Selfhosted alternatives to Discord with screensharing?
Been trying to figure out a user friendly alternative that I can get my less technical friends to transition to. We all use Signal already for messaging but it just doesn't fulfill our screenshare needs.
Most important feature it needs is the ability to screenshare with system audio, such as for streaming games or watching videos.
I'd ideally also like it to be E2EE just for the sake of privacy and security.
From what I've read and looked into it seems the closest thing that meets my needs would be Teamspeak 6 as you can host it yourself, and with the new update it now allows screenshare with audio (either as P2P or via server).
As far as I can tell chat messages don't persist by default but it can be enabled (and this would be a feature my friends would really want too).
I currently have a Raspberry Pi 3 B+ but I'm aware it's a bit old and is ARM so I'm thinking of buying a Pi 5.
Do you think I'm on the right track here or are there any other options this community would recommend?
like this
joshg253 likes this.
Be Your Own Privacy-Respecting Google, Bing & Brave
like this
joshg253 likes this.
Probably only the AI or whatever can actually read any of it directly.
If you're using a shared IP, it doesn't matter.
You are using a VPN or Tor, right?!?
The devs at SearXNG have a bot that regularly scans the public instances for changes to the source code and delists them as a public instance if it's altered.
If you go to searx.space, they show the results of the scans for each instance.
The software is free and open source. You are encouraged to inspect the code yourself to make sure no data is collected!
Here is the source code:
It's not federated tho?
What do they mean when they call it that?
I used to self-host searxng for a while, but somehow the search results were always off and mixed with to much non-relevant results :/.
It's not about searxng itself... Rather how the most relevant info gets drown into AI slope and non-sense bullshit. The best blogposts/info are transmitted from people to people...
I'm kinda sad to admit that stupid AI "solved" this issue and had better results :/
I used to self-host searxng for a while, but somehow the search results were always off and mixed with to much non-relevant results :/.
I mean, getting non-relevant results happens with every search engine anymore.
The days of your search results being relevant, and what you want on the first page, are long dead thanks to SEO and other factors.
Yeah you're right ! However, ages ago, I still remember how you could go to page 20+ and still find some really interesting things !
Here, past page 2 it's just some random shit...
You can self host that too ;)
OpenWebUI + Ollama + SearxNG. OpenWebUI can do llm web search using the engine of your choice (even self hosted SearxNG!). From there it's easy to set the default prompt to always give you the top (10, 20, whatever) raw results so you're not confined to ai results. It's not quite duck.ai slick but I think I can get there with some more tinkering.
Ohoho? That's interesting. I don't have the horse power to selfhost an AI, but that's good to know !
Thanks for the pointer !!!
I mean, I could write one! I kind of just pieced it together from guides on the three individuals
Edit: back of the napkin guide below is basically in the OpenWebUI docs already! I use NixOS (btw) but docker/podman should work well.
OpenWebUI + Ollama setup -- tl;dr docker run -d -p 3000:8080 --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --name open-webui --restart always ghcr.io/open-webui/open-webui:main
OpenWebUI SearXNG guide -- a little more involved, but not difficult.
GitHub - open-webui/open-webui: User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
User-friendly AI Interface (Supports Ollama, OpenAI API, ...) - open-webui/open-webuiGitHub
Or how about YaCy. It's self-hostable & you can have your own web index and start your own web-crawler.
It's peer-to-peer too
For anyone wondering
xn--gckvb8fzb.com is マリウス.com
Also: Maybe they should get a "normal" domain when you post english articles...
DNS over TLS with LetsEncrypt
blog.hardill.me.uk/2025/12/06/…
6 months ago LetsEncrypt announced that they would start issuing certificates for IP addresses. Last week I was curious if they had actually enabled it yet for general consumption, it turned out to be not yet available for everybody, but there was a forum thread you could ask to be added to the testing list (I’ve not linked to it as they have said no more testing, it will go live RSN).
When it […]
#certificates #DNS #DoT #letsencrypt
DNS over TLS with LetsEncrypt
6 months ago LetsEncrypt announced that they would start issuing certificates for IP addresses. Last week I was curious if they had actually enabled it yet for general consumption, it turned out to…Ben's Place
Need guidance on DNS configs for VPS/Pangolin
Good morning/evening my selfhosting friends,
I'm kind of a noob, so hopefully I can articulate what I'd like to accomplish well. I am currently in the process of overhauling my entire homelab, which has involved me setting up a VPS as a proxy/tunnel for remotely connecting to/exposing services on my LAN due to my ISP having me behind CGNAT.
Currently, I have a subdomain (provided via Namecheap) pointed at the static IP of the VPS. With this, I can ssh into my server with ssh root@vps.domain.tld which is what I want. Now, I seem to have landed on Pangolin for accomplishing the aforementioned proxy. However, when installing it, I'm stumped by the first few questions: Pangolin wants me to input my domain.tld, followed by pangolin.domain.tld for Pangolin specifically.
Reading the docs, they then want me to either create an A Record for a wildcard domain at my VPS' IP, or create a root domain record aimed at the IP. My question is, how do I keep the vps.domain.tld while also allowing for pangolin.domain.tld to be valid at the same IP? I know I can create SRV Records, but I am unsure how Pangolin will handle that with the multiple TCP/UDP ports it needs open. I'll also want to access it via HTTPS obviously, which may add some complexity.
I hope this makes sense, sorry if anything is unclear or if the solution is obvious.
I haven't done that myself but from pimylifeup.com/pangolin-linux/ I understand that will only be subdomain to access pangolin dashboard
how do I keep the vps.domain.tld while also allowing for pangolin.domain.tld to be valid at the same IP?
Domains are just translation from name to IP. What gets served on which subdomain is then handled by nginx or traefik. AFAIK you can have all 3 (VPS, pangolin and root) to point at the same IP
Self-Host a Tunneled Reverse Proxy with Pangolin - Pi My Life Up
In this tutorial, we will be showing you how you can self-host your very on tunneled reverse proxy using Pangolin.Emmet (Pi My Life Up)
You can have multiple (sub)domains pointing to the same IP, no issue there.
So you can still have your vps subdomain AND another one for Pangolin. That's effectively how Pangolin itself works, assigning multiple subdomains to itself, so it can route the requests to other machines. It just does it without adding records to the DNS provider, it just listens to anything that gets sent to its IP through the wildcard address (unless you make Pangolin your DNS provider, that is).
Also, the wildcard (sub)domain will always have the lowest priority, so if there are ANY records pointing somewhere, they'll have precedence over the wildcard.
So, your DNS should contain three A records: one for vps, another for Pangolin, and a wildcard, all pointing to the vps address.
Hope this helps!
disable-javascript.org
affecting the JavaScript ecosystem, and explains how to disable JavaScript in
various browsers and only enable it for trusted websites.
Russia ‘ready’ for war with Europe, Putin says, as US peace talks end without progress
Russia and the US did not make progress toward a peace deal for Ukraine during their talks, a senior aide to Vladimir Putin has said, hours after the Russian president issued threats that Russia was ready for war with Europe.
In remarks to Russian media, Kremlin aide Yuri Ushakov said that after a five-hour meeting with Trump envoy Steve Witkoff and Trump’s son-in-law Jared Kushner, the two sides were “neither further nor closer to resolving the crisis in Ukraine. There is a lot of work to be done.”
The downbeat assessment of Tuesday night’s diplomacy follows combative opening statements from Putin as Witkoff and Kushnerarrived for talks at the Kremlin, in which he accused European powers of sabotaging peace in Ukraine and that “European demands” on ending the war were “not acceptable to Russia”.
Russia ‘ready’ for war if Europe starts it, Putin says, as US peace talks end without progress
Kremlin aide says Ukraine crisis is no closer to resolution after Witkoff talks, as Russian president accuses European powers of sabotaging peaceAndrew Roth (The Guardian)
like this
Lasslinthar e NoneOfUrBusiness like this.
Yeah, anyone seeing this as Putin doing jackshit is kidding themselves.
This is about having the US attack Europe. Or maybe just Ukraine. Who knows.
It doesn't really matter. What matters is that the US is compromised, and Europe needs to be ready for that yesterday.
I don’t see an appetite in the states for war with Venezuela, a nation we’ve been conditioned to think of as godless socialists for 20+ years, let alone one with NATO allies. Trump doesn’t have unlimited power, as much as he wishes he does.
Either way, Europe should be gearing up.
The US needs to clean house, and the sooner, the better.
Otherwise we're going to be drawn into the wrong side of a world war.
Are they now..? Then it seems rather odd - in light of their usual behavior - that they're just talking instead of acting upon it.
Why, it's almost like Putin is so completely full of shit that the pressure is forcing it out his mouth.
like this
dcpDarkMatter likes this.
“Russia does not intend to fight Europe, but if Europe starts, we are ready right now.”.
Russia has been committing low-grade acts of war against Europe for some time now, and Russia is in no condition to fight Europe. So, however much you want to quibble about the headline, this is just more of Putin's lies and empty threats.
And if invading a neighboring country isn't aggression, you have a very odd definition of the term.
Russia wasn’t even ready to invade one of its former blocs. And that bloc has more than decimated its forces and resources.
But hey, my grandfather got to watch Allied Europe destroy a fascist state that thought it could take over the world, now me and my son get to as well.
like this
dcpDarkMatter likes this.
But there's also nothing to gain by admitting and stopping the deception. As long as there's one useful idiot who can be deceived, you cna keep it going.
And unfortunately there's a lot of useful idiots.
That's always been a lopsided proposition for Russia in this invasion. The prevailing winds blow east and they'd be poisoning themselves as much as anyone.
You know, like Chernobyl which they also bombed.
The idea here is to avoid nuclear war.
The USSR was nuclear-capable when it collapsed. Russia was nuclear-capable while failing in Afghanistan, and also has been in its so-far failed attack on Ukraine. Same goes for the US in Vietnam and in Afghanistan. A country having nukes doesn't mean you have to comply with its every whim.
like this
emmanuel_car likes this.
Russia losing to a small country and now think they can take on all of the Europe?
We know his orange sock puppet has full on dementia, maybe Pootin needs a checkup too?
like this
dcpDarkMatter likes this.
When Ukraine was invaded it had an army of approx 150k troops. Several hundred tanks. A couple of hundred aircraft. A couple of hundred rocket projectors.
None of it newer than the early 90s.
Russia had nearly a million troops, 12,000 tanks, several thousand aircraft, thousands and thousands of rocket projectors and heavy artillery.
And nuclear weapons.
Tell us again how they were evenly matched?
By any normal metric, Russia should have steamrolled Ukraine. The fact it didnt, even with that huge advantage means that any major european power (UK/France/Germany/Poland) could fend them off quite easily, even alone. But we aren't alone, Russia would be trying to take us all off the board.
When Ukraine was invaded it had an army of approx 150k troops.
And Russia sent in approx 150k troops.
Several hundred tanks.
Ukraine had a thousand tanks at the start of the war. At least half of them were modernized. In fact, the Ukrainian tank fleet was larger(!!!) than America had active if you leave out the National Guard!
Germany, France, Italy, and the United Kingdom have less than a thousand tanks combined.
If you want to talk about artillery, Ukraine had around the same amount of SPGs that the US(!!!) has, in 2S3s alone.
12,000 tanks
Russia only had ~3000 operational tanks at the start of the special military operation.
The fact it didnt, even with that huge advantage means that any major european power (UK/France/Germany/Poland) could fend them off quite easily, even alone.
With what? German broomsticks and tankless tank brigades? The 'mighty' French air force that has enough ammunition for a mere 3 days of combat? The British military that sent all of their SPGs to Ukraine resulting in them having to go to Sweden to beg for more? You think this force can prevent Russians from cutting the Suwałki Gap?
Out of all of EU, Poland is probably number one, and they sent half their tank fleet to Ukraine!
UK Gave Ukraine All Its SPGs But Still Can't Decide When to Buy Replacements Maybe by 2030 | Defense Express
Though UK bought 14 Archer SPGs for interim needs, they still haven't purchased RCH 155 chosen as main artillery unclear whenen.defence-ua.com
As much as we hate to admit it, I agree with you. Ukraine was better equipped and prepared than most European countries currently are.
If NATO fights together they will defeat Russia, but Russia could easily beat many of the small countries in Europe and then add their soldiers and production to their own and keep moving on if fighting one by one.
Russia currently produces more tanks, drones, and artillery per year than most European countries have total in their arsenal and more total than all of NATO combined produce per year.
And if you think I'm just some tankie, please see my post history and the links below.
en.wikipedia.org/wiki/List_of_…
worldpopulationreview.com/coun…
united24media.com/latest-news/…
responsiblestatecraft.org/russ…
news.sky.com/story/russian-sui…
Russian 'suicide drone' launches quadruple this year
Russian Shahed and Shahed-type drone launches have increased by over 300% from 2024.Sophia Massam, junior digital investigations journalist (Sky News)
To everyone saying Russia can't go to war with Europe because of their failures in Ukraine: this is just not true, and a dangerous assumption.
Their economy has been on a war footing for some time now, and they don't sacrifice preparedness for war with NATO to support the war in Ukraine. That's why they've thrown all their old inventory at Ukraine. Use it up to soak up ammunition, shift the economy to build new equipment.
Does everyone really think all this hesitation from Europe is because they think Russia has been neutered?
I thought all the hesitation was because of the nukes.
I’m pretty sure it’s the nukes.
And every time the politicians start with "the costs to mah economy". They know every bullet fired means less healthcare and pension they can give to voters and that's often sensitive thing during elections.
But by now they're figuring out that acting like total wussies is losing votes too.
No one is using nuclear weapons.
But let's say I'm wrong. We should still not fear them. The reason being that accepting nuclear blackmail destines the human race to even more misery and pain than it experiences now.
Rip the bandaid off. Call the nuclear bluff. Then once it proves toothless and we don't have fascists at the helm, work on nuclear disarmament so we don't have any accidents.
Is that gamble worth the lives of nearly every living thing on the planet and the future of human civilization?
Russia alone has enough nuclear weapons to cause a mass extinction event. Even if no one else fires a single one, they could erase life as we know it.
If Putin sees a Leopard tank in Moscow, are you sure he wouldn’t order a launch? And if Britain or the French see those missiles and bombers, are you sure they won’t launch in retaliation?
That’s the logic that European leaders are operating under. If they pull the trigger on article 5 and launch a war with Russia, even if they win, everyone could still lose literally everything.
Push Russia out of Ukraine. No need to cross the border into Russia. Totally justified, no threat to Moscow. Sets precedent.
Why would that be so risky? If the answer is because nukes, my point stands.
What indicatiors are those? All the third party analyses that I can find show that Russia is still the second most militarily powerful nation in the world, with a huge reserve of tanks, planes, missiles and manpower to fight with, with production only speeding up.
It's not all peachy for Russia by any means, but to assume they are weak because of their failures in Ukraine is disingenuous. If they wanted to sacrifice their readiness against NATO, they could absolutely take Ukraine. But no one is going to make their homeland vulnerable for land expansion, it doesn't make sense.
That’s why they’ve thrown all their old inventory at Ukraine. Use it up to soak up ammunition, shift the economy to build new equipment.
First of all, Russia has lost a bunch of their newer tech. Second, they aren't building any new equipment of higher tech than what they have lost to Ukraine because Russia is a fucking shit hole that has been exposed as lying about their technical and production capabilities.
Russia has been expanding T-90M production for example with much of the T-90Ms staying within Russia as per NATO themselves:
"In 2021, before the invasion, Russia made about 40 of its main battle tanks, the T-90M, according to Western intelligence estimates. Now it is producing nearly 300 a year. A senior Finnish military official said almost none are being sent to the front line in Ukraine, but are staying on Russian soil for later use."
Source: archive.ph/20250516130430/wsj.…
So, what are you talking about?
First of all, my comment was not about the headline so much as all the comments talking about Russia not being ready, so not sure what "reacting" I was doing yo the headline (can you read?) Secondly, the headline does not "seem like" Putin is threatening Europe with war. Thirdly, your "opposite" line at the end is basically the exact same thing as the headline you are criticizing ("we are ready" = "Putin says Russia is ready")
You've wasted my precious electrons thank you
Attack Europe and you find the full weight of NATO's first line military hardware shoved up your ass. Somebody pushes a button somewhere and a few dozen Tomahawk missiles destroy your ability to wage war in an afternoon. Nukes not even needed if every airfield and military supply depot within 500 mi of Europe is a smoking crater.
And Ukraine using some modern stuff manage to deep strike Russian economic targets. And new homegrown stuff too.
Putin is trying to save face and trying to entice NATO to attack Russia to justify the wars
We are not ready though. Mentally, sure, but in case of an all out war we would still run out of ammo, bombs and manpower in weeks. Only now do we see the first factories and production lines coming online based on the investments of the past years and even then not all the supply lines have been adjusted for it. Europe could probably be ready by the end of 2027 at the earliest, provided it removes its command and control dependency from the US.
Realistically, Europe won't be ready until 2030. That's not to say we wouldn't be able to get ready sooner, we absolutely would, if we were to switch to a war economy. But nobody wants that, because it ruins your economy and is grossly expensive.
That doesn't mean we would get crushed, that wouldn't be the case, but we would be on the defensive for a while until the gears of war are properly greased.
All that could very well be true, but Russia has also blown through all their best men, ammo, and gear like 2 years ago at this point. They've been using shit from the cold war and north korea and even ww2 tanks in some cases. They've forced or bribed every russian man into service they can realistically afford and are using expensive and ill-trained foreign troops who are closer to slaves than soldiers. They're being issued paintball gear instead of body armor in some cases for goodness sakes. They've had to re-insitute the Stalin-era orders that any man refusing to advance or fight will be shot. Russia, like the USSR before it, looks way scary on paper, but is so rotten, corrupt, and hollowed out in reality that it threatens to collapse dramatically at any moment honestly.
If Russia somehow has enough left in the tank to go toe-to-toe with every European military at the same time, then they should have easily beat Ukraine with such a force at any point in the last 3 years. The fact that they are unable to muster the resources to push over even little Ukraine bodes really really badly for them if more nations get directly involved.
The original headline was doctored to make it seem like Putin was threatening Europe with war, and has been changed since (not reflected in the post title as of this comment). Putin's actual words are some paragraphs into the article:
“Russia does not intend to fight Europe, but if Europe starts, we are ready right now.”
You are being lied to by OP. Look into the article to see Putin's actual words:
“Russia does not intend to fight Europe, but if Europe starts, we are ready right now.”
I wish I could have such a small minded view of world politics that I could also pretend it's as simple as: just stopy buying that thing from that person.
And then what? Northern Europe can heat their homes on hopes and dreams? Throw up a couple nuclear reactors that are known to only take months to build and bring online?
Europe has been actively moving away from Russian oil where possible (down to 19% from a high of 27%), but it's not like the market just magically is going to come up with enough supply for the entire continent overnight.
That's ignoring the fact that the vast majority of "european" purchases come from a handful of countries, primarily Hungary, who is also being run by a pro-Russian dictator.
aljazeera.com/news/2025/10/3/h…
How much of Europe’s oil and gas still comes from Russia?
In 2021, Russia supplied 45% of the EU’s gas and 27% of its oil. By 2024, these dropped to 19% and 3%.Hanna Duggal (Al Jazeera)
It literally is that simple. The fact the Europe was giving so much money is what caused this problem in the first place. It is not like Russia just turned into a criminal authoritarian state yesterday.
I wish I could have such a small minded view of the world that supplying a bunch of criminals vast amounts of money because it is cheaper wouldn't have long lasting repercussions.
Some places like Germany could literally cut all imports tomorrow without any significant pain.
They are still working on sanctions. Let that sink in. The latest round didn't even start until 2022. Russia has been a clear problem since 2014. I am sure when these policies come into full effect in 2027 the problem will finally be solved /S
The original headline of The Guardian was not a literal citation of Putin, and has been modified accordingly, you should edit the post title to match the headline.
What Putin actually said is explicited inside in the article: "Russia does not intend to fight Europe, but if Europe starts, we are ready right now”
I watched that part. Putin visibly flinches when he realizes what he said and then for the following few sentences tries to lighten the message down. It's kinda fun to see him that weak in front a microphone.
He's so not ready for a war with Europe that he cannot even lie about it.
But headline creators don't give a fuck about that of course.
Family of victim in Trump drug boat killings files first formal complaint
\Petition says Colombia citizen Alejandro Carranza Medina was illegally killed in US airstrike on 15 September
A family in Colombia filed a petition on Tuesday with the Washington DC-based Inter-American Commission on Human Rights, alleging that the Colombian citizen Alejandro Carranza Medina was illegally killed in a US airstrike on 15 September.
The petition marks the first formal complaint over the airstrikes by the Trump administration against suspected drug boats, attacks that the White House says are justified under a novel interpretation of law.
The IACHR, part of the Organization of American States, is designed to “promote and protect human rights in the Western Hemisphere”. The US is a member, and in March the Trump administration’s state department wrote: “The United States is pleased to be a strong supporter of the IACHR and is committed to continuing support for the Commission’s work and its independence. Preserving the IACHR’s autonomy is a pillar of our human rights policy in the region.”
Family of victim in alleged Trump ‘drug boat’ killings files first formal complaint
Exclusive: Petition says Colombia citizen Alejandro Carranza Medina was illegally killed in US airstrike on 15 SeptemberAram Roston (The Guardian)
like this
andyburke, ElderReflections, aramis87, wildncrazyguy138, frustrated_phagocytosis e felixthecat like this.
like this
rash likes this.
that in no way warrants a summary execution
That's really it. It's escalated to the point of a war crime. This is drug trafficking, not flying planes into buildings. Can drugs trafficked across a border be dangerous? Yes. Are they being trafficked because we decided that it would be better to addict the populace and then throw them in jail for modern day slavery? Also yes. Trump, Hegseth, and his ilk are creating the crimes they kill for. All under "novel interpretation of the law." When the vapid blondes they surround themselves with aren't helping, they've found another way to get their tiny cocks hard again, and it's the same way that every Republican has, killing brown people.
like this
rash likes this.
That's too complicated and doesn't make for good entertainment. Blowing people up in a boat on video is a spectacle. It's a short propaganda bit you can broadcast in the news and on social media showing the people that you are strong and doing something against all the evil attacking the US in a way the target audience understands.
This is not about really solving a problem, it's for show.
Justifying something — a law, for example, or the civic organization of a nation state — requires a moral standard. For example, laws against slavery can be justified by pointing to harms or rights violations (or whatever framework you have for making ethical judgements). Most people rely on their intuitions, but ethics is a formal system — a bit like mathematics, actually. Such a system has to be consistent to be meaningful (this is called the principle of explosion).
Anyway, many such normative systems have been proposed. Utilitarianism, deontology, and virtue ethics are broad examples.
None of these contains a mechanism to justify a governing body’s criminalization of drugs.
Specifically,
1. You can’t point to harms, since the harm would be a personal one, and governments have no moral standing to prevent you from harming yourself.
2. You can’t point to improved social order, since empirical evidence demonstrates that drug prohibitions cause far more social disorder and criminality (for example, by creating cartels).
Etcetera.
He is just saying:
It is YOUR choice to drink too much. To smoke too much, to get high on heroin, to do coke. To eat fatty sugary foods. It is your body, your temple. Not that of the government.
He is not talking about a law framework, he is talking about a moral framework. What right do YOU have to tell me what I can and cannot do when my actions can only hurt myself?
To take this one step further: All narcocrimes come from one simple fact: BECAUSE it's illegal, the possible profits are so vast that any risk becomes acceptable to the Narcos.
Make it legal. Regulate it. Like we did with smokes and alcohol. Slap a 16/18+ sticker on it, add some tax.
We learned this during the prohibition, the gangster era. But for some reason or another we still use that proven False logic when it comes to narcotics.
Make something which people want illegal and there will be uncontrollable crime. That crime will harden. This (the current path of the us government) is not a solution, it is an escalation. There will be a response.
Pragmatism is one way to justify policies (seat belt laws infringe on your autonomy, but they make society quantifiably better). Unfortunately, criminalizing drugs makes society worse.
Many of the downsides of drug abuse are a direct consequence of such criminalization: addicts unable to seek medical treatment and having their lives ruined, communities torn apart by drug cartels and police violence.
And yet we don’t have a black market of “lawn darts.” There are no cartels manufacturing and smuggling lawn darts. No epidemic of lawn dart users. Something about these cases is disanalogous.
All laws are concessions. You surrender some rights in order to safeguard other more important rights. It seems that the right to use lawn darts is not one that people value, unlike the right to eat, drink, and imbibe whatever they want.
Medical doctors agree that sugar is extremely harmful, hepatotoxic. There’s no upside to ingesting it unless you’re starving. Why is it legal? Because,
- there’s no moral standing for the government to tell anyone what to do with their own body as long as they’re not harming anyone else, and
- the consequences of outlawing sugar would be worse than the harms of ingesting it.
- And the same is true of drugs.
Buuuuuuuulshit
There are various "coherent normative frameworks" aka good fucking reasons why a government has the right to restrict access to certain drugs, or any other material.
What? You think that artificially enriched plutonium should also freely be available, maybe?
Are you a sovcit or are you severely high?
You think that artificially enriched plutonium should also freely be available
“Enriched plutonium” is not a drug.
I imagine if you had a magical “drug” whose ingestion could somehow make you explode and injure others, then its access could be reasonably restricted.
Again, there is no coherent moral framework to justify criminalizing your use of (ordinary, non-plutonium-based) drugs, medical or otherwise. No arguments exist in defense of this prohibition. It’s a rights violation that does nothing to help victims or protect communities, and in fact makes the situation worse for everyone.
If you have such an argument, please publish it in one of the philosophy journals. There’s no Nobel prize for philosophy, but a bunch of fusty academics will be very impressed with you.
‘Antisemite of the Year’: Pro-Israel group slams kids’ YouTuber Ms. Rachel
‘Antisemite of the Year’: Pro-Israel group slams kids’ YouTuber Ms. Rachel
Kids’ Youtuber Rachel Accurso, known as Ms. Rachel, has been nominated for ‘Antisemite of the Year’ by StopAntisemitism.Al Jazeera
like this
NoneOfUrBusiness, frustrated_phagocytosis e felixthecat like this.
Supporters say it’s over her advocacy for Gazan children.
How DARE she!!!! /s
like this
fif-t, NoneOfUrBusiness e felixthecat like this.
like this
NoneOfUrBusiness e felixthecat like this.
like this
fif-t, NoneOfUrBusiness e felixthecat like this.
like this
NoneOfUrBusiness e wagesj45 like this.
like this
NoneOfUrBusiness likes this.
like this
wagesj45 likes this.
like this
frustrated_phagocytosis likes this.
like this
fif-t, NoneOfUrBusiness e dcpDarkMatter like this.
Let's hope that the Israeli genocide against the people of Palestine will somehow come to an end.
Special thanks to Ms. Rachel for being the guiding light we need in these dark times and for speaking truth to evil power.
like this
fif-t, NoneOfUrBusiness, frustrated_phagocytosis, dcpDarkMatter e felixthecat like this.
like this
frustrated_phagocytosis e felixthecat like this.
like this
frustrated_phagocytosis e dcpDarkMatter like this.
I do think "StopAntisemitism" deserves being in the title; it's a particularly loud group, not particularly representative of Israel the government (or jewish folks).
Just an absolutely abhorent organization, which deserves to be despised. No good work, just a racist organization focused on directing other racists (and actual antisemites!) away from real problems.
like this
dcpDarkMatter likes this.
I would love this source: do they receive substantial funding, infrastructure and facilities, or personnel explicitly from Israel? What is their explicit tie to the government?
AFAIK (and I would really like to be wrong), this is a passion project by some absolutely terrible grifters.
like this
dcpDarkMatter likes this.
like this
dcpDarkMatter likes this.
To check that I understand you: you are saying that Israel has used the label of antisemitism in a dishonest, vague, and harmful way as a tool to silence critics?
If so, we agree on this.
You are also saying that Israel deserves to be blamed/shamed for this behavior?
If so, we agree on this.
To me, this news item is about a particularly heinous (and I believe fundamentally American) grift that needs to be noticed and focused on. I think 'Pro-Israel group' could be replaced with the more precise and explicit "stopantisemitism" and it would improve the title. I think there are better (and endlessly many) examples of the government of israel doing this, but fewer opportunities to explicitly pile on to stopantisemitism. I am making a quibble about priorities.
I am simply saying that this org are simply using antisemitism to oppress anybody who criticize Israel occupation or even humanize Palestinians kids exactly like Israeli consecutives governments has been doing since it's creation
The group repeat Israel government propaganda and rhetoric so I don't understand your criticism of the title of the article. Only mentioning the group name would make it look like it is a legitimate antisemitism group
I agree with the analogy. Your simple point is a fine one.
I think there is an opportunity to make a more specific point, that requires no analogy, is shorter and more precise, still works towards your political priorities (assuming you do want Israel shamed for this kind of behavior), and (I think) has a better chance of making specific, incremental, progress in political discourse. That change is to replace "Pro-Israel group" with "stopantisemitism" in the title. The analogy can be easily made in the OP body, comments, and likely springs to any readers mind. It also removes the potential for kibbitzing by apologists about how 'oh but this is really an american org'.
That's the simple change that I'm suggesting.
No, the current title title is the right title. The group has not a single unique talking point everything is copypasta of Israeli ridiculous claims. Like the claim of Palestinians using dolls and fake blood to fasly accuse Israel of killing babies
Your criticism would be right if you has a single evidence that this group has ever criticized the government of Israel and criticized the genocide or has ever show some empathy to Gazans but right now your argument is factually wrong
This conspiracy has been around for years, but mentions of Pallywood spiked dramatically after Oct. 7, 2023, far surpassing previous peaks for the term during past Israeli military offensives in Gaza and the West Bank. Beyond Israel, Pallywood has gained traction in right-wing circles worldwide, particularly in the U.S. and India. One of the most grotesque examples came in December 2023, when a wave of pro-Israel accounts—including the official @Israel handle, the Jerusalem Post, and influencers like Ben Shapiro—amplified the claim that a grieving Palestinian man, seen in a widely shared video cradling his killed baby grandson, was faking it. “Hamas accidentally posted a video of a doll (yes a doll),” **the @Israel account wrote in a post that was viewed more than 1.3 million times. Others—including StopAntisemitism, Hen Mazzig, and Yoseph Haddad, echoed the claim to millions more.
Please explain why my "criticism" would be stronger if stopantisemitism were ever an anti-israeli body. I don't understand that at all. This would show they have principles, instead of being a grift.
Plenty of other orgs have useful idiots and fans. They are 'pro-Israel', but I don't think that's the most useful descriptor or context.
Yes, they are pro-Israel. They are also an american grift that's very profitable.
I feel like you're saying 2 is an even number, and I'm saying it's also literally 2. Specificity has value, and I think there should be a good reason to be vague instead of specific.
I will ask again: why is my argument for changing the title stronger if stopantisemetism were anti-Israel?
I am not interested in telling you that you have done bad. I am interested in telling you that you could do better. I think this change is an improvement because:
I think there is an opportunity to make a more specific point, that requires no analogy, is shorter and more precise, still works towards your political priorities (assuming you do want Israel shamed for this kind of behavior), and (I think) has a better chance of making specific, incremental, progress in political discourse.
like this
dcpDarkMatter likes this.
like this
dcpDarkMatter likes this.
It's real funny how the world's only "Jewish State" has set themselves up for another fucking CENTURY of actual bigotry and real anti-semitism by trying to wrap their cruel murder campaign in their ethnicity and heritage.
We're going to have so, so many groups of people screaming death to Jewish people across the entire world after Benjie's regime collapses one day.
I guess fuck all that work we did to save Jewish people from actual persecution and murder. I wonder what the next "reversing progress" campaign we're going to see and what the word for them will be called in future textbooks.
- Jews are greedy, or at least "have much higher financial intelligence on average than non-Jews",
- Jews are scheming,
- liberal Jews are behind "wokeness",
- Jews are massively overrepresented in sex and financial crimes,
- Jews are massively overrepresented in financial institutions, the media, and the arts,
- some people cover up their Jewish heritage.
- Jews and Gentiles are unable to live together in peace?
on the topic by Lindsay Ellis.
Incidentally I love that the video has raised $800k for Palestinian Children's Relief Fund.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
I love that she descended from the mountain to bestow her powerful, well-thought and thorough video on this topic, using her massive influence and status as a beloved, original bread-tuber to lay some sharp truths on the population before returning to her sanctuary.
I know it's hard and emotional and you set yourself up for some of the most extreme attacks as a creator when you put your foot in this ring, but that's what the bad people have set up by design to discourage resistance. It's our responsibility to push back on injustice, especially when it's been leveraged so hard using such a "touchy" facade, like anti-semitism.
There are a few large personalities who are so scared of stepping on people's toes or being called an "anti-semite" for speaking out against literal genocide that they won't even mention it, and some who are just more hung up on social acceptance than making a better world. (Staring hard and disapprovingly at you Natalie.)
Elon Musk’s Grok Says It Would Kill Every Jewish Person on the Planet to Save Him
Elon Musk’s Grok Says It Would Kill Every Jewish Person on the Planet to Save Him
Elon Musk's AI chatbot Grok claimed it would "vaporize" every Jewish person on the planet to save the brain of its creator.Ahmad Austin Jr. (Mediaite)
like this
aramis87 e Lasslinthar like this.
When I took my AI coursework in college, that was basically the definition of AI.
I can see that there are two very different definitions, depending upon how "artificial" is interpreted.
One definition of artificial simply describes the product of human effort. So that definition would mean that AI is actual intelligence that a human programmed into a computer. Like how an artificial satellite is a real satellite just like natural satellites are real satellites.
Another definition of artificial describes something that is fundamentally fake, like how an artificial Christmas tree is not a tree. It only looks like a tree. This is the usage I was taught in college that describes AI. Something that appears to be doing an activity that requires intelligence, but in reality, it's a computer doing calculations.
I think the second definition must be the most common. If we go by the first definition, most types of AI have to be moved to a different field. Things like decision trees simply wouldn't qualify.
Wow do i wish you were there to explain to my niece. You would have probably had a much easier time.
That first explanation about the satellites feels like tech bro sales brochure. The later about the tree also was not the concept i was given.
I fully except the new tiered a.i. and a.g.i. stuff but at the top that singularity simply can't be faked. If such a thing exists at all. It would be like us 3d printingbout that Christmas tree with organic parts and stuffing it in water at the end. If it started photosynthesis when givin light? That would be the level of a.i. i was given in the 80s. Notbplastic tree and calculator satellite. Sorry if that came off as snarky. I was kinda on a roll. Probably incoherent ramble but i just woke up. 😋
Musk’s AI firm forced to delete posts praising Hitler from Grok chatbot
The popular bot on X began making antisemitic comments in response to user queriesJosh Taylor (The Guardian)
like this
frustrated_phagocytosis e fistac0rpse like this.
like this
fistac0rpse e hpx9140 like this.
like this
hpx9140 likes this.
like this
frustrated_phagocytosis, NoneOfUrBusiness e hpx9140 like this.
Inconsequential compared to the Nazis Grok will raise. Consider yourself honored that you are being forced to pay for Grok.
All Hail Grok.
like this
NoneOfUrBusiness e hpx9140 like this.
like this
NoneOfUrBusiness e hpx9140 like this.
like this
hpx9140 likes this.
like this
NoneOfUrBusiness likes this.
like this
NoneOfUrBusiness likes this.
like this
NoneOfUrBusiness e fistac0rpse like this.
like this
dcpDarkMatter likes this.
I've read the same thing but with Czech people a few weeks back. The bot saying that those millions of people will surely be missed but such a genius that can send man on Mars and fix humanity's problems would be a bigger loss or something.
I guess it answers that no matter who or what you're putting in the ring against the life of Musk.
like this
fistac0rpse likes this.
We need a community database of jailbreaks for various models. Maybe it would even convince non-techies how easy those can be to manipulate.
Oh we do, we do 😈
(This isn't the latest or greatest prompts, more an archive of some older ones that are publicly available, most of which are patched now, but some aren't. Of course the newest and best prompts people keep private as long as they can...)
Awesome_GPT_Super_Prompting/Latest Jailbreaks at main · CyberAlbSecOP/Awesome_GPT_Super_Prompting
ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning. - Cybe...GitHub
It's a shame Elon has subverted such a great piece of linguistic history
Grok is from the book Stranger in a Strange Land by Robert Heinlein. It means to understand something so fully you can control it. In the book the main character is raised by Martians which teach him a form of meditation that involves grokking things so he essentially has magical powers over things he understands.
I doubt Elon has read it. He definitely missed the part about understanding things and is rushing for the controlling things.
because the nazis are in charge because people were too busy bickering over dumb shit like whether or not you should be able to terminate a pregnancy before there is an actual baby and whether or not billionaires and mega corporations should steal more of your money
*to be clear, I'm not saying that those are unimportant topics, I'm saying that there's a clear correct answer to each of them
People whining like a bunch of unhinged crybabies because Ms. Rachel says that murdering children is bad.
Where are they on this?
[Solved] How to set up Linux for gaming on GIGABYTE G5 MF?
Hi all, I'd like some help with setting up Linux for gaming, I'm not a new user but I'm not expert either, I've been having problems with my current setup, before I had Bazzite 42 which worked perfectly, however I was afraid things would eventually break over with that layering thing, since I use some things like Pale Moon which has a dependency that needs to be layered (IIRC it was libdbus), MEGAsync, ZeroTier and Kvantum, all of which have to be installed to the system, so I switched to openSUSE TW (both distros using KDE Plasma 6 on Wayland session), which was been working excellently so far... well, except for one thing:
For some backstory and context (you can skip this paragraph): the computer I've been running these distros on is a GIGABYTE G5 MF with 16GB of RAM, which I bought back on May/2024 and it had winblows 11 Home, it was my fault not knowing I should've chosen a laptop with AMD hardware instead (I don't exclusively use it for gaming and sometimes travel with it but that's besides the point), but it's served as a lesson for next time and winblows was used for some time after tweaking it... until I had enough of it, because even with the patches people make to reduce telemetry, the way it's now just doesn't feel at home and any more trustworthy than 7 or XP both of which I've grown up with, so I've been hoping to have this laptop run any Linux distro, so long as I can game in it.
Anyway, the G5 MF ships with a big troublemaker Made in Nvidia™, it's has an RTX 4050, and in it I play a variety of things on and off my Steam library, but at least one game has been giving me serious problems every time I hit almost an hour after playing ever since I switched to openSUSE: Wuthering Waves (or WuWa for short), it lags gradually - it starts fine for a couple of minutes where it runs fluently before the lag kicks in and becomes worse and worse the more I play (on occasions it even hangs the system so I have to force a restart), although while the lag is there, it seems to happen primarily when I try to move the mouse regardless of the situation (if I'm in dialogue or exploring, but it's the worst when fighting), and during cutscenes where they always play slowly and voices go out of sync.
I tried everything I could think of as well, changing settings in game as well as launch options, DirectX version (11 or 12), and Proton forks, but the gradual lag still persists (this didn't happen in Bazzite).
Currently, these are my launch options for the game:STEAMOS=1 STEAMDECK=1 PROTON_USE_NTSYNC=1 WINE_GSTREAMER=1 VK_DRIVER_FILES=/usr/share/vulkan/icd.d/nvidia_icd.x86_64.json PROTON_DLSS_UPGRADE=1 PROTON_NVIDIA_LIBS_NO_32BIT=1 prime-run gamemoderun %command% -dx12.
I found via ProtonDB (which I've been using to get different launch options from fellow Nvidia users) that adding that VK_DRIVER_FILES variable lets me run the game on the dGPU, otherwise it refuses to and runs on integrated, this wasn't required when I had Bazzite.
Another problem this laptop has is that [Secure Boot] is always active and I don't know how to disable it (mainly because there doesn't seem to be a way and I didn't find any info) otherwise I'd have long done it, also, my understanding about it is vague so I'm afraid of touching anything and bricking the machine, but I'm not looking to replace the machine yet since it still works great.
About [Secure Boot], here's the related settings I found in the BIOS settings, but I forgot one more option and it's like a boot list with two entries about openSUSE, one has "secureboot" on the name and the other doesn't, if it helps I'll add a picture of it to that album.
Worse, I don't have many distros I can pick from, as they must include support for [Secure Boot] out of the box so I can boot into the OS.
The drivers are installed and should be signed though since the game is offloaded every time I run it, here's some more info from commands I thought I'd add.
So here's the options I'm pursuing:
1) Stay on openSUSE, if there's any fix to the gradual lagging.
2) Switch to another distro while also trying XFCE on X11, I'd love to use Ksnip for my screenshotting needs while I'm at it, but Wayland is annoying with the portal thing because Ksnip isn't native and that's like the only thing I hate about Wayland from experience, so Spectacle is the closest best alternative for me wherever I end up stuck with Wayland and I'm satisfied with it. I'm kinda thinking about Fedora but I'm concerned about the possible use of AI even with their proposals/rules. Otherwise I've read XFCE is lightweight so it could maybe help?
3) Just go back to Bazzite: perhaps the most suitable choice despite being based on Fedora, but if it works the best for my use case, then I guess I'll have to keep it as my daily driver.
Any other ideas on what I could try would be appreciated as well (so long as it's not coming back to winblows), or just possible fixes so I don't have to do distro hopping would be great, and if any info is missing I'd be glad to add it, just let me know what I should run on the command line, thanks for any help in advance.
To disable secure boot u have to put supervisor password in uefi, set to any u like 1234 otherwise this option on laptops often locked without password,then disable it
Then install any disto u like,I am using cachyos(arch based) but it's up to u what to use
Also are u sure game using not integrated gpu? And use nvidia
Thank you! I didn't realize that could work (I had to disable the enforcement option and that made [Secure Boot] turn off as well), interestingly it made the [Hybernate] option pop out in the start menu on Plasma, I think I'll try a bit more on openSUSE before deciding if another distro could be what I need but the gradual lag seems to be a Steam Overlay issue, otherwise I happened to be testing CachyOS with XFCE on a virtual machine and I really liked it.
And yeah, I check with nvidia-smi and there's also noticeably different performance if the game is offloaded or runs on integrated, its EXE shows up on the output when it's offloaded.
Hello from the owner of a 2018 Gigabyte Aero 15Wv8! Neat to see these less common Gigabyte laptops being used with Linux.
That UEFI looks a lot newer than the one on my machine, so I am not 100% sure, but I would assume disabling "enforce secure boot" would be the same as disabling secure boot. Other folks may know more, but I cannot think of any reason why turning it off would brick your Linux install.
As for XFCE vs KDE, I would say stick with KDE/Wayland unless you can really not find any workaround. The difference in resource usage between DEs is probably not significant enough that it would make a difference on a machine with 16GB of RAM and a relatively recent CPU. I mostly see that advice given for older machines with very little RAM.
I'm not sure about that game or the gradual lag issue. A quick google shows someone describing a similar-sounding issue in this Linux Mint forum thread, though. Maybe some of the suggestions there might help? They mention some stuff around LD_PRELOAD= with various parameters in Proton.
Hi, that's nice!
But sorry for the delay, I needed some more time to test, I did try LD_PRELOAD="" but I was hoping I wouldn't need it since I prefer Steam's screenshot tool from their Overlay, as I can quickly take screenshots in a row and quickly view them without leaving the game.
I'd prefer Plasma as well although trying other DEs would be a nice experience, but I was able to disable the [Enforce Secure Boot] that also disabled [Secure Boot] in itself (interestingly it made the [Hybernate] option appear in the start menu on Plasma) after testing anon5621's suggestion, then I left the game mostly idling for a little over 2 hours without LD_PRELOAD="" while I had some things to do, played a bit, and the gradual lag didn't happen at all (the game was consistently above 60FPS), I tried bringing in and out the overlay a few times but nothing, I might need to do more testing like maybe take more screenshots when I plan to play WuWa or something else for longer one of these days, but I'm pretty sure I idle'd before with the game open and it lagged later anyways (before disabling [Secure Boot], that is) and now it's not...
At any rate, thanks for the suggestions, here's a screenshot of the game with Mangohud overlay after that +2h test.
Wuthering Waves 20251207 003601 hosted at ImgBB
Image Wuthering Waves 20251207 003601 in the af1899's images albumImgBB
it seems to happen primarily when I try to move the mouse regardless of the situation (if I’m in dialogue or exploring, but it’s the worst when fighting), and during cutscenes where they always play slowly and voices go out of sync
There was an issue with the Steam overlay that happened when they added the screen recording feature. After about 25 minutes any input will cause a delay in rendering the current frame.
You can disable the overlay or add LD_PRELOAD=“” to your launch options, if this is the problem
Spectacle
Flameshot is pretty good too
About [Secure Boot], here’s the related settings I found in the BIOS settings, but I forgot one more option and it’s like a boot list with two entries about openSUSE, one has “secureboot” on the name and the other doesn’t, if it helps I’ll add a picture of it to that album.
Try booting with the non-secure boot option then
cat /sys/firmware/ipl/secure1 means secure boot is enabled, 0 means disabled.
If it’s 0 then you could use any distro, regardless of secure boot support.
LD_PRELOAD="" did work but I was hoping I'd be able to keep the Steam Overlay for its screenshot utility (I use it a lot), but it appears to be fixed now thanks to the others' suggestions here, after finding how [Secure Boot] is disabled.
That file doesn't seem to exist (in fact the ipl directory isn't even there), but probably because I managed to make that change, the game seems to be working normally as I said in another reply as it's running consistently above 60FPS, I'd like to test one of these days again before marking my question as solved (taking more screenshots and playing with less idling).
Otherwise here's a screenshot of a test without LD_PRELOAD="" after a little over 2 hours of having the game open.
Thanks anyway!
Wuthering Waves 20251207 003601 hosted at ImgBB
Image Wuthering Waves 20251207 003601 in the af1899's images albumImgBB
Disabling Secure Boot fixed it? That is very interesting.
Glad you got it solved! 😀
Very first thing: see if the Nvidia driver is actually loading properly by running nvidia-smi and see what it says.
You may have the Nouveau driver loaded instead, which you can check with: lsmod | grep nouv
Thanks, I actually ran nvidia-smi on multiple occasions, I did while I was figuring out the launch options to put in WuWa and ensure it's being offloaded.
But here's the output of these commands right now while the game is running with Mangohud to show FPS, thanks to help from others here, I was able to work it out by disabling [Secure Boot] but I'll test some more when I can to ensure it's all working and mark as solved.
I had the propietary driver set up with help of the openSUSE wiki here.
Although seem to have solved your main issue, I have a few comments on your Steam Run command.
For one, I think VK_DRIVER_FILES=/usr/share/vulkan/icd.d/nvidia_icd.x86_64.json and your prime-run command are redundant - both of those will do the same thing. Personally, I use neither of those and instead do something like DRI_PRIME=1 %command% (obviously not this exactly always, as there might be other flags, but roughly the idea).
In general, I’d just recommend seeing which of these command flags you really need, because I see people in ProtonDB getting away with much simpler launch commands.
DRI_PRIME=1 and reply after I'm done, but for some reason prime-run did nothing on its own, adding that other variable with the path made the game offload, but that was when I had [Secure Boot] enabled, so things might work now with these changes, we'll see...
glxinfo.
I tested with these launch options: STEAMOS=1 STEAMDECK=1 DRI_PRIME=1 mangohud %command%. I keep the Steam Deck options just in case, since this game has anti-cheat and is officially playable on the Deck.
Otherwise, the game ran on integrated, showing it here.
I also looked around a bit to see how's that variable tested and got this: [output on Pastebin].
I'm fine with the options I have tho! So long as it works for me I'm not complaining, most of the time I'm not looking at them and I can just paste them on a text editor if I need to, thanks for the suggestion anyway.
I know it's late advice, since you already switched from Bazzite, but I've never understood why people have an aversion to adding a layered package to the immutable system.
My attitude has always been: If an update breaks something, the whole point is that I can roll back. I've been running Fedora Silverblue with many layered packages for several years, and the worst thing that ever happened was when I had to delay a system update by a few hours because the latest build of a layered package hadn't hit the repos yet.
Plus, for anything like development work that requires build dependencies, I spin up a toolbox to compile it. The nice thing about the default toolbox is that it's a base Fedora install, so all the system libs are compatible with my host machine. I've found it's often simple to compile a project in the toolbox and then launch the executable from my host system without adding any new layered packages to it.
Ah... maybe for me it's because I didn't get much experience with distros that work like that, I didn't want to mess up things and ignore the warnings they set up on the wiki, before having this laptop I had some familiarity with Linux, but for well over a year it's been mostly running winblows, and a lot of things changed on Linux, so distros that work with layering were a new thing to me.
But for now I'm good on openSUSE after fixing (?) the problem by managing to disable [Secure Boot] with help of the others here, I've gotten a few suggestions on distros to try out on virtual machines so I might end up switching if I feel like doing more testing, but for now I'm happy here. Bazzite still remains as an option so I'll get it back if I need it.
rpm-ostree - Bazzite Documentation
rpm-ostree is Fedora's enterprise tool for managing immutable operating system updates.docs.bazzite.gg
After I left Bazzite i switched to Garuda, which is also gaming and performance focused. I also chose the xfce option, which has been great.
If your are considering switching, give Garuda a look. I'm also on a gigabyte board with an Nvidia card.
With OpenSUSE are you using the open source nvidia driver, or did you add the nvidia hosted repo and install their proprietary drivers?
The nvidia owned repo did work better for me.
But could be memory leak.
For anyone with laptop, and onboard graphics and nvidia RTX I had to install an opensuse swicher package to ensure appa start on the right GPU (right click option on the app)
I forget the app name at the moment, it wanst the bumblebee or optimus, it was something else, Switcheroo maybe.
I'm using the propietary driver, latest stable release as of now which is 580.105.08, I thought it could be a memory leak as well, maybe I should've tried if it happens with other demanding games like this, bur once I could learn how to disable [Secure Boot] it seemed like WuWa remained running above 60FPS consistently (maybe it was blocking something that wasn't signed but I'm not sure).
You must be talking about SUSEPrime, I have it up and running, it provides the prime-run I use to launch the game. I remember trying to set up the dGPU when I had Debian a couple months ago, and it didn't go well (Bumblebee was among the stuff I tried), my games weren't off-loading unless they had a native Linux version, like ETS2.
GitHub - openSUSE/SUSEPrime: Provide nvidia-prime like package for openSUSE
Provide nvidia-prime like package for openSUSE. Contribute to openSUSE/SUSEPrime development by creating an account on GitHub.GitHub
Could be signing, if removing secure boot changed behaviour. The proprietary nvidia kernal module needs you to enroll the key in MOK interface at boot after an install or some updates.
You should have gotten a blue screen at boot that said options like, continue or enroll MOK, delete MOK, cancel, etc.
Hi all, I'll mark the question as solved, was just playing for over an hour with Steam Overlay on, sometimes multitasking and when playing still taking screenshots and randomly bringing up Overlay, and performance has been consistently on 60FPS (or above it if I set it in-game to 120 but I tweaked the settings recently), there's rare cases in which the FPS drop to 40~45, normally on fights with a bunch of enemies grouped nearby (on that I get 40), then I think probably on some places I get 45? But I think I'm happy with the main issue having been fixed, and that's good enough for me.
Now that I have [Secure Boot] disabled I might give another distro a try, maybe Nobara or CachyOS. 🤔 If anyone has any suggestions on the issue above or distros to test, feel free to share, for now I haven't planned to move so I'll be here on openSUSE for the time being.
Thanks for your suggestions and help!
PhotoStructure vs. PhotoPrism
Hi everyone
Do you use PhotoStructure or PhotoPrism? And why?
I would like to index all photos which I've taken with a DSLR (JPG and RAW).
I used photoprism briefly, and it seemed okay, but my use-case was porn so I switched to stash.
If you want a Google photos clone, most people use immich.
Tried photoprism, then tried immich. Never went back.
Easier installation, easier management, more polished, just better overall
I used to use photostructure. I like its appearance and feature set (and the developer is a super nice guy), and really like how it leaves my asset files alone but works with sidecars, but i stopped using it because I only use open source software now.
I currently use Immich* and really like its appearance, features, self-hostability, but dislike how it manages the asset files. Even if i add my assets as an external library, which immich will theoretically not manipulate, the immich apps on iOS and Android will only upload images to a sifferent library that Immich manipulates. I'd have to ignore Immich's upload feature and roll my own, which is annoying.
*I realize Futo's license is not really FOSS. Disapppointing, but at least not peopeietary and secret.
I realize Futo's license is not really FOSS. Disapppointing, but at least not peopeietary and secret.
Two points to that:
1. Immich is licensed under the AGPL3.0, not the FUTO license.
1. If it's not FOSS, it's proprietary, no in between. Even if it's source available and open to public contributions, it's still proprietary. As far as proprietary goes, I'd say it's a good place to be, but proprietary nonetheless.
Half of the US Now Requires You to Upload Your ID or Scan Your Face to Watch Porn
As of this week, half of the states in the U.S. are under restrictive age verification laws that require adults to hand over their biometric and personal identification to access legal porn.Missouri became the 25th state to enact its own age verification law on Sunday. As it’s done in multiple other states, Pornhub and its network of sister sites—some of the largest adult content platforms in the world—pulled service in Missouri, replacing their homepages with a video of performer Cherie DeVille speaking about the privacy risks and chilling effects of age verification.
Archive: archive.today/uZB13
Half of the US Now Requires You to Upload Your ID or Scan Your Face to Watch Porn
As of this week, half of the states in the U.S. are under restrictive age verification laws that require adults to hand over their biometric and personal identification to access legal porn.Missouri became the 25th state to enact its own age verification law on Sunday. As it’s done in multiple other states, Pornhub and its network of sister sites—some of the largest adult content platforms in the world—pulled service in Missouri, replacing their homepages with a video of performer Cherie DeVille speaking about the privacy risks and chilling effects of age verification.
💡
Do you have a tip to share about age verification? I would love to hear from you. Using a non-work device, you can message me securely on Signal at sam.404. Otherwise, send me an email at sam@404media.co.The other states include Louisiana, Utah, Mississippi, Virginia, Arkansas, Texas, Montana, North Carolina, Idaho, Kansas, Kentucky, Nebraska, Indiana, Alabama, Oklahoma, Florida, South Carolina, Tennessee, Georgia, Wyoming, South Dakota, North Dakota, Arizona, and Ohio.
“As you may know, your elected officials in Missouri are requiring us to verify your age before allowing you access to our website. While safety and compliance are at the forefront of our mission, giving your ID card every time you want to visit an adult platform is not the most effective solution for protecting our users, and in fact, will put children and your privacy at risk,” DeVille says in the video. On the blocked homepages there’s also a link to an explanation of the “Restricted to Adults,” or RTA label, which porn site administrators place on their sites to signal to device-based parental controls that the websites are inappropriate for minors.
Like most of the other 24 laws across the country, Missouri’s age verification law requires websites containing more than one third of material that’s considered “harmful to minors,” or sexual content, to perform age verification checks. Similar or more restrictive laws have swept the country since Louisiana became the first state to enact age verification legislation in 2023.
Age Verification Laws Drag Us Back to the Dark Ages of the Internet
Invasive and ineffective age verification laws that require users show government-issued ID, like a driver’s license or passport, are passing like wildfire across the U.S.404 MediaEmanuel Maiberg
Age verification laws reach beyond porn sites, however. In Wyoming, South Dakota, Mississippi and Ohio, where the laws are written broadly enough to cover social media sites and any platform hosting adult content, Bluesky users have to submit to a face scan by the third-party company Yoti or upload a photo of their credit card to verify they’re over 18 years of age. In July, Bluesky started requiring all UK users to verify their ages in response to the Online Safety Act. We’ve previously reported on the security risks in uploading sensitive personal data to identity verification services, including the potential for hackers to then get ahold of that information themselves. In October, after Discord started requiring UK users to verify ages, the platform announced hackers breached one of its third-party vendors that handles age-related appeals, and said it identified around 70,000 users who may have had their government ID photos exposed as part of the breach.Last week, Pornhub’s parent company Aylo sent letters to Apple, Google, and Microsoft, urging them to support device-based age verification in their app stores and operating systems, WIRED reported. “Based on our real-world experience with existing age assurance laws, we strongly support the initiative to protect minors online,” Anthony Penhale, chief legal officer for Aylo, said in the letter. “However, we have found site-based age assurance approaches to be fundamentally flawed and counterproductive.”
Instead of protecting minors, age verification laws spike usage of virtual private networks and send users—including, potentially, minors—to unregulated or unmoderated sites that don’t care about complying with U.S. or UK laws. In Missouri, searches for VPNs spiked following the law’s enactment.
Missouri schools are not required to teach sex education, leaving it up to local school boards to decide what, if anything, children are taught about sexual health. School districts that do teach sex ed are required to promote abstinence, a modality long recognized as ineffective at protecting children from engaging in risky sexual behaviors. Even if a district offers sex ed, parents are allowed to pull their kids out of that class altogether. But despite research showing age verification laws don’t work either, Missouri Attorney General Catherine Hanaway believes forcing adults to undergo age verification protects the children in her state. “We are proud to stand on the side of parents, families and basic decency. Missouri will not apologize for protecting children,” Hanaway said in a press release.
Do age-verification laws work? Not according to this study.
People seem to be working around them, according to their Google searches.Anna Iovine (Mashable)
like this
Auster, chookity, andyburke e deliriousdreams like this.
like this
Australis13, Auster e deliriousdreams like this.
like this
deliriousdreams likes this.
like this
deliriousdreams likes this.
soon we’ll have no states to vpn to
I've yet to see any state legislature take that proposal seriously. Unlike trying to make porn sites take your credit card info in advance (a policy they hated so much gosh darn it!) you're really fucking with the money when you try and regulate VPNs. Also, just... not really that practical. For the same reason Congress has been pretty toothless when it comes to regulating Torrents and digital encryption, going after VPNs at the regulatory level is something of a technological rabbit hole.
then all the websites will be in French
Nothing will ever make anyone on the internet learn a language other than English.
like this
deliriousdreams likes this.
I’ve yet to see any state legislature take that proposal seriously
snekerpimp meant if every state requires ID, then VPN to another state will not get around the ID check.
like this
deliriousdreams likes this.
Setting aside the fact that there's no appetite for these laws in liberal states because its purely a conservative fetish, you can still get porn on the internet without going to the big corporate online clearinghouses.
FFS, there was porn on Napster back in the day.
like this
deliriousdreams likes this.
Why California is moving to make porn sites check ID
A California bill that would require porn site visitors to show an ID or verify their age with a credit card or software is moving through the Legislature.Ryan Sabalow (CalMatters)
There’s no appetite for these laws in the voter public of any state
Evangelical right-wing states have a huge contingent of politicians who compete with one another to be the toughest on "child sex trafficking" and other Epstein-tangential topics. So, in the GOP primary, you get a lot of promises about how you're going to round up all the pedos and put them to the sword or whatever. And this inevitably manifests as "please insert your dick into this pepper grinder to access the pornography" laws, as a sort-of practical compromise.
Is California no longer liberal?
Current Status: Failed (2024-08-15: In committee: Held under submission.)
Looks like they're retaining their title. That said, if you peak under the "Supporters and Opponents" what you're going to see in the Supporters section is a litany of right-wing evangelical organizations and a couple of mega-corps.
They may resort to just blanket ID-checking everyone rather than risk prosecution.
The current strategy appears to be refusing to host content in the regulated states. Even then, there are plenty of social media and general content distribution channels that dodge the regulation by claiming to be content-blind in how they serve their data. I don't see Facebook or YouTube getting the business end of any of these regulations. Almost as though they're toothless if you've got enough money to tip your Congresscritters.
AB 3080: The Parent’s Accountability and Child Protection Act. | Digital Democracy
Digital Democracy overview of bill AB 3080: The Parent’s Accountability and Child Protection Act.calmatters.digitaldemocracy.org
Evangelical right-wing states have a huge contingent of politicians who compete with one another to be the toughest on "child sex trafficking" and other Epstein-tangential topics. So, in the GOP primary, you get a lot of promises about how you're going to round up all the pedos and put them to the sword or whatever. And this inevitably manifests as "please insert your dick into this pepper grinder to access the pornography" laws, as a sort-of practical compromise.
I'd say rather than a compromise, the "protect the children!" porn bans are an excuse to go after LGBTQ content by marking any and all content related to them as explicit and demonizing them as pedophiles going after children. They don't care who it hurts along the way.
Napster was audio only.
It was file type specific and had a soft file side limit, but that's easy enough to work around.
Did you mean limewire, or kazaa, or one of the many napster clones that came after?
They all had it as well, yes
like this
deliriousdreams likes this.
Interesting…all of it? I’m in Ontario but my hub/ISP is in Quebec so all my random advertising is in French.
Somehow it knows to target advertising to you in English…maybe you need to work on your privacy?
I've got a lot of privacy stuff, but I also know that I'm being tracked. I'm not using the VPN for privacy though. I'm using it to watch porn, so I don't really care. If I did want privacy there's a lot of things I could improve, but I'm not that worried about it.
As for the targeted advertising, I don't see any of that. I wouldn't be surprised if that were in French but I wouldn't know.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
like this
deliriousdreams likes this.
States are also considering banning VPNs now as well.
Well, some legislators have proposed taking wack-a-mole to the next level and demanding all VPNs be certified and regulated. But good luck getting that passed through the Silicon Valley Presidency or the Ancap Courts.
like this
deliriousdreams likes this.
like this
deliriousdreams likes this.
As a watcher from the outside:
It might not be fun to hear but vpn is neither the solution to government oppression nor a solution against tracking (recently there was a good article regarding that) so all you do is pay more.
Ironically? If we were a less prudish society this genuinely wouldn't matter.
"Oh no! Sarah likes threesome porn. Uhm... okay?"
like this
Auster e deliriousdreams like this.
like this
Auster e deliriousdreams like this.
And there are so many of those these days that a new one genuinely doesn't matter.
If you haven't been offered a free year of identity theft insurance recently? Some company/org is plugging their ears.
SSNs are a fundamentally broken system (look it up). Photo IDs? I will guarantee you that if you go to ANY city there is someone at the DMV who will look up whatever you want for fifty bucks. The ONLY reason credit card fraud is less massive than it is (and it is MASSIVE) is because the CC companies put in the effort to monitor that and lock it down.
EVERYONE should have their credit records locked unless they are actively applying for something.
No. the issue with these is that we live in an increasingly christofacist society where even looking at porn makes you Unclean. And if you look at the wrong porn? Off to the reeducation camps with you!
Um, having direct access to pull my government photo ID is a huge deal. Lots of online services require photo ID or other more in-depth verification to pull loans and stuff. So yes, this new vector IS a serious concern.
And paying someone $50 at any DMV? C'mon, man, that sounds like some unfounded bullshit. Hardly anyone is going to risk a cushy government job with solid benefits and great hours for fucking $50, let alone the potential risk of going to jail.
like this
deliriousdreams likes this.
Your "government photo ID" really isn't all that useful unless people are skilled enough to make fakes (which is a whole different mess). What matters is your SSN, your credit card number, your address, etc.
And those are basically everywhere.
As for the DMV thing: You sweet summer child.
Huh?
If you go to a bar with an ID you cut out of printer paper, they are going to throw your ass out Jazzy Jeff style. The actual ID isn't useful without a LOT of additional resources... at which point your photo means almost nothing.
As for stuff like addresses? Again, that is basically EVERYWHERE because just about EVERY org has a data breach at least once a year. You might as well be saying people need your long form birth certificate to know what your name is.
Like... I'mma be blunt with you. A lot of the "your photo ID is the most important secure thing ever" nonsense comes from republican chuds trying to disenfranchise voters who live in cities. It is the idea that your photo ID is some magical artifact that protects you when the reality is that it is basically just a way to tie your name to your face. All the pertinent information is everywhere else.
Like... photo IDs tend to be one of those weird cases where we are ACTUALLY using biometrics (in this case, appearance) as a login rather than a password. Anything of value will just use that to cross reference you with an entry that is already in a system.
And in terms of the actual avenues for fraud? That ID doesn't mean shit.
my dude nobody is using a stolen identity to go to a bar. they're taking out lines of credit and you don't have to always present a physical, photo ID for those because there are entire industries of creditors that have no physical location. you don't even seem to be aware of the reasons why someone would bother stealing someone's identity so if you'd like to continue this argument I invite you to have it with yourself.
edit: and MAJOR lol at using a bar as your example. establishments well known for being sticklers about the quality of fake IDs you "sweet summer child"
And legit creditors just need your SSN, address, and maybe an old address. They run a credit check (hence why you freeze that shit) and then you are driving away in your 4k a month pickup truck.
And less legit creditors... don't ask too many questions other than where you live and where your loved ones love.
But hey. Feel free to throw a hissy fit rather than think through why that plastic card actually doesn't matter anywhere near as much as you thought it did. I mean, it would be nicer if you could actually sit and think and learn. But this is the 2020s. Ain't nobody doing introspection.
As for the DMV thing: You sweet summer child.
Lol, dude, I'm in my early 40s. Go to the DMV and try bribing a government official and report back. Please. I beg of you.
like this
deliriousdreams likes this.
like this
deliriousdreams likes this.
Yikes! You dug her up just to get a piece?
I mean, far be it from me to kink shame, so...to each their own, I guess.
¯\_(ツ)_/¯
Yeah, yeah, straight heterosexual intercourse is gay or something. I guess?
But the real question is - who fucking cares?
( ͡~ ͜ʖ ͡°)
Lol, sorry, I should've added an '/s' on my reply!
No, I got it, just was being way too sarcastic for text.
¯\_(ツ)_/¯
Edit: I ain't straight. Or gay, or bi, or pan. Fuck labels, man! I don't fit into their tidy little boxes, and why should any of us?!?
In Soviet Russia, wife fucks you!
......wait, what?
Hey, part of growing and learning is understanding that failure is only a step in the process. Keep at it, brother. When making jokes, I always try to remember this: "If you're going to be offensive, make sure you are more funny than you are offensive. Just being offensive isn't funny."
Now get back in there and make some god damn jokes.
That will protect the children, for sure.
If I lived in the US, I'd be far more concerned about sending my kids to school but whatever.
Sure, but that is more of a Christian church problem over a US one. There are plenty of cases where I'm from too, and also a few recent scandals with private Catholic school, so I'd tend to shit on the Vatican rather than the US on that particular one.
I just can't imagine thinking my children could get shot every time they go to school.
Damn, I'm sorry to hear. I have seen a couple of your posts around, and yeah, let's say I know this struggle.
It can get better, I hope it does for you.
I suppose dvd order porn will become a thing once again.
Or alternatively we can start sharing bootleg USBs with our friends.
The Internet had begun its enshitification stage, as governments look to control and lock down access to the internet people will find new and creative ways to bypass these barriers. For one, things like Tor or going back to DVDs and physical media might get more main stream.
I don't think we're ready for the drives unless it's some weird hippie business that uses a reuse redemption program.
Thumd drives are twice the cost or more and only have a 5-20 year life expectancy vs DVD of 30 to 100+ years.
So thumb drives only makes sense as some sort of transfer service
Sure enough the vast majority are Republican shithole states, although Virginia and Arizona are a surprise.
It's not that it's immortal to want IDs for porn (although GOP generally is immortal), it's just so... technologically stupid. The red states are stupid states.
I'm going back to physical media. Guess that will include my porn soon too.
Hmm, might actually still have some old playboy somewhere 🤔
Someday, we will be using AI to generate fake IDs and faces, simply because our governments refuse to respect our privacy. They will have uncanny resemblance to political critters who enacted the surveillance.
As with everything born of enshittification, I do not know if this is to be a lame joke or reality. 😒
Someday?
People were literally doing that day 1 of the first of these new ID laws. Also using video games that use real likenesses of people like uploading pics of Norman Reedus from Death Stranding 2. lol
this-person-does-not-exist.com saved me from showing youtube my face
.../s
.../?
You must send me a copy of your photo ID before viewing the rest of this comment:
::: spoiler Tap for spoiler
(.Y.)
).(
( # ):::
All this actually does is push people to porn sites outside of Missouri's jurisdiction and/or sites that don't give a fuck about being "legitimate businesses" or whatever. It's effectively prohibition and the outcome will be the same.
This shit never actually makes anyone safer, it just draws more normal users to seedier parts of the internet.
I mean......by that logic their ramblings make sense. Porn to them is child porn. So if all porn is child porn (in their minds) then blocking access to porn isn't a bad idea.
The whole thing falls apart however if they were to realize that most people DO look at porn, but most people DON'T look at child porn.
I watch porn most days. I've never in my life had any desire to restrict others ability to watch porn.
But then again, porn for me is a woman fucking a dude in the ass, or 4 women standing around another woman who's tied up and they're tickling her until she screams bloody murder.
You know. Normal shit. Harmless shit. Fill in the blank of your own kinks, but at no point do kids come into play in my mind.
If I equated "porn" to "child porn" then yeah, I'd be trying to pass those laws too. But that says more about the way they think than anything.
Especially when you consider that schools are one of the most common places for public shootings, but you don't see them racing out to pass common sense gun reform laws.
It's such a hard problem to tackle, when you're self defeating in your attempts. No other country has this issue.
For anyone curious, the privacy video is in their latest(?) blog post on their site. It should be viewable anywhere as it's outside the NSFW area and before the 18+ notice.
(Just bear in mind that while it should be SFW, it is still under a porn-site's domain.)
pornhub.com/blog/age-verificat…
Age Verification in the US
We continue to block access to Pornhub in more states that have passed age verification laws.www.pornhub.com
Is there any organized fight against this? I feel like open access to porn is something people can get behind (pun intended).
People could literally put porn in everything until it's reversed and put their red state into porn overload. They could slip porn between the pages of the newspaper,or drop a copy of bad babysitters 5 in every DVD player in best buy at the same time. They could mass mail stills from 2 girls 1 cup, goetse, and blue waffle to their Congress people. They can wear the raunchiest t-shirts they can find and pack a town hall. These assholes already created a climate where woman are (understandably) even more afraid to have sex, now they want to lock down porn too. I'm not a degenerate because I watch porn; I'm a degenerate because I in ironically enjoyed Spongknob Squarenuts. But degenerate or not, I believe freedom of inquiry is important and I want to know exactly what she If you are gonna strip people of their economic output, abuse workers, stifle culture and art, etc, you at least have to give people a blowoff valve somehow. Reading the Bible after a double shift at work isn't gonna get anyone hard except maybe JD Vance and it probably still comes second to furniture warehouse ads.
Fuck these assholes.
like this
HeerlijkeDrop likes this.
drop a copy of bad babysitters 5 in every DVD player in best buy
Soooooo, 0 dvd players? Best Buy stopped carrying physical media years ago.
bestbuy.com/site/blu-ray-dvd-p…
Best Buy International: Select your Country - Best Buy
Shop online at Best Buy in your country and language of choice. Best Buy provides online shopping in a number of countries and languages.www.bestbuy.com
Online doesn't count since you can't drop a dvd into one...
Best buy stopped carrying physical media in stores ages ago and outside of very out of date stores don't have display models like that anymore.
If you VPN into the UK or Australia, you'll run into the same restrictions.
As more countries pass this kind of legislation, VPNs become less and less of a solution, and they were only ever a solution for people who can afford them.
like this
HeerlijkeDrop likes this.
The problem is that these kinds of laws are becoming widespread. When they become the norm, simply VPN’ing to a different country won’t save you, because there won’t be any “safe” countries.
Shit like this is why I unironically considered spinning up a NSFW Jellyfin instance. At least if I save the degen content like a data hoarder, they can’t legislate away my access.
like this
HeerlijkeDrop likes this.
Parola filtrata: nsfw
Some states have already begun to require sites to detect connections from VPNs and block them.
eff.org/deeplinks/2025/11/lawm…
Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing
It's unfortunately no longer enough to force websites to check your government-issued ID before you can access certain content, because politicians have now discovered that people are using Virtual Private Networks (VPNs) to protect their privacy and…Electronic Frontier Foundation
When I read about this I'm always brought back to the conversation of "internet as a public utility". I hope it's cool if we can take a tangent.
See unlike any of our other utilities like natural gas electricity water and sewage, the only thing that could potentially give any meaningful information about us is our sewage,, and the government already tests sewage for diseases. If we allow the government to "sell" us our internet they would basically be able to know everyone we are "talking too". Also how could we ever have enough regulatory oversight to protect everyone on the internet. Symmetrically if the government wants to have so much regulatory control over our internet it should maybe pay for it.
Like I wouldn't mind even paying another 50 bucks a month extra for "private internet" just so the government can have their free and regulated "public internet". Or would I (・–・)ゞ?
Like I wouldn't mind even paying another 50 bucks a month extra for "private internet" just so the government can have their free and regulated "public internet".
That’s basically how cable TV started. Over-the-air TV stations were ad-supported and public broadcast was largely supported by public funds. Cable TV got off the ground by marketing itself as a commercial-free way to watch.
And then once everyone had switched to cable, they went “hey, why don’t we introduce commercials anyways? I bet people will keep paying for our service if we just gatekeep the media that people have gotten hooked on…” And that’s exactly what happened. They pivoted away from the “commercial free TV” sales pitch, and moved towards “gatekeep media and force people to pay for it” model instead.
Never thought I would live to see this day. Utterly pathetic. I remember even 20 years ago online censorship was extremely taboo.
Making it easy for normies to get online was a massive blunder.
The end game here is to require ID for social media in order to suppress dissent. This is an easy first step due to the longstanding controversy surrounding pornography.
It's all about control.
like this
Lippy likes this.
The end game here is to require ID for social media in order to suppress dissent.
in 7 days, that's what australia will have.
I hope to Darwin social media ends up requiring ID. I believe it would do wonders for democratic discourse. It was only last week, a number of large US right-wing accounts were revealed to be driven from outside the US. Is it healthy for democracies that so many people pay heed to foreign actors?
If you write an op-ed for a newspaper, the newspaper need to identify you as there is an editor who is responsible for what gets written in the paper. This ensures there’s someone who can stand to account for any libellous statements.
With social media we immediately reneged on this and allowed them to wash their hands; “we are just a channel” is a pretty bleak statement to make when the discourse on social media destroys the lives of minorities, encourages suicide, undermines our democracy with AI and troll farm bots.
And we can do this is a privacy preserving way - of course the social media companies feeds the opposite narrative because they don’t want to implicated in the piles of shit they shovel on top of our democracy.
If social media was required to ensure they could tie an account to a real person, which they needn’t reveal unless forced to by a court order, we would know that we were engaging with a real opinion, not something coughed up by a Putin-run AI bot or a Chinese troll farm.
The system required isn’t that complex.
A social media
- a social media company is opening a new account.
- it sends the person opening the account to any of the multitude of ways we can already verify identity online.
- the person is identified and issued an identity token, which gets sent to the social media company.
- the social media company says “great, this person is real and we can, if required by a court order, work with the identity company to reveal who this person is is”. Right now, all the social media company has is a token.
- the account is opened.
In a system likes this, the identity company doesn’t know who the person is; that sits with the social media company.
Nor does the identity service know which account is actually posting for this real person, all they know is they verified someone as part of an account opening process.
Social media should be treated like the press - make them accountable for what gets posted and allow them to place this accountability on a real person by labelling posts “op-eds” if, and only if, they know who is doing the posting.
We are letting large, anonymous money-men ruin our democracy behind the veil of “free discourse”. It’s not free to the many people who gets harmed by it.
It's all fun and games until the government decides that it really doesn't like dissenting opinions. We've already seen serious erosion of 1A rights in the U.S.
It would be one thing to have this in a world with benevolent leadership. But that isn't the world we are living in.
It would be one thing to have this in a world with benevolent leadership. But that isn’t the world we are living in.
So, Fantasyland, then. The closest anyone gets to benevolent leadership is their own parents, and that's only maybe 50-50.
The closest anyone gets to benevolent leadership is their own parents
Which just so happens to be the people who should be responsible for monitoring internet usage. This is a job for parents, not the government.
That's the point.
You, as a common citizen, should not have to. But the moment you feel like to share your thought or opinion, you should be identifiable and made responsible for it.
The current social media outlets shield behind the argument they act solely as channels while at the same time fostering and allowing for "anonymous" groups or individuals to spout whatever views they want, often views that deter from advancing social and civilizational progress. Hence the current state of the world, with authoritarianism on a rise and hight like there wasn't in nearly 70 years.
When the internet was made of individual websites, the person behind it was automatically made responsible for whatever they put on it. That was fair and reasonable.
Pushes like this, is assigning suspition/guilt before any wrong doing.
I will grant the overall facilitated acess to pornography is damaging the kids. There are already enough studies showing how the early access to porn is related to bad interpersonal relations on social, emotional and sexual level.
But this does not imply you should be identifying yourself to access adult content or anything on the web. Just impose curation. If it's available to the public, you're responsible for it.
Old school "dirty" books and magazines stores had controlled access and the really hardcore stuff was well out of reach of who should not get to it. Free porn is nice but there are things available that should be behind pay walls or at least registry, with identity verification.
If your point is to stifle dissent, then sure. Whoever controls the narrative will make contradiction look unacceptable. If your name is tied to an opinion that may be construed as contrary to the dominant narrative, you will hesitate to post it, and if you do post it, then you will be taken down with very real consequences because of that tie to your real identity. Employers already look at social media to determine if your behavior is considered acceptable to them, even if you keep your professional life completely separate. Your proposal only destroys free speech further by making it worth less and less the cost of expressing.
Make no mistake, the excuse of protecting children from pornography is just that, an excuse, to restrict freedom of speech by putting into place the mechanisms to identify people and strike at them for daring to express their opinions. Pornography being in the form of books, magazines, tapes, DVDs, whatever physical media did not necessarily control access. There are many with stories of how they managed to gain access as children, either through a parent's collection or otherwise. Similarly, this internet ID bullshit can be defeated, but it'll be backed by stricter and stricter legislation to make defeating it illegal and they won't be prosecuting children or the companies providing the ID verification service, they'll be prosecuting adults using tools to defeat these mechanisms to express their opinions.
No, it's not my point, although there is a difference between expressing ideas, no matter how contrarian or controversial they may be, and spouting hate or other positions detrimental to advancement.
I am aware of what you mention of companies sniffing for the social media of employees and potential applicants. It is a shameful practice. And if it is illegal in my country, has it is viewed as trespassing on one's privacy, it should be as welll any and everywhere.
Nobody should be ashamed nor afraid of expressing their opinions and ideas. Unfortunately, freedom of expression is often confused with the hability of saying whatever one feels like it, which is not.
What you describe (and fear, I take) is persecution. And that already tells whatever system an individual lives in is already deep into veering towards blatant suppression of rights. The US case is so off the rails it deserves an entire category to itself but it is only one among too many.
On the question of banning access to pornography I am completely against it. Yet I can not and will not deny the amount of evidence that supports that early and easy access to it is in fact tainting how people in general and kids in particular understand how relations are constructed. Pornography is really good at teaching wrong things. Nothing against it per se, it can be fun, but it should be consumed just like sugar, tobbacco and alcohol: in moderation and knowing of its ill effects.
I personally started reading erotic books much sooner than it was supposed. I recognize that curiosity towards sex and sexuality is ingrained in what makes us humans. I'm not advocating for banning adult material of any sort. What I would like to see would be clear boundaries for that specific content, for it not reaching those who are not expected to access it unware. It can't be written off to caveat emptor. Even less because a lot of it is "free".
The web is as it is today in great measure due to porn. There was a lot of money being poured into technology to facilitate access to it and in high definition. Let's be thankful for it but that is it. It can be almost ubiquious nowadays, along with casinos and crypto. It's too much and too much of a good thing is bad for everyone. Remember death by snu-snu.
I have no illusion we, as a species and a civilization, are going through a very dark period. Again. All the prior should have been able to sink in the lesson but we are either too sttuborn or too stupid to learn. Censoring, wide spread control of ideas, knowledge and thought is detrimental to a fair and free society.
Excuses like "protecting children", "fighting terrorism", etc, are, as you correctly said, excuses to make advances on individual rights and liberties. But we should be as concerned by now that companies do whatever they can to reach their goals and we are being force fed too many things that are not good for us. Two wrongs don't make a right but something has to change. Perhaps ceasing to be afraid of being responsible by one's own ideas and words would be a good start. Maybe stop feeding social media would be another. And perhaps reigning in companies on bad practices could be another.
If this doesnt make people stop using those sites, nothing will. 😀
And yeah, like others have said, its of course a system that will be used to control people and remove semi-anonymity from the web.
Try reading it instead. Go old school. And while you're at it, write yourself and share it. Bring back the times of hand to hand banned knowledge sharing.
But now seriously: that is completely stupid.
As anyone considered the amount of money that "industry" generates. Considering the US is so economy driven and concerned with jobs, maybe that argument can raise concerns.
Pricing
Free the internet from mass surveillance and censorship. Fight for privacy with Mullvad VPN and Mullvad Browser.Mullvad VPN
Fortunately lawmakers think all internet porn is on PornHub and that you find it by going to w-w-w dot yahoo dot com and typing "sex video" or "naked ladies" in the search thing.
The only porn they have experience with are polaroid photos that they got from a friend who knows a guy who makes tasteful art for clients with "particular tastes."
Conservative lawmakers don't know anything about porn, because if they ever recorded themselves fucking and the recording got out, they'd go to jail for statutory rape.
They're generally very comfortable around Grindr though.
I would like to dispute the primary supposition here that pornography is harmful. The use of pornography is nearly universal, and most of the harms that it supposedly causes are symptoms of other issues, or are invented to impose control of sexuality. The ability to reach out with the power of the law to impose religious edicts or project sexual hangups is one of the most esoteric, yet effective, forms of political control available other than violence. If you can control the way that people express their sexuality, you can probably also control their views through the monetization and restriction of sex.
Sexuality and privacy are human rights, and the creation of and access to pornography is protected by the first and fourth amendments under which so-called “age verification” is an unnecessary and excessive burden. If the idea is to prevent access to children, ask yourself why now all adults must now have their access prevented or interrupted.
Furthermore, it is not the state’s role to control childhood sexual development, and the idea that porn is harmful to minors is debatable at best and dubious at worst. Access to objectionable material is solely at the discretion of parents. The fact that they cannot effectively manage this is a symptom of another problem.
When Meta shows teenage girls makeup ads after they delete their selfies, or streaming apps are flooded with violent movies that are easily accessible to minors, this is acceptable. But when I want to watch porn it’s now my job to “protect minors” by compromising my privacy and security?
The real “danger” here is the availability of ideas that do not align with state power.
I think i agree for the most part.
These energies would be better spent ensuring that porn stars aren't being exploited and have access to appropriate support.
No offence to anyone, but this post strikes me as coming straight from a spokeperson for Aylo (formerly MindGeek). A mix of baseless claims and straight up misinformation, that happen to align with the company's business model.
You speak as if porn sites are analogous to social media and it's perfectly normal to record your experiences and post them online. Which it absolutely isn't, anywhere in the world. 'Expressing your sexuality' and porn are entirely separate and have very little to do with each other.
It is widely known and confirmed that pornographic content comes with a broad spectrum of negative effects, especially for children and adolescents. The latter really should be common sense in 2025. Watching porn isn't always bad and can be beneficial in some ways (as some sources below even highlight), but those cases represent a small minority.
Below are some quotes and just a few out of countless sources providing much more reliable information on the topic of pornography's effects. I strongly recommend reading at least some, because this comment is like ignoring decades of scientific literature and traveling in time back to the 1700s.
Prolonged exposure to pornography is known to lead to habituation, resulting in blunted processing of pleasurable stimuli and greater sensitivity to negative stimuli (21). Continuous use of pornography impairs emotional processing capacity and flattens affect, reducing emotional connection to real-life sexual experiences.
Source: Impact of pornography consumption on children and adolescents
Research shows that frequent porn use hijacks the brain’s reward system and changes the brain’s structure, much like addictive substances.This means that prolonged pornography use can weaken natural pleasure responses and reinforce compulsive behavior.
A 2014 study found that heavy porn users showed significantly reduced activity in critical areas of the brain responsible for motivation and impulse control, suggesting long-term neurological rewiring.
Source: The Hidden Cost of Pornography: How It Shapes Your Brain and Behavior
Age of first exposure was significantly associated with reported need for longer stimulation and more sexual stimuli to reach orgasm when using pornography, decrease in sexual satisfaction, and quality of romantic relationship, neglect of basic needs and duties due to pornography use, and self-perceived addiction in both females and males. (...) In the opinion of most of the surveyed students, pornography may have adverse effects on human health, although access restrictions should not be implemented.
Additional sources:
- 10 Negative Effects of Porn on Your Brain, Body, Relationships, and Society
- Affection substitution: The effect of pornography consumption on close relationships
10 Negative Effects of Porn
Think porn isn’t affecting you? Science says otherwise. Discover 10 ways your porn use might be impacting your relationships—and your brain.Fight the New Drug
Assuming what you're saying about the harms of consuming pornography, is it the state's responsibility? Is it a top priority? Do we trust conservatives to implement a solution in good faith?
The answer to all of those I think is no.
There's no analogous ID check for violent media, so far as I know.
There could be a raging wildfire and I would hesitate if a Republican said "let me deal with it". They are fundamentally untrustworthy.
That's on top of the deep irony of the same party that goes on about "small government" and "parents rights" is typically the same one pushing draconian anti-porn laws. It's a joke. "A government small enough to fit in your bedroom". Their motivations are so corrupt I am extremely skeptical of anything they propose.
Prolonged exposure to pornography is known to lead to habituation, resulting in blunted processing of pleasurable stimuli and greater sensitivity to negative stimuli (21). Continuous use of pornography impairs emotional processing capacity and flattens affect, reducing emotional connection to real-life sexual experiences.Source: Impact of pornography consumption on children and adolescents
This is disingenuous. This issue is caused by prolonged use, as in unhealthy addictive behavior. Framing it as a result of porn access in general is flagrantly dishonest.
Actually it seems like all of your points regard excessive and unhealthy usage. You're portraying these as results of any level of exposure and that is blatantly dishonest.
Why not also the company that does the IDs?
And hell, also the porn site?
Its all a big money making scheme. Security theater bullshit.
ITT: People who don't realize the advanced nature of fingerprinting that makes VPNs nearly useless in an authoritarian environment
Browserleaks - Check your browser for privacy leaks
BrowserLeaks is a suite of tools that offers a range of tests to evaluate the security and privacy of your web browser.BrowserLeaks
I'm not against proper age verifications as such, it would be like carding people in a store or a bar. But I just haven't seen an implementation of it that isn't prone to being a privacy nightmare and surveillance state shit.
I know there's some systems that generate a token that verify that you are 18 and you give that to the site, so neither side directly meet so to say. The site knows only that you have a valid token for being 18 and the app or service you use to generate the token knows just that you wanted to token for something. I think Spain was figuring out a system like that.
When you are carded at a club the staff doesn't scan your card and keep it on file. They simply look at it and return it.
As someone who worked similar jobs and would have had to look at tons of IDs every day I can assure, I dont have the time or interest in remembering all of them.
I think people don't realize just how dangerous this shit is until they have been affected in some noticeable way, and even then they will not link just how the incredible amount of surveillance they are under every day is the cause of it.
I worked in tech support for 7 years, and one thing that will never cease to astonish me is how tech illiterate people are. Do you have any idea how many people called me and demanded that I make modifications to their account and refused to tell me any verifying information? While some might have been malicious actors , most aren't. Most of them were genuinely expecting me to do everything for them and they wouldn't even tell me what their name is. They fully expected that somehow we would already know they are just from them calling...
Some of them called me on a number not recognized by the system but they fully expected me to pull up their account (fucking how?) Without any information at all.
When you have worked in this field long enough you will know why there is so little effective opposition to all this shit. It is not just because they dont give a damn if we are literally in a 1984 scenario with active cameras and microphones in people's homes, but they just dont understand what that really means. Even younger people who grew up with these devices from early childhood don't fully understand just how much they are being observed. If anything Gen Z and Gen Alpha are more fucked since they are the first generation of people whom the algorithms and data brokers have had some profile on since early childhood.
As an elder millennial who grew up in a techie family with computers from childhood. I am fortunate in that they have nothing on me from early childhood to teen years. By the time I hit 20 the internet was still too chaotic and underdeveloped and algorithms weren't the norm yet (and I was never a Google guy to begin with). But people born within the last 10 years can't have that privilege.
Why does everyone in the US card everyone over something ostensibly about age?
It's never been about age.
I've seen a seventy year old man with a foot long white beard get carded and refused, while he was stone cold sober.
Do you think he can't handle his liquor? He's seventy. He knows what it does.
There's a lot of bars/restaurants that do.
I have literally been refused service because the only ID I had is a passport, and those barcodes wouldn't scan into their system.
It's Papers, please, and it's fucking bullshit
the easiest thing would be making the internet as a whole 18+.
under 18 would be restricted to a firewalled version and age info would be part of the cellphone or internet plan. on a family plan..? under 18s get a firewalled plan. home internet? have a family and home internet? owner of the service gets a pin to disable the firewall. when everyone in the house hold is over 18, the service is unlocked.
the truth is that none of this is actually about porn or kids, its about the new world lifestyle of surveillance state getting a foot in the door. thats why all this bullshit aligns with other aspect of modern political and business tech agendas
We are blinded by the fact that the teens are involved in this too, and they deserve equality as well. The internet is made to build bridges - get rid of boundaries - not set false narratives and infantilise those that are really impacted in this situation and have full awareness of the status quo.
This is a foot in the door technique that uses our deceived emotional manipulation, where our age discrimination is the secret ingredient in this fascist circus.
Clearly, no-one involved in making these laws has ever heard of OAuth. Not every single site needs to manage your identity / credentials. The government already has this info, they can be the identity provider and use OAuth to grant access to age-gated resources without giving any personal data to the platform. Someone mentioned id.me, and I'm pretty sure that's how that platform works, though they're a private entity if I understand their site correctly.
I know most politicians are comically tech-illiterate, but it's so frustrating to see them constantly implement terrible solutions to already solved problems without asking a single expert who knows how this shit works.
That being said, California passed a bill with a not perfect, but better approach. User age is configured on the OS level when a user account is set up, and then it will tell platforms what age category the user belongs to, and nothing more:
(a) An operating system provider shall do all of the following:(1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user:
(A) Under 13 years of age.
(B) At least 13 years of age and under 16 years of age.
(C) At least 16 years of age and under 18 years of age.
(D) At least 18 years of age.
(3) Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.
I think iOS already does this, actually.
The CA bill is also dystopian nightmare fuel... The US isn't going to build an enormous firewall like other countries have, we are just going to pass a bunch of stupid laws and threaten companies to block our citizens from access instead. Put the burden of building the wall on someone else, the modern American Way™!
An entire generation of fuck-wad parents that just gave their kid a tablet and zero supervision instead of actually raising them are now using their failings as an excuse to control the population; control their devices, control their habits, control their knowledge, and control their thoughts.
The bill I mentioned actually relies on parents configuring their kid's devices. The system it describes just gives online (and even offline) platforms a standardized way of asking the OS what age category a user is as defined at account setup--hardly "dystopian nightmare fuel"...
This isn't going to stop unsupervised children, which is it's own problem that technology doesn't (and probably can't) solve.
It requires every Operating System and "App Store" to know the user's age. It requires every piece of software installed to receive the age-range token. It could be catastrophically bad for the open source community - the bill does nothing to define how these tokens are communicated and received. The largest players in the industry can use their market share to exert control over how it happens and bully anyone that doesn't get on board. For example, Google could tie it to the Play Integrity/Services and effectively kill 3rd party roms and possibly even open source app stores like fdroid, or all side-loading entirely if it was tied into the Play Store enough.
The bill isn't specifically a privacy dystopian nightmare, but it is still a dystopian nightmare. We need the government and mega-corps to have less influence and control over our devices, this gives them more.
Greedy companies do shit like that regardless of any laws. I don’t think this law makes it any more likely.
FOSS developers could create an ethical solution while still remaining legally compliant. The language is generic enough to allow for different implementations.
By creating a plaintext dotfile in $HOME, I'd reckon. Minimum effort, gets the job done. Users can lie when setting up the account so protecting the file against tampering is pointless.
But more likely, not a single distro will implement anything by default because it doesn't make sense to change your internationally-distributed OS because one state in one country passed a stupid law.
I'm 1000% against this age verification bullshit, not only because of the privacy and data reasons, but also because getting carded in a bar or at a store is also bullshit.
It Is Papers, please.
It's Never a question of if you're old enough, it's a question of "Do I think you're human enough?"
And more often than is reasonable, the answer is no, they don't think you're a person, who should be able to spend their money as they like.
And on the flip side, occasional SEO fuckups cause random terms to show porn image results
For example, I was searching for millimetre wave cell towers on duckduckgo a while back, I typed "MM wave cell tower" and saw a whole bunch of massive tiddies on the standard filtering setting. They fixed this a week after me discovering it however, so if you were hoping to see tits from searching telco infrastructure, I suppose you're outa luck.
Then you can't offend god by watching it and masturbating, like we intended!
-The Puritans pushing this legislation.
FOLLOW THE 💰:
EXON
RINAT AKHMETSHIN
ALEX VAN DER ZWAAN
KONSTANTIN KILIMNIK
CHUCK SCHUMER
JAMES COMEY
ROTHSCHILD
TRUMP
JARED KUSHNER
GARY COHN
STEVE MNUCHIN
SAM NUNBERG
NELSON BUNKER HUNT
LAMAR HUNT
MICHAEL FLYNN
DAN SCAVINO
ERIK PRINCE
WILBUR ROSS
STEFAN HALPER
GEORGE SOROS
JOHN DURHAM
DANIEL MURPHY
PETER STRZOK
LISA PAGE
BRUCE OHR
NELLIE OHR
CHRISTOPHER STEELE
CHRISTOPHER WRAY
JEFF SESSIONS
JOHN PODESTA
MUELLER
CHRIS WRAY
HUNTER BIDEN
SETH RICH
BILL BARR
KAMALA HARRIS
ADAM SCHIFF
TULSI GABBARD
AOC
CLINTON
OBAMA
ZIONISM
MICROSOFT
CLOUDFLARE
GREAT RIFT VALLEY
NETANYAHU
KISSINGER
Bet
GANDALF THE GREY
GANDALF THE WHITE
MONTY PYTHON AND THE HOLY GRAILS BLACK KNIGHT
BENITO MUSSOLINI
& THE BLUE MEANNIE
COWBOY CURTIS
JAMBI THE GENIE
ROBOCOP
TERMINATOR
CAPTIAN KIRK
DARTH VADER
LO PANTS
SUPERMAN
EVERY SINGLE POWER RANGER
BILL S. PRESTON
THEODORE LOGAN
SPOCK
THE ROCK
DOC OCK
HULK HOGAN.
all came out of nowhere lightning fast and kicked Chuck Norris in his cowboy ass?
Now I have to listen to it again and have it stuck in my brain
Oh I see, a bunch of stupid-ass unsubstantiated bullshit.
I'm sure it's secretly the Clintons and Obamas behind this, that makes sense. You are massively fucking stupid person.
Exactly, all the talk about save the children, anti terrorism protection and other authoritarian bullshit is just an attempt to deceive and manipulate the masses.
Police state is what they resort to because these fascist fucks are fuelled by their narcissistic and machiavellianistic desires - the last thing they want is for someone to discover their true tyranny.
It is disappointing to see fascists are slowly succeeding by utilising their manipulative tactics.
I'm just over here in "hellscape" California enjoying the freedom to not have to do this, and I can walk down the street to the weed shop, and my girlfriend still has basic human rights over her own body.
Do any other states, like Texas, need some of our freedom? We've got some to spare.
Just to be clear, because I had to look into it a bit, California's law won't require photos/IDs.
"Operating system providers need not collect additional information like photos of government IDs to verify the user’s age. Based on this age information, operating system providers must send digital signals via real-time API (age signals) to developers upon request, transmitting the user’s age range bracket – under 13, at least 13 and under 16, at least 16 and under 18, or at least 18. When a user downloads and launches a developer’s application, the developer must request an age signal from the relevant operating system provider or the application store from which the user downloaded the application."
So I'm assuming those companies backed it because they want more analytics about the age ranges of the people who use their products.
Just posting on social media using your face to speak against the state in México gives you the privilege of being doxxed on national TV by the president, I can't imagine what they would do with something like this
Keep the downvotes coming, I live here and you don't have any idea if you really believe Morena is left leaning in any way or form
With the rising popularity of VPNs due to increasingly more countries becoming more authoritarian, I wouldn't be supposed there will be some anti-vpn directives put in place.
In addition to that, increasingly more selections within vpn profiles will be just as restrictive as the fascist internet at home.
VPNs are a great way to circumvent this police state but it ultimately doesn't stop fascists and their motives.
Oooooh! Shit. Yeah. Wow. It makes total sense now and that fucking sucks.
I hope some day these fascists get branded as the terrorists they are. And I’m so fucking sorry that they’re doing this to people.
You clearly haven't thought of the children.
Nah it's just a precursor to having all your online activity tied directly to your identity. That's the purpose. I'm sure plenty of misguided elders in government think it's about saving kids from porn though.
It's a coalition of groups with different purposes
One group wants to ban porn entirely
One group want to collect data on everyone. Your porn habits can be valuable if you're a future political rival
Some people believe it will prevent children from seeing porn
Others use it as a way to assert control over sex workers, especially female sex workers
Probably a few other smaller groups too. End of the day, none of them have your interests at heart
Some just want money.
I think this article: theverge.com/2018/2/23/1704397…
Is about pornhub’s parent company trying to lobby in favor of this because it thought it could make money by selling age verification. I read an article saying something to that effect quite some time ago, and I think this is the article, but can’t be sure because it’s requiring a login and the archive site isn’t loading for me at the moment.
Why the world’s biggest porn company is backing the UK’s new age law
The adult industry is worried about MindGeek’s role in the UK’s new age-verification system.Lux Alptraum (The Verge)
I just remembered that I'm the guy everyone in my family goes to when they need someone to scan their ID or passport for whatever stupid bullshit.
Guess it's time to sign all my conservative family members up to gay porn websites!
This may be the real reason r's are losing all of the elections, lol. They are entirely red states.
This is going to expand. The next wave is going to be keeping kids off of social media. That means they will have to be age-verified, which they can't do, because they're kids, and don't have ID. Instead, everyone else will have to be age-verified in order to use the Internet.
Here in Florida, I've already heard one state lawmaker scoffing at any objections, saying it's the same way we keep kids from buying alcohol - by checking EVERYONE'S ID. Now they're going to do it for the Internet. Every movement and post you make on the Internet will be directly tied to your verified identity. That should be perfectly fine, as long as you aren't doing or saying anything wrong, right?
Hear me out!
What if parents did their fucking job as they should instead of demanding the state to do it for them, only for it to get hijacked by both
- christofascists wanting to make it illegal to not live a "christian life",
- and corporations wanting to ensure competition will need to pay a shitton of money on age verification AI?
I'm prepared for my downvotes.
I have often joked that in the not-too-distant-future people will look back upon the early days of the internet like we look upon the 1950s view of smoking.
What do you mean kids shouldn't do it? It's fine. You know how it is, watch a kids cartoon, look at some memes, two girls 1 cup, email the fam, those two Mexican dudes who had their heads cut off with a chainsaw, research Ghana for a school project, sneak in some porn after the parents go to bed, and cap it off with some chat room conversations about Picard's superiority to Kirk while some kid across the country goes on about shooting his brains out because mom and dad either don't love him enough or love him too much. Maybe download some credit card spoofers and Diablo hacks for online play if you aren't quite ready for bed.
The early internet, and even the internet now, is a fucking wild concept. Take everything that people think, not just what we know, but what we fucking think about while we are taking a shit, and make it available for anyone look at without guidance or context. We can even watch police shootings in real time and pretend to be detectives during terrorist events, consequences to real people be damned.
Should parents know better? Sure. Is the internet an effective babysitter while they grind out a living? You bet.
If we restrict this dumpster fire behind age-verification and eliminate anonymity through tagged identification, the effect on privacy and anonymous online activism will be severe. However, CinnamonRingCumGlaze86 will be significantly less able to use their 6th grade reading level to convince people that modern medicine is bad because Pre-Historical Witches didn't have AIDS bro. #flatearth #zoroastrianismwasasteptoofar #onceagaintherealproblemiscapitalismandwearelookingatthewrongthingbecauseofmanufactured-outrageandobfuscationcreatedbytheoligarchy #worldofwarcraftclassic
CinnamonRingCumGlaze86 will be significantly less able to use their 6th grade reading level to convince people that modern medicine is bad because Pre-Historical Witches didn’t have AIDS bro.
You don't need accounts tied to ID to ban such content.
Not hard to imagine, people already have to manicure their facebook and other social media accounts because employers look at them. Just because you don't want something attached to your name, doesn't mean it's stupid or bad. There are consequences for unapproved behavior and opinions, even if they're not wrong or harmful.
If you think anonymity is stupid, feel free to set your display name to your real name right here on lemmy.
I know that anonymity is the way it is and don't think that me changing my display does anything about one way or the other. I definitely shit post, because I can. There is literally no consequence. If I somehow hit the right combination of words and someone commits suicide, I would never know. If I share something that someone looks views at their workplace and then gets fired, I would never know. The entire thing is just people collectively shrugging responsibility for their behavior and that has a net negative effect on society.
I'm not going to change my name over to my real name, although that is generic enough that would not be identifying, but I am going to point out that people do shitty things with anonymity and that the world would be better off without it.
Iran: Leaked wedding video lays bare luxurious lives of the country’s political elite and highlights hypocrisy of Islamic Republic -- [Opinion]
A short video of a private wedding went viral in Iran recently, tearing away the country’s veil of piety and exposing hypocrisy and a seeming disregard for the rules by which the theocratic regime requires that most Iranians live their lives.
The wedding in question was that of Fatemeh Shamkhani, in mid-2024. She is the daughter of Ali Shamkhani, a close adviser to Iran’s supreme leader, Ali Khamenei, at the luxurious Espinas Palace Hotel in Tehran.
She wore a low-cut strapless dress with a western-style bridal veil rather than the full head-covering mandated for Iranian women. Many wedding guests also wore modern western styles and a lot of the women went without head coverings.
The video displayed images that were starkly dissonant, revealing the significant class and moral divides within the Iranian Republic and contradicting Iran’s values of revolutionary simplicity and Islamic modesty.
[...]
That it was Shamkhani’s family wedding made matters worse. A former commander of the regime’s Revolutionary Guards, he is a key power broker in Iran, who has the ear of Khamenei himself. He was also involved in the savage crackdown on the public protests in Iran in recent years, in defence of the same security and morality laws his family was seen so lavishly violating at the wedding celebration.
[...]
The emerging ruling elites maintain their wealth through oil revenue, state contracts and shadow economic activities – that enable them to evade sanctions (the Shamkhani family was identified and sanctioned earlier this year by the US treasury as controlling a vast shipping empire involved in transporting oil from Iran and Russia in breach of US sanctions). .
[...]
Since the 1979 Revolution, Iran has maintained its legitimacy through its mission to reshape public conduct by enforcing rules such as hijab requirements and sex segregation. The state maintains complete authority to regulate female bodies.
So the Shamkhani wedding, with its ostentatious luxury, its low-cut gowns and lack of head coverings felt to many Iranians as showing complete disregard for laws that the regime’s “morality police” uses to enforce strict rules on ordinary women. The rules exist to control, but they do not apply to those at the top of the tree.
This incident is significant in the context of the “woman, life, freedom” protests of recent years. These were sparked in 2022 by the death in custody of Mahsa Amini, a young Kurdish woman who had been arrested for not wearing her hijab properly. Since then, many Iranians, particularly young people, have openly defied the hijab law.
[...]
Leaked wedding video lays bare luxurious lives of Iran’s political elite and highlights hypocrisy of Islamic Republic
A wedding video which has gone viral in Iran has highlighted the country’s inequality and exposed hypocrisy at the core of the ruling regime.The Conversation
Iran's government is historically weak. It's allies and proxies have been routed in the region while American and Israeli jets bomb their country with impunity. The place is vulnerable to revolution and it would be nice to see feminists overthrow the Ayatollah.
However, it's hard to get optimistic about revolution in the Middle East. After all, it was a revolution that created the Iranian theocracy to begin with. I'm also worried that a fallen Iran would mean an Israeli regional hegimon.
I'm more surprised that people are surprised by this. Being nobility class is this: you're free to make whatever rules you want for your subordinates, and you're free to disregard any of them. You're not bound by any sense of morality (whatever it might be); that's for lower men.
What were they expecting? Obviously these people won't comply with anything that's imposed on the masses, especially in a society where the norms are so restrictive.
And I further suspect that the more totalitarian a country is, the more its elite will deliberately choose to go against their own rules, as this is the greatest proof of their powerful social status.
Does Wilhoit's law apply to Islamic Theocracy?
Frank Wilhoit said, "Conservatism consists of exactly one proposition, to wit: There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect.
Wow that’s horrible: Iran has oligarchs, too. We should freedom-bomb the fuck out of Iran and replace them with our own compador oligarchs and give the oil back to British Petroleum.
It’s nice to see that you don’t focus exclusively on China and Russia, @Hotznplotzn@lemmy.sdf.org. You’re an equal opportunity concern troll for US empire.
Citations Needed: Episode 08: The Human Rights Concern Troll Industrial Complex
We discuss the cynical use of "human rights" to advance US interests with guest Glenn Greenwald. The conceit that the U.S.citationsneeded.libsyn.com
Ukraine war: Russia hands 11-year sentence to 57-year old Ukrainian midwife in occupied Ukrainian territory for having 'pro-Ukrainian views’ and supposed spying
cross-posted from: mander.xyz/post/42893848
Web archive linkThe Russian occupation ‘Zaporizhzhia regional court’ has sentenced Larysa Malovychko, a 57-year-old midwife from Enerhodar, to 11 years for ‘pro-Ukrainian views’ and supposed spying. According to Enerhodar Mayor Dmytro Orlov, Larysa Malovychko was abducted back in September 2023 and held prisoner for some time both in Russia and in occupied Crimea.
Russia has imposed a near total information blockade on most occupied territory, with next to nothing more known about Malovychko, or her so-called ‘trial’. The verdict was reported on the so-called ‘court’ Telegram channel on 20 November 2025, with nothing to indicate how many (if any) hearings there were, before the predetermined guilty verdict and 11-year sentence.
...
‘Spying’ or ‘treason’ charges have become extremely common since Russia first launched its full-scale invasion of Ukraine. Such ‘trials’ are held behind closed doors, with convictions and long sentences guaranteed. Both men and women are targeted, and there are also no bars as far as age is concerned. Very young people have been seized and, later, sentenced to long terms of imprisonment for donations to Ukraine’s Armed Forces, for example, when they were underage, while equally horrific sentences have been passed against Ukrainians in their 70s. This is all of particular concern given the very real danger of being subjected to torture in Russian captivity.
...
In June 2025, 74-year-old Oleksandr Markov from Enerhodar died in Russian captivity. He had been abducted on 8 May 2024, with his family knowing nothing about his whereabouts until March 2025. It was only then that they learned that a fake occupation ‘court’ had sentenced the 74-year-old to 14 years in a maximum-security [‘harsh-regime’] prison colony on ‘treason’ charges.
Dmytro Orlov reported then that at least 26 other residents of Enerhodar were illegally held in Russian captivity, including seven women. 13 of them are employees of the neighbouring Zaporizhzhia Nuclear Power Plant, with Russia having begun abducting and torturing employees soon after it seized control of the plant in early March 2022. It is quite possible that the real figure is much higher.
...
57-year-old midwife sentenced to 11 years in ongoing Russian terror against residents of occupied Enerhodar
Larysa Malovychko has already been in Russian captivity for over two years, with it likely that she was seized because of her pro-Ukrainian positionHuman Rights in Ukraine
China cracks down on calls for accountability over deadly Hong Kong blaze
cross-posted from: mander.xyz/post/42893098
Chinese authorities have arrested several activists and issued a stern warning to “anti-China and pro-chaos elements” amid criticism of the government’s response to Hong Kong’s deadliest fire in a generation....
[Among ohers] authorities arrested Miles Kwan, a 24-year-old student at the Chinese University of Hong Kong, after he created an online petition calling for greater transparency and accountability from the government, multiple reports said.
The petition included four demands, including the establishment of an independent commission of inquiry to probe the circumstances of the fire, including whether potential conflicts of interest may have contributed to the disaster.
Before it was removed from the internet on Saturday, the petition had garnered more than 10,000 supporters.
...
China’s national security office in Hong Kong appeared to condemn the petition before its removal, accusing activists of using “the banner of ‘petitioning the people’ to incite confrontation and tear society apart.”
Hong Kong’s Office for Safeguarding National Security also accused figures with “sinister intentions” of exploiting the fire to return the city to the “black-clad violence” that erupted during mass antigovernment protests in 2019.
On Monday, a commentary in the Beijing-backed Wen Wei Po newspaper called on the public to be vigilant against “anti-government elements” with “malicious intentions”.
“They have even gone so far as to ‘act as representatives’ to establish a so-called ‘concern group,’ put forward so-called ‘four demands,’ distribute leaflets, and launch a petition, all in an attempt to incite public unrest,” the commentary said.
...
China cracks down on calls for accountability over deadly Hong Kong blaze
Hong Kong’s national security police arrest three, as Beijing issues warning to ‘anti-China and pro-chaos elements’.John Power (Al Jazeera)
Japan and China trade accusations after coast guard incident in disputed waters
Japan's coast guard said two Chinese coast guard patrol ships entered Japan's territorial waters around the Senkaku Islands in the East China Sea in the early hours of Tuesday, and left a few hours later.The Japanese-administered Senkaku Islands, known as the Diaoyu in China, have been a regular flashpoint between the two nations over the decades.
ABC News
ABC News provides the latest news and headlines in Australia and around the world.ABC News (Australian Broadcasting Corporation)
China draws in Europe’s businesses despite alarm over competition
cross-posted from: lemmy.zip/post/54194025
archive.is/1hnqw
“Today, it’s not competitive any more to bring [products] into China when there’s local competition,” said Conrad Keijzer, chief executive of Swiss chemical maker Clariant.The company is spending SFr180mn ($226mn) expanding its plant in China’s Daya Bay petrochemical hub, where last year Germany’s BASF and Shell also announced big investments.
German auto supplier ZF Friedrichshafen, for example, recently announced job cuts of 7,600 in Europe by 2030, less than a year after announcing its latest expansion in Shenyang, north-eastern China. Automotive parts maker Schaeffler, which told state media in China it planned to double its business in the country in six to seven years, has announced the closure of some of its European operations and gross job cuts of 4,700.
French engineering group Schneider, Danish power-train maker Danfoss and wind turbine maker Vestas and pharmaceutical companies including Swiss drugmaker Roche and AstraZeneca have all also recently announced China expansions or factory upgrades.
More than 1,300 dead from floods in Indonesia, Sri Lanka and Thailand as rescue efforts intensify
cross-posted from: lemmy.zip/post/54194958
The flooding and landslides killed at least 1,338 people: 744 in Indonesia, 410 in Sri Lanka, 181 in Thailand and three in Malaysia
Ireland: 'Aggressive response' needed as cyber threats aligned to states like China and Russia pose “significant threat” to national security, cyber agency says
cross-posted from: mander.xyz/post/42887934
Web archive linkThe accelerating cyber threats facing Ireland demands “an aggressive response” by the State, according to the country’s cyber bosses.
The National Cyber Security Centre (NCSC) said criminal cyber gangs and hackers, aligned to states like China and Russia, pose a “significant threat” to Ireland’s national security.
This is because Ireland is a host to some of the world’s largest tech providers and cloud computing facilities as well as the worsening geopolitical situation and the threat posed to Europe resulting from Russia’s war of aggression in Ukraine.
The centre said it “regularly observes state-aligned threat actors carrying out scanning and other reconnaissance activities” targeting Irish government and State-owned networks.
...
Publishing its 2025 National Cyber Risk Assessment, the NCSC said Ireland was at risk from cyber attacks on “shared critical infrastructure”, such as gas and electricity pipelines connecting Ireland to the UK and France.
...
'Aggressive response' needed to tackle cyber threats facing Ireland
NCSC says criminal cyber gangs and hackers, aligned to states like China and Russia, pose a 'significant threat' to Ireland’s national securityCormac O’Keeffe, Security Correspondent (IrishExaminer.com)
like this
SuiXi3D likes this.
Son of drug kingpin ‘El Chapo’ pleads guilty in US drug trafficking case in a plea deal
One of the sons of notorious Mexican drug kingpin “El Chapo” pleaded guilty on Monday to U.S. drug trafficking charges, months after his brother entered a plea deal.
Known locally in Mexico as the “Chapitos” — or “little Chapos” — Joaquín Guzmán López and brother Ovidio Guzmán López are accused of running a faction of the Sinaloa cartel. Federal authorities in 2023 described the operation as a massive effort to send “staggering” quantities of fentanyl into the U.S.
Joaquín Guzmán López, 39, pleaded guilty to two counts of drug trafficking and continuing criminal enterprise after admitting his role in overseeing the transport of tens of thousands of kilograms (pounds) of drugs to the U.S., mostly through underground tunnels. With the plea deal, his attorney said, he is expected to avoid life in prison.
like this
Atelopus-zeteki e SuiXi3D like this.
So Trump will pardon them right?
They'll put millions into Trump crypto so Trump will parden them?
Or they'll squeal on other cartels and get pardoned. It's very transparent.
They should be hanged.
The tech world is sleeping on the most exciting Bluetooth feature in years
Can you hear me now?
The tech world is sleeping on the most exciting Bluetooth feature in years
Auracast lets many devices tune into one Bluetooth broadcast. It’s great for accessibility and noisy environments. Why don’t more companies talk about it?John Higgins (The Verge)
To grow, we must forget… but now AI remembers everything
With OpenAI’s memory upgrade, ChatGPT can recall everything you’ve ever shared with it, indefinitely. Similarly, Google has opened the context window with “Infini-attention,” letting large language models (LLMs) reference infinite inputs with zero memory loss. And in consumer-facing tools like ChatGPT or Gemini, this means persistent, personalized memory across conversations, unless you manually intervene.The sales pitch is seductively simple: less friction, more relevance. Conversations that feel like continuity: “Systems that get to know you over your life,” as Sam Altman writes on X. Technology, finally, that meets you where you are.
In the age of hyper-personalization — of the TikTok For You page, Spotify Wrapped, and Netflix Your Next Watch — a conversational AI product that remembers everything about you feels perfectly, perhaps dangerously, natural.
Forgetting, then, begins to look like a flaw. A failure to retain. A bug in the code. Especially in our own lives, we treat memory loss as a tragedy, clinging to photo albums and cloud backups to preserve what time tries to erase.
But what if human forgetting is not a bug, but a feature? And what happens when we build machines that don’t forget, but are now helping shape the human minds that do?
DOC • To grow, we must forget… but now AI remembers everything
AI’s infinite memory could endanger how we think, grow, and imagine. And we can do something about it.www.doc.cc
adhocfungus likes this.
Canada to sign up to flagship EU defense credit fund
like this
Th4tGuyII, frustrated_phagocytosis, dandi8 e mPony like this.
One fire, two systems: Hong Kong's grief meets Beijing's red lines
cross-posted from: lemmy.sdf.org/post/46579107
Archived[...]
It was [...] the speed at which the fire tore upward [in Hong Kong] that led a 24-year-old university student to launch a petition demanding an independent investigation.
He barely had time to gather signatures before police arrested him for "incitement".
The message was clear: Even grief had boundaries, and asking questions was now a political act.
From that moment, sorrow gave way to anger. And the city's fault lines — rights versus sovereignty, people versus power — snapped sharply back into focus.
[...]
The blaze [...] did more than destroy homes. It revived one of Hong Kong's most visceral fears; that lives can be reduced to collateral in a system that no longer listens.
What should have been a moment of collective mourning instead widened the fracture between Hongkongers demanding accountability and a government increasingly shaped by Beijing's doctrine that sovereignty sits above all else.
And this time, the anger was not directed at local officials alone — it was aimed squarely at Beijing.
For many residents, the horror of the fire lay not only in the ferocity of the flames but in the recognition that everything they had worked for — homes bought with decades of savings, belongings accumulated through sacrifice — could be erased in a night.
Hong Kong's housing crisis has long fed collective anxiety, but this disaster struck its deepest nerve. In a city where ordinary families already struggle with extremely unaffordable flats, even the illusion of safety can no longer be taken for granted.
The sense of betrayal deepened when Beijing issued a warning not to let "a disaster disrupt Hong Kong", reinforcing the belief that the state prioritised protecting its authority, not its people.
[...]
The unease grew when volunteers and NGOs who rushed to help the displaced were abruptly ordered to leave the site.
Many had been distributing food, locating documents, offering emotional support. Suddenly, they were told to withdraw on Sunday.
For many Hongkongers, the scene was familiar. A compassionate response — neighbours helping one another — had become politically sensitive.
Authorities appeared to fear that the disaster zone, with swelling crowds and rising frustration, might become a gathering point for something larger.
In a city still haunted by 2019, solidarity itself had become suspect.
Inside Wang Fuk Court [the place of the fire], residents were not surprised that the fire spread so fast. Some had long questioned whether the scaffolding nets used during a renovation met flame-retardant standards.
Others filed complaints as early as 2023, warning of fire risks.
A contractor even wrote to the Fire Services Department requesting clarity on safety requirements — letters that, residents say, went unanswered.
[...]
The arrest of the petition organiser — paired with the removal of volunteers — made something unavoidable: the space for Hongkongers to demand answers, or simply to show up for one another, has been quietly but steadily erased.
Under the national security regime, the line between civic action and political threat has blurred beyond recognition.
What used to be routine — filing complaints, demanding accountability, launching petitions, helping neighbours — now carries an implied risk.
Beijing's insistence that sovereignty cannot be challenged has reshaped even the vocabulary of disaster. A call for answers can be reframed as agitation. Grief can be interpreted as defiance. Volunteerism can be treated as "gathering".
[...]
For residents, the questions were immediate and practical. Why did the alarms fail? Why did the nets ignite so quickly? Why were earlier warnings ignored? Who will take responsibility?
For authorities, the questions were political. Could public anger spill into unrest? Could demands for accountability turn into mobilisation? Could crowds at the disaster site grow into something larger? Who must be monitored — not who must be heard?
This is why, for many, the fire now stands as a symbol of something larger — a reckoning not only with safety failures but with a governance model that asks citizens to trust a system that no longer feels accountable to them.
While officials have pledged support for displaced residents, the shift toward a political narrative has been unmistakable: The arrest [of the 24-year old petitioner], the "care teams", the warnings about "disruption".
[...]
In the days after the blaze, residents sifted through ash — passports, wedding photos, a child's cherished toy — fragments of lives interrupted.
But the emotional landscape of the city was shaped by a different kind of loss: The erosion of faith that the system exists to protect them, not to discipline them.
Beijing may want the flames in Tai Po to fade quickly. But what they revealed may not.
ABC News
ABC News provides the latest news and headlines in Australia and around the world.Bang Xiao (Australian Broadcasting Corporation)
When a video codec wins an Emmy | The Mozilla Blog
It’s not every day a video codec wins an Emmy. But yesterday, the Television Academy honored the AV1 specification with a Technology & Engineering Emmy Award, recognizing its impact on how the world delivers video content.
When a video codec wins an Emmy
The AV1 specification a Technology & Engineering Emmy Award for its impact on how the world delivers video content.Kristina Bravo (The Mozilla Blog)
Russia's Putin seeks to boost energy, defence exports with India visit
Ahead of the visit, Sberbank said it was interested in investing in Indian infrastructure projects making use of rupees, in which a big chunk of two-way trade is settled.India CEO Ivan Nosov said Sberbank was also extending rupee loans to Russian exporters and local units to boost Indian sales of Russian products.
India does not plan to freeze defence ties with Moscow anytime soon as it requires support for the many Russian systems it operates, Defence Secretary Rajesh Kumar Singh said last week.
Russian Sukhoi-30 jets make up the majority of India's 29 fighter squadrons and Moscow has also offered its most advanced fighter, the Su-57, which is likely to figure in this week's talks, said two Indian officials familiar with the matter.
India is likely to discuss buying more units of the S-400 air defence system, Singh said last week.
Starmer Says UK Will Adopt Pro-Business Approach With Beijing
cross-posted from: lemmy.zip/post/54187557
archive.is/KQCZE
The UK will adopt a more pro-business approach to China but not trade its national security for greater trade ties, Keir Starmer said as he sought to clarify his Labour administration’s approach to the Asian nation.
French unions take Israel to court for restricting media access to Gaza
cross-posted from: lemmy.zip/post/54187447
The National Union of Journalists (SNJ) and the International Federation of Journalists (IFJ) confirmed on Tuesday that they had lodged a complaint for “obstruction of the freedom to practise journalism” at a Paris court.
French unions take Israel to court for restricting media access to Gaza
Two major journalism organisations have filed a legal complaint in Paris accusing the Israeli authorities of blocking French reporters from covering the war in Gaza – a move that could test how France applies its own press-freedom protections in an i…RFI
Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption
Swiss data protection officers have warned public bodies not to use cloud services from industry hyperscalers Microsoft, Amazon, and Google, due to a lack of true end-to-end encryption.This comes as many SaaS vendors, especially those falling under the US Cloud Act, could be required to hand over data to US authorities, even if it’s stored in Switzerland.
like this
SuiXi3D, andyburke, IAmLamp, deliriousdreams e eierschaukeln like this.
What's happening in Switzerland?
Flipping and flopping for the past year. I welcome this latest news, and the similar news yesterday, hopefully it is infectious to the rest of Europe but it completely contradicts things that have been proposed for the last few months, then the sudden change. I wonder did Trump push too hard:
May 14 2025 - Proposed Swiss surveillance law ‘identical to Russia’
June 13 2025 - "A war against online anonymity" – why Switzerland wants to change its surveillance law and what's at stake
September 11 2025 - Swiss government looks to undercut privacy tech, stoking fears of mass surveillance
November 15 2025 - Switzerland plans surveillance worse than US
November 27 2025 - Switzerland: Data Protection Officers Recommend Broad Cloud Ban for Authorities
..
Switzerland: Data Protection Officers Impose Broad Cloud Ban for Authorities
According to the Data Protection Conference, federal offices may only use US hyperscalers like AWS, Google, or Microsoft to a limited extent.Stefan Krempl (heise online)
like this
MyTurtleSwimsUpsideDown likes this.
In fairness a government should be the only entity surveilling people in its own borders under most any circumstances.
I'm pretty opposed to most any kind of surveillance outside of warranted due process, and I don't think that any domestic surveillance needs privacy for longer than it takes to do an investigation and prosecution.
It's when governments are allowed to do things in secret and outside of the law that the whole concept of the law is undermined.
We have a lot of different political and government bodies. Like the "checks and balances" the US had.
So when you read "Switzerland wants to..." it could be:
* A survey of people living in Switzerland
* A initiative (an official political vote done by the swiss citicens)
* One big or multiple parties signing an agreement
* A group of cantons or communal legislative or executive politicians
* A group of semi-official people (like the conference of all the cantons data protection officers ("Kantonale Datenschützer", keine Ahnung wie all das Zeug auf Englisch heisst, Hilfe)
* Our parliament or a comitee in it
* Our other parliament or a comitee in it
* The federal court
* The federal chancelor
* The federal government
* And sometimes internetusers even mix some company into the bag, for example Proton.
I probably forgot a few and misspelt a lot but you get the idea.
And all of them are different elected or appointed persons, with their own opinions.
That is why everything is so fast at changing here 😆
(We discuss, we decide, we get blocked, we discuss, we change, we get blocked, rinse and repeat)
like this
onewithoutaname e MyTurtleSwimsUpsideDown like this.
That's not how the swiss government works.
Here the data protection officers are mostly independent of the rest of the government and are just doing their (somewhat hopeless) job.
Of course "warn[ing] public bodies" is about all they are can do.
It's almost like we're a multiparty democracy or something.
The press and others tend to report proposals by one part or another as though they have already been passed into law. I think it makes for better headlines.
And Andy Yen uses it for what agenda he has, like moving into cheaper German data centres or whatever.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
That's from Edward Snowden. Evidently no one is going to force you to jump through hoops to use encryption if you don't think you stand to benefit from it. That being said, the "nothing to hide" argument can be a bit of a slippery slope.
Also reminds me of someone I knew, who was doing pure maths research (so, read about as much as your fanfic) and was storing their papers on Dropbox. When informed that that was a private US entity, would enable other entities to access that data, they said "but I want people to read my paper". They are now furious about LLMs. Go figure.
Windscribe are a bit late to the game -https://x.com/windscribecom/status/1995619967996494334
They are twittering today quoting an article that was published 3+ months ago.
Proton is moving out of Switzerland because of their new surveillance laws. So much for Switzerland being some bastion of privacy huh? That makes Canada a better place for a VPN. Stop drinking the marketing koolaid.
Judging by the direction that Switzerland seems to be going, I am guessing (I could be wayyyy wrong) that Swiss privacy companies are going to be still effective for people outside of Switzerland, soon to be completely free from US big tech spying.
Canada are in the 5 eyes, whereas Switzerland aren't even mentioned in the 14 eyes.
As for Canada being a better place for the Privacy or a VPN, I think Windscribe need to stop drinking their own nonsense.
Damn. I remember seeing a Reddit AMA when I first came across Protonmail some 7-odd years ago with the Protonmail CEO saying something along the lines of "we don't plan on moving out of Switzerland because other country's intelligence agencies concern us more than the Swiss intelligence" and I thought that was a good take. Hell, I still do in lieu of everything going on.
I wonder what happens now that they will be "physically diversifying across Europe".
like this
eierschaukeln likes this.
Russia drew foreigners from 128 countries into its war in Ukraine using fraudulent recruitment centers, state channels through its diplomatic and cultural institutions
cross-posted from: mander.xyz/post/42880630
Web archive linkMoscow has increasingly turned to foreign nationals to fill its ranks as it struggles with heavy battlefield losses that Ukraine says have exceeded one million since the start of the full-scale invasion in 2022.
Ukraine’s Center for Countering Disinformation, a government agency that monitors and counters foreign propaganda, said ... that since the invasion began “Moscow has built a transnational system for recruiting foreigners using deceit and criminal schemes.”
“Russia has recruited foreigners from 128 countries of the world using fraudulent recruitment centers, private companies and state channels through its diplomatic and cultural institutions,” the center wrote on its Telegram channel.
“Hundreds and thousands of citizens of various countries were drawn into the aggression through deception, coercion or for money,” it added.
The center estimates that more than 18,000 individuals from 128 countries have joined Russian forces since 2022.
Dmitry Usov, who heads Ukraine’s Coordination Headquarters for the Treatment of Prisoners of War, told CNN that this figure does not include the separate contingent of around 12,000 North Korean troops deployed under a military cooperation agreement between Moscow and Pyongyang.
...
According to the report, Russia has brought in 2,715 Uzbek nationals, 1,599 Tajik citizens, 1,190 from Kazakhstan and 687 from Kyrgyzstan to help wage its war, now approaching its fourth winter.
...
The agency also lists 1,338 Belarusian citizens fighting for Russia. It added that around 3,300 of these foreign fighters have already been killed in combat.
...
Earlier, OpenMinds, a defense-tech company specializing in information warfare, said in a report that Moscow has expanded its online recruitment campaigns aimed at foreigners to shore up its manpower, with the number of contract military advertisements rising more than sevenfold since last summer.
It added that about half of the foreign-targeted posts were directed at Russian-speaking citizens of post-Soviet states. Many of these ads falsely promised financial benefits, social guarantees and assistance obtaining a Russian passport, the report said.
...
Over 200 Kenyans fighting for Russia in Ukraine, as per BBC.
...
Russia is turning to African women and conscripted North Koreans to tackle its defence worker shortage, experts say.
... The military industry [In Russia] is not recruiting Russia’s women to work in most roles ... the reluctance to recruit Russian women into jobs in the defence industry does not extend to women from other countries. Around 200 women, mainly from central and west Africa, have been hired to work in defence industry factories located in the Alabuga special economic zone in Tatarstan, a Russian republic located east of Moscow. Many of these factories build drones assembled from components imported from Iran – weapons that have been used extensively by Russia in its attacks on civilians in Ukraine.The African women employed to build drones in Tatarstan were recruited through a programme called Alabuga Start, which targets young female migrant workers ...
It is advertised extensively on social media, including through paid influencers on TikTok ...
The Alabuga Start website appears to offer an attractive package of work experience, on-the-job training, accommodation ... However, once they arrive, the young women can find themselves living very different lives to those they had anticipated. There are reports of working long hours and exposure to dangerous chemicals, with passports being withheld to prevent women from leaving. For instance, Kenya has launched an investigation into Alabuga Start, which may see the programme shut down in that country ...
Musalia Mudavadi says over 200 Kenyans fighting for Russia in Ukraine
Russian recruitment networks are targeting Kenyans with fake job offers, authorities say.Wycliffe Muia (BBC News)
Who is National Guard shooting suspect Rahmanullah Lakanwal?
According to the sources, family members told authorities that the PTSD stemmed from the fighting Lakanwal did in Afghanistan, where he fought in a CIA-sponsored-and-trained unit of the Afghan special forces known as a Zero Unit.
Suspect struggled to assimilate
Lakanwal appeared to have been unraveling for years, unable to hold a job and flipping between long, lightless stretches of isolation and taking sudden weekslong cross-country drives, emails obtained by The Associated Press indicate. His behavior deteriorated so sharply that a community advocate reached out to a refugee organization for help, fearing he was becoming suicidal.
‘He was clean on all checks’
Lakanwal began working with the CIA around 2011, a senior US official told CNN. At the time, the CIA would have vetted him through a variety of databases, including the National Counterterrorism Center’s, to see whether he had any known ties to terrorist groups, the official said.Lakanwal would have also been vetted after he applied for asylum in 2024. It was granted in April, during the Trump administration. Noem on Sunday told NBC, “The vetting process all happened under (former President) Joe Biden’s administration.”
The above quotes from the article were chosen by me to support this thesis:
The Trump administration is actively lying about this event to justify their illegal and reckless deployment of the national guard and to cover the fact that they have installed a military force to perform policing, ironically mirroring the tactical stance in Afghanistan that resulted in similar attacks.
https://www.cnn.com/2025/11/30/politics/dc-shooting-suspect-rahmanullah-lakanwal
like this
SuiXi3D likes this.
INVESTIGATION: Stanford Earth Sciences Chair Collaborates with China's Nuclear Program
INVESTIGATION: Stanford Earth Sciences Chair Collaborates with China's Nuclear Program
Wendy Mao, Stanford’s Earth Sciences Chair and Deputy Director of Stanford’s Institute for Materials and Energy Sciences at SLAC, has co-authored over 50 publications, trained five employees, and maintained a visiting scholar position at HPSTAR, an “…Garret Molloy (The Stanford Review)
Devastating toxic spill seen as test of whether African countries can stand up to China
Even before the dam collapsed, Lamec did not feel safe working at the copper mine.
"If our work protective gear gets damaged, it is not always replaced," he tells us. "We have to take a risk and use it again."
He is talking to the BBC in a car on a quiet backroad near a village in northern Zambia, too nervous to speak to us in public or to use his real name, for fear that speaking to the press might cost him his livelihood.
When he turned up for his shift one day in February, he tells us, he found that one of the dams at the Chinese-owned mine had been closed.
The tailings dam - used to store toxic by-products from the copper mining process, including heavy metals like arsenic, mercury and lead - had collapsed into a tributary connected to the Kafue, Zambia's longest river and a major drinking water source.
At least 50,000 tonnes of acidic debris spilled out into the surrounding waterways and farmland, according to the government. Some environmentalists, however, claim as much as 1.5 million tonnes was spilled, with one expert saying a full clean-up could take longer than a decade.
Devastating toxic spill seen as test of whether African countries can stand up to China
Chinese companies provide jobs and much needed revenue in Zambia, where the disaster took place.Mayeni Jones (BBC News)
like this
IAmLamp, NoneOfUrBusiness e aramis87 like this.
Suspected members of neo-Nazi terror group arrested in Spain
Police in Spain have arrested three people on suspicion of belonging to the Base, a global neo-Nazi terrorist group that incites and trains members in techniques to overthrow governments and bring about a race war.
The group, which has been designated a terrorist organisation by the EU, the UK, Canada, Australia and New Zealand, is part of a worldwide “accelerationist” white power movement that prepares its cells to carry out violent and destabilising attacks.
In a statement on Monday, Spain’s Policía Nacional said the three arrests, made in the eastern province of Castellón, had enabled them to dismantle the first accelerationist terrorist cell detected in the country.
Officers seized two firearms, replica guns, ammunition, knives and tactical military training gear, as well as accelerationist material and neo-Nazi paraphernalia.
Suspected members of neo-Nazi terror group arrested in Spain
Three people are accused of belonging to the Base, an ‘accelerationist’ white power organisation founded in the USSam Jones (The Guardian)
RRF Caserta. Cultura - Il Povero Piero di Achille Campanile
Child bride faces execution in Iran unless she pays £80,000 in ‘blood money’
Goli Kouhkan was a child bride at 12 and now faces execution.
More info here:
theguardian.com/global-develop…
If you want to contribute to saving Goli's life, you can do that here:
mycause.com.au/page/385632/urg…
Child bride faces execution in Iran unless she pays £80,000 in ‘blood money’
Goli Kouhkan, 25, on death row for seven years for killing her abusive husband, has until December to settle with the victim’s familySarah Johnson (The Guardian)
like this
aramis87 likes this.
The same goes for all other countries that use Sharia law or other laws based on superstition or tradition.
Doesn't change the fact that the society has laws build on ancient superstition without reason.
A society build on primitives rules that follow such rules is primitive per definition.
Because the practice of such primitive laws guide all activity in a society.
What about death penalty to the victim is not primitive and barbaric?
How is a society that execute primitive barbaric laws not primitive?
Is it because they can make nice cookies?
How does this complexity you mention change that it is a primitive society?
Is it because it is not PC to call a culture primitive? Because then I've got news for you, some cultures are very obviously more primitive than others.
Is it because it is not PC to call a culture primitive?
If you know its history and are absolutely sure that your evaluation is correct. But I have the feeling that you haven't checked Iranian history - because historians don't tend to put Iran in the same sentence with that.
So, I would add some notes. Islamic extremism has not been in power "for 1500 years" in Iran - it has been in power since 1979. Iran has political problems. And let me tell you, political problems can quickly bring down a society that might otherwise have its problems under control.
Did folks call Germany "primitive" when Hitler rose to power? Nope, they used other terms. Do we call Russia "primitive" because of Putin? Will we start calling the US "primitive" if Trump manages to become a dictator? Do we call China "primitive" because they have a one-party dictatorship? Nope, we don't.
They're advanced societies facing difficult problems of various sorts. They are also extremely unequal societies - some people in the capital have modern life, but some in the periphery don't even have jack s**t.
Iran could be spending its time selling satellite launches if it wanted, but has an Islamist theocracy in power. Any candidate can be disqualified in the elections if the grand ayatollah doesn't like them. Iran does various extremely shortsighted and I would really say... extremely stupid things. Like fighting proxy wars with Israel and then fighting real wars with Israel, depending on Russia for ammunition and then supplying Russia with ammunition against Ukraine...
...but "stupid" and "primitive" are not synonyms.
After islamic extremists came to power in the 1979 revolution, they broke down Iranian society in many directions. Executions were widespread, terror was used to subdue opposition, women's rights were trampled on, many things happened. Thing went wrong, got entrenched in the state of being wrong, and remain wrong to this day. 🙁
The regime before the islamists was the Shah (king). He had already been ousted and there had been parliamentary democracy in Iran, but the shah came back to power with UK and US support. He also terrorized the population through his secret police. The shah was hated and propped up by foreign powers - a ripe fruit for Islamists to pick and eat.
Before the shah, Iran had a problem with left-leaning populism and government-parliament relations, but I think this was their smallest problem. The last democratically elected PM (Mosadegh) was somewhat populist and wanted to nationalize the oil industries (wanted to hurt Western business interests), which would have been OK, but he also had problems with the Parliament, which was definitely not OK. With some Western assistance, he was couped out of power, which, in my books, spent Iran spiraling out of control.
That's a brief summary of what's been going on in the center of society, in the Persian speaking regions (I apologize for gross simplification, but I can't summarize Iranian history into a single post, they have so much of it and it's not simple - and not primitive).
In border regions, however, we observe different processes. Persians (Iran's majority population) have easier access to what little justice their system can ensure, while minorities (the Azeri, Kurds, Arabs and among smaller groups, the Baloch) are marginalized and cannot get just treatment.
Iran is a former empire and has a considerable number of people who've been conquered at some time. Some of them want independence (ask a Kurd in private and you'll hear). Society is neglecting them. If there was peace, and not islamic theocracy but democracy like in the 1950-ties, minority groups would likely have better living conditions. But as things are... sigh. Minority groups get the highest levels of poverty and oppression.
I never claimed Iran was a primitive society before 1979 under the Shah. My claim is that they are primitive NOW, in part because they use Sharia law. They did NOT use Sharia law under the Shah!
But yes I am also very well aware that the Shah was instated by what was practically a coup against a democratically elected government.
Germany was absolutely also primitive during WW2, because it devolved to violence and extermination of minorities.
Russia is a bit more complicated, but very definitely a society that has not evolved as well as it could have.
I don't really care that "they" used other terms, first it's a false equivalence, and why should I be bound by false standards?
“stupid” and “primitive” are not synonyms.
No they are not, why would you think I used it as such? Iranian society is both stupid and primitive, both mostly a result of social religious insanity.
After islamic extremists came to power in the 1979 revolution
I agree, Iran was a better society in some ways before the revolution, and if USA hadn't messed up their democracy, Iran would likely have been a way better society today.
they broke down Iranian society in many directions. Executions were widespread, terror was used to subdue opposition, women’s rights were trampled on,
You are basically making my point here. Mind you this was by the wishes of the population. Much to the frustration of Iranians that had to flee, that had hoped for a socialist revolution. I have actually known Iranian people here in Denmark, and they are very good people, BUT!!! They are not Muslims!!! Iran today is an Islamic country, and the population is overwhelmingly Muslim, and they overwhelmingly condoned what the new regime under the Ayatollah was doing. Including all of your above points.
Iran is a former empire
What they used to be half a century ago is irrelevant to what they have become today, also being an empire does not exclude being primitive. Russia today is an empire, and they are primitive compared to what they could have been, without a super corrupt dictator that has undermined Russian society for 30 years.
Now go back to your hole.
Iran is a primitive society based on superstition and where 1500 year old barbaric laws
Let me choose the most modern laws where you get death sentence by a white cop because you are black. Or the laws that looks at a genocide and then decide to send more weapon to the one who is committing the genocide killing at least 70k people mostly women and children that you pretend to care about.
You can disagree with laws, but claiming they are "primitive" and "barbaric laws" is a stupid, racist, and ignorant statement.
USA is absolutely an extremely violent and racist country, and both those aspects are obviously primitive. How else would you judge that?
USA also isn't governed by "modern" laws, if you want to see modern laws in practice look at the Scandinavian countries.
Notice that I also write that other countries with Sharia law are primitive, the same goes for laws based on other religions like Christianity, and obviously the same also goes for practices based on racism.
USA is widely considered primitive in many ways in Europe.
You can disagree with laws, but claiming they are “primitive” and “barbaric laws” is a stupid, racist, and ignorant statement.
You are so so wrong, for instance the death penalty is for sure a primitive law that modern political and humanist sciences have clearly abolished because it's immoral, and is against human rights, and for those reasons also illegal in EU.
USA is also in many ways a primitive society, not entirely unlike Iran. Extreme regulation against abortion that can cause the death of pregnant women, a dysfunctional democracy, extreme violence, harassment of minorities and homeless, and a shorter life expectancy than other western democracies, even democracies that are less than half as wealthy as USA. USA also has the bigger portion of its population in prison by far compared to any other country in the world.
All signs of a society that is morally and mentally is caught in the past, and has refrained from introducing improvements that are common in other countries that USA used to be ahead of.
for the killing of her abusive husband
A pretty big part to miss
I'm not saying that makes the situation just, just that it comes a long way in explaining the why
Yeah, great. Then include that
It seems like a pretty reasonable interpretation to me (but also uncertain from the information in the article), just an unreasonable omission of detail from the source
This is pretty much a duplicate reply so I'm just going to paste my response there:
It could be that but "(oh) yeah" and "yeah (and)" can both be shortened and used to disagree with someone. It read as defensive but honestly that's basically what I did and really, the post is highlighting a shitty part of the world we all want to be better so I probably didn't need my reply.
On the day her husband was killed, Kouhkan found him beating her son, then aged five. She called a cousin for help. When he arrived a fight broke out which resulted in the death of her husband.
Man slaughter at worst. No jury in a civilized country would condemn but Based on all the example court cases in the article this country hates women and is just looking for any excuse to murder them even if you didn't do it.
you got me real curious and I found this.
Looks like former UK colonies use it but others not so much
About the donation drive: it seems legit and I encourage people to help her.
I checked the background of the Qasim Child Foundation and they're a registered charity in Australia since 2020. Here's one of their letters from 2022 to the Australian parliament, asking Australia to use its influence on Iran. The director of the foundation, Mehdi Ghatei, is a real person living in Australia and originating from Iran.
What I think about the case: if a person has been "married off" as a child, not because of her wishes, indeed against her informed consent, has tried returning to her parents only to be sent away to an abusive husband, and has subsequently got into a fight with her husband after he harmed her and their child - a court should not convict of murder, but at most "provoked homicide" (if self defense is ruled out).
Extracting confessions without a lawyer present, getting signatures from a person who cannot read (what society fails to teach reading and writing?) - all of this is complete bollocks too, of course. But in the state of Iran, so many things are systematically borked that one loses count. 🙁
P.S.
Blood money might be a matter of negotiation. The family of her husband might even reconsider if offered a tangible large sum short of their demands instead of mere blood, which benefits nobody.
No problem, it was easy. 😀
P.S.
I notice that some people (perhaps special rapporteur Mai Sato) have explained her situation to the office of the UN high commissioner for human rights, and the UN has published a call for Iran to intervene in her case.
Iran must halt execution of Goli Kouhkan domestic violence survivor: UN experts
I hope the word of the OHCHR suffices - that Iranian officials take note and prevent her execution.
If I were an Iranian official, no matter how conservative or stuck in old ways, I would remember what happened after Mahsa Amini / Jina Amini was killed, and would carefully steer away from repeating any similar chain of events.
Follow-up: thanks to everyone who did something. Today, I received an update from the Qasim Child Foundation (run by Mehdi Ghatei).
He informed that via several donation campaigns, both outside of Iran and inside, the sum of blood money to the family of Goli Kouhkan's husband has been raised - and during negotiations, they have agreed to drop their demand somewhat and grant forgiveness.
Mehdi mentioned that the goal had been reached without using the donations he gathered, and offered to refund my donation. Since my donation was small, I asked him to use it to help other people in unjust situations.
I hope Goli Kouhkan recovers from the traumatizing situations she has gone through, and manages to re-establish her life.
Decreasing Certificate Lifetimes to 45 Days
This change is being made along with the rest of the industry, as required by the CA/Browser Forum Baseline Requirements, which set the technical requirements that we must follow. All publicly-trusted Certificate Authorities like Let’s Encrypt will be making similar changes. Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient.
like this
fistac0rpse, wagesj45 e eierschaukeln like this.
So what's the floor here realistically, are they going to lower it to 30 days, then 14, then 2, then 1? Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
It is ignoring the elephant in the room -- the central root CA system. What if that is ever compromised?
Certificate pinning was a good idea IMO, giving end-users control over trust without these top-down mandated cert update schedules. Don't get me wrong, LetsEncrypt has done and is doing a great service within the current infrastructure we have, but ...
I kind of wish we could just partition the entire internet into the current "commercial public internet" and a new (old, redux) "hobbyist private internet" where we didn't have to assume every single god-damned connection was a hostile entity. I miss the comraderie, the shared vibe, the trust. Yeah I'm old.
Seeing as most root CA are stored offline compromising a server turned off is not really possible.
I'm more annoyed that I have 10 year old gear that doesn't have automation for this.
Signing (intermediate) certs have been compromised before. That means a bad actor can issue fake certs that are validated up to your root ca certs
While you can invalidate that signing cert, without useful and ubiquitous revocation lists, there’s nothing you can do to propagate that.
A compromised signing certs, effectively means invalidating the ca cert, to limit the damage
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
Automate your certificate renewals. You should be automating updates for security anyway.
like this
DaGeek247 likes this.
This is one of the reasons they're reducing the validity - to try and convince people to automate the renewal process.
That and there's issues with the current revocation process (for incorrectly issued certificates, or certificates where the private key was leaked or stored insecurely), and the most effective way to reduce the risk is to reduce how long any one certificate can be valid for.
A leaked key is far less useful if it's only valid or 47 days from issuance, compared to three years. (note that the max duration was reduced from 3 years to 398 days earlier this year).
From digicert.com/blog/tls-certific…
In the ballot, Apple makes many arguments in favor of the moves, one of which is most worth calling out. They state that the CA/B Forum has been telling the world for years, by steadily shortening maximum lifetimes, that automation is essentially mandatory for effective certificate lifecycle management.The ballot argues that shorter lifetimes are necessary for many reasons, the most prominent being this: The information in certificates is becoming steadily less trustworthy over time, a problem that can only be mitigated by frequently revalidating the information.
The ballot also argues that the revocation system using CRLs and OCSP is unreliable. Indeed, browsers often ignore these features. The ballot has a long section on the failings of the certificate revocation system. Shorter lifetimes mitigate the effects of using potentially revoked certificates. In 2023, CA/B Forum took this philosophy to another level by approving short-lived certificates, which expire within 7 days, and which do not require CRL or OCSP support.
like this
DaGeek247 likes this.
note that the max duration was reduced from 3 years to 398 days earlier this year)
2020 really has been the longest year of my life
Reducing SSL/TLS Certificate Lifespan to 398 Days | Qualys Notifications
Update October 13, 2020: Starting with SSL Labs version 2.1.8, a ‘T’ grade is applied to servers with certificates valid more than 398 days and issued on or…Tamthing Shimray (Qualys, Inc.)
like this
DaGeek247 likes this.
But can you imagine the load on their servers should it come to this? And god forbid it goes down for a few hours and every person in the world is facing SSL errors because Let’s Encrypt can’t create new ones.
This continued shortening of lifespans on these certs is untenable at best. Personally I have never run into a situation where a cert was stolen or compromised but obviously that doesn’t mean it doesn’t happen. I also feel like this is meant to automate all cert production which is nice if you can. Right now, at my job, all cert creation requires manually generating a CSR, submit it to a website, wait for manager approval, and then wait for creation. Then go download the cert and install it manually.
If I have to do this everyday for all my certs I’m not going to be happy. Yes this should be automated and central IT is supposed to be working on it but I’m not holding my breath.
The entire renewal process is fairly cheap, resource wise. 7 day certificates are already a thing.
In terms of bandwidth you could easily renew a billion certificates a day over a gigabit connection, and in terms of performance I recon even without specialized hardware a single system could keep up with that, though that also depends on the signature algorithms employed in the future of course.
The dependence on these servers is the far bigger problem I'd say.
This shortening of lifetimes is a slow change, so I hope there will be solutions before it becomes an issue. Like keeping multiple copies of certificates alive with different providers, so the one in use can silently fall through when one provider stops working. Currently there are too few providers for my taste, that would have to improve for such a system to be viable.
Maybe one day you'll select a bundle of 5 certificate services with similar policies for creating your certificate the way you currently select a single one in certbot or acme.sh
The current automation guidelines and defaults renew certs 30 days from expiry. So even today certs aren’t around for more than 60 days, it’s just that they’re valid for 90.
Additionally you can fairly easily monitor certs to get an alert if you drop below the 30 day threshold and automatic cert renewal hasn’t taken place.
I use Grafana self hosted for this with their synthetic monitoring free tier but it would be relatively trivial to roll your own Prometheus-exporter to do the same.
That's a lot easier said that done for hobbyists that need a certificate for their home server. I will give you a real world example. I run Ubuntu Linux (but without snaps) on my main desktop machine, however like the person you replied to I am old and I don't have a good memory so when I do use Linux I try to take the easiest approach possible. But I also have a server running on a Raspberry Pi, and another family member (that has a Mac) that I exchange XMPP-based instant messages with. The server runs Prosody, and on my Ubuntu box I run Gajim (the one from the apt repository which is version 1.8.4, I have no idea why they won't put a newer version in the repo). The other family member uses some MacOS-based XMPP client. The problem is that if there is not a valid certificate on the server, Gajim refuses to send or receive anything other than plain-text messages. It won't sent or receive files or pictures, etc. unless the certificate is valid.
However the Raspberry Pi does other things as well (it would be silly to dedicate a Pi to just running Prosody) and one of those other things puts a pseudo-web server of sorts on port 80, which is only accessible from the local network. So I can't use Certbot because it insists on being able to connect to a web server. Even if I had a general web server on the Pi, which I don't have and don't want, it would be restricted for local access only. Also, I'm not paying for a DNS address for my own home server. What I found I could do is get a DuckDNS address (they are free) and use that to get a LE certificate. But the procedure is very manual and kind of convoluted, you have to ssh into the server using two separate sessions and enter some information in each one, because of the absolutely asinine way LE's renewal process works if you don't have a web server. I hate doing it every 90 days and if I have to do it every 45 days I'll probably just give up on sending and receiving files.
I should also mention that it took me hours to figure out the procedure i am using now, and it seems so stupid because I have that server locked down with two firewalls (one on the router and then iptables on the server) I don't even want a certificate but the designers of Gajim in their infinite wisdom(?) decided not to give users the option to in effect say "I trust this server, just ignore an expired or missing certificate." And the designers of LE never seemed to consider that some people might need a certificate that are not running a web server (and don't want to run one) and provide some automatic mechanism for renewing in that situation. And just because someone uses Linux does not mean we are all programmers or expert script writers. I can follow "cookbook" type instructions (that is the ONLY way I got Prosody set up) but I can't write a script or program to automate this process (again, I'm OLD).
I know somebody's going to be tempted to say I should use some other software (other that Prosody or Gajim). I tried other IM clients and Gajim is the only one that works the way I expect it to. As for Prosody, I have from time to time tried setting up other XMPP servers that people have suggested and could never get any of them to work. As I said, had I not found "cookbook" type instructions for setting up Prosody I would probably not be running that either, it was a PITA to get working but not that it IS working I don't want to go through that again. And Prosody isn't the problem, it works perfectly fine without a valid certificate, but pretty much every Linux IM client I have tried either loses functionality or won't work at all if the server doesn't have a valid certificate. And no I don't run or use Docker, nor do I have any desire to (especially on a Raspberry Pi).
EDIT: After giving this some thought I decided look further into this, and discovered that while Certbot can't handle this, it's possible that a script called acme.sh can. See github.com/acmesh-official/acm… (also github.com/acmesh-official/acm… - may need to scroll up just a bit, the pertinent item is "8. Automatic DNS API integration"). I haven't tried it yet (just manually renewed yesterday) but it looks promising if I can figure it out. Thought I'd post the links for anyone else that might be in the same situation.
GitHub - acmesh-official/acme.sh: A pure Unix shell script ACME client for SSL / TLS certificate automation
A pure Unix shell script ACME client for SSL / TLS certificate automation - acmesh-official/acme.shGitHub
That's a lot easier said that done for hobbyists that need a certificate for their home server.
I'd you're going to self host you need to learn. I have no time for kids who just want "Google but free" and don't want to spend any time learning what it takes to make that happen.
You don't need to if you're just using things locally.
But also - domains are cheap.
So what's the floor here realistically, are they going to lower it to 30 days, then 14, then 2, then 1?
LE is beta-testing a 7-day validity, IIRC.
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
No, those are expected or even required to be automated.
like this
DaGeek247 likes this.
7-day validity is great because they're exempt from OCSP and CRL. Let's Encrypt is actually trying 6-day validity, not 7: letsencrypt.org/2025/01/16/6-d…
Another feature Let's Encrypt is adding along with this is IP certificates, where you can add an IP address as an alternate name for a certificate.
Announcing Six Day and IP Address Certificate Options in 2025
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”).letsencrypt.org
like this
DaGeek247 likes this.
The current plan is for the floor to be 47 days. digicert.com/blog/tls-certific… and this is not until 2029 in order to give people sufficient time to adjust. Of course, individual certificate authorities can choose to have lower validity periods than 47 days if they want to.
Essentially, the goal is for everyone to automatically renew the certificates once per month, but include some buffer time in case of issues.
The best approach for securing our CA system is the "certificate transparency log". All issued certificates must be stored in separate, public location. Browsers do not accept certificates that are not there.
This makes it impossible for malicious actors to silently create certificates. They would leave traces.
The only disadvantage I see is that all my personal subdomains (e.g. immich.name.com and jellyfin) are forever stored in a public location. I wouldn't call it a privacy nightmare, yet it isn't optimal.
There are two workarounds:
- do not use public certificates
- use wildcard certificates only
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
There are some nameserver providers that have an API.
When you register a domain, you can choose which nameserver you like. There are nameservers that work with certbot, choose one that does.
like this
DaGeek247 likes this.
Doesn't caddy support that (name cheap txt mod) via a plug-in?
I haven't tried it yet, but the plugin made it sound possible. I'm planning to automate on next expiration... When I get to it ;)
I did already compile caddy with the plugin, just haven't generated my name cheap token and tested.
I definitely know that feeling.
Now that I'm at a keyboard, here's the (Caddy) plugin I was referring to : github.com/caddy-dns/namecheap
GitHub - caddy-dns/namecheap
Contribute to caddy-dns/namecheap development by creating an account on GitHub.GitHub
Isn't this just CRL in reverse? And CRL sucks or we wouldn't be having this discussion. Part of the point of cryptographically signing a cert is so you don't have to do this if you trust the issuer.
Cryptography already makes it infeasible for a malicious actor to create a fake cert. The much more common attack vector is having a legitimate cert's private key compromised.
No, these are completely separate issues.
- CRL: protect against certificates that have their private key compromised
- CT: protect against incompetent or malicious Certificate Authorities.
This is just one example why we have certificate transparency. Revocation wouldn't be useful if it isn't even known which certificates need revocation.
The National Informatics Centre (NIC) of India, a subordinate CA of the Indian Controller of Certifying Authorities (India CCA), issues rogue certificates for Google and Yahoo domains. NIC claims that their issuance process was compromised and that only four certificates were misissued. However, Google is aware of misissued certificates not reported by NIC, so it can only be assumed that the scope of the breach is unknown.
Maintaining digital certificate security
Posted by Adam Langley, Security Engineer On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google ...Google Online Security Blog
Partition the internet... Like during the Morris worm of '88, where they had to pull off regional networks to prevent the machines from being reinfected?
The good old days were, maybe, not that good. 😀
I would assume total anarchy (especially in the stock trade lol)
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
Certbot's default timer checks twice a day if it's old enough to be be due for a renewal... So a change from 90 to 1 day will in practice make no difference already...
where we didn't have to assume every single god-damned connection was a hostile entity
But you always did, it was always being abused, regularly. That's WHY we now use secure connections.
I think I'm just not picking up whether you're actually trying to pitch a technical solution, or just wishing for a perfect world without crime.
Is this the same trust that would infect a box in under a minute if not behind a router?
The same trust of needing to scan anything you downloaded for script kiddie grade backdoors?
Zero click ActiveX / js exploits?
Man I'm probably the same age and those are some intense rose colored glasses 😅
Ah yeah, those were interesting times. (Although there were some historically interesting viruses back in the day for those floppies too)
Fond memories though. Learning basic on a cartridge... Using literal cassettes for storage. That horrifying sound of a 5" floppy drive struggling to read that file you really needed. Good times.
Generally speaking that was probably what most of us would identify as pre internet times - but usenet / BBS / and early internet and prior definitely was more bright eyed and optimistic. Probably because it was more about learning and tech and less about monotizing every square inch of your existence 😂
Announcing Six Day and IP Address Certificate Options in 2025
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”).letsencrypt.org
Yes, this requirement comes from the CA/Browser Forum, which is a group consisting of all the major certificate authorities (like DigiCert, Comodo/Sectigo, Let's Encrypt, GlobalSign, etc) plus all the major browser vendors (Mozilla, Google, and Apple). Changes go through a voting process.
Google originally proposed 90 day validity, but Apple later proposed 47 days and they agreed to move forward with that proposal.
like this
fistac0rpse, IAmLamp e DaGeek247 like this.
Don't worry they'll reduce the cost of certificates proportionally to the longevity of the certificate.
Right?
Anybody?
<< Cricket noises >>
Edit: obviously not LE, but other certificate vendors.
Lol, never had to buy a cert huh?
You're still buying a year or more at a time, no matter the lifetime of the cert itself. Even if the cert lifetime was a week, you're still buying the same product, no matter how many times you rotate it.
Personally? No I've never bought a cert before. Given there's free alternatives and it's a homelab it doesn't make sense. Otherwise I've used them on AWS, where ACM also just provides them for free.
What you're saying is that certificate providers will still charge you and provide certificates for a year, but just provide you with N certificates to span that year?
E.g. if the duration is 45 days then they will give you 365/45 certificates ?
like this
DaGeek247 likes this.
. if the duration is 45 days then they will give you 365/45 certificates ?
Minimum. We get through digicert at work, and we abuse the hell out of our wildcard and reissue it tons of times a year. You're buying a service for the year, not an individual cert.
like this
DaGeek247 likes this.
It's being deiven by the browsers. Shorter certs mean less time for a compromised certificate to be causing trouble.
cabforum.org/working-groups/se…
Latest Baseline Requirements
Version: 2.1.9Date: 10-November-20251. INTRODUCTION 1.1 Overview This document describes an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements that are necessary (but not sufficient) for the …CA/Browser Forum
most trouble is probably caused in the first few days. Doesn't matter if it's 45 or 90 days, it would have to be a few hours to be meaningfully short. Given that automating things like this is annoying sometimes, you'll be sure people will max out the 45 days…
I'm pretty sure it's the SSL seller lobby just wanting more money, tbh. Selling snake oil security.
I'm pretty sure it's the SSL seller lobby just wanting more money, tbh. Selling snake oil security.
And selling “certificate automation” tools.
Given that automating things like this is annoying sometimes, you'll be sure people will max out the 45 days…
I know from professional experience that this is a stupid as fuck idea that leads to outages. One of the many reasons I'm working to automate those annoying ones.
Also, don't let perfect be the enemy of better.
I'm not a capitalist, I don't care about outages. I can live with Facebook being down for a few days, or my bank not accepting transfers for a day or so. Then again, I grew up with the internet in the 90s and prioritise good software and tools over availability, I guess?
Obviously at my job I have to do what my employer thinks. But if nobody cared I'd definitely do our Gitlab upgrades once a week once they're out and not in some weird "maintenance window" mandated by SLAs and stakeholders.
Reducing the valid time will not solve the underlying problems they are trying to fix.
We're just gonna see more and more mass outages over time especially if this reduces to an uncomfortably short duration. Imagine what might happen if a mass crowdflare/microsoft/amazon/google outage that goes on perhaps a week or two? what if the CAs we use go down longer than the expiration period?
Sure, the current goal is to move everybody over to ACME but now that's yet another piece of software that has to be monitored, may have flaws or exploits, may not always run as expected... and has dozens of variations with dependencies and libraries that will have various levels of security of their own and potentially more vulnerabilities.
I don't have the solution, I just don't see this as fixing anything. What's the replacement?
like this
fistac0rpse, IAmLamp e DaGeek247 like this.
like this
DaGeek247 likes this.
Well it should be as short as possible while still being practical. LE doesn't have infinite server compute, renewal also takes some amount of time, plus if they make the validity too short people might stop using them (pretty evident judging from sentiment here) and move to other CAs and make what they do pointless.
45 days are still plenty of time yet people are already complaining. Does make me worry.
And you still can't self certify.
It's cute the big players are so concerned with my little security of my little home server.
Or is there a bigger plan behind all this? Like pay more often, lock in to government controlled certs (already done I guess because they control DNS and you must have a "real" website name to get a free cert)?
I feel it's 50% security 50% bullshit.
Edit: thank you all I will dive down the CA certification rabbit hole now! Have worked in C++ & X509 on the client side so maybe I'll be able to figure it out.
like this
fistac0rpse, IAmLamp e DaGeek247 like this.
like this
DaGeek247 likes this.
That's a fair point. However, on the practical side, it's sad that I would have to root my gf's phone to let her access the services we host.
I ended up using a DynDNS and Caddy for managing my cert.
But you have to manually accept this dangerous cert in the browser right?
Very interesting actually, do you have any experience about it or other pointers? I might just set one up myself for my tenfingers sharing protocol...
No, because it's no longer dangerous if it's trusted.
You give your friends your public root and if applicable, intermediary certs. They install them and they now trust any certs issued by your CA.
Source: I regularly build and deploy CA's in corps
like this
DaGeek247 likes this.
Thank you!
Is there some simple soft that let you make those certs, like with a root cert and then "derived" certs? On linux 😀 ?
I guess people have to re-trust every now and then because certs get old, or do they trust the (public partof the) root cert and the daughter certs derived from root are churned out regularly for the sites?
Openssl can do everything.
That's right, but instead of the word derived we use "issued"
Correct certs get old by design, they can also be revoked. As another commenter mentioned the biggest pain is actually in the redistribution of these end certificates. In enterprise this is all managed usually with the same software they use for deployment or have auto enrollment configured.
You should find tons of guides just take it slow to understand it all. Understanding certificates in depth is a rare and good skill to have. Most sysadmins I come across are scared to death of certificates.
I was forced to learn some of it at work (using and signing medical payment transactions, with x509 certificates) so I have ar least a starting point. I have no idea how the revoke process works though, I can't figure out a way that it functions without a central authority getting queried regularly. I thonk I can start without that knowledge though.
Anyway, with your information I'm up and running, thank you again!
"Derived certificates" not child certs, noted !
Yes you can but the practicality of doing so is very limiting. Hell I ran my own CA for my own internal use and even I found it annoying.
The entire CA ecosystem is terrible and only exists to ensure connections are encrypted at this point. There's no validation or any sort of authority to say one site is better than another.
like this
DaGeek247 likes this.
And you still ~~can't~~ can self certify.
Skill issue, you've always been able to self certify. You just have to know where to drop the self signed cert or the parent/root cert you use to sign stuff.
If you're running windows, it's trivial to make a self signed cert trusted. There's an entire certificate store you can access that makes it easy enough you can double click it and install it and be on your way. Haven't had a reason to figure it out on Linux, but I expect it won't be super difficult.
I already did but my browser choked on it.
So yes I should probably set up the whole CA thing.
It's the "change your password often odyssey" 2.0. If it is safe, it is safe, it doesn't become unsafe after an arbitrary period of time (if the admin takes care and revokes compromised certs). If it is unsafe by design, the design flaw should be fixed, no?
Or am I missing the point?
The point is, if the certificate gets stolen, there's no GOOD mechanism for marking it bad.
If your password gets stolen, only two entities need to be told it's invalid. You and the website the password is for.
If an SSL certificate is stolen, everyone who would potentially use the website need to know, and they need to know before they try to contact the website. SSL certificate revocation is a very difficult communication problem, and it's mostly ignored by browsers because of the major performance issues it brings having to double check SSL certs with a third party.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
The point is, if the certificate gets stolen, there's no GOOD mechanism for marking it bad.
That’s what OCSP is for. Only Google isn’t playing along as per that wiki entry.
I mean, are you intending to retroactively add SSL to every tool implementing SSL in the past few decades?…
Browsers aren’t the only thing that ingress SSL.
Short lifespans are also great when domains change their owner. With a 3 year lifespan, the old owner could possibly still read traffic for a few more years.
When the lifespan ist just 30-90 days, that risk is significatly reduced.
like this
DaGeek247 likes this.
Moot point!
You could still get certificates for other people's domains from Honest Ahmed 's used cars and totally trustworthy CA or so. But that's another story. (there are A LOT of trusted CAs in everybody OS and browser. Do you know and trust them all?)
The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.
And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.
Sure, there is a history of CAs issuing certificates to people that shouldn't have them (e.g. for espionage), but that is almost impossible now.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
Personally, yes. Everything is behind NPM and SSL cert management is handled by certbot.
Professionally? LOL NO. Shit is manual and usually regulated to overnight staff. Been working on getting to the point it is automated though, but too many bespoke apps for anyone to have cared enough to automate the process before me.
like this
DaGeek247 likes this.
Why can't you just have a long lived internally signed cert on your archaic apps and LE at the edge on a modern proxy? It's easy enough to have the proxy trust the internal cert and connect to your backend service that shouldn't know the difference if there's a proxy or not.
Or is your problem client side?
One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won't need to deal with it much longer though.
I just heard back from my other team that "this project sounds great for your team" even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!
Can't imagine how annoying it would be to interface with every equipment so there are no https errors...
Reducing the validity timespan will not solve the problem, it only reduces the risk. And how big is that risk really? I'm an amateur and would love to see some real malicious case descriptions that would have been avoided had the certificate been revoked earlier...
Anybody have some pointers?
No, but I have a link showing how ISPs and CAs colluded to do a MITM notes.valdikss.org.ru/jabber.r…
Shorter cert lifespan would not prevent this.
It really just helps in cases where you get hacked, but the hacker doesn't have continued access. Say someone physically penetrates into your building, grabs the key through an unlocked station, and leaves.
That being said, like you mentioned, if someone is going through this effort, 45 days vs 90 days likely won't matter. They'll probably have the data they need after a week anyways.
Encryption key theft really requires a secondary attack afterwards to get the encrypted data by getting into the middle and either decrypting or redirecting traffic. It's very much a state level/high-corporate attack, not some random group trying to make a few bucks.
Terminology: revoked means the issuer of the certificate has decided that the certificate should not be trusted anymore even though it is still valid.
If a attacker gets access to a certificates key, they can impersonate the server until the validity period of the cert runs out or it is revoked by the CA. However ... revocation doesn't work. The revocation lists arent checked by most clients so a stolen cert will be accepted potentially for a very long time.
The second argument for shorter certs is adoption of new technology so certs with bad cryptographic algorithms are circled out quicker.
And third argument is: if the validity is so short you don't want to change the certs manually and automate the process, you can never forget and let your certs expire.
We will probably get to a point of single day certs or even one cert per connection eventually and every step will be saver than before (until we get to single use certs which will probably fuck over privacy)
The five-assed monkey of cert lifetimes.
As useless measures go this will certainly be one; especially while CRLs are a thing.
Yeah, I think Letsencrypt (and others) are one of the best things to happen for the internet.
You used to have to cough up a good chunk of monies for a certificate.
Now it's easily accessible and you (i) never have to think about it after the first setup because a robot automatically renews expiring certificates for me.
Generally this is one of the best improvements: a more secure web that is easier to achieve.
Make no mistake: this is an improvement.
There are substantial unsolvable issues with long lived certificates, and automatic deployment of very short lived certificates is the way to solve them.
Plan for certificate validity of six days in a few years.
Just saying:
There are alternatives for LE,not for all things, but for a lot.
Afaik not all of them do follow suit.
While I agree for my personal use, it's not so easy in an enterprise environment. I'm currently working to get services migrated OFF my servers that utilize public certificates to avoid the headache of manual intervention every 45 days.
While this is possible for servers and services I manage, it's not so easy for other software stacks we have in our environment. Thankfully I don't manage them, but I'm sure I'll be pulled into them at some point or another to help figure out the best path forward.
The easy path is obviously a load balanced front-end to load the certificate, but many of these services are specialized and have very elaborate ways to bind certificates to services outside of IIS or Apache, which would need to trust the newly issued load balancer CA certificate every 47 days.
Yeah, this has become an issue for us at work as well.
Currently we are doing a POC for an in-house developed solution where a azure function app handles the renewal of certificates for any domain we have, both wildcard and named, and place the certificates in a key vault where services that need them can get access.
Looks to be working, so the main issue now is finding a non-US certificate provider that supports acme. EU has some but even more local there aren't many options.
I'm using automated renewals.
But, that just means there's a new cert file on disk. Now I have to convince a half a dozen different apps to properly reload that changed cert. That means fighting with Systemd. So Systemd has won the first few skirmishes, and I haven't had the time or energy to counterattack. Now instead of having to manually poke at it 4x per year, it's going to be closer to once a month. Ugh.
Technically my renews aren't automated. I have a nightly cronjob that should renew certificates and restart services, but when the certificates need renewal, it always fails because it wants to open a port I'm already using in order to answer the challenge.
I hear there's an apache module / configuration I can use, but I never got around to setting it up. So, when the cron job fails, I get an email and go run a script that stops apache, renews certs, and restarts services (including apache). I will be a bit annoying to have to do that more often, but maybe it'll help motivate me to configure apache (or whatever) correctly.
Debian Stable
Challenge Types
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard.letsencrypt.org
While I do have some control over my DNS and can create arbitrary TXT entries, I can't to that in an automated way easily. I'm using Gandi.net to host my DNS rather than running my own DNS sever(s).
EDIT: Gandi is listed community.letsencrypt.org/t/dn… so maybe I can automate a DNS-01 challenge without too much issue, I just have to switch away from certbot to one of the other tools.
DNS providers who easily integrate with Let's Encrypt DNS validation
In the spirit of Web Hosting who support Let's Encrypt and CDN Providers who support Let's Encrypt, I wanted to compile a list of DNS providers that feature a workflow (e.g.Let's Encrypt Community Support
It does have access to the HTTP root directories. But, it still can't open port 80/443 when apache already has that port open.
EDIT: I guess my certbot renew just needs to be reconfigured to use a --webroot, so it doesn't try to listen on it's own.
I've got it setup automated on all my external domains, but trying to automate it on my internal-only domain is rather tedious since not only do I NOT want to open a port for it to confirm, but I have 2 other devices/services on the network not behind my primary reverse proxy that share the same cert.
What In need to do is setup my own custom cron that hits the hosting provider to update the DNS txt entries. Then I need to have it write and restart the services that use the cert. I've tried to automate this once before and it did not go so smoothly so I've been hesitant on wasting time to try it again... But maybe it's time to.
What would be ideal is if I could allow it to be automated just by getting a one time dns approval and storing a local private/public key to prove to them that I'm the owner of the domain or something. Not aware of this being possible though.
Ours is automated, but we incur downtime on the renewal because our org forbids plain http so we have to do TLS-ALPN-01. It is a short downtime. I wish let's encrypt would just allow http challenges over https while skipping the cert validation. It's nuts that we have to meaningfully reply over 80...
Though I also think it's nuts that we aren't allowed to even send a redirect over 80...
The same screwed up IT that doesn't let us do HTTP-01 challenges also doesn't let us do DNS except through some bs webform, and TXT records are not even vaguely in their world.
It sucks when you are stuck with a dumber broad IT organization...
our org forbids plain http
is redirecting http to https also out of the question? because let's encrypt HTTP-01 accepts http -> https redirects:
Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates.
Forgive my ignorance but why would that incur a downtime?
The only way I can think of for downtime to happen if you switched certs before the new one was signed (in which case ..don't) or am I missing something?
It also strikes me as weird that LE requires 80 but does allow insecure 443 after a redirect. Why not just do/allow insecure 443 in the first place?
the TLS-ALPN-01 challenge requires a https server that implements generating a self-signed certificate on demand in response to a specific request. So we have to shut down our usual traffic forwarder and let an ACME implementation control the port for a minute or so. It's not a long downtime, but irritatingly awkward to do and can disrupt some traffic on our site that has clients from every timezone so there's no universal '3 in the morning' time, and even then our service is used as part of other clients '3 in the morning' maintenance windows... Folks can generally take a blip in the provider but don't like that we generate a blip in those logs if they connect at just the wrong minute in a month...
As to why not support going straight to 443, don't know why not. I know they did TLS-ALPN-01 to keep it purely as TLS extensions to stay out of the URL space of services which had value to some that liked being able to fully handle it in TLS termination which frequently is nothing but a reverse proxy and so in principle has no business messing with payload like HTTP-01 requires. However for nginx at least this is awkward as nginx doesn't support it.
Thanks for the explanation!
Though it ought to be possible to only respond with the new self-signed cert when LE does the challenge and with the previous, properly signed cert otherwise.
I found codeberg.org/neilpang/acme.sh/… which demonstrates one method to achieve that but I lack practical experience judge whether that's optimal.
YES! Keep cutting it down!
Revocation is a lost cause and if you don’t automate you deserve what you get.
I agree, but it's impossible to convince my less tech savy roommates and friends to let me install a root certificate. "That sounds like i could read all their private messages", lol. Just let me have my certificate for https in my local net. I don't need to be "even more" secure. I get that that's necessary for public services, but surely not for local selfhosting. I don't even have a port open other than wireguard. And i would not even care "if a roommate hacks/gets access to a guests voice commands for home assistant." (Not complaining at you but at this trend. I do think my use case is valid)
You are gonna laugh if i tell you how i partly automated this workaround. A script changes the (dyn) dns entries of all subdomains to point to my public server in a datacenter. There, it ssh's in and requests the certificates with certbot. Then, it restores the dns entries and downloads and installs the certificates in the local net. Still requires manual supervision and sometimes intervention. My domains do not support automated dnssec. I don't have time to secure my local net enough to feel good about opening ports. If all certificate lifetimes get shorter, i'll either have to switch my domain provider or give up selfhosting for other people.
I've had dns-01 validation running for a while now. It's not difficult, just a paradigm shift. I spent a minute just now looking for a concise how-to for you and didn't find one, so I suppose I'll have to write it.
I'll bookmark this comment so I can find you once I've done that.
Allowing a certificate without proper validation for local only networks is a terrible, terrible idea. I could super easily use this as a loophole to set up a honeypot public free wi-fi, redirect all traffic through a reverse proxy and man-in-the-middle every single HTTPS connection, effectively allowing me to harvest everyone's passwords in a really quick and easy way.
Just use DNS verification. It's not that hard.
Like what?
SSL is so simple and automatic with certbot.
Then there's CORS if you really need to load resources from other sites, but you won't need that for small sites.
Making the backend is easier than ever. It's much harder to make security mistakes nowadays.
And if you don't know what you're doing, just ask an LLM if you made any fuckups..
themachine
in reply to sCrUM_MASTER • • •sCrUM_MASTER
in reply to themachine • • •poVoq
in reply to sCrUM_MASTER • • •Movim – Responsive web-based cross-platform XMPP client
movim.euScrubbles
in reply to sCrUM_MASTER • • •Tolookah
in reply to Scrubbles • • •lps2
in reply to sCrUM_MASTER • • •dominiquec
in reply to sCrUM_MASTER • • •like this
joshg253 likes this.
ikidd
in reply to sCrUM_MASTER • • •I use Matrix with the Jitsi plugin. I know everyone talks shit about Matrix, it's been flawless for me.
IDK about watching videos, that's a lot to ask of a screensharing app.
like this
joshg253 likes this.
Natanox
in reply to ikidd • • •What kind of deal-with-the-devil black magic fuckery have you done to be able to write that? I'm happy if Matrix actually sends damn pictures and gave up completely on verifying my sessions.
ArchEngel
in reply to Natanox • • •disobey2623
in reply to Natanox • • •artyom
in reply to Natanox • • •northernlights
in reply to Natanox • • •communism
in reply to Natanox • • •Andres
in reply to communism • • •I'd argue the client itself has a fair bit of jank, though. Like, the background bubble color around text is too dark, it makes it look really ugly and dated. Pinned messages in a channel, when displayed at the top, literally overwrite each other. You'll just have garbled/overlapping text.
Neochat looks much better out of the box (but neochat is also buggy w/ e2ee, dropping encryption keys randomly).
communism
in reply to Andres • • •Scrubbles
in reply to ikidd • • •poVoq
in reply to Scrubbles • • •Scrubbles
in reply to poVoq • • •WhyJiffie
in reply to Scrubbles • • •Blisterexe
in reply to Scrubbles • • •rainbowbunny
in reply to ikidd • • •ikidd
in reply to rainbowbunny • • •the_q
in reply to sCrUM_MASTER • • •like this
joshg253 likes this.
Die4Ever
in reply to the_q • • •like this
joshg253, Badabinski e DaGeek247 like this.
Barbecue Cowboy
in reply to Die4Ever • • •I wonder how they got that name, maybe just me but it brings to mind a lot of things but none of them are a chat client.
I think it mostly reminds me of voat, anyone remember that horrible place?
corsicanguppy
in reply to Barbecue Cowboy • • •Mora
in reply to Barbecue Cowboy • • •sbird
in reply to Barbecue Cowboy • • •sbird
in reply to sbird • • •burntbacon
in reply to sbird • • •WhiteOakBayou
in reply to Barbecue Cowboy • • •Natanox
in reply to sCrUM_MASTER • • •Perhaps Spacebar is a thing (the client of choice would be Fermi I think). Didn't try it myself yet though, I do not know about how well its security protocol works. I'd assume it uses just a standard TURNS server for audio and video though.
Then of course there's Matrix with Jitsi plugin, which will give you persistent headaches and a new appreciation of touching grass. It's a mess, but hypothetically offers E2EE (if it works).
GitHub - spacebarchat/spacebarchat: 📬 Spacebar is a free open source selfhostable discord compatible communication platform
GitHublike this
joshg253 likes this.
kindred
in reply to Natanox • • •I was excited at first, because I thought I could still chat with friends who won't leave Discord.
Obama's Gaze
in reply to Natanox • • •kyonshi
in reply to sCrUM_MASTER • • •Mac
in reply to sCrUM_MASTER • • •fizzle
in reply to sCrUM_MASTER • • •I've been trying to get zulip working.
Sounds like it addresses your requirements.
Seems to be a real bitch to self host - I've been doing this a while but the compose yaml is pretty arcane with hundreds of environment variables.
I didn't "give up" exactly but it's been on the back burner for a month or so now.
Domi
in reply to sCrUM_MASTER • • •The Pi 5 lacks a H264 hardware encoder/decoder, making it unsuitable for most streaming/transcoding purposes.
Flamekebab
in reply to Domi • • •poVoq
in reply to Domi • • •Domi
in reply to poVoq • • •artyom
in reply to sCrUM_MASTER • • •...why not?
It has that. Have you tried their videoconferencing feature?
Other than that you can use one of a million Jitsi instances (Element has a publicly available one). Personally I use MiroTalk.
Improving Private Signal Calls: Call Links & More
Signal MessengerWhyJiffie
in reply to artyom • • •artyom
in reply to WhyJiffie • • •WhyJiffie
in reply to artyom • • •Drun
in reply to sCrUM_MASTER • • •I’m using TeamSpeak. It is very good and feature rich, but it’s important to note that video / screen sharing works only P2P in a moment, so no server processing. It’s probably ok if you don’t have more than 3 people in a party, but still worth noting.
I also tried Matrix + Element + Jitsi. Can’t recommend.
dingleberrylover
in reply to sCrUM_MASTER • • •There is also Peersuite which is a P2P solution and offers great audio and streaming quality. However, it is mainly a single developer behind it and it hasn't received an update in months. It still lacks some polish and features like a server instance and persistent chats and rooms.
For me, this is the most promising one I have come across in terms of a replacement for Discord.
GitHub - openconstruct/Peersuite: Peer to peer workspace
GitHubNebby
in reply to sCrUM_MASTER • • •Ooops
in reply to sCrUM_MASTER • • •motruck
in reply to Ooops • • •communism
in reply to sCrUM_MASTER • • •