activistPnk

activistPnk OP , 19 hours ago (edited 19 hours ago)

The server is snikket.chat.

I am not sure what causes the OMEMO error though as I am not a iOS user.

I believe Profanity is mostly to blame for those errors. Profanity loses track of keys and fingerprints of other users, and I think what it does is encrypts the msg to myself, then transmits it without encrypting to the recipient. Then the recipient gets a msg that’s encrypted to others but they cannot decrypt it. Then to worsen matters it seems XMPP uses the same incorrect error message for many different situations. Profanity really needs to change so if any of the recipients keys are not found, it should refuse to send the msg. I see a bogus error on my end as well, and the fix is to disable OMEMO the re-enable it (/OMEMO end; /OMEMO start).

In any case, thanks for the suggestion. I’ll see if I can get someone to try that app. I cannot be fussy about features. I really just need text msgs to work.

activistPnk OP , 17 hours ago

Thanks for the info.. i'll check out poezio for sure.

Regarding the bug, it has already been reported→ https://github.com/profanity-im/profanity/issues/1615

activistPnk OP , 6 hours ago

Thanks, I’ll check it out.

activistPnk OP , 6 hours ago (edited 6 hours ago)

You question forced me to revisit this and take a closer look. I have in my notes “If someone’s fingerprint is untrusted, they will get an encrypted msg that they cannot read.” So I entered a 1:1 window with the one person who only ever gets errors from me, entered /omemo fingerprint, and it simply showed the person’s fingerprint. Then I did the same for someone who has fewer issues with me, and printed next to their fingerprint is “(trusted)”. Ah ha! The other acct has an untrusted fingerprint and Profanity does a shitty job of informing the user. The absense of a “(trusted)” when asking for the fingerprint is the crucial indicator.

To answer your question, I think keys are managed automatically. I never had to add a key. But I have had to trust fingerprints. In the new version of profanity it’s possible to enter /omemo trustmode blind. That would also solve my problem but I don’t want to be sloppy. So I have to guide the other user to their own fingerprint and confirm it.

(edit)
Well this is bizarre. There are a couple people who I can talk to in Profanity just fine with OMEMO enabled, and their fingerprint also lacks the “(trusted)” next to it. Yet my trustmode is “manual”.

activistPnk , 5 days ago

https://freecycle.org/

activistPnk OP , 10 days ago

Thanks.. looks like I got my answer. Not a single bottle rejected!

activistPnk OP , 9 days ago (edited 8 days ago)

I doubt anyone does. I certainly do not. It would not be environmentally optimum to do so.

There is a stat that if you wash a typical dishwasher load worth of dishes by hand (with avg faucet output of 1 gallon/min), you will consume:

• 20 gallons of water if you are a novice
• 8 gallons of water if you are skilled

While a dishwashing machine uses ~4—5 gallons of water. So dishwashers are actually good for the environment. I will clear of any bulk waste before loading a dishwasher, but I do not hand rinse because it would be wasteful.

It’s essentially the same when returning bottles for reuse. People count on the industrial cleaning to do the full job (though I started the thread to get an idea of to what extent it really can be relied on). The refund for the bottle return is the same whether the bottles are clean or dirty, so there is no incentive for anyone to pre-clean them in any way.

activistPnk OP , 8 days ago

In Europe they charge 10¢/bottle for simple bottles and 40¢/bottle for the fancy clamp-down style. Then that gets refunded when they are returned. It’s a bit of a hassle because some brewers do not participate, in which case the reverse vending machine rejects the bottle which means you then have to carry it to a glass recycle bin. The brewers that do not participate use a thinner more fragile glass that would be unfit for reuse. So consumers have to stay on their toes and keep track of which brewers participate. Can get quite tricky with the obscure artisinal brews.

Ireland is introducing the same concept for plastic bottles of charging a fee for them then returning the fee in a reverse vending machine. I can’t imagine reusing those. They must be recycling them.

activistPnk OP , 8 days ago

I am aware that that happened in Oregon once, and even though the parts per million after one person’s bladder is empted into a tank of thousands of gallons is negligible, they emptied the whole water tank which covered a whole city and refilled it, and sent the guy a water bill for that.

I suggest watching the “how beer saved the world” documentary. It shows how they used filthy stagnant pond water with duck shit in it to brew beer, which was safe after the brewing process. But note the beer container is not part of the brewing process.

The water is not much of a risk. But filled bottles sit in warehouses with rats. Rats urinate on the bottles. This is why Europeans don’t drink directly from the bottle. I’m not sure why Americans are content drinking direct from the bottles.. maybe US warehouses are rat-free.

activistPnk OP Mod , 25 days ago (edited 25 days ago)

I only use it when I don’t know the route. Usually it’s when I’m on foot all day long in an unfamiliar foreign city.

Sometimes my memory is almost sufficient for the trip, in which case I turn off the screen and go purely off the audible instructions, which greatly increases the range by using less battery. But the timing and accuracy of the audibles is not accurate enough for completely unknown routes.

activistPnk OP Mod , 25 days ago

So do you have your screen turned off most of the time?

Yes, because I’m usually not using it. I never use it as a phone and keep it permanently in airplane mode. Daytime navigation is its most common use, in which case I have the backlight on full power and the GPS on.

I usually get through a day fine with a charge.

I could probably get through a week if navigation were not involved. But when I do a day trip in a foreign city I have to carry a spare battery and still take every opportunity at bars and restaurants to recharge (which just gives ~5—10%). I also turn off the GPS when stopped to save battery, but this brings the inconvenience of reacquiring a fix.

If you bring a second phone, that is also a second device you’re carrying around, might as well be a small powerbank.

A powerbank needs to be wired to the phone and thus strapped to my arm. I’ll first test what an external GPS does and if that’s insufficient then I might consider an external battery.

The phone gets quite warm when navigating. I believe that’s because the GPS is computationally intensive. The heat is not only waste energy but it also heats the battery which then possibly impacts the battery performance and charging. So by using a separate device for the GPS, the impact from the heat should be reduced.

activistPnk OP Mod , 25 days ago

That looks interesting. I might have to keep my eye out for these at the 2nd hand street markets. When you say supplement, do you mean the ROX feeds coordinates to the phone?

Apparently Sigma has a proprietary app for the phone. If you don’t use that app, are open standards supported? In the pre-smartphone days, it was common to get a dedicated device that merely ran a GPS receiver and the sent to coords to any bluetooth device (e.g. palm pilot) that paired to it. I think the standard is called NMEA. The ROX 4.0 manual makes no mention of NMEA so I’m not sure if that could be used to feed OSMand.

In any case, your finding seems to suggest using an external GPS has a substantial power savings on the phone that hosts the maps.

activistPnk , 1 month ago

I’ve wanted to play with packet radio for a while now. It’s a shame the article pimps a Cloudflare site (winlink). It’s fitting in a sense though because there is a ban on using encryption over the ham radio bands. So the emails over packet radio must inherently be exposed to the world anyway.

activistPnk , 1 month ago

But this is an entirely reasonable stance to take.

Snikket is FOSS. The source code is available to Google. The source code is also a more trustworthy source of evidence than Google simply running the code. How do they know from running the code whether it exports their contacts?

activistPnk , 1 month ago (edited 1 month ago)

This is good news in the sense that Snikket is forced to promote the better repository (F-Droid). It’s also favorable when some good apps like Snikket are simply unavailable in Google Playstore. If every app is available in Playstore, that solidifies Google’s disproportionate power -- which they abuse. We need more apps to be only available outside of Playstore.

Snikket is also a good app to have that excludes Playstore because of its nature as a communications app. Advanced users likely tend to push their more novice correspondents to install Snikket. So going forward they will have to do their duty in spreading F-Droid.

activistPnk , 1 month ago (edited 1 month ago)

What are you missing? When Google has access to the source code, they have the ultimate most effective and simultaneously easy way to verify the criteria is met. Of course that’s relevant to the discussion. It’s how you know what the software does. Only closed-source projects have a problem demonstrating that they’ve satisfied the criteria.

activistPnk , 1 month ago (edited 1 month ago)

FOSS isn’t magic. Reviewing the source code doesn’t guarantee that the version you get matches the code you were provided. You unconditionally should not get any exemptions to store policy because your code is open source. That’s a terrible idea.

No one has suggested exemptions. Otherwise you need to quote where you get that idea from. You’re not grasping the fact that code enables criteria to be verified. It therefore needs no exemption.

The terrible idea we are grappling with is the idea to not review source code that is available. If the code does not match the binary, that is Google’s problem. Google is the repository and has the sole responsibility for either ensuring reproducable builds are in play (to the extent that they care) or compiling it themselves. But I doubt Google genuinely cares as the Playstore is proven to have a quite poor quality standard relative to other repositories.

Having actual written policies and meeting other criteria are the rules for a reason.

Those policies are not above criticism. If Google’s policies fail to include code reviews as verification that criteria is satisfied, that’s on Google and they have no expectation of not being condemned for their incompetent policy.

activistPnk , 1 month ago (edited 1 month ago)

The issue they’re complaining about is that they’re being held to additional standards because they ask for a sensitive permission.

That’s not Snikket’s complaint. Snikket naturally satisfies the standards at hand because they do not export address book data, so they have no reason to object to the standards Google is failing to verify. Their complaint is rightfully about Google’s incompetence in evaluating their compliance. It’s clear from Snikket’s account what a shit show it is at Google who failed copious times to evaluate their software.

There’s nothing more terrible in the position of a software repository than the incompetence of neglecting to review code as part of the acceptance process. I can’t think of a more foolish policy than to ignore the code of software for which you are trying to endorse the quality of.

activistPnk , 1 month ago (edited 1 month ago)

A. Code review doesn’t work.

You’re doing it wrong.

B. Code review takes a very large amount of highly qualified man hours to not work.

Not if a machine does it. And even if they use humans, it takes even more man hours to do the alternative dynamic analysis and traffic analysis. Code review saves countless man hours even if done 100% manually by humans.

C. Requiring review of proprietary code exposes Google to a crazy amount of antitrust and IP liability. Again, to not work.

Not applicable to FOSS code.

Code review doesn’t happen because it’s a laughably stupid idea that has virtually no chance of being beneficial in any way. It’s not an oversight.

Code reviews happen at every organisation I have worked for to catch unwanted code before deployment and testing. The reason we review code before testing is because it’s cheaper to review code than to test it. It’s laughably stupid to think code review doesn’t work only to then to spend more money on verification tests.

activistPnk , 1 month ago (edited 1 month ago)

An organization reviewing its own code is not the same, or similar in any way, to an organization reviewing a large volume of external code for malicious intent.

This is neither of those cases. This is trivially searching the code for where the address book API is called, and inspecting only the relevant code to that object for a specific usage. If you review the whole volume of code for the entire application, you’re doing it wrong. It’s trivial and for the reasons I’ve already explained, less effort than dynamic analysis and traffic analysis.

And it doesn’t work for a wide variety of reasons (including the one I already gave you that binaries don’t provide you any guarantees that they’re from the source).

And you apparently missed the response because you’ve neglected to address it. It was a defeated claim.

Onboarding is universally slow because new people take weeks to months to actually meaningfully understand big projects.

You’re thinking about hiring heads to work on code they need to understand in depth in order to edit the code. That’s not the case here. Code reviews are much cheaper than onboarding developers.

Again, you’re asking for FOSS code to get some special treatment and bypass the requirements already in place.

Again, no exemption has been requested. Google is either smart enough to make use of info at their disposal, or they are not. (answer: they are not).

It’s completely absurd, because every single one of those tests would still be unconditionally mandatory to get any kind of actual confidence in security.

Only if you do it wrong. A code review gives more confidence about what happens with the address book than testing. Only a fool would needlessly spend money on the more costly and redundant black box approach which yields results (guesswork!) with less confidence¹. Sure you can also do the black box analysis but that’s just wasting money when the bar has already been cleared. You would do both if lives depended on the code, but such standards are far above Google’s standards.

Choosing to skip them because someone in India skimmed the code would be way past gross negligence.

You’re still not getting it. No one advocates for an exemption. You need to get that out of your head. A code review is a way to more cheaply do the verification with higher confidence, not to bypass it.

¹ Hence why Google failed many times to get it right.

activistPnk , 1 month ago (edited 1 month ago)

“Just searching the code where the address book API is used” most certainly does not give you increased confidence.

That’s the starting point. It only takes 5 minutes to get there and find the object of interest. If you don’t spend 10-30 minutes more to see how the object is used, you’re doing it wrong. And if you try to read every single line of code in the project, you’re also doing it wrong.

Obfuscation is not that difficult.

Obfuscation is even easier to spot than to create, which on that basis alone would be good grounds to reject a package.

You can only possibly gain confidence if you fully understand every single line of code.

As I said, you need not read every single line of code. Just the code touching the address book.

I ignored it because it’s idiotic. Google isn’t and shouldn’t be building code for you unless you pay for it.

It’s looking more clear that English is not your first language. You continually fail to comprehend what I’ve said, which was the complete opposite of this comment, after you suggested yourself that a code review effort is that of a new hire onboarding effort.

One more time: a company having people review specific code for a specific purpose does not in any way resemble an adversarial code review against bad actors.

Again, that is not the purpose of the code review. If the purpose is to generally find malicious code, that’s a very different criteria than /not exporting an address book/. And if you move the goal posts to that mission, you have no fucking chance to do that with the simple black box analysis you’re advocating.

There are no parallels. A code review gives you literally zero confidence that the writer isn’t malicious

A code review is the absolute cheapest most effective way to find malicious code, if that’s your new goal. You will not find malicious code with any confidence by looking at a TLS traffic tunnel and playing with the app as a user. You can see that the app connects to the Snikket server and you can see that blobs are passed back and forth, which is expected anyway. From there, you have to guess from the timing and payload sizes that something is off, at which point you still really know fuck all. It’s a lot of effort to reach insufficient confidence to condemn the app.

unless you comprehensively understand every single line.

Clearly you’ve never written software. Malicious code does not affect every single line nor does finding malice need an understanding of every single line. Bugs would never be found on any large project if that were true. Every code review I’ve performed has been narrow in scope and yet I still find non-conformant code. A developer can work on a project for ~10-20 years of their life and still only see a small fraction of the code. Yet they still discover bugs in very little time. If you think you need to look at every single line, I suggest avoiding the software career path.

Open source project security is entirely and exclusively reputational.

Reputation matters whether a project is FOSS or not. But if it’s closed-source, reputation is all you have. Of course it’s nonsense to claim FOSS code cannot be reviewed by anyone who cares to step beyond reputation.

activistPnk Mod , 1 month ago

they won’t be gassing the plane up just to take you to and from

Pilots are required to calculate the amount of fuel needed for the trip +30 extra minutes. The payload weight is part of that calculation. For small 4-person aircraft that means asking each person for their weight (yes, even women must answer that). For big commercial flights they just multiply the head count by an average. The fuel weight itself is also part of that calculation, which increases as the payload increases.

activistPnk Mod , 1 month ago (edited 1 month ago)

Are you really cycling far enough to warrant a flight? Is it about the journey or the destination? I would think you don’t do that kind of distance without loving the journey to the point of trivializing the destination. So for a given trip, you could just as well cut the outbound trip in half. It need not be a back and forth trip as the redundancy is what you want to avoid. So make it a triangular route.

Whatever your distaste is for buses, perhaps that can be remedied with small mid-trip stretches. Find a city pair where the journey is overall uphill, then book a bus just for a short segment of your trip. You get a more interesting window view for an hour or two than you would in a plane, and a moment to rest between cycling segments. You can do the same with ferries.

It’s also surprising to hear that you find it easier to take a bicycle on a plane than a train or bus. The fee for that must be small on buses and trains than on a plane. And hard to trust airline baggage handlers with your bicycle.

Might be worth looking into taking a blabla car, though it might be hard to find a ride who can spare the space for a bike.

activistPnk , 1 month ago

I quit using a dryer. Hang drying will help elastics last longer. Though it still breaks eventually.

When you repair them, are you sewing new elastic onto them? i thought about just threading a shoe lace since some boxers us that drawstring design anyway.

activistPnk , 1 month ago

I have a shopaholic aunt who is said to wear things she buys once on avg. She could open her own 2nd hand shop (or if she moved her stock to Europe she could open ~6 2nd-hand shops). Many women in my family are inflicted with this disease to varying degrees. It’s a gender-specific disease that I think men are immune to.

activistPnk , 1 month ago (edited 1 month ago)

Patagonia boxers are made using recycled plastics and they also accept worn out boxers for recycling. Patagonia is the only boxers I have found that are very loose fitting (baggy in fact), silky feeling, yet stretchy, yet moisture-wicking all at once. Nothing like this seems to exist in Europe.

So here’s a debate: synthetic vs cotton

Synthetic boxers can be recycled and can be made from recycled plastics. But every time synthetic clothes get washed they shed microplastics which most sewage treatment centers cannot filter out. You would have to buy a special filter to attach to your washing machine. Researchers in Ghent discovered that the bacteria that loves perspiration also loves synthetic clothes but not cotton. This is why synthetic clothes get stinky fast and thus need more frequent washing than natural fibers.

Cotton production consumes absurd amounts of water (2700 liters of water to produce 1 t-shirt). And when you wash it, hang drying takes /days/ (whereas microfibers hang dry in a couple hours). So people use energy wasting tumble dryers when cleaning cotton. But cotton has the advantage of being biodegradable. You can simply compost/landfill finished cotton as long as it doesn’t have harmful dyes that leech out. There is also a cotton t-shirt that is claimed to wearable 7 times before each wash. IIRC it’s blended with silver for anti-microbial effects.

The environmental debate can go either way depending on which problem you want to focus on, but cotton is clearly lousy performing underwear considering how it retains water and gets soggy. The only natural fiber that performs well for underwear is wool (ideally Marino from what I’ve read). But the prices on that are extortionate. €60+ for one pair of wool boxers, and they’re tight fitting.

Anyway, the OP’s thesis is lost. There is no BifL boxers AFAIK.

There are BifL socks though, called “Darn Tough” which have a lifetime warranty. They have 1 competitor but I forgot the brand. Both use marino wool.

activistPnk , 1 month ago (edited 1 month ago)

HUGE amounts of clothes are being trashed, many of them new; never worn. I wish I kept the link around. There were several articles in the past few years showing massive piles of clothes along the coastline of some poverty-stricken countries, with all the dyes leeching into the ocean. Fast fashion is the culprit.

Probably what disgusts me the most are political campaign t-shirts. Surely it’s the worst instance of obsolescence by design in clothing. Andrew Yang claimed to be an environmentalist yet his campaign t-shirts were made of non-sustainable cotton. Attempts to spotlight that were censored by Reddit.

If it’s OK and just doesn’t fit I donate it.

All the charities collecting clothes in my area are fussy. They want no flaws, and they want clothes to be cleaned. Apparently there is no infrastructure for repairing them or even simply washing them. Neighbors don’t bother.. they just stuff a trash bag with clothes and put it out with other trash. Sometimes someone notices that and tears open the bag and rifles through it for stuff. I’ve moved into places where the previous tenant just left clothes and blankets behind. I dumped them in the clothing donation bins anyway, without washing. But it’s dicey.. I could just be adding to their burden and have no idea if the clothes and blankets get used.

activistPnk , 1 month ago

Voting with your money works. But only when there are good options to vote for.

There are a couple BifL sock makers, but no BifL underwear makers. That’s the problem. If someone made loose-fitting stretchy aramid boxers with a drawstring that lasts 1+ lifetimes, people would pay $100/ea for them.

activistPnk , 1 month ago (edited 1 month ago)

Doesn’t sound familiar, but maybe there is more than two.

(edit) just had a brief look at bombas. They seem like a great product but I didn’t see notice of a lifetime warranty.

activistPnk , 1 month ago (edited 1 month ago)

breathability is the key criteria for clothing. Polyester and synthetic fabrics are nearly all terrible at this compared to natural fibres.

Natural fibers cannot be grouped together in this way because there is a huge variation.

This is where cotton fails and synthetic microfibers come out ahead. Cotton retains water, swells when wet, and suffocates as water tension spans the threads that are thickened by the swelling. Synthetic microfibers wick moisture away, and do not swell when wet, which gives excellent breathability. Cotton is fine as long as you don’t sweat. Or exceptionally, if it’s extremely hot in some windy situations the water retention can be a plus. I used to don cotton and hose myself down before getting on a motorcycle on a hot dry day. The evaporative cooling effect worked wonders with the high relative wind. But outside of that niche, such as sports, microfibers are king which is why sporting goods shops fetch high prices for high tech synthetics. As someone who sweats profusely more than normal, cotton is a non-starter in warm climates. Evaporation from soggy cotton simply cannot keep up with the rate that I add sweat. So a cotton t-shirt gets soaked in sweat and remains wet the whole workout session, and for days thereafter.

I used to wear tighty whities which made my gear sweat. Switched to Pategonia boxers and wow what a difference in breathability.

Wool and synthetics are similar w.r.t. comfort hence the term “smart wool”. But indeed natural wool is pricey and non-vegan.

activistPnk OP , 1 month ago (edited 1 month ago)

IPsec didn’t occur to me. Apparently they don’t show the ipsec configs when desktop users login (I only recall openvpn and wireguard & i’m not keen to check because just about every login results in a CAPTCHA for me).

The older droids (2.3 for sure) had broken built-in ipsec but they probably got it straightened out eventually.

they may have been forced to raise their SDK version?

What do you mean forced? Forced by who? I would not make excuses for pushers of forced obsolescence. It’s on them to explain and make excuses -- which is almost always a quite vague “for security reasons”, like every bank that chases the shiny and forces consumers to buy a new phone every 3 years.

Note Protonmail demonstrates this same forced obsolescence pattern with their Mail app, which requires AOS 6.

activistPnk OP , 1 month ago

What you seem to be implying is that the OS removed an interface that the app is using. That’s unlikely because ProtonVPN needs generally the same facilities and mechanisms as openVPN, which was not forced to bump their SDK. You can also see that the ProtonMail app (which is inherently very different than VPN service) also bumped their version to abandon AOS 5 users a year later. Yet other email clients (which generally need the same interfaces) were not forced to abandon people.

activistPnk OP , 1 month ago (edited 1 month ago)

AOS 5 (Lollipop) was 7 years old when Proton dropped it, not 10. 10 years is also a reckless place to draw that line. That’s Apple’s line.

Permacomputing folks have much higher standards than that of Apple’s corporate bottom line. I am writing this response using 16 year old machine that works just fine, and which will continue to function and serve my needs for at least another 5 years more.

As developers chase the shiny, bloat increases. Protonmail version 1.13.40 (the last AOS 5) was 23mb. The very next version just 3 months later (3.0.1), the first to demand AOS 6+, was 44mb. Yikes. They are welcoming bloat with reckless disregard. The more you bloat the code, the more error-prone it becomes. Bugs are directly proportional to complexity.

activistPnk OP , 1 month ago (edited 1 month ago)

Hence the purpose of the thread. The OpenVPN devs serve the permacomputing community better than the devs of the ProtonVPN client. The fact that profit motives are the culprit for the forced obsolescence is guesswork. It’s a very good guess but in the end it’s merely irrelevant trivia. They don’t get a sympathetic pass or some different treatment for needing to profit.

You can’t expect to use older hardware in combination with bleeding-edge online services (like VPN)

Yes I can. Hence the purpose of open standards which make that possible. OpenVPN is proven to work on old hardware with current bleeding edge services. I have it working with riseup and getting it working for ProtonVPN is likely a matter seeing if I fat-fingered my password wrong. I have openvpn connecting to protonvpn from other clients already.

I’m guessing the 23mb to 44mb jump was due to targeting a newer API version. That doesn’t mean ProtonMail’s code is more bloated–it could actually be less, while the OS/API side increased.

It doesn’t matter. Introducing code that statically links in more object code is also accountable bloat that brings bugs. Saying that the code is on someone else’s side of the wall does not discount the bug potential amid other downsides to bloat. It’s also notable that AOS 6 was a minor change. It was Google following a one-major-release-per-year pattern, and just making an insignificant release just for optics so people don’t think they’re slacking on progress. Thus speculation that the same source code compiled in the bloat is unlikely. Not long after that release Protonmail makes another giant leap of bloat to 70mb+ with no change in the SDK API target.

activistPnk OP , 1 month ago (edited 1 month ago)

This does not explain the fact that ProtonVPN’s server proactively refuses to serve users of their client version 2.6.91.0 (which is the last to target AOS 5). Google has nothing to do with that.

But also, if your theory is correct then openVPN fails to install on Android 15 & 14, correct?

activistPnk Mod , 1 month ago (edited 1 month ago)

“There are about 160 of these incentive programs across the U.S. ”

nice. Bicycle rebates are common outside the US but I would not have thought they would attempt it inside the US.

Though w.r.t Denver, in principle it’s flat enough they should be offering rebates for muscle bikes as well. I wonder if they figured too few people would be willing to make the perceived sharp change of peddling their lazy asses around.

activistPnk Mod , 1 month ago

Property crime is also pretty high so I’m still nervous about bringing them anywhere I’ll be away from it for an extended period, too.

Buy two different kinds of locks. Many thieves master 1 or 2, maybe 3 locks but not much beyond that. So if you pick two different locks most of them will be stifled enough to move along to someone else’s bike. More importantly: the best security is a good insurance policy.

(Even though to a bike thief it ends up just being a really heavy manual bike, I am not sure enough that they care.)

The battery and motor alone are typically ~$1k new.

activistPnk , 1 month ago

Why is this in permacomputing? Is gnunet lightweight in terms of computation or bandwidth consumption? How does it compare to Tor in those regards?

activistPnk OP Mod , 1 month ago (edited 1 month ago)

I guess you don’t consider !bicycle_touring fit for the sidebar then.

Bicycle touring is relevant but indeed lemmy.world is antithetical to fedi philosophy and purpose so I wouldn’t want to promote it on the sidebar. #LemmyWorld has a group for everything and needs no promotion. They replicate communities in the free world, effectively poaching from better places.

Would you be opposed if some content from over there would also be crossposted to here?

No; feel free to crosspost either way.

My personal approach is to post initially in the most relevant free world decentralized community first, creating a new community if necessary. If the post contains a question that’s starving for answers after some time, then I might cross post to centralized places¹ in part to promote the better venue to those in places of oppression… to try to steer people toward a more ethical workflow.

Some instances only show the parent of a cross post, while other instances show both parents and children in a cross posting scenario. This is why I favor the digital rights respecting community for the initial post.

① e.g. lemmy world, sh.itjust·works, lemm·ee, lemmy·ca, programming·dev, and lemmy.ml.

activistPnk OP Mod , 1 month ago (edited 1 month ago)

I ended up on world because they accepted people when many instances didn’t

That’s the problem with #LemmyWorld. They do not exercise self-control and grew far beyond that of a healthy balance of power. Part of their excessive growth is attributed to their use of an oppressive US tech giant, Cloudflare, which is a centralized gatekeeper who dictates which people get access to what. They’ve betrayed their users and sold out the digital rights of the commons in trade for gratis “security” (though I hesitate to call it security when availability is ruined to the demographics of people CF oppresses).

and i didn’t want to sign up to an instance that may be run on somebody’s raspberrypi and would be turned off in a week or something.

That’s a real risk with the small instances but it’s a risk that we accept in the free world. It’s even more infuriating when a small instance opts to suddenly join Cloudflare without announcement, as opposed to going down. Then users get pawned to an oppressor without their knowledge or consent -- while some users suddenly get shut out of the walled garden with their data trapped inside. This happened with waveform.social, lemmy.ca, and programming.dev. My content is now held hostage in those places unless I pawn myself to Cloudflare.

The way forward is better tools. There are various archival clients which grab your content as regularly as you want and save a searchable local copy. When a raspberrypi running in some kid’s mom’s basement gets spontaneously unplugged, you have your archives.

For the case at hand, I suggest creating a community either here or on the travel-specific instance lemmy.globe.pub. Let me know if you do so I can add it to the sidebar.