but, as far as I'm aware, most non-tech invested ppl would consider this "dead-time" and would rather already text on the "avaliable app"
So, instead, you'd preinstall "mainstream" apps to not even mention it and start texting instandly since you're usually expected to have it (pre)installed. (i remember whatsapp and fb-messanger being preinstalled on some vendors)
This or use imessage & make them question their existence 😀 Even on android
To the best of my knowledge, the top "mainstream" apps out there are: whatsapp, telegram, discord (yes, DiScOaRd), imessage and sadly, facebook messanger.
(I know signal is getting recognised in "mainstream" & getting more adoption, but for some reason, I don't see ppl installing it because it's not "that" viral to have enough contacts or it would go unoticed by them because "muh FBI and privacy controversies are too creepy" )
most ppl are aware of these apps and their mass adoptions so they wouldn't even bother and just get it done with or install the app already.
Out of these options only 2 are actually viable for secure & private messaging especially for Floss: Telegram, for being "transparent" & having it's source avaliable for security auditing. imessage: for being E2EE encrypted by default with The Manufactureᵀᴹ showing some dedication about the anonimity & security of the product.
Telegram don't E2EE by default, but you can just start a secret chat that would be private, at least they allowed for foss, third-party clients & made their own "proxy" while encoraging VPNs,
imessage can't be really called floss because the offical client isn't & is also gate-limited by The Manufactureᵀᴹ , but at least it has a foss unoffical client that still faily usable (with the compromise of needing MacOS "installed & certified" or paying for an access token.
Outside of this, there's really no scope for consideration, most messaging apps that made it to "mainstream" ether doesn't care about their users securities & would actively report anything big bros for " the general safety of the userbase" or be a hidden honeypot that collect dats & sell it to advertisers while lying about it. (even whatsapp that & think we're dumbies),
When one starts to pick for messaging applications, there's no "choice", "consideration" or even the qualities to think if it genually a good platform, you're left with only dedication to utilize a messaging app for what it offers & push your circle of people to join you there...
You may convince your friends, but you can't convince your coworker, team, boss, partner of a project, your online fellas or even your family memebers depending on their tech literacy.
OP didn't consider ditching whatsapp, instead, they considered methods to hinder whatsapp's privacy violations & telemetry, I'm not OP but, that's seemingly the case;
Even if they run whatsapp on an sandboxed, private space & use a 20 yr-old trash phone, running whatsapp at all on android is a risk since android has lots of APIs that provides device metadata that can be used to uniquely profile users & fingerprint them.
I can be wrong, but I see only 2 actions OP can do: 1) Utilize whatsapp web (& android vm to scan) to setup a bridging server / service (like matrix-bridge or beeper & make devices connect to it (port forward, local "vpn" or beeper) or, 2) Push their circule of people to use an another "mainstream" platform OP can trust...
Sometimes, having online conversation can be totally inconvenient or tiresome, not only because of whom, but how, this is one of them...
I don't like telegram at all, especially so with the latest policy change but, it's easier.
I see, But at this rate, you gonna always make sure whatsapp runs on a VPN AND behind a kill switch so it doesn't leak,
also maybe you're interested in using tailscale or netbird to skip the port forwarding / domain hassle so you can connect to your matrix server and use the bridge in minutes.
Securely connect to anything on the internet with Tailscale. Deploy a WireGuard®-based VPN to achieve point-to-point connectivity that enforces least privilege.
If you don't mind hardening firefox on android. You can try Firefox with uBlock. It give some small advantage compared to Brave like more filters list from uBlock, the element picker thing, and no brave, etc. The performance can be questionable though.
If you are keen on personal privacy, you might have come across Brave Browser. Brave is a Chromium-based browser that promises to deliver privacy with built-in ad-blocking and content-blocking protection.
Yes it is true. It have insecure sandbox but in your case it seem like you still use vanadium, if you only use Firefox for known website for the webapp. The insecure sandbox is not that big of a deal anymore. Still from a pure security point, Firefox is not great.
I think overall I have an edge with Brave, since I use it for NanoGPT webapp which I need to be fast or I'll kys because it was already slow AF on Vanadium so I assume on FF it will be a lot worse
Cromite, but I have switched to brave since, it has better fingerprinting protection, more updates, better security and better sandboxing and isolation. At least that's what Deepseek R1 with websearch has to say
I mean Gecko based browsers are actively recommended against on mobile. Chromium based browsers are recommended. Also I use mullvadVPN DNS based ad blocking, and I also have Brave that has built in ad blocking. Do yourself a favor and ditch adblock in favor of Ublock origin
People in the comments already have "Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android."
I'm on the go right now. This is a quote for an old privacy guides snapshot, but when I was looking for it, I saw some articles from April saying that this was no longer true, so further searching needed when I get home
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, GeckoView, has yet to support site isolation or enable isolatedProcess.
Pro tip. If you go to an apps notification settings, then set a category to silenced and option called "minimize" should show up which allows the notification to be hidden from the notification bar, but shown in the drawer
Oh that's very cool, I didn't know that. Although I think it isn't the most useful for me since I don't have lockscreen notifications and I have all my apps on the home screen
Un terremoto politico-giudiziario scuote la Francia: Nicolas Sarkozy, ex presidente della Repubblica, è stato condannato a cinque anni di reclusione per associazione a delinquere nell’ambito del processo sui presunti finanziamenti libici alla campagna elettorale del 2007. Si tratta di una sentenza senza precedenti nella storia della Quinta Repubblica, che pone per la prima volta un ex capo di Stato francese a rischio di una lunga detenzione.
Two major law firms accused the National Shooting Sports Foundation this week of violating the privacy rights of millions of gun owners by running a decades-long program that sent their information to political operatives without consent.
The allegations in a lawsuit filed Monday in federal court by Keller Rohrback of Seattle and Motley Rice of Connecticut closely mirror the findings of a ProPublica investigation that detailed the secret program operated by the gun industry’s largest trade group.
The 24-page complaint asks the court for approval of class-action status and requests financial damages against the NSSF, claiming the gun industry lobbyist enriched itself by exploiting valuable gun buyer information for political gain. It features the accounts of two gun owners, Daniel Cocanour and Dale Rimkus, both of whom assert they purchased rifles, pistols and handguns from the 1990s through the mid-2010s.
The federal court complaint filed this week closely mirrors the findings of a ProPublica investigation that detailed a decades-long secret program operated by the gun industry’s largest trade group.
Were they residential IP addresses? I had this a couple weeks back. But it wasn't just Brazil, constant hits from Argentina and few other countries. Tried different things but they were all unique residential addresses and hard to block, then set up challenge for the whole continent. Finally, it went down.
Yeah, same story - the few I looked at looked like they were from consumer ISPs. We had ~7m requests from Brazil, ~900k from Argentina, and a little less from Ecuador, Colombia and Russia.
Amazon has agreed to pay $2.5bn (£1.9bn) to resolve claims brought by the US government that it tricked millions of people into enrolling as Prime members and made it difficult to cancel.
A total of $1.5bn will go to refunds for customers that were duped into signing up for the service, according to the proposed settlement announced by Federal Trade Commission (FTC).
The deal came just a few days after trial began before a jury in Seattle. It marks a major victory for the FTC, yielding the largest ever civil penalty secured by the agency.
Amazon, which did not admit or deny the allegations, did not immediately respond to a request for comment.
In a memo released Wednesday night, the Office of Management and Budget said agencies should consider a reduction in force for federal programs whose funding would lapse next week, is not otherwise funded and is “not consistent with the President’s priorities.” That would be a much more aggressive step than in previous shutdowns, when federal workers not deemed essential were furloughed but returned to their jobs once Congress approved government spending.
A reduction in force would not only lay off employees but eliminate their positions, which would trigger yet another massive upheaval in a federal workforce that has already faced major rounds of cuts this year due to efforts from the Department of Government Efficiency and elsewhere in the Trump administration.
U.S. officials say they will pull visas and deport people who trivialize Charlie Kirk’s murder, part of intensifying scrutiny of visa applicants’ views.
I moderate/curate a few communities on Piefed.world:
!strategy_games@piefed.world
!turnbasedstrategy@piefed.world
!space_games@piefed.world
I have a sidebar with links to other gaming focused communities.
Currently, the sidebar includes links using the following format:
Text Description - [!]community_name@instance
What would be the best way to make "Text Description" a direct link. I don't want to use the direct/absolute URL links since it would be instance specific. Is there a way to make the "[!]community_name@instance" the URL linked to the Text Description?
I am looking to make the sidebar less verbose. Best option is something that offers transparent compatibility across Lemmy/Piefed/Mbin.
Would I use something like
[Adventure Games](!adventuregames@retrolemmy.com)
I believe the format above doesn't work well (I could be wrong I asked about this more than a year ago).
I am using the 2nd example format you're showing but with the url for my wiki I'm starting on c/PoliticalCartoons and it seems to be working well enough so far.
And, the tags tag was broken. Looks like word clouds were updated! TIL
The !strategy_games@piefed.world (no square brackets needed) notation should work on both lemmy and piefed. I am not sure about mbin. Last time I checked, this didn't work, but that was a while ago.
The markdown link notation [text](https://piefed.world/c/strategy_games) won't be instance-agnostic in the same way. I don't believe there is a way to link in an instance-agnostic way while changing the text of the link.
By instance-agnostic I mean that users on other instances will be taken to the community on their own instance rather than the home instance. As an example, you, as a piefed.social user, if you clicked on !anime@ani.social, then you are taken to that community, but on piefed.social. If a user on lemmy.world clicked that link, they would be taken to that community on lemmy.world.
Without that notation, if I just made a standard markdown-formatted link:
anime@ani.social - written as [anime@ani.social](https://ani.social/c/anime)
...then users of other instances would always just be taken to the ani.social instance instead of staying on their own.
Oh, thank you, makes total sense now. I should be using those instance-agnostic links with the ! in front of them instead then. (Hadn't even thought to check how it's behaving on other instances yet.)
Was able to fix but I guess I'm not able to get the ! version to work and so yes, links are not instance-agnostic but direct folks back here to piefed. Just tried it from lemmy.world.
So am I correct in understanding that the notation [Adventure Games](!adventuregames@retrolemmy.com) wouldn't work? A markdown URL link that refers not to a URL, but to markdown notation for threadiverse non-absolute links.
I am looking to make link where the text is "Strategy Games" but the link is not a URL, but a non-absolute link that sends you to the community via your own instance.
I am OK with the current format (e.g. used in !strategy_games@piefed.world), but I prefer a cleaner non-absolute link that works in a transparent manner.
So am I correct in understanding that the notation [Adventure Games](!adventuregames@retrolemmy.com) wouldn’t work?
Correct. The markdown syntax of [text](url) doesn't work in a way that keeps people on their own instances. Also, when the part in the () is not a fully qualified url, you can get unpredictable behavior and it might behave differently for different fediverse software. Testing it now, it looks like piefed falls back on assuming it is a pointing to a post(?) but ends up just 404'ing.
It is currently not possible to customize the text of links intended to keep people on their own instances. However, I actually think that the notation you are presenting here makes a lot of sense. It might not be fully compliant with the commonmark markdown spec, but the fediverse breaks that in its own ways plenty of other places. I have done a lot of the work on the piefed markdown_to_html translation, so I might see if this could sneak into a future release. No idea if there would be buy-in from lemmy/mbin though.
I do think it does make sense to support this style outlined in context of the Threadiverse. On top of that, a fallback absolute URL would also be great, albeit this is outside my pay grade. 😀
RT, formerly Russia Today (Russian: Россия Сегодня, romanized: Rossiya Segodnya),[8] is a Russian state-controlled[1] international news television network funded by the Russian government.
Took me just a second to find the source, it's Polish pro-government portal, probably faster than you took to post the NATOpedia link to shot the messenger lol
Na dom w Wyrykach (woj. lubelskie) spadła rakieta wystrzelona przez holenderski myśliwiec F-35 — wynika z nieoficjalnych informacji Onetu. Wcześniej Radio Eska informowało, że pocisk miał pochodzić z norweskiego F-35.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
In a major move, Microsoft is making access to Windows 10's extended support updates free for regions in the European Economic Area. No Microsoft Account or cloud backup required.
Liberalism and fascism correspond to capitalism in okay times and capitalism in crisis respectively. Fascism is just the naked violence of capital when private property is genuinely at risk, and arises from the petite bourgeoisie as they are proletarianized by decay in capitalism, wielded as footsoldiers by the big bourgeoisie to root out communists and labor organizers. Liberalism enables and leads to fascism because both are superstructutal to capitalism, and capitalism is unsustainable and susceptible to crisis.
The key part is that liberalism justifies the use of state violence to safeguard property rights, even when they come into direct conflict with the needs of the public at large. Private property being framed as a key part of individual freedom provides the foundational justification for the rich to keep their wealth while ignoring the needs of everyone else. Thus, when push comes to shove, liberal state is forced to reveal that it represents the interests of the rich.
1. The rule of money 2. Liberalism as deception 3. Liberalism and fascism 4. Fake “lessons from history” 5. A spectacle of lies 6. Case study: Macronist France 7. Conclusions 1. The rul…
Cowbee [he/they]
in reply to jankforlife • • •DPRK seeks ways to aid Palestine amid Israeli aggression: Reports
Al Mayadeen English (DPRK seeks ways to aid Palestine amid Israeli aggression: Reports)Flaqueman
in reply to Cowbee [he/they] • • •Cowbee [he/they]
in reply to Flaqueman • • •Erika3sis [she/her, xe/xem]
in reply to jankforlife • • •IHave69XiBucks
in reply to jankforlife • • •