Yeah. I think this is one of the best examples of letting nix do the hard stuff for you.

Neovim, configured entirely through nixvim. I always liked neovim, but it’s never been as incredibly stable as now with nixvim.

Main/only IDE both in private and at work. Can’t ever go back, muscle memory has ensured that.

I think the text is somewhat dubious in its arguments, but this (and the arguments built on this assertion) is just plain wrong:

[Signals servers have] a few important pieces of data;

Message dates and times Message senders and recipients (via phone number identifiers)

Signal clients implement the Pond protocol. As a result, Signals servers know who a message is for (obviously, how else do you get the message) but cannot know who it is FROM.

I’ve been playing around with implementing a secure/private messenger demo for myself, and have been consistently impressed with how privacy preserving Signal is when reading their papers and code. I wish it was selfhostable, but apart from that, it’s great.

The server would be NICE to be OSS, but ultimately, privacy breaches are prevented client/protocol side.

This doesn’t make a call to government servers.

The app (or desktop application BTW, incl. Linux) reads your national ID’s NFC tag, once. When you need to prove your age, the app locally computes a zkp that only tells the site “at least 18yo yes/no”.

Note that every EU country has a form of national ID, and the digital capabilities of these IDs are already used for a bunch of stuff (e.g. taxes, bank account creation,…). This doesn’t worsen the privacy situation for EU citizens, but instead ensures that no privacy-unfriendly solutions emerge.

It always feels like YouTube is double dipping though. Not with what the post is about; that’s either/or, obviously.

But Google makes a nice profit collecting user data and behavior, and then selling that to advertising companies. That happens regardless of using an adblocker, and I’d be shocked if it doesn’t also happen regardless of YT premium.

But at the same time, Google also IS an advertising company; they use their user data collection platform to also show ads to users, getting paid again.

So personally, even if YT wasn’t owned and operated by a shitstain of a capitalist eldritch horror company, I’d still have zero qualms blocking all their ads: they’re making money off of me regardless.

Yeah, not having ads in the phone app, the TV app, the music app on the phone or in the browser is really nice, I love it. Also got that for all my friends and family.

Never paid YouTube a dime though :)

If you use nixos, you basically have to know/learn/use day-to-day the nix language.

nixpkgs are written using nix the language, using concepts mostly familiar from just using nixos.

Basically everyone using nixos is capable of contributing packages.

Ah, sorry. https://repology.org/repositories/graphs

Just gonna leave this here

Funny, I’ve also already read that 😄 Good blog and article.

What blog?

Ha, thanks, I’d already read that. And I do, mostly, agree; the OMEMO implementation is not great both from the security perspective discussed in the post, as well as the UX (not being able to decrypt old messages on new devices at all).

That being said, I primarily want a selfhosted, federated messenger which also takes privacy and security seriously, and at least for the former, XMPP is really refreshingly good.

Ugh. I’ve always liked Matrix (and was not bothered too much by the metadata leaks because my home server was not federated anyways), but after noticing some issues and finally reading up on the actual protocol spec a couple of weeks ago… oof. Yeah. No.

Set up XMPP for now. Works really well and the protocol seems so much saner. Unfortunately, it too has some annoyances that are unacceptable to me in the long term. I’m this close to saying “fuck it” and wasting the next couple of years of my life on a new protocol that no one is gonna use. (Cue the XKCD here.)

deleted by creator

That’s what I’m not so sure about though. Forgejo/codeberg/… projects are already not hard to find through search engines. Add a federated in-forgejo search and you’d be set there.

And currently the problem indeed is that a forgejo project is on instance X, and you, as a developer only have accounts on Y and Z. But through federation, that would stop mattering, so I don’t get the “it’s where contributors are”: as long as contributors have a single forgejo account anywhere, we’d be good.

Yep yep yep. I have forgejo accounts on so many instances (including on my own, 2-person instance which hosts all my personal shit). I’d love to be able to jump into discussions and open PRs on other people’s forges without needing a new account.

Forgejo in particular is just a fantastic forge. It’s surprisingly feature-rich, and so, so fast compared to GitHub, even on very lowspecced hardware. I honestly think that if federation is properly implemented, then in the long run, GitHub will become obsolete for FOSS projects.

You do have a point. TBH I only now realized that the video was posted from Doctorow’s personal account, and without a link to the “original”, which yeah, kinda weird.

The talk itself is still worth it (had the fortune of sitting in the audience), but probably a good idea to use the media.ccc.de link.

Originally/additionally hosted on media.ccc.de

Don’t forget the almighty:

journalctl -fu <servicename>

And yes, I am always reading that as “fuck you, service”.

Company went “here’s your budget for ordering a laptop. Put on it whatever you want”, and so there’s NixOS running on it :)

(To be fair though: small-ish, tech focused company)