Threads for avalos

  1. 7

    Lobster should know better than platform bigots like the author of this piece.

    1. 7

      Let’s judge the article and not the person, shall we?

      1. 8

        Why just the article tho, why exclude all the links on that same page leading to godawful places.

        1. 1

          What have the links got to do with the article?

    1. 3

      Meaningless when an app admits it breaks this for moderation purposes. Great tech in this area doesn’t outweigh shoddy management elsewhere.

      1. 1

        If I understand correctly, messages in a group or private chat are only sent to Facebook if the user reports the account. It’s not different from the user taking screenshots and sending them to Facebook manually. No matter which reporting mechanisms are in place, you always need to trust members of the chat not to publish your messages. E2EE does not protect you if you don’t trust the other end.

        1. 1

          It’s slightly different. It’d not be bad for someone to send all their SMSes to a random address at Apple, but it would be very bad if Apple gave law enforcement a tool to read SMSes from locked phones.

          The pipeline exists, now it’s just a flag.

          1. 3

            but it would be very bad if Apple gave law enforcement a tool to read SMSes from locked phones.

            Is there a proof that happens with WhatsApp now? As far as I understand it, WhatsApp only gets a snapshot of communication around the reported message, not persistent access, so that specific case is not implemented.

            Also “The pipeline exists” doesn’t seem like a good way to phrase it. For any company operating in the US this exists in the form of a national security letter. In other countries this exists too under different processes. The local laws are that pipeline.

            1. 1

              . For any company operating in the US this exists in the form of a national security letter. In other countries this exists too under different processes. The local laws are that pipeline.

              Signal can’t exfil data when anybody asks. That’s what I mean by the pipeline existing.

              1. 1

                Sure they can. It will involve a new release of the app, but it’s possible. Non-cooperation is not welcome and will result in being thrown under the bus: https://www.wired.com/2007/10/nsa-asked-for-p/

      1. 5

        Finally! I mean, WhatsApp continues being a bad choice for privacy due to the enormous metadata collection and use for targeted advertisement; but this is going to make WhatsApp much better for existing users who can’t quit it. Telegram will shit their pants when this gets introduced, since their whole «business model» consists on blaming WhatsApp for not encrypting backups, and telling you you should trust Telegram to store everything instead of Google and Apple.

        1. 5

          Telegram’s business model consists on having a better user experience than whatsapp. Good web and desktop clients, being able to join groups under a handle instead of everybody knowing your phone number, big pretty animated stickers, decent UX without sharing your phone’s contacts to the app, support for bots on which moderation tools are built. The kind of people who care about security know telegram isn’t great in that regard, but that’s not at all what the users pick telegram for.

        1. 9

          IRC is clearly not good enough. It had the users at some point and network effects should have allowed it to remain on top if it had truly been good enough. My hope is that Matrix will take the top spot. XMPP would be okay as well. But thankfully Matrix and XMPP can be made to bridge to one another. Yay openness, federation and bridging!

          1. 8

            In my opinion, Matrix is a very heavy and complex protocol, and it’s getting even more heavy and complex: you can hardly say it’s really an open standard. Element is pretty much the only usable client, Synapse is pretty much the only usable homeserver, and matrix.org—where everyone registers—is always slow and has trouble federating. I think its future depends mainly on New Vector and commercial interests.

            1. 4

              Yes, matrix the protocol is complex to implement. But it doesn’t seem needlessly complex when looking at the requirements. And the specification is designed so that clients are easy to implement, the server does most of the work. Here’s a good example of a simple client: https://github.com/ara4n/random/blob/master/bashtrix.sh

              There are lots of usable clients, but you’re right that element is probably the only full-featured one. The alternative homeservers are coming along well lately.

              Also, there is the matrix foundation, which owns the copyright on most stuff. True, new vector / element (has the company renaming completed yet?) is the major driving force, just as mozilla is to firefox. But there are others working on it as well. Without new vector the progress would be slower, but I doubt it would stop.

              1. 2

                Decisions like polling JSON over HTTP instead of working directly with TCP sockets, were intended to make it easier to implement. The protocol is simple, but huge: you have tons of endpoints and JSON objects, that creating a full-featured client is extremely difficult. One of the most difficult aspects is also UI/UX, especially for device verification, cross-signing and encryption keys. It’s a lot of simple things, bundled into a single complex thing.

                1. 1

                  Clients can be made to be (at least partially) lightweight fairly easily. What I was mostly referring to is the server-side implementation. I was considering running my own Matrix instance for me and my friends, only to discover that we’d need a significant amount of RAM and CPU time since we were planning to subscribe to a bunch of high-traffic rooms and run a few bridges to various other services.

                  I have an account on matrix.org and it does get slow at times when it tries to fetch new messages after a few hours of inactivity. Not sure if the existing, “primary” Synapse implementation can be optimized significantly, but it could sure use some of it if at all possible.

                  1. 3

                    True, synapse can be a bit heavy. But the matrix people seem to be following the rule “make it work, make it right, make it fast”. Synapse has improved a lot in the past couple of months. And they are focusing on improving synapse further. Memory use can be hard to completely fix in a Python-based project. But Dendrite is also improving. Construct is an independent homeserver that can federate and is fast. I haven’t run in though. And there are some other homeserver projects that seem to be quite fast as well.

                2. 2

                  I haven’t gone through all the specifics regarding the protocol itself, but I do agree the current implementations of the protocol are pretty taxing in terms of system resource usage, among other things. The problem is, how do you implement a protocol that provides so much functionality and keep it lightweight. Such a task would require a lot of engineering effort and thinking many things through before you touch a keyboard.

                  If Matrix catches on even more, less heavy implementations will likely appear at some point, but it won’t happen overnight.

                  1. 2

                    How do you implement a protocol that provides so much functionality and keep it lightweight? Don’t. Instead of a huge single protocol, you can use multiple lightweight protocols to achieve the same thing, and you can even glue them together into a single platform. Matrix is, in a sense, a bridging layer that connects multiple different protocols; but it’s so big, that it can also be used standalone. You could easily replace Matrix with XMPP, IRC, ZNC and IPFS; and it would work just fine.

                3. 3

                  I think you can bridge IRC and Matrix as well

                  1. 5

                    Because IRC is not federated the bridging there is necessarily more ugly and weird. You have to have a nick on the target network in order to speak there, and there’s no obvious nick the bridge can just make up for you that will not look weird to IRC people.

                    1. 3

                      There’s two different kinds of bridging you can do; as a matrix user you can bridge your account to freenode, which mostly works but is a bit flaky and rather difficult to set up. As a channel owner you can bridge the entire channel, and this works great; you only have to do it once and everyone benefits from it. We did this in the #fennel channel and I have no regrets; all the core devs can keep the workflow they’re familiar with, and all the newcomers can come thru Matrix and get the persistent history and other nice features that take more work to set up on IRC.

                      1. 2

                        yeah, not on Freenode, but apart from once-in-a-month “I didn’t get that message” or some formatting messups with certain matrix clients it’s pretty flawless. I love IRC but it’s a pain on mobile, matrix is a lot better there.

                      2. 2

                        You can. And there’s also matrix-ircd which is a matrix client and irc server. So you can use your irc client to connect to matrix.

                    1. 12

                      There are a lot of really nice and readable free fonts out there. Price ≠ quality; yes, that’s true in some cases, but you can get beautiful and high quality fonts freely licensed.

                      1. 10

                        The author is also in business of selling fonts, so you have to take that one particular piece of advice in light of that. That said, I’ve read his whole book and it seems to be on point everywhere else.

                        1. 2

                          What do you like? I’m leaning towards Charter + Fira Sans for my blog, but I love collecting fonts so I’m always eager to hear what others like.

                          1. 6

                            I really love the look of Inconsolata. Originally, I had fallen in love with Consolas, but wanted to make some extensions to it. Looking for an open font similar to Consolas lead me to Inconsolata, which I could easily add extra glyphs to using FontForge. Recently, Inconsolata has had a major update making it a variable font family.

                            I use it everywhere where it’s appropriate, which is 90% of my use cases (text editors, code editors, and personal notes).

                            For the rest, I use Computer Modern, due to LaTeX. To my eye, LaTeX documents look gorgeous, usually with minimal tweaking, sometimes with more. Again, an open source font.

                            1. 4

                              What do you like? I’m leaning towards Charter + Fira Sans for my blog, but I love collecting fonts so I’m always eager to hear what others like.

                              I keep (kept?) a list of good typefaces, and I have a Google doc from Doug Wilson in my bookmarks.

                              1. 1

                                Fantastic, thank you!

                              2. 2

                                I’m using Open Sans for my blog (blog.avalos.me), which might not be the fanciest or prettiest font; but it’s extremely readable and friendly. I’m giving hacker vibes to my personal website (avalos.me) with Jetbrains Mono.

                                1. 2

                                  Open Sans is quite lovely, I may have to use it!

                            1. 2

                              I use Hyde for my blog and freelancing site, both with my own custom “theme”. Why Hyde? Because I enjoy using Scheme (also because I want to be dogfooding CHICKEN as much as possible), and because it’s relatively simple. Hyde does not have too many bells and whistles (in fact, it doesn’t even have ready-to-use themes as far as I know).

                              1. 2

                                Hi, sjamaan! I use Hyde as well for my personal website, and I’m thinking on moving my blog too.

                                1. 1

                                  Cool! How did you find out about Hyde?

                                  1. 2

                                    Scheme, CHICKEN Scheme, Eggs Unlimited 5. :P

                              1. 3

                                I use Hyde (http://wiki.call-cc.org/eggref/5/hyde) for my personal website (https://avalos.me/) and Hugo for my blog (https://blog.avalos.me/), using the Etch theme, which is pretty minimal and nice. I’m starting to think on moving my blog to Hyde as well, so I can have it along my personal website.

                                1. 2

                                  That’s pretty cool. I am using a similar theme for hosting my notes and things I learn across the internet https://knowledge-book-six.now.sh/