• 60 Posts
Joined 1Y ago
Cake day: Jan 17, 2022


You can use most desktop environments on most distros.

If a distro has its own GUI and it doesn’t exist on other distros, usually that means either it isn’t free software or it’s not good enough that anyone has bothered to package it for other distros.

Detailed comparison of BitTorrent, IPFS, Secure Scuttlebutt, and Hypercore
last updated March 2022 but still mostly accurate, i think

If by “free and public” you mean a model and code that you can download and run on your own hardware, there is this one: https://crfm.stanford.edu/2023/03/13/alpaca.html

but if you mean a free service… it looks like their public demo (which was here) is not operating currently. but since it is relatively easy to run, there are probably other alpaca-based services you can find.

There are instructions for how to run your own instance of it here: https://www.howtogeek.com/881317/how-to-run-a-chatgpt-like-ai-on-your-own-pc/

cross-posted from: https://lemmy.ml/post/915716 > [Soyuz "Globus" Mechanical Navigation Computer Part 2: Powering Up](https://youtube.com/watch?v=CP5dfjxdkQ4) > > [Soyuz "Globus" Mechanical Navigation Computer Part 3: Landing Function](https://youtube.com/watch?v=eG29HrU6Slw)

lemmy bug: hostnames in titles become http:// URLs
[Here](https://lemmy.ml/post/913218) is an example. I'm not so sure linkifying hostnames in titles is even a good idea (and I think it was only implemented recently) but if it's there it should make them into `https` URLs instead of `http`. also: the tooltip on the hostname link within the title shows the full URL which the rest of the title links to, instead of the hostname-only URL that the hostname part is linking to.

Lemmy continuously loads new (old) posts
I'm using lemmy.ml in Tor Browser. Sometimes a little while (seconds) after loading the front page it will start loading old posts, often from a single seemingly random community, and then keep doing that indefinitely. My fan turns on and the page becomes unresponsive as new (old) posts are continually inserted at the top of the timeline.

Yes, maybe, but I don’t see a big problem

If I used Portmaster, I would want to chat with the developers and other users and get involved with its development. But, I don’t want to make a discord account, and they haven’t bridged their discord to matrix, so, I can’t. I see this is a big problem for the project.

include it`s fuctions in Discord itself, not possible in other social networks

You can easily have bots on Matrix (or XMPP, or IRC, …).

That Discord tracks the user like FB and others, isn’t really a problem with extensions and privacy tools

🤦 yeah, no, it is still a problem. discord is proprietary software as a service, concentrating millions of people’s unencrypted communications in one place. If you block all the servers doing surveillance, you would be blocking discord itself.

I refuse to give discord an email or phone number, or to agree to their terms of service, and so do many other people. By requiring the use of discord to participate in their community, the developers of portmaster are alienating the privacy-aware demographic of discerning technologists which might otherwise use and contribute to their software. They are communicating clearly that they don’t see discord as a problem, and that means that they are not people who I want to rely on to develop privacy tools for me.

somehow i can forgive using the other platforms they use more than discord.

i do understand the motivations for having one, but if they’re going to advertise themselves as a free software project they should at least be bridging their discord to matrix or something.

federated titles are being truncated to 100 characters [edit: already fixed upstream, probably]
Since the latest upgrade, posts federated from (and to!) other lemmy instances are having their titles on lemmy.ml truncated to 100 characters. At first i thought this must be due to a different configured character limit on different instances, but then I noticed that (1) posts here on lemmy.ml are still allowed to have longer titles (200 chars is the client side limit I see currently, at least) and (2) this is oddly happening here on lemmy.ml also to posts made *by lemmy.ml users* to remote instances. Compare these two posts from a lemmy.ml user, which should have the same title: * https://lemmy.ml/post/753535 "What’s a good tablet and touch screen oriented Linux distro or desktop environment? Can any of them compete with something like Android?" * https://lemmy.ml/post/753536 "What’s a good tablet and touch screen oriented Linux distro or desktop environment? Can any of them" The second of those was posted to a remote community on lemmygrad, but by a lemmy.ml user. Note that [the lemmygrad version of that same post](https://lemmygrad.ml/post/510601) does *not* have its title truncated. [Here](https://lemmy.ml/post/753722) is lemmy.ml's truncated version of a post to a beehaw community from a beehaw user (and again, that title is not truncated in beehaw's copy of the post). tldr: afaict this problem is only occurring on lemmy.ml's versions of posts in remote communities, and happens regardless of if the post was made via lemmy.ml or not. edit: i guess probably [this recent commit](https://github.com/LemmyNet/lemmy/commit/668e21cb65402c5269864b1c376d39cd4bce2bb9) from [@nutomic@lemmy.ml](https://lemmy.ml/u/nutomic) will fix it? but I'm still curious why this currently appears to be happening only on lemmy.ml's versions of posts in remote communities (and in both directions). edit2: ok, i see it is actually happening elsewhere too, eg [the lemmygrad copy](https://lemmygrad.ml/post/510600) of the `/c/linux` tablet post above. So, I guess it is currently happening to any remote community anywhere, regardless of where the user posting from. 🤔 thanks [@nutomic@lemmy.ml](https://lemmy.ml/u/nutomic) for (presumably) fixing it already and sorry for the noise.

This looks pretty cool and I’m tempted to try it, but the fact that they have a discord makes me skeptical of the developers’ values.

🎉 thanks to the developers and everyone who helped!

one bug i noticed after the upgrade: my notifications page shows unread notifications for (what i guess is) every reply i’ve ever received which was later deleted. the count in the bell icon only reflected the actual new unread notifications I had received since I last looked, but when i click to view my unread notifications then all of these old ones about deleted messages appear to be unread now.

alternative automated plagiarism engine?

howto avoid using npm?
cross-posted from: https://lemmy.ml/post/718565 > I'm writing some javascript (for the web) for the first time in a long time and I am realizing that I would be well served by using a bit of tooling like eslint and standardjs. > > I am reluctantly willing to `apt install nodejs` but I am not willing to use `npm` because of my impression that it is a fractal of yolo `curl | bash` philosophy which will randomly install and automatically run malware or indistinguishable-from-malware garbage I don't want. > > So, my question is: how can I install things like [standardjs](https://standardjs.com/) without using npm? > > Please do not tell me that I should just use npm.

cross-posted from: https://feddit.it/post/107967 > Here is the paper: https://arxiv.org/abs/2209.06909 > > Here is tbe code: https://github.com/sebawild/powersort

the server software is non-free. iiuc it would be easy enough to reverse engineer the protocol from the client software (which is free software) but (last I checked, anyway) the server URLs are not configurable so you would actually need to patch and recompile the client to use a different server.

I’m certainly not recommending snaps, but, it is important to acknowledge the problem they’re trying to solve. “The debian model” means using years-old versions of everything, having a single set of dependency versions every program must share, and giving every package’s control scripts root access while you install it. This paradigm made sense when it was developed 25 years ago but it is far from ideal today.

i still ♥ Debian but there are tons of things I need to use which I can only get from somewhere else, so, “the Debian model” for me nowadays means a stable base system and then lots of software from other distributors (sometimes flatpak or appimage, but also a lot of podman containers of various distros).

What I am almost never willing to do is use 3rd party entries in my apt sources.list file on an actual host system (though I do in containers when necessary) - down that path lies madness.

yeah, I am aware, and I do actually think the xdg portal stuff is generally a good idea for a lot of programs… but the way it works right now sacrifices a lot of usability and doesn’t gain much security.

passing files given as commandline arguments seems like an easy problem to solve, but the linked file situation with SVG is much harder (probably requires a whole new flow for xdg portals where a program can request access to a bunch of files and prompt the user once to allow access to all of them). in the absence of any solution, imo it is silly that they’re shipping inkscape as a snap with strict confinement today.

I’m unsurprised to see lots of good reasons here why not to use them already, and none for why anyone does :)

I imagine the vast majority of snap users are using them only because Ubuntu ships a few things (like firefox) as snaps by default now.

I tried the Inkscape snap recently on an ubuntu system where i needed the latest release, and found that due to its sandboxing security theater (last I heard it is still not difficult break out…) it is impossible to open files from the commandline. And, even worse, when you use the Open command from File menu, it just passes the one file you selected in to the sandbox, so, when you open a file which has references to other files (which is not uncommon with SVG) it is not able to load them! So, I ended up using Inkscape’s AppImage instead.

Google and Amazon Helped the FBI Identify Z-Library’s Operators
cross-posted from: https://lemmy.ml/post/607133 > "It was fairly straightforward [for the FBI] to connect the dots, largely thanks to data provided by Google and Amazon, which led directly to the suspects."

The Single Board Computer Database, a comparison website for SBCs and SOMs (formerly known as Board-DB), has relaunched!
cross-posted from: https://lemmy.ml/post/604087 > cross-posted from: https://lemmy.ml/post/604086 > > > Thanks to [@MartijnBraam](https://lemmy.ml/u/MartijnBraam): https://blog.brixit.nl/finding-an-sbc/

The Single Board Computer Database, a comparison website for SBCs and SOMs (formerly known as Board-DB), has relaunched!
Thanks to [@MartijnBraam](https://lemmy.ml/u/MartijnBraam): https://blog.brixit.nl/finding-an-sbc/

in what way(s) specifically do you think he objects to the unix philosophy?

have you read his rebuttal to that claim (point #10 here)?

(disclaimer: i am using systemd on some, but not all, of my gnu/linux systems today… and after years of finding it irritating I am actually coming around to appreciate it.)

i don’t see why the concept of building immutable images using existing distro packages and tools shouldn’t apply equally well to nixos and guix as it does to deb and rpm distros.

sure it is, i do it all the time. sometimes i’ll get a too-slow circuit and need to try another, but, it works on the first try more often than not.

These instances are not only slow, they also sell their user’s information.

I’ve long wondered about this regarding alternate frontends for big sites in general, but especially about the youtube frontends like piped and invidious which must require substantial resources to operate (though sometimes they’re serving the video data itself directly from google, sometimes they’re actually proxying it too)… but, I’ve never seen any evidence of it. Have you?

In any case, many of the popular instances are running on Microsoft or Oracle clouds, and/or Clownflare, so, from a privacy standpoint it isn’t really much different than Google. I use them occasionally in Tor Browser just because they’re less likely to be blocking a Tor exit than youtube proper is.

echo "$(($(date +%Y) + 1)) will be the year of Linux on the desktop."

Perhaps with ufw instead of allow I should do allow in? I think allow is for allowing in and out.

No, yeah, you don’t need to specify the direction, opening it for both with just allow is fine (though all outbound traffic is presumably already allowed).

btw, if you’re opening a port for p2p filesharing of copyrighted material you should be sure to inform yourself of the legal risks in your locality - in some places it is highly advisable to use a VPN for that purpose to avoid getting sometimes-legally-enforceable demands for money from copyright enforcers.

Are you running the software that you want to be listening on that port while you’re doing the test? Are you sure it is actually listening on that port? You can see which ports which programs are listening on with the command sudo ss -tulpn (those options tell it to display tcp and udp listening ports and program names, and to not try to resolve IP addresses into names; see man ss for details).

If you’ve opened the port in your gateway and your local firewall and you’re running the software, it seems like it should work… one possible reason why it might not would be if you’re double NAT’d (eg the NAT gateway you’re configuring is itself behind another NAT gateway). To see if this is the case, try to find in the router’s web interface if it says what its WAN (upstream) IP address is. If it’s something else in an RFC1918 range (192.168.x, 10.x, or 172.16-31.x) then you’re double NAT’d and need to figure out how to configure the outer NAT gateway.

I’m guessing that your computer doesn’t have its own public IP address, so, opening ports on its firewall doesn’t actually make them reachable on the internet yet. You’re probably behind a NAT gateway (eg, the modem/router your computer is connected to the internet via), so you need to open a port there and direct it to your computer.

NAT allows your whole LAN to share a single public IPv4 address, which means that for inbound connections the gateway needs to be configured to know which LAN address to send inbound traffic on a given TCP/UDP port to.

On your linux computer you can find out the IP address of your router with the command ip route |grep default, and then you can browse to that address in your web browser. You’ll most likely need its password (maybe it’s written on the bottom of your router/modem?). Once you’re logged in to its web interface, you’ll hopefully be able to figure out how to use it to open/allow/map/route ports to your computer.

edit: it looks like the URL you’re using to test is referring to a different port than any of the ones you said you’ve opened with ufw, which might be a problem? also, btw, the ufw allow command takes effect immediately - you don’t need to systemctl restart ufw.service afterwards.

these people should be ashamed of themselves and scientific american should be ashamed for publishing them. writing that they asked GPT-3 for consent is especially embarrassing.

they are contributing to this problem: https://lemmy.ml/post/343852

fwiw some other people actually did this years ago and did get at least one neural-network-authored paper past “peer review” and published; this says a lot more about the peer review process than it says about neural networks.


( https://nitter.net/cajundiscordian/status/1536503474308907010 )

The English language might not have a “single word” for the feeling I’m getting as I read more about this, but German does: fremdscham. This is actually a really sad story.

“tickle me elmo” is really ticklish! eliza thinks my problems are interesting! it’s all so amazing!

You call that a TTY? This is a TTY:

smdh at kids today with their fancy emoji-having terminal emulators

if you live in a GDPR country, consider filing a complaint with your local data protection authority

i think DDG is hosted on AWS

not that it makes much difference but the DDG domains i just checked are currently pointing at Microsoft-owned IP addresses

see my other comment in this thread, it can translate offline now

The current link in this post goes to a year-old story about the online translation feature… here is the same site’s coverage of this week’s news - which is that there is now offline translation support: https://www.ghacks.net/2022/05/30/firefox-translations-firefoxs-offline-translate-feature-is-making-progress/ (i assume this is what OP actually meant to post). (edit: OP fixed the post’s link)

Here is a web page that loads their wasm translation engline and does the actual translation offline (and it does work in the stable release of Firefox). It’s irritating that the extension still requires a nightly firefox build, as I’d like to use it in my daily browsing but I don’t want to use nightly all the time.

There are a small number of apps that have legitimate reasons for background location access, like OsmAnd which is very nice for making GPX tracks (in an offline, privacy-respecting way). But yeah “foreground location” and “background location” should be different permissions, and really, why should that app even run in the background?

(note: OsmAnd should be installed from f-droid to get the unrestricted free software version; the version in google play hilariously requires you to pay for the ability to download more than a few maps 🤣 )

on the website it sounds like it’s opt-in (via participating sites’ GDPR cookie popups), and it’s a new thing from a major european carrier, so i assume it was designed with GDPR compliance in mind.

(tag yourself; i’m the consenting laptop user sitting on the radio waves)

glancing at their website and whitepaper:

  • they encrypt your “master key” using a password (via PBKDF2 with 200,000 rounds of sha512). this means they can do an offline brute force attack on your passphrase and will eventually be able to see all of your files.

  • because it is browser-based, you’re trusting it to continue delivering you legit javascript every time you use it. if the server is ever compromised, they don’t need to brute force passwords: attackers could see a user’s files the next time they login by just sending them some slightly different javascript and waiting for them to type in their password. (note that the whole purpose of encrypting your files before sending them is because you should assume the server will be compromised. if you trust that it won’t be, why would you bother with encryption?)

  • they use email addresses as account IDs, making it easy for attackers who have compromised the server to know who they might want to target

  • they are hosted at hetzner, a well-known cheap german web host not exactly known for their security

  • the offer “10GB free for life” which is obviously not sustainable. (to claim to offer such a thing makes them either liars or fools.)

this concludes my 2 minute review. tldr: i recommend against using this service.

i lol’d @ 3m when he says “to be honest, like, i don’t know how regex works” … but “as you can see we are getting it” (the search results).

(fwiw at that moment he would be better served by using a negation class to match everything except the double quote that comes at the end of the href ([^"]+) rather than trying to make a class that includes all possible characters that might appear in a torrent’s title.)

seriously, though, as cool as this script is, it’s cooler to seed.