zako

joined 2 years ago
MODERATOR OF
[–] zako 3 points 2 weeks ago

So, Matrix (federated) and XMPP (federated) would also have "metadata leaks". I imagine there would be metadata exchanged between federated servers and in addition the E2EE of XMPP and Matrix is not so good/modern as Signal's. When Signal-Whatsapp interoperability is mentioned, all people is worried about metadata leaks but it seems that concern dissapears when federation of Matrix or XMPP is mentioned.

Apart from that and one very personal opinion, I always connected Matrix to IRC, I mean, it is used more for the groups functionality than for the person-to-person functionality. And IRC was never considered an Instant Messaging alternative. But this is a very personal feel.

[–] zako 1 points 2 weeks ago

Best of luck also for your next fork. Please share with us your improvements in metadata privacy.

[–] zako 2 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

It is easy, even if interoperability is enabled, do not send messages out of Signal. It would be your option. But other people with non military-grade privacy requirements could benefit of improved privacy when it sends messages to whatsapp users from signal app because signal app is foss and signal would enforce better security and privacy than whatsapp app. Signal would gain traction and it could reach more people willing to abandon Meta and corps.

[–] zako 2 points 2 weeks ago (4 children)

So, we had people who loved to send unencrypted SMS messages with Signal. And now we have people who opposes to send encrypted E2EE messages because they could leak supposedly a lot of metadata such as "when the message was delivered, who it was sent to and more" and it would be the end of privacy in Signal.

We should not forget that this only happens if you send messages out of Signal. This would be optional for every user of Signal.

Interoperatibility is the CORE of Internet. Silos are contrary to the idea of Internet. This is an opportunity to interconnect systems, to boost innovation and to give the opportunity to signal and others to gain users, which is now almost impossible with the current monopoly of whatsapp in Europe.

I imagine all the extremist of privacy in Signal with a Proton email account. And I imagine them only sending/receiving emails from other Proton email accounts. Sending to SPAM or to the delete folder every other email because other emails do not achieve the privacy requirements of Proton. In fact, the only real good solution for privacy with Email is to delete the Email account.

[–] zako 3 points 2 weeks ago* (last edited 2 weeks ago) (6 children)

I would like to hear more specific details about the loss of privacy that would require the integration with whatsapp for signal users.

  • E2EE would be broken?
  • which specific metadata of signal users would be exposed (metadata that is not now required by signal)? less metadata of current whatsapp users would be required?
  • integration could be a user option?

Because I see a lot of fear but few details that justify it.

[–] zako 11 points 2 weeks ago

I also am waiting for news on this. I think many users lack of an european view. In Europe Whatsapp is a monopoly for Instant Messaging, look at https://www.statista.com/statistics/1005178/share-population-using-whatsapp-europe/. And you do not break a Monopoly with "remove whatsapp and use only signal". I only have 1 contact in Signal, two years ago I had 5 contacts. If I remove Whatsapp, I lack of IM. Period.

Signal has E2EE encryption, Signal collects very few metadata. If they collect very few metadata, they have very few metadata to expose to Whatsapp. If Whatsapp forces them to provide more metadata, they could argue and even ask for arbitration with the European Comission.

But the lack of interest to ever consider the interoperalibity seems to me they are not interested in the european market. They do not want to grow in Europe to become the best privacy-respectful IM solution (with users).

2
experiences with ALHP? (self.arch_linux)
submitted 1 month ago by zako to c/arch_linux
 

I would like to know if you are using ALHP to have packages compiled for x86-64-v2, x86-64-v3 and x86-64-v4. Do you use it? What is your experience? Is it more unstable or more prune to security vulnerabilities than arch vanilla packages?

[–] zako 2 points 1 month ago (1 children)

There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.

This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos

In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.

[–] zako 18 points 2 months ago (12 children)

In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@[email protected]/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.

[–] zako 3 points 2 months ago (3 children)

It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?

[–] zako 4 points 2 months ago

If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, ...

If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

[–] zako 76 points 2 months ago (24 children)

the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.

[–] zako 1 points 5 months ago

Thanks for all your answers! I will check some of the alternatives to duckdns.

 

I feel that sometimes resolution of sub-domain.duckdns.org and host.sub-domain.duckdns.org fails with empty result or even timeout result. Tested resolution against Google and Cloudfare DNS servers.

Do you have a similar behaviour?

7
submitted 1 year ago* (last edited 1 year ago) by zako to c/plaintextaccounting
 

This is a brain storming I want to share with you 😆 .

I feel that PTA is very good to track every transaction but sometimes it is difficult to "understand" the evolution or if I am in the right path of my finances. It easy to know your expenses one month, year... (hledger bal expenses -p 2023 or hledger bal expenses: -M -p 2023). But it does not provide a good and quick picture if I am expending more or not.

I think that many use graphics to try to understand the trend of our personal finances. But I think it could be also achieved with text reports. I am thinking in two kind of reports:

  • Balance Report to compare the same period of time in the last years. For example, compare the Q1 (or months, or weeks...) of the last 3-4 years
hledger report-type-1 --period-report q1 --period 2020..2023 "expenses:"

                ||   Q1-2020   Q1-2021   Q3-2022
================++==============================
 expenses:...   ||  
  • Moving Average Report. For example, I can obtain the average expenses in the last 12 months with hledger bal expenses: -MA -p 2022.01..2023.01 and I could obtain the average 12 month expenses of the previous month with hledger bal expenses: -MA -p 2021.12..2022.12. The idea would be to have a report to know if I am spending less in average in the last X months and, not exactly month to month or quarter to quarter.
                ||   2022.11-Average-12m   2022.12-Average-12m   2023.01-Average-12m
================++==================================================================
 expenses:...   ||  

These are a bunch of ideas. Perhaps it should not be directly linked with the reporting capabilities of PTA. Perhaps it should be scripted with bash, with org-mode...

What do you think? How do you analyze your PTA data?

 

Age verification without name and surname: this is the way to avoid minors to watch porn.

7
hledger 1.32 (fosstodon.org)
submitted 1 year ago* (last edited 1 year ago) by zako to c/plaintextaccounting
 

The last version 1.31 of hledger came with an improvement to the output of hledger roi that makes easier the tracking of investments to even take decisions. They added the "TWR/period" column to the report.

Until now, "hledger roi" provided the annualized IRR and the annualized TWR but not the real return of the desired period. The difference between return and annualized return is key, because if I earned 5% for 6 months, I earned an 10.25% annualized return but what I really have in my pocket is an additional 5% of my initial investment.

The next screenshot is the output of the first 9 months of 2023.

Now for every month I have the anualized IRR and TWR, but the most interesting column is the "TWR/period" column which display the return of the period. Finally, the last line provides the return of the first nine months of the year (TWR/period) and also the annualized TWR and IRR.

 

I need to put some order with the photos I take and I receive with my android phone. Just now I use Nextcloud sync client to upload and Photo/Memories Nextcloud Apps to manage photos.

However, I am not very happy with this setup because of the lack of one Android Application for photos and, thus, the photo gallery of my phone is totally different to the Photo/Memories timeline. And photos are not deleted from my mobile phone when I delete them in Photo/Memories. Which selfhosted photo manager do you think is better to backup and manage photos in sync with the phone?

A second question, is it better to manage the photo gallery with a folder structure or with the album functionality of the Photo application? Which is the best interoperable solution? If I use albums in Memories then I can export those albums to Immich, Librephotos... ? Or I would have to create all the albums again after the export?

 

I have a personal source project I created a shell.nix file for. However, in the project I have also scripts I want to execute periodically non-interactively. Could I use the nix-shell shebang pointing to shell.nix file in order to have the same programs when I use nix-shell interactively and when I launch the scripts?

 

I just created the community but I lack of experience moderating other communities. So, I think it would be advisable to have more moderators, perhaps, two or three additional moderators.

Please apply to mod rights with a comment to this post and let's allow the people to upvote applications. It would be specially interesting to apply for mod rights:

  • people who leads projects of the PTA universe (software projects, web pages...)
  • people who has experience moderating other communities.

Regards!

view more: next ›