Phil boosted

Really interesting example of a privacy issue highlighted on r/privacy yesterday:

> visited a roommate's place and was bombarded with ads about engagement rings when I used his wifi. I asked him if he was going to propose to his girlfriend and he was shocked I found out. Helped him install PiHole/network wide ad blocking before she found out.

Looks like has updated their media bias chart. I particularly appreciate how they explain several caveats, such as the fact that it's an oversimplification, and that "center" doesn't necessarily mean "better."

Listening to the Ask Noah show and realized I haven't fully understood the purpose of . It's much more ambitious than chat. It's more like a universal messaging system, where "messaging" isn't necessarily referring to chat messages. The goal is to free developers to build any kind of connected system they want, without forcing them to be experts in secure resilient protocol design.

Is it just me, or is every single _usable_ Matrix client on the planet in some sort of prerelease / early development stage?

Besides Riot of course, which will be replaced by RiotX (which is also currently in beta).

I've been keeping an eye on Matrix for years now, waiting for an app that I can recommend to friends and family who are accustomed to more polished mainstream apps. Wondering if we will ever ship this thing.

Phil boosted

Minisign/Signify keys are super short, which has the bonus of being able to put them everywhere, so one can verify a key against more sources.

Show thread

Neat. An email privacy / forwarding service that's open source and self-hostable. With an app on F-Droid to manage email aliases, etc.

I am personally fine with sticking to my "+" email aliases, and Fastmail provides extra alias functionality. But the concept looks awesome, and I'm excited to see more businesses who charge for a hosted service, while making it possible to self-host for free.

is awesome, but it kills me that I have to send download URLs to people in emails. If an email server is compromised, the bad guys still get my files if they follow the link before my recipient does.

What about having a service that generates _upload_ URLs instead of download URLs? Then you could use public / private key crypto, where the private key stays on the recipient's machine and never gets transmitted via email.

For all the cool personal software projects I've started, I never ended up actually finishing them, and they end up getting thrown away.

Then I started a simple project that's just a collection of Bash scripts (Bash!? 🤮), and I use the dang thing all the time.

Phil boosted

I just discovered which is a editor, and a drop-in replacement for non-free , which I had been using in lieu of a FOSS equivalent that compared with it.

Of course Joplin is still a good app. Whether I recommend it or not just depends on your use case and threat model.

Show thread

I compared with and came to the conclusion that Joplin is significantly less security-minded. Joplin E2EE uses weak / broken crypto (AES-OCB2), and the developer doesn't seem too terribly concerned about it. Whereas Standard Notes uses a combination of libsodium and AES-CBC.

I'm not saying I've thoroughly combed through the code, but at least a quick glance on the surface makes me think there's no way I'm putting anything sensitive in Joplin.

Now to get some of Keyoxide's social profile and proof functionality into a proper app! Then you could safely do private key functions like decrypt and sign as well.

Show thread

Just discovered @yarmo's

I agree with his stance that isn't great for email, but it's actually pretty good for other purposes. This website is an excellent demonstration of many of those other purposes.

It's also a great learning tool! Simple explanations of how things work, and what's possible with PGP. Well done.

Phil boosted

Listen to Medieval Covers of "Creep," "Pumped Up Kicks," "Bad Romance" & More by Hildegard von Blingin’

Phil boosted

@datenteiler @soul_predator take it from one who had repeatedly shot himself in the foot with bash: you CAN write good-ish code in bash, but you really have to be intentional. The style guide helps:

I really like the idea of . Seems like a promising way of eliminating usernames / passwords, protecting privacy, making life easier for users, and doing so with a relatively simple open standard.

Initial setup might need some improvement before it could gain widespread adoption (on the Android app at least), but at first glance, this seems legit.

Phil boosted

Hi, my name is Markus. I am an engineer but very interested in . First install was :redhatalt: 4.2 or so ... definitely 2.x kernel. I am more a user, but have some programming experience, even Fortran :D ... :python: to come for on :raspberrypi:. My main hobbys are and and being .

Noice is a great simple background noise generator.

It's supposed to run in the background, and it has a selection of "boring" sounds like white noise. But it's almost addicting trying to mix various sounds to create cool imaginary environments. For example, you can mix moderate rain + rolling thunder + wind chimes.

I wonder how easy it is to contribute new sounds to the app.

Apparently AllSides has a balanced news search page. When searching for polarizing topics on the web, you can use AllSides to find balanced search results that will show you perspectives you might not otherwise find in our SEO / advertising-driven world.

I haven't tried it yet, but it's a cool idea.

Show more

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.