Onihikage
- 0 Posts
- 13 Comments
Someone is bound to start selling conversion kits for regular cars eventually - turn your 20 year old gas dinosaur into a zippy EV or hybrid, no spyware required. We can already do it with two-wheelers, and Edison Motors is well on their way to making kits to turn big trucks into hybrids.
We cannot allow perfect to be the enemy of good. Governments move slowly, especially the US, so moving the needle a little bit this year will let us move it a little more next year. Gradually, funding environmental progress becomes more and more normal, and greater and greater actions to deal with climate change become acceptable. All great accomplishments started with a proverbial “pissing in the ocean” if you look back far enough in their development.
Let’s also be clear that the only alternative to Biden that exists, for the 2024 US election, under the current US voting system, would be far worse than Biden in every environmental category. It’s important to push back on the bad, but it’s even more important to promote the good work done by his administration, no matter how small of a good we think it is in the moment. If all we do is gripe about the bad, we’re helping every wealthy oligarch that wants us to think of governments as impotent and useless while they burn the planet to the ground.
3·6 days agoTo be fair, even in my family it’s not a full streaming replacement. We have Discovery+, Nebula, and (free) YouTube. Live TV from the Roku player is the main thing I want to replace through IPTV, either Jellyfin or maybe Kodi, but both the metadata and functionality of free sources is a crapshoot. If I could replace the Roku live TV use with some inexpensive paid IPTV source, then I could easily switch to any streaming box brand, like ONN or some other generic Android TV.
My setup is not recommended, honestly. Old gaming PC from about 14 years ago with a couple extra hard drives, thrown in the closet with stripped-down Windows 10 on an old SSD, desktop version of Jellyfin, and an external drive for backups. Not even running in a Docker container because the CMOS battery is dead and getting to it is way too much of a hassle on that particular motherboard, so virtualization defaults to off whenever it completely loses power. Which it unfortunately does on occasion
like winter storms, or summer heat, or if the wind is blowing.But hey, for the movies and shows we have on DVD/BD, as well as the music we’ve bought over the years, it does work for access from PCs and phones on the local network (Finamp + Jellyfin Media Player). I dabbled with IPTV for live TV replacement but found that only using totally free IPTV+metadata would take either much more work on no-virtualization Windows 10 than I’m willing to put up with, or have much more jank than my family is willing to put up with.
7·8 days agoAll the cybersecurity in the world won’t matter if a handful of
manipulated idiotspeople shoot a bunch of unguarded and remotely located substation transformers.
1·8 days agoIf “nearly every app” that people already use suddenly has a big warning on it, people will quickly decide the warnings are meaningless and start ignoring them, like Prop 65 warnings. Congratulations, we’ve moved the needle backwards.
You have to meet people where they’re at. I finally switched to Linux when MS introduced a feature I wanted no part in (Recall AI), but I would have given up within a day or two if the transition hadn’t been basically seamless. I was able to pick up right where I left off, using all the same apps I did on Windows
except MusicBee RIP, but now I’m in a better position than before, on an open-source OS instead of closed-source. Now there’s a little less friction between me and better, freer software.
When I look at Firefox in Discover, it only shows the list of permissions the flatpak will be given out of the box, with no warning of it being “potentially unsafe.” This certainly does seem like the better way to handle it.
Also, the warning on the Flathub website is clickable - it expands into the full permissions list. Why it defaults to “no information except maybe dangerous” is beyond me.
Yeah, the only reason coal emissions are going up is because they’re growing too fast for even renewable energy buildouts to match increasing demand, so coal is their only option to keep up with power and steel production. The alternative is to slow development, and they’re understandably not willing to do that with the US breathing down their necks and India right next door growing just as fast.
The Billet Labs prototype water block being so poorly handled was a consequence of them growing too big for Linus to manage; he hadn’t internalized that they weren’t six guys working out of a house anymore, but a proper medium sized business that didn’t need to strain for every bit of content to keep from going under, and could afford to slow down a little to get things right. They ended up taking a break from the constant grind to reorganize after GamersNexus put out a big piece on all the things LTT was doing wrong, all the sacrifices they were making to quality and accuracy for the sake of pushing out more and more content to stay relevant, and how badly they mishandled the prototype.
Not sure Linus has forgiven GN for the “hit piece” but I think they really needed the shock of it in order to get them to actually course correct immediately rather than keep putting it off.
A few months ago, Proton’s CEO Andy Yen was interviewed on The Linux Experiment and reiterated in the segment starting at 49:27 that he does want to have an F-Droid version, but because Proton encrypts notifications sent through Play Services such that Google can’t get at the metadata, and because third-party notification frameworks are typically much worse for battery life than Play Services, they consider F-Droid a lower priority than some of the other things they’re trying to get done, such as feature parity between their mobile and desktop apps. It’ll come eventually, especially as Yen himself seems to want it, but since they’re completely private and have no investors, they don’t have infinite money for developers, so they have to prioritize sustainable growth.
Highly recommend watching the full interview, Yen seems to have a good mindset about the whole thing, doing what he feels is best for privacy and ownership of identity in the long run, even if he has to temporarily compromise in some places in order to get there.
0·1 year agoEveryone knowing your identity? The drawbacks would far outweigh the benefits. However, there may be a path to the benefits of a Real ID sign-up system that mitigates the possible harms.
First of all, let’s get this out of the way - this “minimal harm” approach would only be feasible if the government could either reach some level of technical competency or farm out the task to heavily restricted private corporations that do have that competence. If we presume that’s the case (unlikely), the question becomes whether the people would be willing to accept it. If we presume the majority of citizens also want such a thing (a tall order to be sure, I certainly don’t want it), then the question becomes what sort of system would be able to maximize privacy, and thus safety, while still requiring your real identity to be involved in creating online accounts? What would that system look like?
(Collapsed for your convenience because I wrote way too much about this hypothetical)
We’d absolutely need a level of abstraction. The government knows who you are anyway, but the business entity you’re interfacing with would get a unique token from the government that is not your actual Real ID number but which is a hash generated from the business’s (salted) ID number and your own salted ID number (idk I’m not a cryptographer).
Signing up for an account would resemble using Google or Facebook to create an account; you’d be redirected to some third party Identity Verification System (IVS) which would handle identity verification and redirect you back to the account creation with the extra piece of information provided by the third party. You’d still pick a username, password, etc.; the government database would only be used to generate that unique token.
More specifically, the website or service would only be passed a token from the IVS, uniquely generated based on the company ID and the person’s ID, and the government database would only keep the token, not any of the data used to compute it. (That’s not counting China and other authoritarian states, of course - they’d definitely retain all that information and have a list of all the sites you have accounts with. This wouldn’t solve that problem.) This would make the IVS database virtually useless on its own, as an attacker who compromises the database has no way of knowing which token is associated with which website, and cannot derive it themselves unless they’ve also compromised one or more target websites at the same time. The cryptographic stuff would be rotated once it’s known that a breach has occurred, so such breaches would likely be limited to state actors or black-hat groups that hoard zero-days.
Now, what would all this accomplish? What would it make possible that currently isn’t
outside of China?- Unique website signups - one person, one account, and if it’s banned, that’s it, you don’t get to log in to that site ever again until you’re unbanned. Your only option to get around a ban would be to commit identity fraud, which would be quickly traced back to you if everything really was using this system.
- If you block someone, they can’t just make a new account and keep harassing you; they’d have to start committing crimes, and the pattern of behavior would be easily traced back to their original account, and with it, their original identity.
- No more sock puppets. If you say something on a platform, you only get one account to say it with. Troll farms would have to openly pay thousands of people to support a particular view, which many websites would likely consider a bannable offense. Troll farms are non-viable.
- A website doesn’t need your email address or any personal information from you in order to verify your identity for password resets. If the IVS returns the correct token, that’s good enough.
- If a user has committed a crime, and evidence of this is visible on a website or platform, a government with jurisdiction can, with a warrant, request that user’s token. That gives them a specific identity in the ID database to investigate further.
- If the government is investigating a particular individual over whom they have jurisdiction, they can query websites or businesses over which they also have jurisdiction for information on whether any of the tokens in their database match a user account’s identity token, and request data from the matching account. It would be a much more focused process than queries based on IP addresses which judges keep having to say are not proof of identity.
What would this system not do? What doesn’t change compared to now?
- Companies using this system would still only know for sure who you are if you tell them; at most, they know with certainty what country your identity is associated with, but little more.
- Companies could still coordinate information on data such as which accounts sign in from the same IP addresses, which would tell them more about specific users and potentially let them profile you.
- Companies will still give up any information they have on you to the government if compelled by a warrant, sometimes even without one.
- Websites can be hacked and your data on that website exposed to the world, requiring you to reset your password, etc.
- The government can be hacked and information about your identity exposed
- Accounts can be hacked, and nefarious people can do nefarious things under your name without having to commit identity fraud (though this act could itself be considered a crime under such a system)
- Stalkers can still figure out who you are based on information you post, and go after you in the real world
- The government doesn’t know which websites you visit unless they’re actively spying on you.
- Oppressive governments can and will continue to monitor and log everything they can about you, and attempt to weaponize this against dissenters or those otherwise deemed “undesirable”
Even in the grandest, best-possible-case scenario I can think of, it still comes down to “Can I trust my government to not take more information than they’re allowed to, and can I trust that they will not abuse the information they do obtain?” For many, I suspect the answer to both questions is no.
The ELI5 for Fedora’s atomic desktops is that if Windows had an Atomic Desktop version, Program Files and most of the Windows folder would be read only, and each program you installed yourself would go into its own folder in your user directory. That’s the basic idea. It’s harder to screw up an Atomic system as long as you stick to containerized app formats like flatpak/appimage whenever possible. It makes it easier for everyone to diagnose problems, and easier for users to roll back if an update has problems. Even if you were to install it right now, you could use one simple command to “roll back” to any image from the last three months.
The benefit of Bazzite is you have all of the above, plus a lot of gaming-related stuff preinstalled which, if you were to install them yourself in a normal Fedora environment, you’d likely have to spend a lot of time just learning how they’re supposed to be configured, how they interact, which versions have problems, and how to troubleshoot problems when an update to one app breaks a prerequisite for something else; eventually you end up in config hell instead of actually using your computer. With Bazzite, the image maintainers are the ones in config hell - they work out the kinks, app versioning, communicate with upstream to fix issues, all that, so your system should be in the most functional state that a Linux system can be, so you only have to think about using your apps.
tl;dr