Pika

Another commenter stated (its a little ways down the thread) they abandoned that plan due to complexity. (and other instance admins getting mad they couldnt see votes)

They ended up moving to a system where you now decide if you want your votes to federate outside the instance or not.

Man, you just brought back memories. I forgot qtox was even a thing. I think I still have my profile saved in my dev folder somewhere for my account

Fully agree that in this case if the claim is true (they have had a few of these claims), it’s likely whatsapp either making itself a companion app that’s hidden, or has some form of escrow in place to allow deciphering the messages. (Considering Messenger allows decrypting e2e chats with a 6 digit security pin, I’m leaning towards an escrow)

I was just mentioning that this isn’t a fault of it being centralized, this is a design choice by the company when implementing e2e encryption, and that a properly functioning system would never give the server the ability to decipher the messages in the first place.

Just because it’s centralized doesn’t mean that it falls under this risk sector. Theoretically if the app was open sourced and was confirmed to not share your private key remotely on generation (or cross sign the key to allow a master key…), then the most the centralized server could know is your public key, the server wouldn’t have the ability to obtain the private key (which is what is needed to read the e2e encrypted messages)

This process would be repeated for the other party. The cool part of that system is you can still share your public keys via the centralized server, so you wouldn’t need to share the key externally. You just need to be able to confirm that the app itself doesn’t contain code to send your private key to the centralized server. Then checking integrity is as easy as messaging your friend to post what their public key is, and that public key would need to match the public key that the server is supplying as your contact.

The server can’t MiTM attack it because the server has no way of deciphering the message in the first place, so the most it could do is pass the message onto the proper party whom has the private key to be able to decrypt it.

Not that I have any other suggestions aside from signal though, there aren’t many centralized e2e chat services. Most use client to server encryption which would allow decryption server side.

There is also some that you just don’t want to put that type of responsibility onto either. I moved my grandfather to a password manager 5 or 6 years back. I reiterated at least 8 times do not forget this password if you do you will lose all passwords and need to do everything over again.

He lasted 3 or 4 weeks then suddenly called me saying he couldn’t remember his password period. Like he tried for a good 40 minutes to guess what he may have done and was in a pretty intense panic because he didn’t want to have to change every service he had.

Thankfully it had not been long enough for his file history backup to have deleted the file, so i just restored the last backup of his passwords.docx file and put it back where he was used to it. He lost those few weeks of new passwords but that was a lot better than losing every password.

I’m not about to try and have him use a password manager again, he has decent enough password management skills since he doesn’t reuse passwords period, but like, it was far too risky putting him on a password manager again.

I couldn’t get into matrix, but I was a huge fan of open fire. It’s interface was stupid easy for XMPP administration and for awhile I ran it no issue with my group of friends. granted we ended up just going back to discord not due to any issue with the server or protocol but because it was tedious trying to get people to switch off a platform that works for most people.

I solve that issue by having down votes disabled, I don’t have the capability to down vote or see negative scores. It honestly made my experience on the platform better as well, because it helps hide the hive mind mentality that the platform as a whole seems to have at times.

Whats dumb is this issue is very easily resolved by encrypting the users security pin or password against the bitlocker keys and then only storing that.

or better yet have the pin/password an isolated thing from the microsoft system, so when a key gets uploaded, it requests the recovery pin, and if the pin matches it uploads, otherwise it states invalid pin and offers to change it while warning that it will remove existing keys, then optionally next time a system whom contains a drive with an identifier (which wouldn’t need to be encrypted only the key) goes online, it can prompt the user “note: due to recovery pin, drive X recovery key needs to be backed up again, would you like to do so?”

This type of system would make it so the only data MS has stored is the already encrypted recovery key, and as such would mean that the data they gave law enforcement would be worthless.

I watch most IT/Technical videos at 1.5-2x speed. Especially tutorial style videos. Most creators use a very long and drawn out way of speaking in order to keep the viewer on the same page, but most of the time I know the core concepts already, so I don’t need the super detailed parts only the barebones.

I want to add onto this that if you’re choosing between Lutris and Heroic, you should probably go heroic. I personally use Lutris myself, Mostly because I prefer the UI design of it. However, heroic does have a faster update cycle, while having built in support of Amazon gaming, epic games(including experimental cloud support) and gog, and doesn’t have the bugs that Lutris has. Especially when it comes to trying to run GE layers through it.

Trying to get those first party storefronts to work on Lutris is, for lack of better words, a pain in the ass. I’m only still using it out of pure stubbornness because, like I said, I much prefer the overall layout.

I don’t think he has a track recording of thinking in general to be fair.

I think he spits actions and just takes whatever sticks. The dude bankrupted how many times now and is expected to be the master in resolving US trade?

I’m not the respondee but you may want to reread that post. they use the word mainly there to indicate most but not all. You are risking cherry picking the argument. By what I see it, the wording for “only exception” since the word mainly is used, would indicate that the only major exception would be, not the “only exception” would be.

That’s how I read it anyway.

regardless though, the entire theory is silly anyway, doing what the original article suggests would also send the world into a global recession and would be the a classic case of shooting your own foot in an attempt to harm the opponent.

ammendum/post addition: regardless of who owns it though, the outcome is still unlikely. For government it would be political suicide in democratic countries, and for private sector it would be a massive financial dumpster fire. I think finding alternative export/import partners is far more likely to happen than something of the scale the article posts

Fair, I have a handful of dev friends who I know don’t know “why” a command or script works, just that it does, so I guess that statement would likely help them.

this is honestly my biggest take on all of the alternative phone options.

Like I can see spending 500-1000 on a device that is already established and known to be good. 500-1000 on an enthusiast device is a bit of an ask.

If there was an alternative device that was somewhat in the consumer range for phones (so 50-250 range) I think it would go a lot better, but every alternative phone seems to focus on flagship series price ranges for devices, and for a project that may or may not take off that’s not a good objective.

No, I was curious about it so I looked it up, it’s a secondary first party terminal app it seems, I was wondering as well cause I didn’t see how the system could even function without it. Powershell and Command Prompt are still available it’s just terminal has the ability to merge them into one app it seems.

I love the warning note

Sudo for Windows can be used as a potential escalation of privilege vector when enabled in certain configurations. You should make sure to be aware of the security considerations when enabling the sudo command on your machine.

What do you mean a master-key/privilege escalation tool can cause a privilege escalation vulnerability, who knew 😂

Most chromebooks can be put into a dev mode(which requires factory reset…) in order to install a new OS on it. I have done it a few times.

being said, with how low power they are, they can’t really do much but what chromeos can do.

I just need a spare weekend or two to make the swap now and throw wine on it for the games I play that refuse to run on Linux.

if your primary storefront is via steam, you likely won’t even need to manage wine, steam will do that for you as part of the install process. You can use something like protonup or something to get GE editions of proton but, honestly it mostly works right off the gate.

Just be aware that proton can have conflicts if you try to use it on NTFS drives, you’ll need to manually specify UID and GID for the drive (via fstab or however you manage mounting drives) or you’ll get permission errors that won’t actually say what they are unless you ran steam via the terminal.

nah that’s a separate department and they deliberately keep that book as far away from the overall study as possible.

man that sucks.