shrugal

shrugal , 18 hours ago

I'd say nobody. Not putting innocent people in jail is more important than punishing criminals imo. But idk what to do with the guilty half instead.

shrugal , 3 days ago

Can't talk for the free tier, but my Usenet account comes bundled with a paid Privado account, and that's working ok so far. The connections have been reliable, fast, and low latency.

My main issue has been that it doesn't support port forwarding. Also, some GeoIP services locate many of their servers in the Netherlands, instead of where Privado says they are. Idk who's right, but it's definitely a problem if you want to pick a specific location.

shrugal , 3 days ago

UsenetServer, and I used this discount link.

shrugal , 1 day ago

Maybe take a look at Appflowy. It's another Notion clone like Anytype, but it's much easier to selfhost.

shrugal , 4 days ago

Here is a more detailed explanation of the exploit.

The Pepaire-Bueno brothers exploited a bug in MEV-boost's code that allowed them to preview the content of blocks before they were officially delivered to validators, according to the indictment.

The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. They used bait transactions to figure out how those bots traded, lured the bots to one of their validators which was validating a new block and basically tricked these bots into proposing certain transactions. [...]

So hardly an attack on any core system of cryptocurrencies.

shrugal , 4 days ago

It's not. They tricked some MEV-Boost bots into doing bad trades.

shrugal , 4 days ago (edited 4 days ago)

IANAL and all, but bad/unfavorable contracts and literal deception/fraud are two different things, at least in the legal system. Not everything that's technically possible is also allowed, obviously.

Compare it to using a security flaw to hack into a system. Technically you're only using the official API, maybe in unusual ways, but still. But you're doing it in bad faith and causing harm, maybe pretending to be someone you're not or injecting fake data into the system, and that can make a difference.

shrugal , 4 days ago

What's absurd is this crypto maximalist take.

You can't just make up your own permission and punishment system, and then expect the legal system to just step aside and let it handle all disputes, especially when it comes to fraud. That's like founding your own city in an existing country, and declaring all existing law obsolete. I know some people think this is a real possibility, but the real world doesn't work like that.

shrugal , 2 days ago

No, it really doesn't. That's like creating a bot that buys and sells company shares automatically, and saying the stock exchange has a vulnerability because your bot makes bad decisions.

shrugal , 3 days ago (edited 3 days ago)

I just set up a Vouch-Proxy for this yesterday. It uses the nginx auth_request directive to authenticate users with an SSO server, and then stores the token in a domain-wide cookie, so you're logged in across all subdomains. Works pretty well so far, you don't even notice it when you're logged in to your SSO provider.

But you do have to tell the proxy where you want to redirect a request somehow, either by subdomain (illegal.yourdomain.com) or port (yourdomain.com:8787) or path (yourdomain.com/illegal). I'm not sure if it works with raw IPs as hosts, but you can add additional restrictions like only allowing local client IPs.

In my special case I'm using the local Synology SSO server, and I have to spin up an additional nginx server because the built-in one doesn't support auth_request.

shrugal , 6 days ago (edited 5 days ago)

They could just choose someone to send to the debate, doesn't have to be a candidate for the presidency.

I'm no fan of the right, but some of the rules only exist to prevent smaller alternatives from getting traction, especially in the media.

shrugal , 6 days ago (edited 6 days ago)

It's a group therapy called !linux, we always have free seats!

shrugal , 6 days ago

This is pretty impressive and hella creepy!

shrugal , 7 days ago (edited 6 days ago)

It can be a bit annoying sometimes, but there are solutions for almost anything, like alternative clients and frontends. I also think it's important to remember that this is not an all-or-nothing situation. Every little bit of privacy you can preserve helps, even if you still have to use their services sometimes.

If your example is mostly about chat then Beeper might be a good option for you. The messages on FB and IG would still go through Meta, but at least you don't have to install their apps.

shrugal , 6 days ago

If you have an always-on-and-connected device then you can self-host their bridges. It preserves e2ee because messages are de- and reencrypted on your device, and it's relatively easy to set up.

shrugal , 6 days ago

You have to provide the user, group and file name as the next three guesses, just trust me!

shrugal , 10 days ago

How about some JavaScript p+=[]**[]?

shrugal , 12 days ago (edited 11 days ago)

It's hard to overstate what a nothing-burger this article really is! Let me break it down:

• Signal got $3 million from the Open Technology Fund at some point in its development
• Some anonymous source alleges that the OTF's ultimate goal is to promote US foreign interests
• The current chairman of the board Katherine Maher worked at the National Democratic Institute and Wikipedia before
• The same anonymous source says she was recruited because of connections to the OTF
• She has at some point voiced the opinion that a completely free internet without regulation just reproduces existing power structures, and that balancing regulation and 1st amendment rights is a tough problem
• Signal doesn't have reproducible builds on iOS (it absolutely does on Android btw)
• Some people feel like Signal chats come up more often than they should in court cases and media reports

That's it, that's the whole story. That's the reason why the Telegram guy of all people thinks you should be careful, and better use his chat service instead, and the Twitter guy agrees.

I mean, reproducible builds on iOS would be nice, but that platform has much bigger problems from a privacy/security/sovereignty/freedom standpoint anyway. And the rest is just nothing turned up to 11.

shrugal , 12 days ago

Yep. It's e2e encrypted, and you can even self-host the sync server, if you don't want to rely on an external service. Pretty much a no-brainer.

shrugal , 11 days ago

Yea, it's pretty easy if you already have a server. All you need to do is run a docker container, and change the identity.sync.tokenserver.uri setting in about:config. On mobile you have to enable the debug mode by going to "Settings > About Firefox" and tapping the Firefox logo a few times, then go to the new "Sync Debug" settings entry.

The container above only runs the sync-server though, you still have to log into a Mozilla account to use it. There is a replacement that includes the whole stack, but I haven't tried that one yet.

shrugal , 13 days ago

Just a heads up, trying to buy Uranium for the reactor on Ebay will get you in trouble real fast, so be careful!

shrugal , 13 days ago (edited 13 days ago)

I think some of the arguments are quite flawed. Bitcoin itself has most of the properties it is said to have, but it lives in a world that doesn't and so some only really apply if you manage to stay inside the system. Like, your Signal chats are private as long as you don't copy-paste them to Facebook.

Regarding self-custody/decentralization and using custodial services: The problem here is not that those properties don't apply to Bitcoin, but that some people just choose to give away control over their wallets or not use Bitcoin itself for certain transactions. Can't blame that on the currency, unless you think it can't be done any other way.

Regarding privacy: I don't think any serious "Bitcoiner" advertises Bitcoin as private. The message has always been that it's "pseudonymous", that you have to take extra steps in order to make it anonymous, and that it's transparent instead of private by design.

Regarding transparency/inclusion: These paragraphs actually argue about privacy again. One is trying to spin the existing transparency into a negative, which is a valid opinion but not something "Bitcoiners" are wrong about. The other circles back to the idea of staying inside the system. Bitcoin transactions are inclusive, but ofc you can still get into trouble if you have to fear external repercussions and can't stay anonymous.

shrugal , 13 days ago

The reason the Jedi use prosthetics to train is because live lightsabers are so good.

shrugal , 15 days ago

Debrid services are usually cheaper (as low as $2.5/month), but you're limited to public trackers with them.

shrugal , 18 days ago

Cause it's one big part of why the Fediverse and Lemmy exist in the first place.

We wouldn't need all this decentralization overhead if centralized sites were trustworthy and focussed on serving their users. The fact that they are not is what leads to privacy violations and enshittification, hence why people created the Fediverse and why we are here (at least most of us I presume).

shrugal , 19 days ago

Best tip I can give is to use a tool that's made for this task, like Tdarr/FileFlows/Unmanic. They take care of all the complicated issues like encoders, ffmpeg parameters and parallel processing on multiple nodes, so you only have to handle the things you actually care about.

shrugal , 22 days ago

If you have a monopoly and need to maximize profits then the question becomes: Why not?! You could extract more money this way, and it's not like your users would go anywhere else at this point.

That is why it's so important to fight and break up monopolies, and to limit what these companies can do. Because they have no reason not to squeeze every penny they can get out of you!

shrugal , 25 days ago (edited 24 days ago)

I've been running Gluetun for a few months now, and just the other day discovered that you can use it to seamlessly proxy Twitch streams (using it as http proxy for ttv lol pro), so they load via countries that Twitch doesn't show ads for. Setting it up was ridiculously easy, and now I have neither ads nor endless loading anymore. The whole thing was a really nice surprise!

shrugal , 28 days ago (edited 28 days ago)

There are a few variations in German:

• (hin)zugießen/dazugießen (pour one liquid into another)
• (hin)zuschütten/dazuschütten (also including rubble/powder/…)
• (hin)zugeben/dazugeben/hineingeben/beimischen/hineinmischen (also including solids, basically add+mix)
• (hin)einrühren (also stir the mixture)
• zusammengießen (pour liquids into each other)
• zusammenschütten (also including rubble/powder/…)
• zusammenmischen (also including solids, basically combine+mix)
• zusammenrühren (also stir the mixture)

Ofc all of them are combinations of existing words: (hin)zu/dazu≈added to that, bei≈with, (hin)ein=into, gießen/schütten=pour, schutt=rubble, geben=give, rühren=stir, mischen=mix, zusammen=together. You could probably build many more, but those are the ones I think are fairly common, and also found entries in German online dictionaries for.

German is really just an elaborate word construction project.

shrugal , 1 month ago

Do Not Track

Such a simple solution for the cookie banner issue. But it prevented websites from tricking users into allowing them to gather their data, so it had to go.

shrugal , 1 month ago (edited 1 month ago)

Yes. It makes it much harder to build a profile about you though, because you’re not logged in and they don’t know if those views come from you or someone else using your server. Even if you’re the only one, the website doesn’t know that.

shrugal , 1 month ago (edited 1 month ago)

From what I understand the GDPR says you have to give users a real choice about the usage of their data, without any unreasonable negative repercussions. Having to pay money (at least as much as they are asking for) is such an unacceptable repercussion, no matter how FB might phrase it.

They are allowed to take money or show ads for access, but they can’t couple that decision with the one about the user’s data usage.

shrugal , 1 month ago (edited 1 month ago)

pay for it with advertising your data

FTFY.

That part is not allowed according to the GDPR afaik, the decision about your personal data cannot be artificially linked to something else. They can absolutely show ads, but without using your data.

shrugal , 22 days ago

I unironically think that quality political satire is a good way to engage with politics.

It often cuts right through the BS and talks about issues that regular news or talk shows are afraid to touch. Also, it's always clear that what's being said is the opinion/interpretation of the artist, so you're encouraged to think about it for yourself and see what you agree or disagree with.

You have to be careful not to rely on it too much, and also use other forms of media to inform yourself, but it definitely helps when trying to get into political subjects.

shrugal , 1 month ago

One cup of coffee on the balcony every morning. Just sitting there, enjoying the atmosphere, watching people walk by (I live near a park), maybe meditating a bit.

shrugal , 1 month ago (edited 1 month ago)

Afaik the stated reasons for moving back were pure BS, or at least blown out of proportion. It mainly came down to the people in charge being very “friendly” with M$. Munich got a new major, he publicly called software-freedom “idiological nonsense”, asked a consulting firm that partners with and sells M$ products to analyse the situation, and everyone was shocked when they recommended M$.

shrugal , 1 month ago

If you don’t want to pay for an account anywhere (VPN/Usenet/Debrid/…), then you might want to try out Torrent + I2P. I haven’t used it myself, but from what I know it’s a slower but completely provider-less alternative to VPNs for anonymization, and Torrents are free ofc.

That being said, you’ll have a much easier time if you pay for a seedbox for example. It’s just a small server in a datacenter somewhere, that happens to be better connected and more private than your typical home internet connection, and that you can use however you like.

shrugal , 1 month ago (edited 1 month ago)

Get a Usenet provider, a download client and a few indexers, set them up, and start downloading. Maybe automate with *arr apps at some point.

Some suggestions:

• Provider: UsenetServer ($1/month trial + $50/year discount)
• Downloader: SABnzbd
• Indexers: NZBGeek, altHUB, NZBIndex, abook.link (Forum), SceneNZBs (German), Tabula Rasa (invite only), NZBCat (invite only)

Most indexers let you search for free on their website, but grabbing download links and using their API with *arr apps is limited (e.g. 10 downloads and 100 API queries per day) unless you pay for VIP access (usually about $10/year/indexer). So you can try out a few, maybe pay for one or two that give you good results, and keep using the rest within the limits of free accounts.

shrugal , 1 month ago (edited 1 month ago)

You mainly depend on the fact that the providers don’t keep logs and don’t have to disclose your info. It’s not 100% safe, but nothing really is. The risk of misconfigurating your VPN and accidentally leaking your IP is very real as well for example.

shrugal , 1 month ago (edited 1 month ago)

The juristiction where the provider operates, and the logging/disclosure requirements are very important! ISPs are often required to keep logs, VPN/Seedbox/Hosting providers usually are not. I’m not a lawyer and so on, but I could also imagine that logs from some VPN showing your IP was used to download/upload something are not as good as evidence as a mandatory (and probably somehow checked/verified) logs of an ISP are.

Another thing are provider incentives. If you’re running a general purpose hosting business you probably don’t want any shady stuff on your servers, and so you’re pretty happy to comply with any reasonable information request in that direction. As a VPN/Seedbox provider your business depends on people feeling safe and private on your servers, so you’ll do everything in your power to fight these requests, and there is a lot that can be done to fight them. And ofc if they do as they say and don’t keep logs then they don’t even have the requested information.

You operate it behind a VPN and the seedbox is just a means to get a 24/7 running Linux machine

I don’t think you need Seedbox + VPN. You can do that of course, but just one is usually enough. The important bit is that other torrent clients don’t see your personal home IP address, and the provider that does know your IP doesn’t have the obligation or incentive to disclose it. But if you want the extra protection you could search for VPN/Seedbox providers that accept crypto as payment, and chain multile VPNs or VPNs and a Seedbox, so none of them have the full picture. I think that’s pretty overkill though, and probably hell to set up and maintain. At that point you should probably go with Tor or I2P instead, because that’s basically how they operate (onion/garlic routing).

seedbox is just a means to get a 24/7 running Linux machine

They usually have very beefy connections, far better than what you get for your home internet, especially when it comes to uploads (asymmetric subscriber lines etc.).

shrugal , 1 month ago (edited 1 month ago)

I’m no expert on the topic, but I’ve also never heard of a case where a seedbox user was sued because of torrenting. As far as I can tell the seedbox providers only ever get takedown requests, they never have to hand over user data or logs. I believe that’s mostly because of the jurisdictions they operate in, but some also have restrictions like blocking public trackers.

There are probably a bunch of things that contribute to this. Seedbox providers fighting against information requests, their logs not being as valuable in court, law firms not knowing whether the IP they’d get would even lead to an address (as opposed to IPs of providers they know to be cooperative), the fact that you only downloaded from the seedbox and never uploaded anything yourself, and so on. Torrenting lawsuits are already pretty weak, and adding all this uncertainty probably makes it not worth the effort.

shrugal , 5 days ago

Why stop half way? All you need is a benevolent dictator, shouldn't be too hard to find, right?

Some of these points are good, some are just absurd. Letting "the state" handle everything and hold all the cards, and then actually believing that it won't be coerced and corrupted or that there won't be strong disagreements about how to handle things is just delusional and wishful thinking on a grand scale imo.

I agree that most modern countries need to strenghen the public sector, but you still need checks and balances between powers, individual responsibilities and freedoms, real-world economic feedback and incentives, and so on.

shrugal , 1 month ago

Idk what you’re talking about, it’s clearly a sign of the flying spaghetti monster!

shrugal , 1 month ago

The video is probably factually correct, but very disingenuous with its interpretations and conclusions imo.

Of course Mozilla and Firefox have their own share of problems and bad decisions, and they are pretty well known and talked about from what I’ve seen, but equating it to Google and Chrome is just pure cynicism. Mozilla having to earn money somehow (1% donations!) and Google trying to maximize profits at all costs is not the same thing, even if it might look similar sometimes.

shrugal , 1 month ago

Streaming services did it the other way around. We had one platform for almost everything, and then the studios created their own to get more of the subscription money.