Notices by lj·rk (ljrk@todon.eu)

@cwebber Precisely. If the goal of the class is to pass the test, people will seek the path of least resistance. Also this is an easy setting for the educators, since the burden is on the students.

If the goal of the class is to make students interested in a topic and have them learn most, much more of the burden is on the educator to think about how to facilitate that.

@micahflee Found the source!

It's linked under the `/developer` path for API libraries, and they explicitly mention GPL so they're probably not in violation of licenses:
https://www.telemessage.com/developer/api-libraries/

----

Some other info/links which you may or may not know already/or could be helpful:

This is their Play Store listing, including their Telegram capture but not Signal:
https://play.google.com/store/apps/developer?id=TeleMessage

This is linked from: https://www.telemessage.com/downloadapp/

There's also the WebApp (which first tries to auth via SSL Cert but fallbacks to mail / user-password): https://webchat.telemessage.com/

And the secure.-Subdomain with login window: https://secure.telemessage.com/

This FAQ lists other subdomains and ports:
https://www.telemessage.com/what-firewall-ports-must-be-opened-to-enable-enterprise-number-archiver-voice-call-wifi-usage/

The REST-API described there can also be interfaced through their Java or PHP SDK:
https://github.com/TeleMessage/

@lanodan easy fix: Use more C++ and templates!

@BrodieOnLinux Wow, you've missed the point completely. There are two issues: 1. the person leaving, 2. whether the instance tolerates such views.

They repeatedly affirmed the second. And Corey's "balanced take" completely neglects the blatantly fascist crap the mod in question posted.

Absolutely not sorry that some fossbros are annoyed that politics are not ignored here.

@jasmine Have you tried phanpy.social? It's a PWA and also supports notifications. I mostly don't even notice that it's not a "proper" app, it's so good!

@organicmaps @forgejo Amazing! And compared to every GitLab instance, it loads instantly <3

broke: stream of consciousness
woke: scream of consciousness

@aetios #ALT4you

I stumbled onto this subreddit looking for tips on running a basic Plex server, and holy shit, you people are insane. Instead of finding normal humans, i complete psychos debating ZFS configurations like they're discussing fine wine. "Ah yes, this RAIDZ2 has subtle notes of data integrity." You are all a bunch of sick vitamin D deficient freaks.

I actually work with and manage multiple Kubernetes, mission critical infrastructure that actually matters. I spend my entire day working with containerised applications, and what do I find when I load up Reddit? Ansible playbook writing maniacs trying to automate their light switches. You are all a bunch of sick freaks who probably dream in YAML and wake up in cold sweats wondering if you forgot to enable that cron job

The worst part is how you enable each other. "Hey guys, just finished my basic home automation setup", and then you post a system diagram that looks like the blueprint for a nuclear reactor. Fourteen Docker containers just to manage a suite of 'internet of things connected shitware. You celebrate each others descent into madness with vomit inducing comments like "Nice setup! Have you considered adding Prometheus monitoring?" You are all a bunch of sick freaks, you make me ill.

1/x

And the money you guys must spaff away... you've somehow convinced yourself that spending thousands on enterprise server equipment from 2012 is justified as it was originally 10x the cost. And then you refer to it as "your little setup". "Oh this? Just my Dual mirrored RAID 10 arrays with triple redundant UPS and backup diesel generator that kicks in if the power flicks for more than 3 milliseconds. You know, for my Linux ISO collection" Meanwhile your electricity meter spins so fast it could probably generat its own electricity. You are all a bunch of sick freaks, and you need help.

I take solace in imagining what your home lives are like, I laugh as l imagine your families, having to sit through dinner listening to you explain why running Pi-hole with Unbound is superior to forwarding to Cloudflare. I bet your kids start crying when you mention DNS-over-HTTPS. Your wife just stares at you now, especially since you've replaced all your family photos with grafana dashboards.

2/3

I imagine you boiling over when when the women you made vows to asks "why can't we just go back to using iCloud" when your precious self-hosted photo library goes down during your third Photoprism upgrade this week. They completely ignore your 'impressive (97% lol) uptime statistics and offsite backups. You are all a bunch of sick freaks, and your loved ones are losing hope.

No, you don't need Kubernetes or 10gig network switches or 7u rack. You don't need any of these increasingly abstract layers of complexity that exist only to solve the problems created by your previous solutions. Your simple file server didn't need containers, those containers didn't need orchestration, that orchestration didn't need a service mesh, Yet here you are, staring at 10,000 lines of YAML, wondering if maybe just one more helm chart would finally make it all perfect. But I know you'll keep adding more, because you're all just a bunch of sick freaks.

3/3

@sour @hakan_geijer Absolutely! Security focused live systems are neat for some throwaway work, just do recognize that if the hardware is tampered with, it's hard for the OS to defend against that.

But most attacks that work well against Linux but not so against modern Windows/macOS are attacks targeting the installed OS. With a live system you circumvent that. In theory, you can harden a Linux to a similar degree as Windows BitLocker (i.e., measuring Secure Boot state + long password or fido2 stick, using
signed UKIs, etc.) or perhaps even more than that, but it's not the default and requires quite some knowledge.

FFS, I'm not sure whether this was already the case or just a bending over by Google, but @ryanc's EMF talk about transitioning is age-restricted on YouTube?!

https://www.youtube.com/watch?v=dGklNDJZX1k

(yes, the talk has explicit pictures but honestly, there's so much more explicit stuff on YT that's... simply not queer and fine)

@dalias @rysiek Oh, I didn't mean that ^^'

The Fedi in general is a bit of a circle-jerk, but I like it (we do have discussions, but it's a bubble nontheless but I really don't mind).

@dalias @rysiek tbf, we’re circle jerking too, but we are right (at least i believe so)

@dalias @khm @ambiguous_yelp @sammi @joelanman I'm not saying that there's a lot of marketing bs, you don't need to repeat that in front of me.

But there /has/ been quite some development in QC on a hardware level, denying that is seriously denying reality. Even more, there /has/ been increased velocity in the development.

The only question is whether you consider this "relevant" or "much" or not. And while I don't think it's anywhere near to be done, I find the development worrying enough to think about this scenario in *some very select* contexts. Not as a threat now, but as something to consider and better protect against rather than not doing anything

Like we should've done something against the climate crisis in the 1920 already, even though the impact was quite far off, but signs where there. It's quantum resilience not "the big scary quantum is coming".

@dalias @khm @ambiguous_yelp @sammi @joelanman I disagree, we had quite some development in the recent years and while this is no guarantee, a lot more progress has been made than earlier. In other terms, it's not the same velocity of development but has accelerated.

But: There are still real problems to be solved and at any given point we may run into a wall. And one real problem could also be that we have WW3 before any QC get's successfully constructed, whelp.

But regardless, that's really no helpful debate and I'd rather not bet on that for some stuff and rather be safe (hybrid schemes) than sorry.

@khm @ambiguous_yelp @dalias @sammi @joelanman While I agree that it's nowhere "close", the "Harvest Now, Decrypt Later" is a tangible threat -- even if they're 10 years out.

However, I wouldn't bring that up for Signal since that'd require a *lot* of Harvesting, a *lot* of cracking and we'd only get some of the data to decrypt a whole Signal interaction since only the KEX would be affected and things like PFS etc. help against a lot of simpler attacks.

This *is* a threat for, say, secret govt. documents where deciphering has a big impact even 20 yrs later and the computing requirements (given you have access to quantum computers) are comparatively acceptable.

@ainmosni @dalias @hipsterelectron Tbf, I've seen many constructions that are insecure even though the primitives where fine. They were just misused. Those primitives ranged from wrong application of SHA2, to PBKDF2 to just using GPG wrongly...

But yes, learning things and trying to do new things with crypto is absolutely fine. But *please* ask a cryptographer latest when you are dealing with data from other people.

@jwildeboer I’d recommend not necessarily using your name… as long as you’re not 100% sure it might change 0:-)