I blow hot air.

  • 10 Posts
  • 213 Comments
Joined 1 year ago
cake
Cake day: July 6th, 2023

help-circle





  • Compared to dumping white phosphorus over hospitals and refugee camps, killing 2 (?) children during an attack that targeted hundreds/thousands is many orders of magnitude more precise. I hate dead innocents as much as anyone, but you gotta admit the pagers were effective and included way less collateral damage than the methods Isreal has employed in recent history.

    The point of the post isn’t to praise the pagers attack. It’s to point out that Isreal is capable of causing less collateral damage in Gaza but chooses not to.



  • I mean, what other type of controller would you buy on PC if you’re looking to buy a game controller? Unless you’re not including 3rd party controllers as “console controllers”. Afaik, the xbox pro controller is still considered the best controller to use on PC, and while it is made by Microsoft, it’s not a controller that comes with the console.

    The PC controller market just isn’t large enough to support pc-only controllers. Of course the recommendation is to always buy a console controller, pc controllers don’t exist! 😂

    Yes, I know some games have their own controller type like flight sticks, game pads, and OSU, but nobody is seriously using those for rocket league and elden ring.


  • Ideally, you set aside 3 to 6 months worth of your typical monthly spending to cover (some) emergencies and job loss, then invest everything else. 401(k) is still tax advantaged in the same way as an IRA, and you can typically do roth contributions to a 401(k) too. So there are benefits to going above your employer match.

    But, you’re right that you don’t want to trap all of your money into a retirement account either. You’ll probably want to make large purchases like a car or house. In that case, you plan out a timeline and invest in less risky things depending on how far out you plan to purchase said thing.

    The overall idea of “invest in index funds as much as possible” can be applied generally, but the amount that you contribute and in which types of accounts heavily depends on the individual.

    I just wanted to point out that 401(k)s without employer matching are basically just IRAs with high yearly caps because it took me a few years to realize that, and I fancied myself financially literate. It can be a good idea to contribute more, so long as you don’t need the money elsewhere.







  • All good points!

    Not to be an ultra-hardened messafing platform to avoid state-level targeted attacks

    I think Signal likely could be used to avoid state-level hacks and to be ultra-anonymous, but in that case you’d want to take extra precautions like using a burner and, to your point about metadata, there are other ways to identify who you are than your phone number, especially if you’re an organization comprised of many people. Realistically, anyone that has a real need to protect themselves against state-level threats either has the resources available to do so properly with their own tech, or is so hopelessly outmatched that it doesn’t matter regardless.

    Imo encryption is more about being a roadblock than an impenetrable shield. Even for organizations with infinite money and technological expertise, there are easier ways to identify you and get your data than breaking even moderately good security implementations. News stories of feds getting access to Signal convos are all about getting access to a phone and simply reading the messages, not breaking encryption or setting up honeypots on Signal servers.

    It’s a design decision, not a security flaw.

    The beauty of E2EE is that you don’t need to trust the servers at all, once you verify that you’re actually connected to the person you intend to be. Doesn’t matter if the server is trying to con you, keys are generated locally and everything is signed and encrypted locally before being sent off-device. As long as you can verify that the app you’re running matches the published source code, and that the source code isn’t duping you, you should be good to go. I haven’t reviewed the Signal protocol in a few years, but I don’t believe there are any servers that require trust, like say SSL has.

    As for hostility towards 3rd party apps, it’s pretty common for orgs to want everyone to only use first-party software when interacting with their service. It’s nearly ubiquitous today. I think probably all of us on Lemmy prefer platforms that allow for 3rd party apps, but there are legitimate reasons not to and I wouldn’t say it’s a security flaw.

    I’m glad they finally added usernames and stuff but I don’t think we should necessarily trust it either… I would not use it for serious organizing

    I think this ties back to the encryption vs wrench scenario. If you’re organizing a protest, you’re screwed no matter what you use because the cops just need to join the group themselves or take someone’s phone. Self-destructing messages can prevent this, and hostility towards 3rd party apps help in that case since you can be more certain that nobody is using some shoddy implementation that ignores self-destruction or improperly deletes things.

    If you’re organizing a military operation, you shouldn’t be using civilian messaging apps full stop.

    If you’re somewhere in between like a cartel or terrorist organization, please stay off any app I use to send memes to friends.

    Metadata is absolutely useful info, and while signal does protect metadata more than the average bear, I don’t think I’d confidently claim they have nothing to hand over if the NSA comes knocking.

    100%, but it’s a hell of a lot less useful than Facebook Messenger, my grandma can set it up in 5 minutes without any trouble, I don’t have to maintain any servers, and know that it’s supported by well funded top-notch engineers that aren’t going anywhere anytime soon.

    I use it for day to day chatting. it’s at least not getting read by advertisers which is a feature on its own.

    Literally same.



  • Mobilecoin

    It’s dumb, but it’s also not really marketed and is easy to forget that it exists even when using the app daily.

    Denigrating warrant canaries

    He consulted with lawyers and they said that removing/not updating a warrant canary would likely have the same legal consequences as violating the court order by simply announcing the subpoena. Also, a warrant canary is nearly useless even in the ideal case because it just says that they got a secret warrant, not what the subpoena was for or any other details. You wouldn’t know the exact date, what was requested, or even what country made the request. And it becomes even less useful after receiving the first secret warrant.

    Also, not all subpoenas are secret. Signal posts all government requests, including the full documents of all communication between Signal and the government, at https://signal.org/bigbrother

    And, since Signal is E2EE, they don’t have any useful data to share when they receive a warrant anyway.

    Refusing to allow non-signal servers

    Signal isn’t federated and it’s not intended to be. If you’re using a private server, you’d only be able to talk to people also on your servers. If that’s a feature you want, you can simply choose a different messaging solution. It’s a design decision, not a security flaw.

    Only allowing Google and Apple app stores

    Here’s an official apk download: https://signal.org/android/apk

    Requiring phone numbers for account creation

    Yeah, it’s kinda weird. They started as an SMS app which obviously requires a phone number and just haven’t got rid of the requirement. They added usernames and hide your phone number by default, so you can at least message others without sharing your phone number.

    In the end, phone numbers streamline signup and account management and Signal is meant as a texting replacement, not a social media/texting hybrid like Telegram or Discord, so phone numbers help the less tech-literate to use the app. As long as the encryption is sound, phone numbers don’t really add that much security risk and the point is to bring high-grade encrypted messaging to everyone, not to be an ultra-anonymous hardened messaging platform to avoid state-level targeted attacks.