Kalcifer

joined 1 year ago
[–] Kalcifer@lemm.ee 10 points 11 months ago

Maybe something like taskrabbit? Could pay them to pick it up, then send it through a courier.

[–] Kalcifer@lemm.ee 2 points 11 months ago

Thunder has an option to dim read posts.

[–] Kalcifer@lemm.ee 3 points 11 months ago

I recommend downloading it from f-droid if you want full functionality (like self-hosted sync) for free -- the one in the play store is monetized (however I do recommend donating to the dev if you don't want to pay the subscription fee).

[–] Kalcifer@lemm.ee 4 points 11 months ago (1 children)

Does your network not support UPnP? You shouldn't normally need to port forward in order to seed a torrent, unless your network prevents NAT traversal.

[–] Kalcifer@lemm.ee 3 points 11 months ago (1 children)

The 2022 remaster of Tomorrow Never Knows by The Beatles (spotify) has lots of sounds that pan left and right, but they may not be the kind of "rapid panning" that you are talking about.

[–] Kalcifer@lemm.ee 29 points 1 year ago* (last edited 1 year ago) (1 children)

That's because, currently, the community stats that you see in the sidebar are only from your instance -- community stats are currently not federated. Afaik, federated community stats are going to be implemented in 0.19.

 

More often than not, the best way to hide is to simply blend in with the crowds -- this also encompasses one's choice for a username. It is relatively simple to make a single throwaway account -- just come up with a username, and off you go -- however, if one makes throwaway accounts often, the task of thinking of a unique, and non-identifiable username can become a challenge. I would argue that poeple would often resort to using a pattern employing small changes for all subsequent usernames. Such patterns can be identified to a specific user if all users have their own unique patterns.

How can one reliably generate many unique-but-normal, and non-pattern-identifiable usernames?

[–] Kalcifer@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (2 children)

Hm, while that does seem to fit, it feels as if its intent doesn't necessarily align. To me, that is more of a description of it's purpose rather than what it does.

[–] Kalcifer@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (4 children)

I’d probably tighten the first one to “It is a thing that produces stuff.”

That omits descriptive information though. The example includes the fact that the thing "works" which is how it "produces stuff".

Maybe it’s a dialect thing?

It is certainly a grammatical issue.

 

For example:

It is a thing that works producing stuff.

This feels wrong to me, but I can't quite put my finger on what exactly is wrong about it. It seems like it's trying to be a participle phrase, but it's not necessarily modifying the current state of "it", and is, instead, describing what "it" is.

If it is, indeed, a participle phrase, then it should be able to be written as

Producing stuff, it is a thing that works.

But, to me, this doesn't seem correct either, so it leads me to believe that the very structure of the sentence is incorrect.

[–] Kalcifer@lemm.ee 2 points 1 year ago (1 children)

While it may be RISC-V, that doesn't exactly satisfy this post's inquiriy. A CPU that uses the RISC-V instruction set may still have malicious hardware contained within it -- think of the Intel managment Engine, for example.

[–] Kalcifer@lemm.ee 3 points 1 year ago* (last edited 1 year ago)

RISC-V is just an instruction set -- same idea as x86. While it is, of course, important to also have an open instuction set, that is somewhat separate from this post's intention. I am referring to the physical manufacture of semiconductors, RISC-V, or otherwise.

 

Currently, only one company in the world -- ASML -- has the technological capability necessary for the creation of photolithography machines which are sufficient for the production of modern semiconductor devices. What I'm wondering is at what point does semiconductor manufacturing become practical, or even feesible for small organizations, or independents? One must be able to surpass the cost of the machines, and the resources necessary to manufacture them. I presume that a company like ASML is also extremely picky -- willfully, or by regulation, or otherwise -- about who they lend their technology to.


I'm not sure if this is the right community for this sort of post. Please let me know if not, and if there is a more suitable place to put it.

 

I am referring to both the design, and the independent, and auditable manufacture of the CPU. It should be noted that such a CPU needn't fully compete with modern ARM, Intel, AMD, etc. CPUs, but it would be an incredible boon to have a fully trustworthy piece of hardware, even if it is considerably lower in it's strength. For specifics, let's say a CPU that could run a lightweight Linux distro at a "tolerable" speed.

Creating the designs for the CPU, of course while still difficult, is, most likely, the most feesbile aspect -- I presume it would "just" consist of writing the Verilog, or some other hardware description language to describe the CPU's function. The manufacture, however, is a substantial obstacle. Modern photolithography is, quite litterally, at the very forefront of human technological creation. I am just hoping that turning back the clock perhaps 20 years on the technological complexity might reduce the barrier to entry.

[–] Kalcifer@lemm.ee 1 points 1 year ago (1 children)

Deletion not federated yet, then.

 

On the side bar it lists the following:

  • [Matrix/Element]Dead
  • Discord

"Discord" is an active link, but the Matrix link is completely inactive. Not only is it inactive (which could have be excused as a broken link), but it is also manually labeled as "Dead", as if there is no intention of making it work. How can a community that is focused on privacy willingly favor a service that is privacy non-respecting when a perfectly functional privacy-respecting alternative exists?

 

In the official browser app, and any of the mobile apps that I have examined so far, it seems that you are only ever able to see the total number of likes, or dislikes that a post has, and you are not able to see exactly who upvoted, or downvoted the post. Does ActivityPub, or Lemmy track this information at all, or does it just keep a tally?

 

I'm not sure if this is the right community for this sort of post. I couldn't think of any other community to post it in. If there does exist a more appropriate place to post it, then please let me know.

 

I believe that the addition of an edit history would be a massive boon to the usefulness of Lemmy on the whole. A common problem with forums is the relatively low level of trust that users can have in another's content. When one has the ability to edit their posts, and comments this invites the possibility of misleading the reader -- for example, one can create a comment, then, after gaining likes, and comments, reword the comment to either destroy the usefulness of the thread on the whole, or mislead a future reader. The addition of an edit history would solve this issue.

Lemmy already tracks that a post was edited (I point your attention to the little pencil icon that you see in a posts header in the browser version of the lemmy-ui). What I am describing is the expansion of this feature. The format that I have envisioned is something very similar to what Element does. For example:

What this image is depicting is a visual of what parts of the post were changed at the time that it was edited, and a complete history of every edit made to the post -- sort of like a "git diff".

I would love to hear the feedback of all Lemmings on this idea for a feature -- concerns, suggestions, praise, criticisms, or anything else!


This post is the result of the current (2023-10-03T07:37Z) status of this GitHub post. It was closed by a maintainer/dev of the Lemmy repo. I personally don't think that the issue got enough attention, or input, so I am posting it here in an attempt to open it up to a potentially wider audience.

 

As I noted within my post, #9955859@lemm.ee (alternate link), URL thumbnail generation in Element is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.


Post Edit History

2023-10-02T00:54Z
1c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
***
> As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T01:28Z
1,2c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
< > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room. 
***
>  As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T03:44Z
1c1
< As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
***
> As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), URL thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

Post Signature

ul7mHTfs8xA/WWwNTVQ9HzKfj/b+xw+q9csWf60OJrT58jMJpmsX8/BicwFodR8W
Llo93EMtboSUEtYZ+wQhaL/HmrEr6arup7gJzZgslOBWPFj5azADHSpjX9RYuvpt
Fk2muTUgJP2e+SW3BGDPmlcluw6mQOYcap84Fdc1eU47LOZprBXob97qInMK5LrL
tzNqARRtXGdogZtQYlNCqCd9eQgqTwPfxKVadmM6G3xQMh6mWQxQz56sCXqj+mlG
OqJyZIgB1UXEuVZeAO3pl9wN+cSM4eqHLHQwEd+aVeSPf75r2d7mZs+VNwr1WfMu
0sWcPh3aZLXKqdls6UJMEA==
9
submitted 1 year ago* (last edited 1 year ago) by Kalcifer@lemm.ee to c/matrix@lemmy.ml
 

I recently found that there is a room setting to enable the generation of URL previews. This makes me wonder, though: Who is generating the thumbnails? Does the server generate them, and then send the images back (this is an obvious privacy, and security vulnerability)? Does a user generate them locally, and send them to the other recipient (this is what Signal does)? Does the receiver generate them on their end (this is also a potential security vulnerability)?

EDIT (2023-10-01T21:38Z): I found this documentation which outlines the possible methods, but, from what I can see, it doesn't specify what one is actually used in practice. I was also unable to find any information in the Matrix spec.

EDIT (2023-10-01T21:41Z): In this set of release notes for Synapse 1.45.1, I found the following:

Note that URL previews are generated server-side, and thus generally disabled in encrypted rooms to avoid leaking information about message content to your homeserver. You may need to adjust the room's settings to see the new oEmbed previews.

If this is true, and all thumbnails are generated serverside, this is an enourmous security, and privacy risk.

EDIT (2023-10-01T22:18Z): Further research has found the following two open issues:

This confirms my suspicion -- at the very least, for Element (I have still been unable to find any official standardized method within the Matrix protocol). My PSA that I would provide, then, to any who are reading this, is to not enable thumbnail generation, as it is a major privacy, and security vulnerability.

view more: next ›