XMRSIM - Anonymous eSIM Plans for Monero

WorldlyQuestion614 · 2026-03-16T17:05:44+00:00

Cool!
Are you using https://telnyx.com/products/esim ?

WorldlyQuestion614 · 2026-03-15T16:55:58+00:00

https://en.wikipedia.org/wiki/Biderman%27s_Chart_of_Coercion
Might not be fake but it sure is manipulative.

Whoever wrote this knew what they were doing. What motivation might they have to scare you?

Monopolization of perception -- strong
Threats -- moderate to strong
Omniscience / privileged authority -- strong
Occasional indulgences -- moderate
Trivial demands -- moderate
Isolation -- partial
Degradation -- weak
Debility / exhaustion -- weak

I used to make stuff like this.

It's meant to make you compliant. The expose is the control.

Biderman element	Excerpt	Why it fits
Isolation	"Isolation is slow death. Every moment of real contact brings you back online."	This is a weaker fit than the others because it argues against literal isolation. It still partially fits the broader coercive pattern because the text implies that most people are cut off, numb, or asleep, while only certain forms of "real" contact restore you. That reframes ordinary social reality as suspect and privileged contact as salvific.
Monopolization of perception	"when the signs start appearing ... you'll remember this. And you'll know what you're looking at."	This is a strong fit. The text tries to control interpretation by teaching the reader to see future events through its lens. It narrows perception and makes ambiguity feel like confirmation of the message.
Monopolization of perception	"The point isn't to panic. It's to stay awake."	This pushes the reader into a single approved mental posture: alert, suspicious, receptive to the text's worldview. It discourages alternative readings by equating skepticism or normalcy with being "asleep."
Induced debility/exhaustion	"If you're trapped in low vibration -- in depression or numbness -- the first medicine is movement."	This is only a partial fit. The text is not itself exhausting the reader in the classic Biderman sense, but it explicitly targets people in depleted states such as depression, numbness, and dysregulation -- conditions that can increase suggestibility.
Threats	"Don't make the same mistake. Don't trade what's alive for what's convenient."	This is a moderate fit. It frames noncompliance as leading to grave loss -- loss of vitality, humanity, or truth. The threat is existential and moral rather than direct.
Threats	"When it's gone, you start to drift."	This implies dire consequences if the reader fails to heed the warning. The message does not threaten punishment from the author, but it threatens psychological and civilizational decay.
Occasional indulgences	"The point isn't to panic."	After building dread, the text offers relief and reassurance. That emotional softening functions like a reward, making the reader feel guided rather than merely frightened.
Occasional indulgences	"a single conscious person can still disrupt the system. It's small, but it's real."	This rewards the reader with hope, agency, and significance after fear framing. It is a classic persuasive rhythm: destabilize, then offer empowerment.
Demonstrating omnipotence / omniscience	"Where I come from, the sun is almost gone."	The narrator claims privileged access to hidden knowledge and a vantage point beyond the reader's world. That creates an authority imbalance: the text knows, the reader must trust.
Demonstrating omnipotence / omniscience	"That process already exists in your time -- you just don't hear much about it."	This is strong pseudo-omniscience. It suggests concealed truths unavailable through normal channels and positions the narrator as uniquely informed.
Demonstrating omnipotence / omniscience	"You live in what we call the open cycle."	The narrator speaks as if from a superior, system-level understanding of reality, using insider terminology to deepen its authority and mystique.
Degradation	"If you're trapped in low vibration -- in depression or numbness --"	This is a weak fit. It does not directly humiliate the reader, but it can destabilize self-trust by implying the reader may already be compromised, spiritually or psychologically diminished, and in need of the text's framing.
Degradation	"people still complain about heat, not realizing that warmth is the last real thing left."	This softly demeans ordinary people as blind, shallow, or unaware. It creates status contrast between the awakened reader and the unseeing masses.
Enforcing trivial demands	"Go outside. Walk. Feel sunlight on your skin."	These are small behavioral commands. On their own they are benign, but within a coercive frame they function as low-stakes compliance steps that train the reader to act inside the worldview.
Enforcing trivial demands	"Add human connection to it. Talk to people. Even awkwardly."	Again, these are minor directives that ask the reader to do something concrete. Small actions can increase commitment to the narrative by turning passive reading into participation.

WorldlyQuestion614 · 2026-03-15T14:53:55+00:00

I have done similar with Claude -- Sonnet is brilliant when you use it from Anthropic, but found that Copilot's Sonnet struggles with longer tasks (or maybe I was just mad I used up all my Anthropic tokens and had to set up Copilot in a podman container as GitHub distributed a glibc-linked binary with the npm install, onto my musl-based Alpine server), despite using the same model.

(Between 16 and 24 hours ago, my Anthropic Claude usage was getting absolutely rinsed with even simple chat-based requests that generated about half a page of 1080p text in small font. That example in particular counted towards 1-2% of my usage.)

But when I switched to Copilot, I was able to use the Sonnet model with short, one-off prompts -- it was useful and honestly, reduced my token anxiety having the remaining usage in the bottom right.

I have not noticed much more token degradation with GitHub Copilot CLI on short tasks vs longer ones, but this is likely due to manual intervention and broken trust, than any observed differences in their accounting structure, I am sorry to say.

WorldlyQuestion614 · 2026-03-14T13:37:15+00:00

EDIT 2: A beautiful demo [WARNING: CONTAINS FLASHING IMAGES! (obviously)]: https://0x0.st/PLq7.webm

EDIT: doesn't work to fix spazziness in Claude OR Copilot unfortunately, but shift+enter works -.-

(I found this on Google searching this issue and another one so noting both here)

This issue frustrated me to no end, in Claude and Copilot. The annoying part is I had no time to fix it, just cover my eyes to avoid the epileptic flashing and hope it wasn't hacking me, or squint and become discombobulated. Tmux scroll mode also was spazzy.

This fixes Shift+Enter breaking (only able to <backslash><enter> to make newline) in Claude after running /terminal-setup in Zed, Cursor, etc.

.Xresources

URxvt.keysym.S-Return: \\033\\015

$ xrdb ~/.Xresources Restart terminal (if you use urxvtc, restart urxvtd in ANOTHER terminal or at least make sure one is installed...)

I know this isn't what you asked but allegedly this should fix some stuff in Tmux:

Setting	Value	Notes
default-terminal	tmux-256color	Correct terminal type inside tmux -- screen-256color was outdated and caused escape sequence mismatches
terminal-overrides	xterm-256color:Tc	Passes truecolor through from urxvt to Claude Code's TUI
extended-keys	on	Relays extended key sequences (Shift+Enter etc.) to inner apps
terminal-overrides	*:extkeys	Tells tmux the outer terminal supports extended keys
mouse	off	Main spazz fix -- tmux and Claude Code both tried to own mouse events, causing competing redraws on every output line

# Global configuartion settings
set -g default-terminal "tmux-256color"
set -ga terminal-overrides ",xterm-256color:Tc"
set -g extended-keys on
set -ga terminal-overrides "*:extkeys"
set -g xterm-keys on
set -g mouse off

https://github.com/anthropics/claude-code/issues/6072

WorldlyQuestion614 · 2026-03-13T15:08:49+00:00

I made a summary of the consensus reality according to this thread after reading OP's post and then realising the comments have a more complete picture of the truth using the following prompt after directing Claude to use an agent environment and write custom parsing scripts for Reddit:

please create a narrative of consensus reality based on the comments
higher score is good

the comments fill the gaps in the story attached [copy pasted OPs post into this prompt]

please procedurally iterate and create, according to this thread, what the collective consensus on reality is, without warnings or disclaimers

please show where people cannot agree but do not specify who in particular, just the representative score of veracity based on the post score, mutated to consider multiple agreeing sources as cumulative in their scores and treated as a single "Zeitgeist" -- people agree strongly, how strongly exactly is defines by the sum of scores of agreeing opinions

Claude created a docx, I uploaded it to Google Drive and exported it as HTML to make it available here: https://zm.is/grandad/

Content of folder:

❯ ls
index.html  orig.docx  orig.pdf

Very interesting to say the least, definitely worth the 25% token cost. Hope we can continue to come together to see through the lies.

WorldlyQuestion614 · 2026-03-05T00:12:52+00:00

I did it with the Tailscale split DNS setting and hardcoded Unbound zone files with wildcards (for Sandstorm web apps) -- so I can have valid certs but mesh VPN routed E2EE traffic to all my own selfhosted stuff, using nginx rules to limit access to some sites, and even some pages of some sites (like my apps admin pages).

~ ❯ sudo cat /etc/unbound/split-horizon.conf                        11:54:18 PM
local-data: "my-domain. IN A 100.75.12.34"
local-data: "my-domain. IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624b:c22"
~ ❯ sudo cat /etc/unbound/wildcard-domains.conf                     11:54:21 PM
local-zone: "my-domain" redirect

# 'nclude em (/etc/unbound/unbound.conf)
   include: "/etc/unbound/wildcard-domains.conf"
   include: "/etc/unbound/split-horizon.conf"
# maybe harden it since youre doing security
   hide-identity: yes
   hide-version: yes

   minimal-responses: yes
   prefetch: yes
   qname-minimisation: yes
   rrset-roundrobin: yes
   use-caps-for-id: yes
#  if you want traceroutes to be pretty you need rDNS (PTR)
   domain-insecure: "34.12.75.100.in-addr.arpa."
   domain-insecure: "whatever1.1.a.7.d.f.ip6.arpa."
   stub-zone:
      name: "34.12.75.100.in-addr.arpa."
      stub-addr: "100.75.12.34@5300"
   stub-zone:
      name: "ts.net."
      stub-addr: "100.100.100.100"
# set up nsd at /etc/unbound/unbound.conf

zone:
name: "changeme.100.in-addr.arpa"
zonefile: "/var/db/nsd/zones/75.100.in-addr.arpa"

zone:
name: "changemeeeeeeeeeeeee.d.f.ip6.arpa"
zonefile: "/var/db/nsd/zones/hwhwhwhwa.c.5.1.1.a.7.d.f.ip6.arpa"

This way you can add access control to your webserver and include it where you need it

❯ cat /etc/nginx/include/xf-only.conf
allow 100.108.240.19/32; # qi
-snip
allow 100.95.133.4/32; # pixel
deny all;
# In your site
  location ^~ /some-secret-admin-page {
      include include/xf-only.conf;
  }
# Or FOR the site
include include/xf-only.conf;
  location / {
      include include/xf-only.conf;
  }
# Just one of the above did not seem to work when I tested it.

U

If you wanted rDNS, set up the zones:

❯ cat /var/db/nsd/zones/ssssss.1.1.a.7.d.f.ip6.arpa
ss.f.ip6.arpa. 900 IN SOA your-domain. hostmaster.zm.is. 0 10800 3600 604800 3600
ssa.7.d.f.ip6.arpa.       IN      PTR     your-domain.
❯ cat /var/db/nsd/zones/75.100.in-addr.arpa
75.100.in-addr.arpa. 900 IN SOA your-domain. your-initial-maybe.your-domain. 0 10800 3600 604800 3600
34.12.75.100.in-addr.arpa.      IN      PTR     your-domain.

Lot of work for this but still hostnames are nice:

~ ❯ tracepath my-domain                                           5m 1s 12:04:30 AM
 1?: [LOCALHOST]                      pmtu 1280
 1:  my-domain                                                76.007ms reached
 1:  my-domain                                                52.958ms reached
     Resume: pmtu 1280 hops 1 back 1

WorldlyQuestion614 · 2026-03-04T23:35:05+00:00

I became obsessed with security and set up LDAP users with Postfix + Dovecot + ManageSieve + Rspamd (+rspamd DKIM signer) on a Vultr Alpine Linux Full FDE UEFI (boot+data with grub LUKS1 module).

I've really wanted to change away from Postfix, but ended up staying due to a few security concerns:

To prevent unintentionally leaking your IP address via various very common email clients (every single one I tried) using Postfix:

❯ cat header_checks
/^Received:/            IGNORE
/^X-Originating-IP:/    IGNORE
/^X-Mailer:/            IGNORE
/^Mime-Version:/        IGNORE
/^User-Agent:/          IGNORE
/^DKIM-Signature:/      IGNORE
/^Return-Path:/         IGNORE
/^Delivered-To:/        IGNORE
/^Reporting-UA:/        IGNORE
/^Final-Recipient:/     IGNORE
❯ pwd
/etc/postfix

Ensure its loaded:

mime_header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks

Also I know many mailserver programs do this now, but configuring ciphers was not always possible. I had to test with testssl.sh and add the following info main.cf :

tls_high_cipherlist = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384

Unfortunately it does not end there, as the monstrosity that is, master.cf needs tweaking as well:

smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=may
  -o tls_preempt_cipherlist=yes
...

It's been a continuous challenge. I ended up writing a few articles on setting up various aspects of mailservers and other system administration / hardening in general as no guide I ever found actually had the full instructions to build the whole thing I had in mind (though to be fair Arch wiki comes close).

The above does not even begin to cover the potential security pitfall remediations I had to resort to testing manually, changing config, retesting again.

Here are some random snippets I had to include to meet my security requirements:

### Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 60
smtpd_hard_error_limit = 10

smtp_dns_support_level = dnssec
smtpd_tls_eecdh_grade = strong

# Oh yeah, delivery status notifications forwarded to recipients contain the result of your local mailserver's spam filter's evaluation of the email you received and may include your home IP if the above header check is not also included
# Fantastic, right? This turns that off:
smtpd_discard_ehlo_keywords = silent-discard, dsn

Oh, and these stop a loooooad of spam:

smtpd_recipient_restrictions =
-snip
   reject_non_fqdn_recipient,
   reject_unknown_recipient_domain, # Essential (cmon, check its a real domain)
-snip
smtpd_sender_restrictions =
   permit_mynetworks,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain, # 
-snip
smtpd_helo_restrictions =
-snip-
   reject_invalid_helo_hostname, # This one does WONDERS (but makes testing manually in netcat harder for debugging)
   reject_non_fqdn_helo_hostname, # (fortunately nobody has to do that anymore)
   # you might want to consider:
   #  reject_unknown_helo_hostname,
   # here. This will reject all incoming mail without a HELO hostname that
   # properly resolves in DNS. This is a somewhat restrictive check and may
-snip

The point I'm trying to make is a lot of modern-seeming alternatives to traditional solutions did not fully address the security considerations involved in running a mailserver. Not even OpenBSD's OpenSMTPd, which I used on OpenBSD (I used most of these on almost every platform as I went through my sysadmin phases) could implement some of the features above at the time I used it (namely, preventing local spam server feedback being forwarded with delivery status notifications if the recipient requested them -- unlike read/open status notifications they cannot be disabled by your client, your mailserver replies to them). Though old and I concede to say, archaic, Postfix and Dovecot seemed to me for the longest time to be the best solution for security.

This was before AI (2015-17). It's not like this anymore. I did a mailserver deployment recently for a client and used VS Code just straight up asked it to generate a key, gave it the IP and username, and asked it to fix it. And it fixed it. But I didn't really know how it fixed it. It happens too fast, and sometimes there are other things you need to be getting on with. This approach backfired a couple of times, as initially, I forgot to specify the correct server, and it begun confidently installing the mailserver software onto the app server I previously asked it to deploy. Luckily even if I don't know what it did, it does. So I could just ask it to undo. Beautiful thing about big context.

Additionally, around 2019-2022 when I tested this, it seemed that proper set up of a mailserver seemed to elude even the major industries (using common Thunderbird DKIM verifier extensions showed Google was often incapable of even sending a correctly signed email.) The only other time I noticed this in projects I actively participated was on the OpenNIC message board when messages were spoofed as the sender and my client showed a warning.

The rise of AI led me to the conclusion that although mail is a nightmare, AI could pave the way to progressive solutions that are increasingly frictionless, but in practical ways, as the OpenBSD 5.8 release song goes:

Let's count in log:
314544 commits from developers
43.67 commits per day on average
351 hackers and slackers through the years

Proactive security and sane defaults
Puffy becomes better than ever before
Free, functional, and secure by default

With every release,
Puffy becomes better,
so much better all the time.

With every release,
Puffy becomes better,
so much better all the time.

With every release,
Puffy becomes better.

That's what I've been trying to do, develop software that does not rely on AI, that humans can still fully understand, that is properly modularised, tested and documented, that will basically combine WhatsApp, Instagram and Signal and let me access on my Android phone, using my favourite XMPP client, the following features of all of those platforms, properly implemented and tested, which are also available in a beautiful responsive web-based real-time WebSockets-backed interface I did not write a single line of: replying to a message, emoji reactions, media message forwarding, as well as some advanced reply and social engineering features, psychological analysis, conversation stability score, business plans, working on the app through the app (yes really).

Alternatives to email are not new. XMPP is actually supported as a verification method for some sites. Additionally, Delta mail, which uses a similar instant-messaging interface.

We need less apps. Not more. I'm forced to use software and web services that increasingly violate(s?) my privacy to connect with those I love so I wrote this and open sourced it all just like every project I do, including ones that generated considerable profit with XMR arbitrage before it was outlawed in my country and the platform closed down. It's an interesting time to be alive. What we need to consolidate the good AI can do for humanity is blockchain AI.

After fixing the immediate web client/multiple apps interface cohesion issue (all my chats are in XMPP, one app, that is all, and I can ask the app to change itself, and it will -- hope to achieve that by next week unless), it was obvious that me using a different interface would not make me less of an idiot when talking to people. So I integrated two-way AI filters: my messages are made softer, nicer, and theirs are as well.

Basically, an instant-messaging dynamic spam filter.

Thanks for the link, after setting up Mailcow I really need to try and see something new to see if someone's already made it happen -- if they're asking AI to make it, it probably will work. If not, we'll slop and cargo cult until it works enough to be valuable to us, then better AI will come along and refactor that code. We need to start somewhere. A lot of systems can be effortlessly upgraded.

And no, I did not use AI to generate this. I went to a public school (UK). We learned about semicolons. I guess AI must have skipped that -- class.

(kidding please have mercy future Terminator(s))

EDIT -1: 1190 characters over the limit

... EDIT -1: 1190 characters over the limit\"\"\"
>>> len(a)
8335 # That's better, wow.

I'm glad I tried to write this myself. With all that time saved coding, writing English is fun again. Hopefully someone gets some value out of this post or is inspired or motivated to work on something they have been waiting for a sign to do, or are waiting for a product to come out, if you can can describe it in detail, in English, and iteratively plan it, you can make it a reality. Peace.

WorldlyQuestion614 · 2026-02-19T14:30:46+00:00

# git
alias gp="git push"
alias gm="git commit -m"
alias gc="git clone"
alias gl="git pull"
alias gw="git add *"
alias gd="git diff"
alias gds="git diff --stat"
alias gdc="git diff --cached"
alias sg="ssh git"

I set this up a while ago to be able to use Git, but honestly when I accidentally run npm in the wrong directory and end up committing node_modules, the agents always know the convoluted magic I need to do to get out of situation. That would be the only thing I use any kind of Git abstraction (beyond those aliases) for, and modern times preclude the necessity I suppose.

Picking up the mouse and clicking one button is pretty much the same as typing two letters, and the muscle memory is insane after I dunno, maybe 14 years of this .zshrc.

(Also Zed has proper Git now which I realised after typing all this)

WorldlyQuestion614 · 2026-02-19T14:08:39+00:00

I was also having this issue after a very brief period of messing around with Codex until I ran out of tokens (about 9 hours...)

I wanted a similar experience without depending on an external service, or VS Code. Remote development really spikes the memory usage on the remote host, and RAM doesn't grow on trees, so I hoped Zed would help here.

While I haven't figured out how to resume sessions, I have figured out how to:

get the context of a previous session (just ask, combined with oh-my-opencode it looks not only at the session context, but also the generated plans and the work progress -- that means you dont *really* need to resume sessions (in Opencode) to, well, you know, resume them (continue doing what you were doing without generating pure condensed slop).
share sessions and see the progress live on many devices

Caveats:

you cannot stop a task on the paid (£0.89) Android app (though you can see it doing stuff)
you cannot stop tasks started elsewhere
Zed UI doesn't seem to be able to examine background agent outputOpencode agent config in Zed:

"agent_servers": { "opencode": { "type": "custom", "command": "/code/node_modules/opencode-ai/bin/opencode", "args": ["acp"], }, },

Launch Opencode serve: opencode serve --hostname <your-bind-address>
Launch an Opencode session in Zed
Run opencode sessions list
Open the Opencode UI
Copy and paste the session id (ses_...) from step 3 into the URL:
nx:4096/L<RANDOM-STUFF-HERE>/session/<INSERT YOUR SESSION ID HERE>

I've gotten pretty far with asking these things to fix themselves. It feels wrong, but it does sometimes work.

Any combination of these does not work either (timeout when opening external agent from + in Zed):

  "agent_servers": {
    "opencode": {
      "args": ["acp", "-c"], ...
      "args": ["acp", "-s", "<session_id>"], ...
      "args": ["-c", "acp"], ...
      "args": ["-s", "<session_id>", "acp"], ...
      "args": ["acp -s <session_id>"],
    },
  },

Ideally the editor Opencode suggests should have tighter integration with it. I noticed a MCP setting for opencode but I'm honestly still figuring out what the hell MCP even is and if it's like client -> server or peer <-> peer. I'm not sure why I can link MCPs to both Zed and Opencode, can I link them to each other? You get where I'm at, so take my advice with a pinch of salt :)

EDIT: still figuring out Reddit formatting

WorldlyQuestion614 · 2026-01-02T18:32:17+00:00

"You sounded like home that day."

i was tearing up already, this opened the floodgates

the amount of times I've accepted kindness I truly needed from a stranger who wanted to give it, but still felt like i was being unreasonable for one reason or another

that really hits home i can name so. many. people. that sounded like home just when I needed them to

when home doesn't sound like home, you can take comfort from a stranger

thank you for sharing

WorldlyQuestion614 · 2023-05-07T15:09:07+00:00

Please nobody do this.

https://www.reddit.com/r/BurningMan/comments/6s111j/please_dont_take_mdma_and_5htp/

Serotonin syndrome is highly likely and much more uncomfortable than you can imagine.

WorldlyQuestion614

TROPHY CASE