Correct me if I'm wrong here -- let's say the Signal folks are breached or have been secretly waiting for just the right moment to push out some malicious code. How would they coordinate rolling it out to client devices to take advantage of that gap? I mean, depending on what the exploit was, they might be able to whack some percentage of users -- but it would be caught fairly quickly. I'm curious what sort of attack you're theorizing that would be worthwhile here.
Noticing something and reacting to it are very different things. Signal could fairly trivially grab all historical data for all online users within a fairly limited window. However it would be a one off event so the value proposition of such an act is dubious.
What is complicated about having the local client upload its database to a remote endpoint? It's literally opening a network connection and proceeding to write out a database dump to it.
Anyway the difficulty of the task itself is traditionally taken to be irrelevant when performing cryptographic threat analysis. The question is about what is and is not mathematically impossible for an adversary to do.
What's especially frustrating about all of these "Signal could flip a switch and steal everybody texts!" histrionics is that if they were interested in doing that they... wouldn't work at Signal. They'd go join/start the hundreds of other companies we've heard of in the past few years that have stored/leaked incredibly sensitive data with an insignificant fraction of the effort Signal have put in to establishing their credibility (the TeleMessage scandal being just the latest). People should hold Signal accountable, constantly, forever. But the baseless FUD is frankly hysterical from a forum of ostensible technologists.
This comment does not follow the context of the discussion.
Circling back up. Article author: Twitter might be untrustworthy and could bruteforce your keys. Use Signal.
Me: That's unreasonable. You also have to trust Signal.
Your answer just now: Why are people picking on Signal?!?
In fact, what the world really needs, rather than 3rd-party controlled encrypted messaging solutions like Twitter and Signal, is public apis for public key cryptography on non-trusted infrastructure, not tied to single groups. Everybody knows this. The reason that we instead have bodies like Signal -- a company that just so happens to tie every encrypted message to a real phone number and real human identity for no easily explained reason -- and the reason we have people who surely know better defending bodies like Signal in public, is an exercise left for the reader.
"Kids don't have a shared cultural experience like I did."
I think this is two claims -- AFAICT kids do have a shared cultural experience, but it is true it's not like yours, or mine. The Spotify playlists are one way they find new music, TikTok being another, movies/TV shows, or word of mouth.
What some folks may have found useful about radio playing gatekeeper and music directors choosing 40 songs per week (they didn't) others of us found stifling.
I grew up in the 70s and 80s in a small town on outskirts of St. Louis. We could get a few classic rock/AOR stations (KSHE, KSD) and starting in the early 80s there was "hit radio" KHTR which almost quite literally followed the 40 songs per week model...
There's tons of music I didn't* discover in the early 80s, such as The Smiths, that I only happened on later because of strong gatekeeping via radio.
In the 90s we got KPNT ("the point") which was alternative rock and more adventurous than KHTR, and by then I also had a car and access to the good record stores in St. Louis. I amassed a large CD collection and stopped listening to the radio almost entirely excepting some college radio, and kept up with new music via Rolling Stone, Spin, etc. Even bought some albums based entirely on their reviews without having heard them at all.
All of that long and rambly comment to say... I like music discovery today far more than I did in my youth, 20s, and early 30s. I skim Bandcamp regularly for new music, watch questions about music on Ask Metafilter, and have found YouTube Music's algorithm to be decent. (e.g., pick a song, make it a "radio" station and add songs I haven't heard before but like to my library.)
It is true that I rarely find folks to discuss music with because I am not listening to mainstream music much. That part sucks -- but few people my age seem to care about music deeply.
* Almost certainly the music director for your local station was subscribed to a service that provided a weekly list of songs to program, rather than choosing them themselves. I worked part-time in radio while in college, taking weekend and evening/midnight-6 a.m. shifts, in Washington MO and Kirksville MO. KSLQ (adult contemporary), KRXL (classic rock/AOR), KTUF (country) and KIRX (talk, sports) were all largely getting program direction from national syndicated programming. The local music director might have used some discretion in choosing / filtering out some songs, but they were likely getting the direction from a service.
Not arguing for Nix here, but couldn’t you use Distrobox on Nix to mitigate some of the author’s problems while still getting benefits from Nix for the basic install?
Note: I’m not a Nix user - primarily Fedora and Debian, though I’ve used Bluefin a lot and used to use PopOS as a gaming desktop. (Rarely have any time for gaming these days…)
As a regular user of NixOS and distrobox: Yes, you absolutely can combine them. I actually ended up using distrobox a lot less than planned (native NixOS ended up being friendlier than expected), but it does work.
What's "fun" is when companies try to be different and schedule meetings at :05 or :10 past the hour, so if you have any regular meetings with people outside the company that do the :50 or :55 thing, it's complete chaos.
FWIW I've never seen top-down efforts to make meetings more efficient stick. Humans are humans, not automatons. They're chatty. They're messy and unorganized. And attempts to build "culture" that curbs those things isn't going to stick when people constantly change jobs because it no longer pays to stay at the same company for decades. (You know, assuming they don't just lay people off because that's the way the wind is blowing...)
"Discord servers and other contemporary solutions are much worse on the long run, but it does not matter. Software is like startups, long term is not a goal when you are not sure to survive (or in that case, being used and having contributors) next week."
I don't think I've read anything that I disagree with so strongly in a while. "Software is like startups" is about as user and contributor-hostile a concept as they come.
The long term absolutely matters and projects choosing convenience today over long-term thinking are screwing over their future. It's damn near impossible to find information about these projects outside the proprietary silos they've dug themselves into and they will regret the choice one of these days when Discord or whatever proprietary service starts tightening the screws to make money.
I'm not sure what you find hostile about their web appearance. It's a light, clean page with text that doesn't throw tons of JS at you, pop-ups, or a cookie accept/reject/ponder bullshit dialog. It could use a bit of a copy edit / redo and a screenshot (I always complain when a project doesn't have screenshots...), but I don't find it hostile in the least.
Try opening that link on a phone. You get tiny, hard-to-read text because of course it's monospace with hardcoded line breaks.
GP's point is that convenience and long-term thinking don't have to be an either-or. We should have convenient tools that don't require proprietary silos but work well on today's devices and with today's use cases.
You will inevitably need to use the website at some point to find past discussions about such and such. And, somehow, all mailing list software seems to have this kind of web UI.
But also, part of the problem is the use of email lists. Or rather, specifically, plain text emails, because they contain pre-wrapped lines, and users often assume monospace font. You can try to reflow, but in general it's not possible to determine whether any given line break is there because the line just needed to be wrapped, or because it's actually meaningful (for code, diagram etc).
> The long term absolutely matters and projects choosing convenience today
I would be happy to engage on that thought, but here on this thread there is a lynchmob gathering to declare an emergency to remove all GPL-connected code everywhere, again.. because `screen`
Upstream requested that the SUSE team take a look at it. It seems that development is understaffed and the upstream may not have the expertise to maintain it properly. Which, if true, is sad -- I know that tmux and others exist, but a lot of people have used Screen for many many years. It sucks when a tool bitrots.
Looks like a tech-debt ridden large piece of software that new developers just can't understand.
If that's the case, it's not really about it being "understaffed". Instead, it's doomed to rot until it's replaced of rewritten. There's no scenario where more maintainers will help, except for marginally delaying it.
The good news is that there are almost perfect replacements out there, and most of them are leaner.
Instead, it's doomed to rot until it's replaced of rewritten.
I've seen how that mindset has ruined several companies. Not saying that you're wrong about that particular program that is, after all, free software replaced by other free software parts. But for business, it's lethal.
I prefer the latter. It matches my mental model of such things, and lots of people talk about enjoying switching to it. Many others happily use the former daily.
> tmux is great but it's way too powerful for the 90% use case of screen - which is "let this process continue to run even if I disconnect or logout".
I guess, but does it really get in the way?
I use tmux only for scrollback and having multiple "tabs" and sessions, and not much else. But the more advanced stuff like splits and whatnot never really get in my way.
If there was a way to get rid of Tmux's persistent status bar, I'd be happy to switch over. But last time I checked, you can't, and I want that real estate.
As someone inside the United States... I sort of agree with you, though not entirely. Where we are today is the culmination of decades of attacks on our institutions and public discourse. This is not majority will, but it is a failure of the majority to curb the attacks on our institutions. Collectively, we're to blame -- but at the same time, is it hard to understand why the majority of people in the U.S. haven't been able to push back given what people are up against?
The wealthiest folks have the resources to continually and almost casually undermine institutions, while it takes enormous effort for the larger public to push back. Most people are just trying to live their lives while the Murdochs, Kochs, and others can keep throwing money and bodies at corrupting the country. For every win against the anti-Democratic corruptions, there's two or five losses. They pile up.
But the fall of the U.S. has seemed inevitable for decades. As someone who is here and isn't likely to leave -- my family is here, too many people to muster out and I won't leave them behind -- this is going to suck pretty horribly for some time. If we're very lucky, this will be the wakeup call the U.S. needs and when the dust clears we may rebuild something better. If we're not... well, I don't want to dwell on that.
At some level it falls back on the bullshit asymmetry problem. Lies are easy. Truth requires details and nuance. This is why the "free marketplace of ideas" is doomed to fail. Too many willfully ignorant people who desperately seek out comfortable lies. Far too many unscrupulous people willing to take advantage of the ignorant.
The same reason I hate cancer. Musk is a threat to me and people I care about. His DOGE bullshit will, if it hasn't already, result in harm and deaths of people who have received assistance or support from programs in the U.S. and abroad.
My question is why this is even a question, and why should Musk care if I hate him? He's gone on record as saying that empathy is a weakness. Fine, I'll compromise -- if Musk wants a world without empathy, then I see no reason to extend any to him.
He's a petulant man-child who has more resources than millions of people combined, but somehow is not satisfied with that and wants to spend his time and resources making the world significantly worse. His companies receive huge amounts of money from government contracts, but he hypocritically targets government spending that benefits other people.
Plus... I'm just fucking sick of hearing about him. It's damn near impossible to go a day without reading about him and seeing his face. I didn't care much for several presidents in my lifetime, but you could go a few days without them being in the headlines from time to time. Not Musk. Every. Damn. Day.
Sorry, was this a rhetorical question? I could go on...
I wish people would stop with the “Trump doesn’t understand $thing” stuff.
It doesn’t matter whether Trump understands $thing. Pretending that he’s acting in good faith to make things better, but is somehow failing because he doesn’t get X, Y, or Z falls right into the trap. He’s trying to destroy American “soft power”. It doesn’t interest him.
Neither does a good economy, schools, NATO, etc. All of these things are being destroyed or mangled on purpose.
When a ruler does something that seems illogical, it's most often times meant to consolidate internal power. That being said, I often find Trump's moves to be bizarre even in that light. At least try to look good, but he seems to be do everything to look bad. Even MAGA fans have a hard time coping:
OTOH, trump is not very clever, and IS rather infantile. its sufficient to allege that forces that seek to destabilize American power likely aided Trump financially and he is proving a good investment. the term is "useful idiot" IIRC
reply