hedgehog @ hedgehog @ttrpg.network

Posts

1

Comments

875

Joined

2 yr. ago

Do you have a source for that claim that doesn’t reference the sale of Steam keys specifically?

I said this elsewhere but that’s not true. The idea that publicly traded companies have a duty to maximize shareholder value is a myth, and anyone privileged enough to sit on a board of directors likely knows this. See this article for an explanation. Every time a board squeezes a company for short term profits at the cost of long term good will, long term profits, etc., that is because they chose to do so.

The idea that publicly traded companies have a duty to maximize shareholder value is a myth, and anyone privileged enough to sit on a board of directors likely knows this. See this article for an explanation. Every time a board squeezes a company for short term profits at the cost of long term good will, long term profits, etc., that is because they chose to do so.

EDIT: See also This NY Times article. And note that I'm not saying that corporations, board members, etc., aren't pressured or incentivized to maximize shareholder value - I'm saying that they do not have a legal duty to do so.

From your follow-up message where you confirmed - thank you for checking and confirming! I don’t have a 64 GB Steam Deck but some of my friends might (they have Steam Decks, I just don’t know what sizes) and that confirmation will make it way easier for me to help them make the same change if they ever complain about running out of main drive storage.

Out of curiosity, did a symlink actually work or did you need a bind mount?

I ask because I had issues with cloud saves not working for BG3 (which I got through GOG, not Steam) and as a workaround I put my save folder in Dropbox and sym linked to it from every system I play on. But on the Steam Deck specifically the sym link didn’t work and I had to create a bind mount instead. I wouldn’t be surprised if Steam and Proton used the same file management libraries.

[The daughter] also reportedly deals with multiple mental health issues and became pregnant due to an abusive relationship.

[The mother] was set to undergo a court-ordered psychological evaluation ahead of her sentencing. But the evaluation was canceled due to lack of funding

Even if she didn’t try and fail to get an abortion before this point (and we don’t know whether she did), I’m pretty sure that most would agree that this is a circumstance where a late second trimester/very early third trimester should be acceptable.

It was also pretty despicable to cancel the mother’s psychological evaluation because of “lack of funding” and to then sentence her to multiple years in prison.

I’ll keep my pitchfork out, thanks.

The key that is stored server-side by Signal are only used to decrypt your profile, your contacts and groups, and your app settings. It is not used to decrypt your messages. And my understanding is that if you set a secure password instead of a pin, the key will be encrypted by your password before being uploaded, anyway, meaning that it’s e2ee, too.

Also, you can host your own Signal server, though I suspect doing so is more complicated than hosting a Matrix server. The code is almost fully open source (and I only say “almost” because, in the past it was not uncommon for the code on Github to be several months out of date - the license is a FOSS license). However, Signal isn’t federated, so you wouldn’t be able to talk to anyone using the Signal app or a fork on the main Signal server - unless you forked the app and made it able to manage accounts on multiple different servers.

Matrix also doesn’t encrypt metadata and it syncs conversation metadata to every involved server. As recently as 2022 Matrix had several critical vulnerabilities discovered (and patched). I wasn’t able to find any record of the audits mentioned in that article, so I have no clue how they performed, but regardless, even if just based on the metadata alone, currently Signal is more secure.

From a FOSS perspective, it makes sense to prefer Matrix over Signal (or maybe XMPP?). Signal - Moxie specifically - has been downright hostile to forks (refusing to allow them to use the Signal server with their frontend fork) and I remember him rejecting PRs and being rude toward contributors, too, though my memory’s a bit fuzzy on the specifics. That was a few years ago, so maybe it’s gotten better, but even if so, Signal isn’t federated and likely never will be, so any developer would have a lot more flexibility building things for Matrix or contributing to existing Matrix projects.

I stopped reading because your entire comment is composed of made up words.

Go fanboy somewhere else.

Per that link, the encrypted master key is stored.

What kind of “Private club” do you think this article is about?

That’s awesome, glad to hear it - I hope it continues to treat you well!

I actually had to swap a drive out yesterday and was happy to have this case again. It was a bit more work than just pulling a single drive, since I hadn’t labeled the drives on the front (I’ve changed that now), but if you take that small step it makes it super easy.

I also had screwed in some of the drive bays on the back and then forgotten, so taking them out was a pain, but unless the tower is mobile the bays seem stable enough without those screws.

If the issue were his name, then it wouldn’t have made it on the App Store in the first place.

Apple also removes social media apps that don’t meet their standards for moderation, so that’s already a thing. For example:

• Twitter speculation
• Parler removed

Note that Apple didn’t remove “Truth Social” (though Google did) so this isn’t a political issue (it may be for Google, but I doubt it).

Check out Apple’s App Store Review Guidelines. Personally, I approve of Apple protecting its users from scams and other dangerous content. There are a ton of things I’d love for them to be more open about allowing, but I’m fine with them banning apps like this one.

Is your issue that you don’t like Apple’s requirements? If so, this app is an excellent point in their favor in most people’s eyes.

Is your issue that you think Apple’s requirements are discriminatory in some way? If so, an app by a cis het white misogynist is probably not a great example of that.

Do you think their standards were applied unfairly? If so, I find it hard to believe that you even read their guidelines.

Honestly, I get the impression that you’re just a Tate fanboy and that you’re mad that Apple pulled his app.

scam (which is not the case)

I’m guessing you haven’t visited the website, because it screams “Scam!”

no alternative way to install apps on iOS

Apple users can install PWAs.

This app didn’t get taken down because it was by a “controversial” guy. It got taken down because content in the app encouraged violence and because the app itself was a pyramid scheme (People had to pay $50/month just to use the app, with promises of rewards if they got more people to join).

Google removed the app from their store, too. Yes, you can still probably install it from their website or a third party app store on Android, and yes, it would be great if third party app stores and sideloading existed for iOS (and they kinda do, though they’re very limited) but even if they did exist it would be reasonable to expect every single one of them to refuse to host this app (especially if “hosting” entails accepting payments).

Tate can still host this via the web. He can even build a progressive web app for it. I suspect he’ll run into issues collecting that $50 monthly payment any way other than by crypto, though, since I suspect most payment processors will refuse to work with him.

A trucker would be doing this before going to sleep, so he’d be inside and able to undo the seat belts that way. Otherwise idk

I do, yes. Signal’s not perfect, but it’s very good, especially for everyday conversations. Compared to comparable secure alternatives, it’s more user friendly and in many cases it’s more consistently secured (specifically thinking of Matrix here).

There are keys for your conversations on every device you have linked to Signal, but not on the Signal servers. Each device gets its own set of keys, which are discarded and updated with new derived keys as you send and receives messages. Your phone is the one in charge of handing the initial keys out to other devices and in charge of revoking them. The server has a message queue for each device, but not the keys. (The messages are deleted from the queue after being delivered to the device or after 30 days, at which point that device is unlinked.)

I also found this article that discusses the data that ends up getting stored on Signal’s servers.

One big vulnerability for Signal is that it trusts your local machine too much, especially on Desktop but also, to an extent, on mobile. If you have malware on your system, if you don’t encrypt your drives, or if someone is able to guess your password, then someone can get full access to your conversation history. On desktop, the database with all your conversations is stored in an encrypted database, but the key to decrypt the database is stored in plaintext. That key could be secured in the system keychain, which would make it resistant to being read by malware, but it isn’t. It could be encrypted locally with a user-provided PIN or password… but it isn’t. And I have seen enough of people struggling to contribute code to Signal that I suspect if someone contributed a PR to fix that, it wouldn’t get merged.

That all said, if someone stole your laptop, even if they got access to past conversations you can cut them off from future conversations by unlinking the device from your phone. And if someone cloned your Signal data and tried to connect as you, then it would be pretty obvious that something was going on when you logged in on your own laptop, since it would get very glitchy, and as soon as you unlinked and re-linked it would cut off the attacker’s access.

This whole vulnerability makes Signal’s resistance to a proper, securely encrypted, user-managed cross-platform backup system even more frustrating. It feels, honestly, like security theater. But even so, I prefer the current state over having the backup in Signal’s cloud, regardless of whether SGX is involved; I want to manage my own backup. Like other proponents of a proper backup system, I believe that the user should be in charge of determining if a conversation should be ephemeral, and Signal provides a tool to do that - disappearing messages.

The other big vulnerability Signal has is not being anonymous, largely thanks to being linked to a phone number. Anyone you chat with has your number, and anyone who has your number can check to see if you’re on Signal (though you can at least disable the latter option). Things like Sealed Sender help protect your identity and the identities of your contacts from outside observers, but they aren’t perfect. This lack of anonymity is the main reason given for not trusting Signal when your threat model involves state surveillance, but as a counterpoint to that - as recently as 2021, Edward Snowden endorsed Signal and said he uses it every day. If Snowden trusts it to secure his conversations, I’m not worried about it for my own.

Why are you recommending people disable their Signal PINs? Best practice as far as I’m aware is to set a secure passphrase (rather than a 4 digit PIN) and to enable Registration Lock.

This article is the only one I was able to find with a recommendation that you opt out of setting a PIN, and even there they recognize that if you set a secure passphrase instead of a PIN, you aren’t reliant on SGX’s security anymore.

That article also doesn’t talk about how having a PIN is required to enable Registration Lock. Since Signal is dependent on phone numbers, disabling Registration Lock makes you vulnerable to account hijacking attacks. I would personally be more concerned about my contacts having their accounts hijacked - with the only indication of this on my end being that their Safety Number changed - than by them using a 4 digit PIN; if I were to recommend anything, it would be for them to use a secure passphrase (like an EFF dice-generated passphrase or a 12-word BIP39 phrase) and enable Registration Lock.

Just to be clear, the referenced keys are not for your conversations, but for your contacts, groups, settings, and profile: https://signal.org/blog/secure-value-recovery/ Your conversations are fully e2ee and those keys are stored only on your devices.

Also the “disable your pin” advice you’ve been given is misleading. You should not disable your pin; instead, you should use a secure alphanumeric pin. Disabling your PIN means you cannot enable Registration Lock, which makes you vulnerable to account hijacking attacks, e.g., by SMS interception or simjacking.

alexnino_ on Tiktok’s second pinned video demos it. He threads the seatbelt through the door handle (the hard plastic, not the part you pull to open the door) and then buckles and locks the seatbelt, ensuring that even if someone can unlock the door, they can’t open it.

Kind of dont understand the point of the article.

Students do things outside of the waiver and get in trouble. Pikachu face.png

Per the title and much of the article, the students are running into these issues while using the laptops to do their homework. Waiver or not, a student shouldn’t be punished for trying to do their homework.

Did you ever have to do research for an essay when you were in school, where the topic wasn’t narrowly defined ahead of time? I.e., write a 500 word essay on the themes of this book, write about why you think a character’s actions were or weren’t believable, justified, etc., or write about something that happened during a particular war. I had to write several, and writing about a topic not discussed in class meant I had to do research to learn more. It would make sense for someone to choose a topic related to their disability, to their race, to their being lgbtq+, etc. - and this is one of the kinds of thing that is being blocked, but that shouldn’t be.

If my teacher assigns me an essay on a topic and then I do research related to that topic, getting called to the principal’s office because a cop needs to talk to me the next day shouldn’t be a feasible consequence.

I agree that students shouldn’t be required to have surveillance software on their computers, but I suspect that even if students brought their own computers, school districts would likely require surveillance software before letting them bring the computer to school.

I assume you’re not using, and have never used, Google (a silly sounding, misspelled math term that sounds like a sound a baby would make), Bing (sillier yet), Yahoo (it sounds almost as ridiculous as “Google” and their early advertising only made it worse), Yandex (what is it, a cleaning product or a search engine?), Baidu (sounds like a name from a children’s show), Seznam (sounds like a sauce), Brave (literally the same name as a children’s movie), Searx (someone tried to be cool by replacing “ch” with “x”… c’mon), or Qwant (bless you!). I’m curious, though… which search engine do you use?