cultural reviewer and dabbler in stylistic premonitions

  • 28 Posts
  • 204 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle

  • Great article, BTW

    I disagree, the headline is clickbaity and implies that there is some ongoing conflict. The fact that the Fedora flatpak package maintainer pushed an update marking it EOL, with “The Fedora Flatpak build of obs-studio may have limited functionality compared to other sources. Please do not report bugs to the OBS Studio project about this build.” in the end-of-life metadata field the day before this article was written is not mentioned until the second-to-last sentence of it. (And the OBS maintainer has since saidFor the moment, the EOL notice is sufficient enough to distance ourselves from the package that a full rebrand is not necessary at this time, as we would rather you focus efforts on the long-term goal and understand what that is.”)

    The article also doesn’t answer lots of questions such as:

    • Why is the official OBS flatpak using an EOL’d runtime?
    • Why did Fedora bother to maintain both their own flatpak and an RPM package of OBS?
    • What (and why) are the problems (or missing functionality) in the Fedora Flatpak, anyway? (there is some discussion of that here… but it’s still not clear to me)
    • What is the expected user experience going to be for users who have the Fedora flatpak installed, now that it is marked EOL? Will it be obvious to them that they can/should use the flathub version, or will the EOL’d package in the Fedora flatpak repo continue to “outweigh” it?

    Note again that OBS’s official flathub flatpak is also marked EOL currently, due to depending on an EOL runtime. Also, from the discussion here it is clear that simply removing the package (as the OBS dev actually requested) instead of marking it EOL (as they did) would leave current users continuing to use it and unwittingly missing all future updates. (I think that may also be the outcome of marking it EOL too? it seems like flatpak maybe needs to get some way to signal to users that they should uninstall an EOL package at update time, and/or inform them of a different package which replaces one they have installed.)

    TLDR: this is all a mess, but, contrary to what the article might lead people to believe, the OBS devs and Fedora devs appear to be working together in good faith to do the best thing for their users. The legal threat (which was just in an issue comment, not sent formally by lawyers) was only made because Fedora was initially non-responsive, but they became responsive prior to this article being written.





  • They have to know who the message needs to go to, granted. But they don’t have to know who the message comes from, hence why the sealed sender technique works. The recipient verifies the message via the keys that are exchanged if they have been communicating with that correspondent before or else it is a new message request.

    So I don’t see how they can build social graphs if they don’t know who the sender if all messages are, they can only plot recipients which is not enough.

    1. You need to identify yourself to receive your messages, and you send and receive messages from the same IP address, and there are typically not many if any other Signal users sharing the same IP address. So, the cryptography of “sealed sender” is just for show - the metadata privacy remains dependent on them keeping their promise not to correlate your receiving identity with the identities of the people you’re sending to. If you assume that they’ll keep that promise, then the sealed sender cryptography provides no benefit; if they don’t keep the promise, sealed sender doesn’t really help. They outsource the keeping of their promises to Amazon, btw (a major intelligence contractor).

    2. Just in case sealed sender was actually making it inconvenient for the server to know who is talking to who… Signal silently falls back to “unsealed sender” messages if server returns 401 when trying to send “sealed sender” messages, which the server actually does sometimes. As the current lead dev of Signal-for-Android explains: “Sealed sender is not a guarantee, but rather a best-effort sort of thing” so “I don’t think notifying the user of a unsealed send fallback is necessary”.

    Given the above, don’t you think the fact that they’ve actually gone to the trouble of building sealed sender at all, which causes many people to espouse the belief you just did (that their cryptographic design renders them incapable of learning the social graph, not to mention learning which edges in the graph are most active, and when) puts them rather squarely in doth protest too much territory? 🤔



  • What the people here saying this “seems legit” are really saying is that, if the site is providing DRM content which you want to see, then it is indeed using this for its intended purpose (which is to prevent you from recording and/or retransmitting the stream). This is true, but, it doesn’t mean that the site isn’t also collecting your device identifiers and using them for some nefarious privacy-invasive purposes. And of course, they most likely are.

    So if I were you I would look for a pirated streaming website instead of running this proprietary software to watch a DRM’d stream. (The pirated site will probably also be privacy-invasive, but they won’t get your device ID… and you’re more likely to be able to block its ads.)











  • security updates are for cowards, amirite? 😂

    seriously though, Debian 7 stopped receiving security updates a couple of years prior to the last time you rebooted, and there have been a lot of exploitable vulnerabilities fixed between then and now. do your family a favor and replace that mailserver!

    From the 2006 modification times, i wonder: did you actually start off with a 3.1 (sarge) install and upgrade it to 7 (wheezy) and then stopped upgrading at some point? if so, personally i would be tempted to try continuing to upgrade it all the way to bookworm, just to marvel at debian stable’s stability… but only after moving its services to a fresh system :)



  • why bother opening a pathway in the first place

    i’ve never had an IG account myself, but i think your mistake is in assuming that someone accepting your follow request on a restricted IG account is an indicator of desire for chatting with strangers. accepting your follow request might just mean they glanced at your profile and assessed that you aren’t a spammer or bot, not that they want to chat with you.

    perhaps just need to find out somewhere in the real world where I could bond more easily with real people?

    for sure that is a good idea 😂

    but there are also many places online where it is much more reasonable to assume people are interested in chatting with strangers.