Posts by lapingvino@esperanto.masto.host
(DIR) Post #55415 by lapingvino@esperanto.masto.host
2018-09-17T01:12:47Z
0 likes, 0 repeats
@Anna @cj @h @uranther Just reading this article by Anna (olá, falo Português também!) I am wondering... Is anyone interested in 1. rewriting Mastodon in #golang and 2. having an experiment about creating a truly great community/developer experience? Bonus points for adding #steem and #matrix.org support in this new piece of crap/software. [runs away for suggesting something maybe completely infeasible he might be slightly too lazy for himself...]
(DIR) Post #58104 by lapingvino@esperanto.masto.host
2018-09-17T08:10:19Z
0 likes, 0 repeats
@uranther Yes, I was thinking of a Hugo-like theme thing last night.
(DIR) Post #58116 by lapingvino@esperanto.masto.host
2018-09-17T08:12:12Z
0 likes, 0 repeats
@uranther Meh, I am thinking of PWA on IPFS as my ideal pattern for now. I am running a Chromebook myself, so I am pretty much feeling every day how much a web interface is the most universal way to do something... especially with e.g. OpenBazaar which takes way too long to get ported to some place where I can use it again (I have used it on linux before, but yeah...).
(DIR) Post #332261 by lapingvino@esperanto.masto.host
2018-10-02T18:22:41Z
0 likes, 0 repeats
@uranther build needs to download missing dependencies?
(DIR) Post #514117 by lapingvino@esperanto.masto.host
2018-10-12T23:28:25Z
0 likes, 0 repeats
@marsxyz et moi quand je vois ça "j'espere bien que ça fait que on va partir tous bientot ensemble a Telegram"...
(DIR) Post #844390 by lapingvino@esperanto.masto.host
2018-10-29T20:34:30Z
0 likes, 0 repeats
@micahflee stay away from Signal, it's too easy to prove that they are full of shit. Sorry for the harsh words. The article doesn't answer my questions, or essentially it does, confirming my fears.
(DIR) Post #846447 by lapingvino@esperanto.masto.host
2018-10-29T22:10:43Z
0 likes, 0 repeats
@tuxicoman @micahflee 1. Signal has closed source elements and as such cannot be trusted as a whole2. The whole business model is talking shit about Telegram using buzz words without actually using good security. I don't trust people who rely on black-mouthing.3. Hiding metadata is a lot harder than they make it out to be, and the only app I trust about that is bitmessage. Study bitmessage and you understand why this metadata hiding stuff is full of shit.
(DIR) Post #846448 by lapingvino@esperanto.masto.host
2018-10-29T22:17:48Z
0 likes, 0 repeats
@tuxicoman @micahflee basically Signal is in the business of security theater, not actual security. and honestly, usually that's good enough, but I don't trust it enough myself. your experience may be different.
(DIR) Post #846485 by lapingvino@esperanto.masto.host
2018-10-29T22:30:21Z
0 likes, 0 repeats
@micahflee @tuxicoman client side calling code ("optional functionality") is not open source. this hooks directly into the rest of the code and can be used for spying even if the rest is completely honest. We cannot check on that. Any kind of business model is honestly irrelevant. A billionaire doesn't want payment in money, they are in it for the leverage. And they got Whatsapp. Whatsapp is basically the current business model.Again, you are probably right that I am paranoia about this...
(DIR) Post #846503 by lapingvino@esperanto.masto.host
2018-10-29T22:31:09Z
0 likes, 0 repeats
@micahflee @tuxicoman I agree about bitmessage having terrible UI and other stuff by the way. It's not for mainstream usage. I don't really use it.
(DIR) Post #846635 by lapingvino@esperanto.masto.host
2018-10-29T22:35:23Z
0 likes, 0 repeats
@micahflee @tuxicoman Another problem about Signal is that it is not very clear in communications about what it protects you from and what not. Insecurity by obscurity, people don't know what will give them away. That's what I mean with security theater: they are technically providing protection and that is tried and works, but people don't understand crypto and security well enough to understand how safe on which parts it actually is.
(DIR) Post #846636 by lapingvino@esperanto.masto.host
2018-10-29T22:36:54Z
0 likes, 0 repeats
@micahflee @tuxicoman Adding metadata encryption will lure people into a bigger sense of security that might not be justified, so people take more risks and any spying done on data that is giving itself away will be much more effective. You basically know that security minded people will use it, and might risk their lives doing so.
(DIR) Post #846639 by lapingvino@esperanto.masto.host
2018-10-29T22:38:11Z
0 likes, 0 repeats
@micahflee @tuxicoman If that's WebRTC now and that uses an open source implementation I might be out of date and I have to beg for excuses about that.
(DIR) Post #846698 by lapingvino@esperanto.masto.host
2018-10-29T22:41:33Z
0 likes, 0 repeats
@micahflee @tuxicoman encrypting metadata is good... the point is that good security makes you not stand out. using those features might make you a target, and figuring out who uses those features is still basically possible.
(DIR) Post #859464 by lapingvino@esperanto.masto.host
2018-10-30T11:16:09Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee I don't invest in any ICO. I trust Telegram because it keeps my dear friends in oppressive regions safe.
(DIR) Post #870354 by lapingvino@esperanto.masto.host
2018-10-31T00:14:02Z
0 likes, 0 repeats
@micahflee @tuxicoman @freakazoid true, the same friend of mine that explained the closed source thing told that too.
(DIR) Post #873491 by lapingvino@esperanto.masto.host
2018-10-31T00:20:24Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee the home grown crypto is made for easy usability (it's much easier on phone hardware) and if it breaks down some time, it can easily be replaced. The problem with well-audited generally known crypto is twofold: 1. if one thing breaks, everything breaks. You want diversity to be able to switch to something not broken yet if something breaks down all of a sudden. [1/2]
(DIR) Post #873493 by lapingvino@esperanto.masto.host
2018-10-31T00:20:37Z
0 likes, 0 repeats
@freakazoid @tuxicoman @micahflee 2. mainstream crypto is US government grown, and there are unverifiable by the nature of the problem suspicions that they might have built in a one-way backdoor in the crypto by choosing the default parameters (e.g. in the case of Bitcoin using non-standard parameters I think that might be a reason) in use by everyone. This means that with non-diverse crypto, a problem means that everybody is spied on instead of a part. [2/2]
(DIR) Post #9nv4ilJZ8ofEMmeYtc by lapingvino@esperanto.masto.host
2019-10-14T14:40:04Z
0 likes, 0 repeats
@monorail seemingly later on Garfield was decided male though... doesn't mean he cannot be demiguy NB xD
(DIR) Post #APkbpz3cwRghdOaKEC by lapingvino@esperanto.masto.host
2022-11-18T23:29:17Z
0 likes, 0 repeats
@lamp @dfeldman It is possible, but it's not free or cheap. The only way it would be cheap is from a single instance, which would mean a simple cutoff for that instance until they get their shit together. You can even go into whitelisting mode if things get really bad. The big difference with the fediverse is that you don't have to play with the same rules to participate. You might get a part of the network down, but the rest will adapt. Any attacker is fighting a losing battle.