Well yes anonymity is a problem about phone numbers, but they are really convenient to use for most users. Their whole address book can be re-used if you have the phone number.
And about centralisation: centralized services are as well more convenient for the users. With federation you will need an @ some way or another (or you will get totally randomly generated usernames, which is shit too). The only escape here seems to be namecoin, but then your address info is public, which maybe is something not everybody will want. Also, namecoin is a giant energy waste, and more than 90% of the bitcoin hashing power is controlled by less than 15 chinese individuals, so it isnt really distributed either these days.
Well yeah there are lots of ideas in the room. One is what maybe lots of the leave campaigners would like to see, is even more extra regulations only for the UK. Basically it gets all the profits without having to give its own share. Maybe even like the TAFTA where US companies can send their genetically modified crops to the EU? I don't know that this is something the EU will want to do.
Some things are really sure though:
1. The UK will need *some* countries to trade with. If its not the EU, then maybe some other country will do. 2. If the UK is given lots of extra regulations, other countries will demand this as well, like norway, or even current EU members. In fact already now there are demands coming in from current EU members. 3. The EU is in a much better position than the UK, simply due to sheer size. Threatening with an exit is always a good tool, but once you are out you have nothing to threaten with anymore, but still all the same problems.
Well lets see what the UK will do with that extra money they don't send to the EU anymore. Anyway, if they were actually paying what other countries of their size do, they would have spared lots more, but as they already had extra regulations within the EU, the part they have available now is much smaller.
the JavaScript interpreter shouldn't be part of the browser, it should be stand alone and the html/css rendering engine should have an API/ABI which can be accessed by a variety of languages, and these languages should be independent from everything else as well.
This is already happening. Its called webassembly. You can use whatever language you want.
And in fact even before webassembly it was possible to use third party languages in html/css. You just needed a javascript polyfill that translates the language into javascript. Its a hack but it works.
You seem to know the situation far better than me, so its probably easier for you to navigate around. Can you give a specific link or something?
you can do a bit of digging to find the relevant GitHub Issues where Moxie has spoken about the issue.
It would be best to have a list of stuff moxie right now considers as okay or not somewhere on github or sth, his opinions on matters do change. If he said something three years ago then that may be something completely different.
Probably the advantage is on my side, due to me doing the customisations just for me, I probably succeed to stay under the radar, and won't get noticed by any of the OWS people. Still, I'd prefer to be on the "green" side rather than relying on a patchwork of hacks.
Set a cron job to "git pull master" once an hour and send you a message when there are changes. You could even have the cron job merge the changes and build a new image for ya, too. You can use all *sorts* of automation to make keeping up with changes trivial when you don't have to worry about keeping other people's systems up-to-date.
This might be the kind of thing that gentoo and lfs users do like to do, but I do not. I am more the debian style person where the distro provides me with a build that has been aligned with some criteria. The f-droid criteria are very minimal, they only require the app to be fully open source. But moxie seemingly rejects it because he thinks the criteria aligned build is another product, and because he doesn't like some aspects about f-droid.
I mean its perfectly fine if there is no signal app in f-droid. If moxie doesn't want an app to connect to his network service for any reason, then that's his choice as the owner of the network service. Its against the thought of the open internet and many things that were developed there, but I also understand that maintaining and scaling the service costs money, and this whole "developing protocols" argument. I'd say as long as third party builds of signal are in a tiny minority, it won't matter much for the service to do hard breaks of the protocol, forcing the maintainers of the third party builds to update it, but seemingly moxie has another position on this.
I mean before he interacted with cyanogen, which he had a contract or at least a deal with. But to third party open source projects he can be as mean as he wants, and suddenly migrate all the service infrastructure, without asking or waiting for those third parties. As he is in control of most of the network, nobody will really care.
But I won't use signal. I've had an app with custom patches applied before, and from that experience I know that updating it isn't really joyful. Maybe its different for gentoo users. I'm not one of them.
what's to say that Android(TM) images don't contain baked-in spyware that's not included in the AOSP repo?
I am not using manufacturer provided ROMs, but third party ones where the sources are all available. I trust the third parties, just as I trust my linux distribution vendor. You need a trust anchor *somewhere*.
1) GCM client libs are open source. https://github.com/google/gcm You interact with GCM through a REST or XMPP API. You can trivially swap out GApps for one of the GCM-only alternatives, rebuild Signal, and point it to OWS's servers. (If you're building Signal from scratch and using it, rather than repackaging it and advertising it as something other than Signal, OWS is perfectly happy for you to point your client at their servers.)
Maybe OWS would agree with that, but would google? Is use of the GCM service legal if you don't have a valid gapps license?
Also, I don't really know where OWS draws the line, whether a howto posted somewhere on the internet how to download + build without gapps is okay, or whether pushing the modifications to a git repo somewhere is okay. At which degree does it become a separate "product"?
Also, if you donwload via git and build it yourself with your own modifications, then its surely harder to update than if you just download the updated version from some fork, which may be updated in a faster fashion. Lagging behind is the major critique points of forks by moxie.
Also, part of the reasons why OWS doesnt want an f-droid build of the app apply for "download from upstream git + do the modifications yourself" as well: you can always switch to older versions.
2) If you're concerned about traffic analysis, *anyone* between you and your conversation partner can snarf that data. Signal (and others) protects your conversation contents, not your addressing information. Thwarting a dedicated traffic analysis adversary is *very* hard, and Signal (and every other such messenger) has *always* claimed to protect only conversation contents, rather than addressing information.
I am not against sending addressing information to OWS, but I am against sending addressing information to google. It will end up in the government's hands any way, but OWS won't use the info for ad profiling and similar things. Google is fairly nice with the data of its users, but still i prefer to not hand it over in such a dependent way.
3) If you don't trust Google enough to send securely-encrypted data through their data shipping service, you should absolutely *not* be using an OS that they author. After all, GOOGLE HAS ROOT on EVERY Android image that they sign and has authored an ENORMOUS quantity of the code running as root in any Android image.
There is a difference between sending unique ids to a service which google owns, and using their operating system. I doubt that google has any reason to put backdoors or something into its source code.
Well, if I were a dissident or something, then I wouldn't use telegram, but probably signal or something else.
But I am more concerned about software freedom, and avoiding google proprietary apps on my phone. And for that, telegram is the only choice. There are other messengers which use proper encryption and value freedom as well, but they are even less popular than telegram.
I do not say that telegram is perfect or that its encryption is safe (I can't tell for myself), but for me personally its better than signal or something else.
So even if the mtproto documentation would have a flaw or be not precise enough to fully specify the behaviour (and that often happens!), you could still look into the source code to find out what actually happens.
1. can be used without gapps spyware 2. is halfway popular 3. has the source code released under a open source license 4. has authors who tolerate third party clients connecting to their server. This is not the case for Whatsapp, and also not the case for signal
Thanks to 1 and 3, telegram is available in the f-droid app store. This is why I use it, and I don't want to install software from third party stores like google play or sideload apps.
Yes, the encryption is not perfect, but I prefer that over having to install google spyware that would be required for signal for example.
And London is going to pay for it. On morning of day one after the UK is out, we will freeze the assets of the little britian inhabitants, until the UK pays for the wall. On the evening of that same day, the UK government will come to the EU begging to be able to pay for the wall.
That is a nice idea, but the moment your OS phones home, or any other application on your desktop, you can already be identified. Same goes if you use your everyday browser for accessing the tor network. That one is usually customized, with lots of custom add-ons, and even more ways of fingerprinting.
The tor browser has removed many ways to do fingerprinting.
thanks to mpaa and friends, bypassing DRM (even if its for legal purposes!) is illegal. Documenting how to bypass it is illegal too.
In fact, if you tell google about the "vulnerability", you already commit a crime. Therefore, I think its best that google doesn't fix the "vulnerability", because if they fix it, people will find out about the details of the "vulnerability" by reading the git history, and this means google commits a crime itself.
Slashdot Mirror
Are you so sure: https://stackoverflow.com/ques...
Swift is used as app programming language for apple's flagship products.
The most interesting thing about LOTR is the dialogs. If LOTR is just a dumbed down action movie for you then I just can feel sorry for you.
So you say that isn't a good choice? Do you prefer having to put const everywhere?
I disagree with you. Rust has many friends in the haskell community. And haskell has survived for a long time, despite not becoming very popular.
Sane languages have their stuff const by default, and you write mut if you want something changeable.
Well yes anonymity is a problem about phone numbers, but they are really convenient to use for most users. Their whole address book can be re-used if you have the phone number.
And about centralisation: centralized services are as well more convenient for the users. With federation you will need an @ some way or another (or you will get totally randomly generated usernames, which is shit too). The only escape here seems to be namecoin, but then your address info is public, which maybe is something not everybody will want. Also, namecoin is a giant energy waste, and more than 90% of the bitcoin hashing power is controlled by less than 15 chinese individuals, so it isnt really distributed either these days.
Yeah now with the pound low, I might even want to do tourism on that island.
So see, the brexit which has destroyed two trillion, its great for the tourism economy at least!
Well yeah there are lots of ideas in the room. One is what maybe lots of the leave campaigners would like to see, is even more extra regulations only for the UK. Basically it gets all the profits without having to give its own share. Maybe even like the TAFTA where US companies can send their genetically modified crops to the EU? I don't know that this is something the EU will want to do.
Some things are really sure though:
1. The UK will need *some* countries to trade with. If its not the EU, then maybe some other country will do.
2. If the UK is given lots of extra regulations, other countries will demand this as well, like norway, or even current EU members. In fact already now there are demands coming in from current EU members.
3. The EU is in a much better position than the UK, simply due to sheer size. Threatening with an exit is always a good tool, but once you are out you have nothing to threaten with anymore, but still all the same problems.
Well lets see what the UK will do with that extra money they don't send to the EU anymore. Anyway, if they were actually paying what other countries of their size do, they would have spared lots more, but as they already had extra regulations within the EU, the part they have available now is much smaller.
Well SMS has lots of bad properties, one being that lots of bad guys have access to at least metadata.
Also, it costs money. If you tell your contacts "look this costs money", they surely won't like it.
SMS is alot like the CA system in many ways: outdated, overpriced, old, insecure and broken.
the JavaScript interpreter shouldn't be part of the browser, it should be stand alone and the html/css rendering engine should have an API/ABI which can be accessed by a variety of languages, and these languages should be independent from everything else as well.
This is already happening. Its called webassembly. You can use whatever language you want.
And in fact even before webassembly it was possible to use third party languages in html/css. You just needed a javascript polyfill that translates the language into javascript. Its a hack but it works.
Yes. Read the official GCM (now called FCM) docs.
You seem to know the situation far better than me, so its probably easier for you to navigate around. Can you give a specific link or something?
you can do a bit of digging to find the relevant GitHub Issues where Moxie has spoken about the issue.
It would be best to have a list of stuff moxie right now considers as okay or not somewhere on github or sth, his opinions on matters do change. If he said something three years ago then that may be something completely different.
Probably the advantage is on my side, due to me doing the customisations just for me, I probably succeed to stay under the radar, and won't get noticed by any of the OWS people. Still, I'd prefer to be on the "green" side rather than relying on a patchwork of hacks.
Set a cron job to "git pull master" once an hour and send you a message when there are changes. You could even have the cron job merge the changes and build a new image for ya, too. You can use all *sorts* of automation to make keeping up with changes trivial when you don't have to worry about keeping other people's systems up-to-date.
This might be the kind of thing that gentoo and lfs users do like to do, but I do not. I am more the debian style person where the distro provides me with a build that has been aligned with some criteria. The f-droid criteria are very minimal, they only require the app to be fully open source. But moxie seemingly rejects it because he thinks the criteria aligned build is another product, and because he doesn't like some aspects about f-droid.
I mean its perfectly fine if there is no signal app in f-droid. If moxie doesn't want an app to connect to his network service for any reason, then that's his choice as the owner of the network service. Its against the thought of the open internet and many things that were developed there, but I also understand that maintaining and scaling the service costs money, and this whole "developing protocols" argument. I'd say as long as third party builds of signal are in a tiny minority, it won't matter much for the service to do hard breaks of the protocol, forcing the maintainers of the third party builds to update it, but seemingly moxie has another position on this.
I mean before he interacted with cyanogen, which he had a contract or at least a deal with. But to third party open source projects he can be as mean as he wants, and suddenly migrate all the service infrastructure, without asking or waiting for those third parties. As he is in control of most of the network, nobody will really care.
But I won't use signal. I've had an app with custom patches applied before, and from that experience I know that updating it isn't really joyful. Maybe its different for gentoo users. I'm not one of them.
what's to say that Android(TM) images don't contain baked-in spyware that's not included in the AOSP repo?
I am not using manufacturer provided ROMs, but third party ones where the sources are all available. I trust the third parties, just as I trust my linux distribution vendor. You need a trust anchor *somewhere*.
1) GCM client libs are open source. https://github.com/google/gcm You interact with GCM through a REST or XMPP API. You can trivially swap out GApps for one of the GCM-only alternatives, rebuild Signal, and point it to OWS's servers. (If you're building Signal from scratch and using it, rather than repackaging it and advertising it as something other than Signal, OWS is perfectly happy for you to point your client at their servers.)
Maybe OWS would agree with that, but would google? Is use of the GCM service legal if you don't have a valid gapps license?
Also, I don't really know where OWS draws the line, whether a howto posted somewhere on the internet how to download + build without gapps is okay, or whether pushing the modifications to a git repo somewhere is okay. At which degree does it become a separate "product"?
Also, if you donwload via git and build it yourself with your own modifications, then its surely harder to update than if you just download the updated version from some fork, which may be updated in a faster fashion. Lagging behind is the major critique points of forks by moxie.
Also, part of the reasons why OWS doesnt want an f-droid build of the app apply for "download from upstream git + do the modifications yourself" as well: you can always switch to older versions.
2) If you're concerned about traffic analysis, *anyone* between you and your conversation partner can snarf that data. Signal (and others) protects your conversation contents, not your addressing information. Thwarting a dedicated traffic analysis adversary is *very* hard, and Signal (and every other such messenger) has *always* claimed to protect only conversation contents, rather than addressing information.
I am not against sending addressing information to OWS, but I am against sending addressing information to google. It will end up in the government's hands any way, but OWS won't use the info for ad profiling and similar things. Google is fairly nice with the data of its users, but still i prefer to not hand it over in such a dependent way.
3) If you don't trust Google enough to send securely-encrypted data through their data shipping service, you should absolutely *not* be using an OS that they author. After all, GOOGLE HAS ROOT on EVERY Android image that they sign and has authored an ENORMOUS quantity of the code running as root in any Android image.
There is a difference between sending unique ids to a service which google owns, and using their operating system. I doubt that google has any reason to put backdoors or something into its source code.
Well, if I were a dissident or something, then I wouldn't use telegram, but probably signal or something else.
But I am more concerned about software freedom, and avoiding google proprietary apps on my phone. And for that, telegram is the only choice. There are other messengers which use proper encryption and value freedom as well, but they are even less popular than telegram.
I do not say that telegram is perfect or that its encryption is safe (I can't tell for myself), but for me personally its better than signal or something else.
Also, it does not at all apply here. Telegram not just publishes documentation how their protocol works, but it also releases the full source code: https://telegram.org/apps#sour...
So even if the mtproto documentation would have a flaw or be not precise enough to fully specify the behaviour (and that often happens!), you could still look into the source code to find out what actually happens.
Its the only messenger that:
1. can be used without gapps spyware
2. is halfway popular
3. has the source code released under a open source license
4. has authors who tolerate third party clients connecting to their server. This is not the case for Whatsapp, and also not the case for signal
Thanks to 1 and 3, telegram is available in the f-droid app store. This is why I use it, and I don't want to install software from third party stores like google play or sideload apps.
Yes, the encryption is not perfect, but I prefer that over having to install google spyware that would be required for signal for example.
And London is going to pay for it. On morning of day one after the UK is out, we will freeze the assets of the little britian inhabitants, until the UK pays for the wall. On the evening of that same day, the UK government will come to the EU begging to be able to pay for the wall.
Then trump will sue the EU for stealing his idea.
Have you heard of von neumann architectures? Did you know that nearly every computer in use today is such a device?
Plus no linux support, plus spyware.
And obviously, the tor browser has disabled it.
That is a nice idea, but the moment your OS phones home, or any other application on your desktop, you can already be identified. Same goes if you use your everyday browser for accessing the tor network. That one is usually customized, with lots of custom add-ons, and even more ways of fingerprinting.
The tor browser has removed many ways to do fingerprinting.
Really, use the tor browser.
thanks to mpaa and friends, bypassing DRM (even if its for legal purposes!) is illegal. Documenting how to bypass it is illegal too.
In fact, if you tell google about the "vulnerability", you already commit a crime. Therefore, I think its best that google doesn't fix the "vulnerability", because if they fix it, people will find out about the details of the "vulnerability" by reading the git history, and this means google commits a crime itself.
Without a cheap network, cheap phones don't use much.
dumb monitors are bad, they need to be smartified so that the only way you access them is through apps. Otherwise they are losing a big chunk of data.
IDK, write it up in a journal and submit it to the firehose. Slashdotters always like a good anti-microsoft rant.