a beautiful robot, dancing alone · showgirls über alles: kylie, angèle · masto · last.fm · listenbrainz · https://www.lovekylie.com/keyoxide
I’m torn, because on the one hand, yes! — the hour I spent figuring out which PGP XEP was the right one is an hour I won’t get back. But, “only the XEPs you need to implement for a modern messaging application, ignoring historical cruft and excessive backwards-compatibility” sounds so much like the beginning of an extend-and-extinguish cycle.
thank you… more of a thought experiment now than a true need, but it seems like if it became a need, i’d be better off building a matrix account. i suspected this but had hoped for more :/
OSM has a lot more data inside than the website shows - in dense shopping areas you can’t zoom in far enough to see all the POIs, much less business names.
I’ve read before that using cached previews was done to stay accessible to less-powerful mobile devices, which would have smaller CPUs that would be taxed by rendering the native vector data. I view it as a branding disadvantage that OSM appears, from desktops, to have less info than alternatives. But that’s a battle that’s been had many times before, one might as well argue over paper vs plastic.
i hadn’t realized that the ist’s were separate
« barbie girl » du groupe aqua. je mets pas de lien, on me tuerait
The main URL points to this:
it’s perhaps interesting to see what existing apps ZipoApps has on the Android Play Store.
i rather doubt a government would push people out of signal-protocol apps and into Some Other App if they didn’t already have a backdoor into the designated substitute
strangest thing. i updated firefox and now i have no notifications. only a limited number of sites have notification perms; they still say they have that permission and my system settings still have firefox allowed. i have another machine running ubuntu (with firefox from the PPA for apt) and notifications are unchanged there.
cargo install mollysocket
mollysocket
executable if desiredmollysocket
once so that it will emit the default config.config/mollysocket/default-config.toml
and copy it somewhere.allowed_endpoints
line with allowed_endpoints = ['*']
. The default 0.0.0.0 config appears to be a bug; this setting controls access to endpoints within the app, not IPs from outside. Leaving the original value causes mollysocket to reject everything.db = './mollysocket.db'
line rather than just having it land wherever you’re sitting.mollysocket.db
that was created on first run (even if it’s already where you’re intending to put it). This is just to make sure the web server creates it and has the correct permissions.export ROCKET_PORT=8020
export RUST_LOG=info
export MOLLY_CONF=/path/to/your/config.toml
/
to your mollysocket server and ROCKET_PORT.deleted by creator
you probably already found this, but for others who might be curious:
in the settings if you change notification method from websocket to unified push, the UP settings come up, including a server address (which is what they intend to be used) or some air gap mode that i can’t find documented
if your threat model were ‘encrypt everything at rest’, invitations to people outside your own service would be tricky as they have to be machine-readable text in a specific format. i’m sure it’s possible but you’d have to be specific in looking for that as a feature.
my needs are more modest - don’t store email in GAFAM or particular regimes - and i use runbox, which is bog-standard except for being stored somewhere else, being paid, and having slightly more homely webapps. using ‘evolution’ on linux, a bog-standard email program that’s also a bit more homely than alternatives, invitations go out to whomever i choose and look normal. i make recurring events for myself all the time and remove individual occurrences. i’ve added on ical subscriptions for things like country holidays, which are the first thing you’ll notice missing when you leave outlook.
the mail’s just imap and the calendar’s just caldav. when you get into providers that don’t provide imap or caldav for (valid) security reasons, that’s when you’re more likely to get integration issues with regular people.
i’m shopping for mp3 players for precisely this reason - a friend has an ipod touch that abruptly stopped scrobbling. the last.fm app is stuck in a loop sucking battery. and she needs bluetooth anyway. she has always kept music and phone separate but now we have to ask the five whys on that before getting her a new unfamiliar gadget.
part of humans learning to drive safely is knowing that flouting traffic laws increases your chance of being stopped, fined, or if you’re not the right demographic, worse things. we calibrate our behavior to maximize speed and minimize cops, and to avoid being at-fault in an accident, which is a major hit to insurance rates.
autonomous vehicles can’t be cited for moving violations. they’re learning to maximize speed without the governor of traffic laws. in the absence of speed and citation data, it’s hard to measure how safe they are. there is no systemic incentive for them to care about safety, except for bad press.
again not foss so won’t dwell at length — but i use fund manager from beiley software. commercial, but works double-entry and handles more investment complexity than a human could ever need. windows app, i run it under wine on linux and crossover on mac. (i don’t own a windows box — that’s how irreplaceable it was for me.)
summary (not sure why it didn’t get included here): jmp.chat pilots another way to detect unauthorized certificates
We’ve been hard at work on a different tool that can also help with defense-in-depth for this kind of situation. Ultimately, a MITM will use a different public key from the one the server uses, even if it is wrapped in a signed certificate declared as valid by a trustworthy authority (like Let’s Encrypt). If we know what key is seen when trying to connect, and we know what key the server administrator expects us to see, we can detect an ongoing MITM of this variety even when the certificate presented is valid. The tool we have developed is in early testing now. We call it CertWatch.
The premise is simple. The server administrator knows exactly what public/private keypair they are using (or can easily find out) and publishes this in DNSSEC-signed DNS records for our tool to find. The tool then periodically polls the XMPP server over Tor to see what certificate is presented. If the key in the certificate matches the key in the DNS zone, we know the session is not MITM’d (some caveats below). CertWatch checks the current setup of any domain entered, and if not yet declaring any keys, it displays setup instructions. It will either tell you to enable DNSSEC or it will tell you which DNS records to add. Note that these records are additive, so it is safe to add multiple sets when serving multiple domains from one host through SRV records. Once everything looks good, running a domain through CertWatch will display a success message and instructions for getting notified of any issues. It will then poll the domain periodically, and if any key mismatches are found, those subscribing to notifications will receive an alert.
asus pn51, a mini nuc-like box
i’m no expert — consensus sounds like putting disused only on the main tag, and when i’ve encountered this, i haven’t marked anything disused at all. i’ve only looked at the stop/platform to make sure they weren’t in any relation (transit line relations may include the passing way but shouldn’t include the disused stop/platform). and i make sure route_ref isn’t set on the stop/platform. were the stop to be used again, i figure it would have the same ref/stop id and operator, so i don’t remove them. listening for better ideas though