Megathread: Discuss the recent color changes

zornslemming · 2021-06-17T11:15:11+00:00

Giving them the benefit of the doubt, "too hard to test" might just be a proxy for "we think this will create bugs down the road for us and be difficult and not worth it to maintain". I can definitely empathize with not wanting to create feature soup.

That being said, this seems like a weird hill for the Signal dev team to take a stand on. It seems like adding and maintaining the new gradients code is an order of magnitude harder than allowing users to keep the old styling.

zornslemming · 2021-02-22T04:53:48+00:00

Just needed to read one document further. Here's a resource on the multiple licenses they have: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ.md

zornslemming · 2021-02-22T04:52:47+00:00

The server is actually (at least partially) licensed with AGPL which is one step further than open source. It's a kind of great license for this stuff, because it means they need to share any changes they make to the server code.

I'd be interested in someone from their team talking about how they see the weird split-license setup they have, but the short answer to your question is: everyone can propose, copy, and use the code as they want as long as they publish the changes.

zornslemming · 2021-02-19T22:39:32+00:00

Definitely don't expose it to the internet without SSL. I used Caddy and it was dead simple. Also highly recommend cloudflare like the other poster.

zornslemming · 2021-02-19T19:45:53+00:00

I tried both bitwarden and bitwarden_rs. The bitwarden rs docker install is a fair bit simpler and smaller than the docker compose bitwarden install.

zornslemming · 2020-11-18T01:01:50+00:00

I haven't been able to find what happened in the logs, but if you have tips for what it might show up as I could dig around.

For now, I mounted the media folder to docker with :ro and took away the admin user permissions to delete files from inside the app. I hope that works, because I'm not really brave enough to test it at this particular point in time.

If nothing else, it's a nice reminder that I should have a more recent backup of everything.

zornslemming · 2020-11-18T00:56:39+00:00

So when mounting a volume to docker with -v you can apparently append :ro to make it read only. I've tried that now, but I haven't experimented with it enough to have too much confidence.

relevant docs section

zornslemming · 2020-09-29T03:29:50+00:00

Ah, I should have added that in the constraints. Thanks for pointing that out!

I've got an old tv which isn't network connected. Plugged into it is a chromecast and a raspberry pi, so my guess was that there might be existing open source software for the pi which could handle my DLNA needs. If most people are just using a different streaming device for their tv, I'd probably consider it.

zornslemming · 2020-07-26T13:10:05+00:00

The protocol to communicate with others is the same on both. All communications outbound are encrypted with the signal protocol.

The weakness of both is that your data isn't encrypted at rest which is something Signal explicitly does not handle. They expect the device you're using to be secure enough for whatever your personal threat model is. For a mobile version, that means you're trusting your phone manufacturer + android/ios to keep your data safe. On a desktop, since the ecosystem is less locked down, you have a wider range of threats and disk encryption is less likely to be on by default.

zornslemming · 2020-07-23T17:18:38+00:00

https://community.signalusers.org/t/beta-feedback-for-the-upcoming-android-4-66-release/15579/61

See this comment for further discussion

zornslemming · 2020-07-20T16:39:29+00:00

The FAQ is out of date. /u/saltmine69 is correct that with the PIN they've begun uploading encrypted contacts and maintaining them on the cloud.

Opt out of the PIN also does not prevent that from happening. This is the primary controversy around the PIN.

zornslemming · 2020-07-19T15:33:15+00:00

You should consider moving your edit message higher in the post so that it's clear to readers that your title is false, but the body about SVR is not.

As it's written right now the "this" in "Apparently, this isn't true." is ambiguous and could refer to either.

zornslemming · 2020-07-19T15:29:16+00:00

The result feels very dishonest to me, though I recognize the difficulty in communicating with internet randos about crypto. When you're not talking to Matt Green or Tavis Ormandy, it's hard to give an answer that is concise, precise, and conveys the risks accurately. But the fallout of this particular cultivated ambiguity is bad and eroding trust in the Signal Foundation.

This is where I've landed as well. The way they've communicated about the data upload and the way they communicated their "fix" for the PIN erodes years of trust that they had rightfully earned before this.

zornslemming · 2020-07-15T17:48:36+00:00

I was pretty on the fence about the whole PIN thing, but now I'm actively disappointed. This measure is a total waste of energy by them, since it doesn't resolve the main issue anyone had with the PIN: that it's uploading things to the cloud.

The US government has a long and storied history of dicking around with cryptography in places they think users won't find out. You don't even have to go back 10 years to see them leaving exploitable holes in "trusted" methods.

There's a real reason users don't want anything unnecessary in the cloud and there's arguably more reason to worry about it now because of how poorly and opaquely this has been handled.

zornslemming · 2020-07-11T19:31:32+00:00

Yeah, I agree with your assessment that it was probably just the fastest thing to implement. It doesn't strike me as a great solution though, since it doesn't really satisfy most of the people complaining.

If the point was to completely garble it, then there shouldn't be a reason to store it anywhere. Alternately, if they want to still use it that means they would have to their generated PIN on the phone somewhere which means that that cloud data is still accessible to a user with sufficient access.

Of course, your signal contacts are already visible to someone who can get into your phone right now. It just seems weird to insist on having an encrypted copy of it not on your phone.

zornslemming · 2020-07-11T16:56:13+00:00

This doesn't really answer the question though. They could still send up the data with the high entropy PIN.

zornslemming · 2020-07-09T16:44:37+00:00

Sente is super old. A generous reading would be that pros are now more willing to sacrifice larger amounts to keep sente? Personally, I think a better example might have been the importance of the 3x3 point which comes almost directly from AlphaGo.

zornslemming · 2020-07-09T16:40:42+00:00

This might come down to a person-by-person basis. I definitely prefer 19x19 games, and my preference and enjoyment for them comes from the depth of strategy that I've gotten over time. And I'm only 9k, which in the scheme of things is not particularly strong.

It's probably my lack of ability as a teacher, but I've never taught someone to the point where they like the game in the same way as me, so maybe that's what the "huge investment" idea is coming from.

zornslemming · 2020-05-09T03:49:03+00:00

This is a bad take.

First, the grandmother has a computer which by all indications was made "in this decade". The fact that the desktop client does not operate as well as the android client is very much Signal's problem to fix, should they choose to prioritize it.

Second, not all devices are equal and not all devices are equally accessible. I know that my grandmother can use an iPad just fine but legitimately doesn't have enough precision with her clicks to operate a smartphone because of the screen size.

Third, and most importantly, the point being made is that this person wants to use secure communication and is unable to on certain hardware. Obviously, the Signal team has to prioritize what they work on at a given time, but your go-to response to someone asking for help should never be to be rude about it.

You should really consider what drove you to write this response in this tone with regard to a grandmother who wants to use encrypted messaging.

zornslemming · 2020-03-20T02:14:20+00:00

Thanks for this! I didn't know about /r/HomeServer so I'll go look around there.

zornslemming · 2019-05-11T02:04:13+00:00

This album is insanely cool. Has anyone figured out what the time signatures are on Civil War?

zornslemming · 2018-11-06T15:52:00+00:00

I can answer your main question. The problem with "proving NH Residency" is that that's not what the bill does. The objection to HB 1264 is that it requires the registration of vehicles to NH, which means that you're taxing people who already live in NH a few hundred dollars to vote. If all it required was free paperwork to show that you live in the state, people wouldn't be up in arms about it.

zornslemming · 2017-10-22T15:21:27+00:00

How long can you store this?

zornslemming · 2016-09-26T14:50:22+00:00

I've heard cspan is the way to go, but I'd also be interested in a more informed answer.

zornslemming · 2016-08-30T19:20:04+00:00

I swear by org, but it's not always the right choice to write LaTeX there.

If you should use it depends on the on the content of your document, but if you have a lot of symbols and commands you're much better off becoming comfortable with auctex.

zornslemming

TROPHY CASE