Imnebuddy - pronounced “I am any buddy”

Techie, hippie, commie nerd

  • 0 Posts
  • 24 Comments
Joined 4 years ago
Cake day: March 17th, 2021
  • Imnebuddy@lemmy.mltoPrivacy@lemmy.mlTelegram Hands U.S. Authorities Data on Thousands of UsersEnglish
    1·
    1 month ago

    I’m not denying that major flaw of Signal, in which part, yes exposing your phone number tied to your Signal account basically negates Signal’s security, as well as Signal’s centralized server being proprietary. Nevertheless, when using Matrix, you need to ensure you and everyone you communicate with uses a client that isn’t still using the deprecated libolm cryptography backend (and that it uses vodozemac).

  • Imnebuddy@lemmy.mltoPrivacy@lemmy.mlTelegram Hands U.S. Authorities Data on Thousands of UsersEnglish
    52·
    1 month ago

    https://lemmy.ml/comment/15999861

    In the blog posts I read where the author, a security engineer, audited and/or reported vulnerabilities with two E2EE chat protocols commonly recommended as Signal alternatives–Matrix and XMPP–both had implemented half-baked solutions or refused to solve the issue at all in some regards, and both had evangelists that gave dismissive responses. The XMPP chud dev gave a laughably childish response, and the Matrix dev even admitted the team being aware of the olm vulnerability and deliberately refused to fix it for years. Not that Signal cultists are any better and not negating the legitimate security and trust issues with the Signal platform, but Signal is still a decent platform for most people’s threat model, though it would be nice if there was an alternative that could compete with Signal to recommend to most people instead. If you care about metadata resistance and your threat model involves high stakes if your assets are compromised, the blog author suggests Tor-based solutions such as Cwtch and Ricochet Refresh.

  • Imnebuddy@lemmy.mltoPrivacy@lemmy.mlTelegram Hands U.S. Authorities Data on Thousands of UsersEnglish
    4·
    1 month ago

    I’m with you there. This wasn’t meant as an argument against your statement. I brought up the issues regarding Matrix and XMPP as they are often recommended as alternatives to Signal, and after learning about this blog in a previous conversation I had about this topic, I thought it would be a good resource to bring up so people can be informed about those platforms and some alternatives that may be better than Signal while being metadata resistant.

  • Imnebuddy@lemmy.mltoPrivacy@lemmy.mlTelegram Hands U.S. Authorities Data on Thousands of UsersEnglish
    2·
    1 month ago

    Many Signal alternatives also have security issues of their own, often making them less secure than Signal. This includes Matrix and XMPP. In the blog post regarding XMPP+OMEMO, the author replies to a question about which would be better than Signal, Matrix, and XMPP with this suggestion:

    Anyone who cares about metadata resistance should look at Cwtch, Ricochet, or any other Tor-based solution. Not a mobile app. Not XMPP. Not Matrix.

    In regards to Ricochet, not having a mobile app version makes it difficult to recommend to less tech savvy people.

  • Imnebuddy@lemmy.mltoLinux@lemmy.mlNew UserEnglish
    2·
    1 year ago

    I would probably suggest Mint. When I first started Linux, I was adept with computers, but I still struggled using Linux for the first time. I tried Fedora around 2015 as my first distro, and I really struggled to install it. So I started with Ubuntu. I spent time doing some courses for Linux, and it was quite a journey for me to figure out this new environment. Then I would distro hop so much because I was dissatisfied with missing packages and issues with my new laptop (which wasn’t running well on many distributions because it required a newer kernel), and then I landed on Kubuntu for a little while. Then Manjaro, which I don’t recommend anymore for these reasons (plus I had to reinstall Manjaro a few times when it broke, especially due to NVIDIA driver issues, but today that shouldn’t be as much of a problem, I believe). I was able to install Manjaro with Manjaro Architect at one point, which made it easier for me to figure out how to install Arch Linux. I was breaking my Linux machine so much when I was using Ubuntu because I didn’t understand what I was doing, thus it is difficult for me to recommend a Linux distro to a new user with full 100% certainty they would not break their system if they wanted to do some tinkering or try to do any niche thing like gaming. I know you want to leave Windows ASAP, but it may be easier to first run Linux in a virtual machine. It’s going to take a while to figure it out, and a virtual machine will help make the journey less painful so you don’t risk wiping your drive or having periods where you are stuck without a machine when you need to get work done and you are sitting in front of your computer for hours trying to install and configure Linux or figure out why you are booting into emergency mode. For a tip, I really recommend not installing everything you want under the sun. This was the reason for 90% of the time I broke my Linux installations. Install only a few packages at a time, and backup your data.

    There is a new Arch-based distro in town that is meant to be user friendly, which is Crystal Linux, but I haven’t used it myself nor do I know if this is good to recommend to absolutely new users. The reason why I mention it is because I have had a lot of trouble with other distributions, and while Arch would break on me once in a while (which at that point in my Linux journey, I could fix Arch without needing to reinstall the entire OS)–usually for a specific package or two–as a noobish user it was a better experience for me working with the pacman package manager and having access to the Arch User Repository. I also had a better time working with rolling release distributions. With Crystal Linux, it gives you the option to install the Nix package manager and comes with a nice pacman wrapper called Amethyst, but I would consider yay the best pacman/AUR wrapper, imo. I haven’t tried Amethyst, though.

    Here’s a video on Crystal Linux by DistroTube: https://yewtu.be/watch?v=Q_CXNtbsy74

    Crystal Linux also has documentation on using a NVIDIA GPU with Wayland here: https://getcryst.al/site/docs/crystal-linux/nvidiawayland

    Crystal Linux also uses the BTRFS filesystem utilizing snapshots with Timeshift, which if I had used this when I was first learning Linux, it would have saved me a lot of trouble.

    Also, one last tip: when installing Linux or working with something you are unfamiliar with, take notes. It really helps to have something to look back at when you have to do the same task again and forgot the reason you did certain things.

  • Imnebuddy@lemmy.mltoLinux@lemmy.mlDotfiles matter! Please stop dumping files in users’ $HOME directories.English
    8·
    1 year ago

    I know developers are busy, and I don’t mean to berate them for their choices or work. I only have a two year Computer Information Systems degree and haven’t programmed a lot for a while, but supporting the XDG specification and remaining backwards compatible doesn’t seem to be very difficult or would cause so much breakage (of course, the amount of work would depend on the software and how the hardcoded path is implemented). I look up git repository issues for the software and tend to find ubiquitous examples like vim to be resistant to such change: https://github.com/vim/vim/issues/2034

    This is really frustrating and leads me to find alternative software, such as neovim/doom emacs instead of vim, nushell instead of bash, etc., just to be able to clear up my home directory. I don’t mind if I have to wait for XDG to be supported, but many important projects just label the issue as “won’t fix”. I totally understand where you are coming from.

    List of software with hardcoded paths at this time: https://wiki.archlinux.org/title/XDG_Base_Directory#Hardcoded