irotsoma @ irotsoma @lemmy.blahaj.zone

Posts

0

Comments

210

Joined

6 mo. ago

Yes, these are not "private" services, they are "secure messaging" services. Commonly confused issue. Privacy requires controlling the communication infrastructure. Security only requires controlling the items being shared.

Real problem is that the rules change every year so the software has to be constantly updated and that sometimes requires insider information about what changes are coming. Often the IRS publications aren't available until the last minute or later, definitely not in enough time for proper quality processes. So, while simple returns can sometimes be done with software like this, a lot of people rely on the software or agencies to know all the new rules.

That being said, I would like it a lot if there was a way to file very single form, but fill it out manually in the software, without calculations being done by the software. At least then you could file electronically regardless of what complex forms you need to file with complex worksheets and sub-forms, if the software didn't need to know about those things, just the forms you actually file. As it is, the only way to file these is with expensive software or on paper which can take many months for the IRS to process and you could be on the hook for interest if you file something wrong and the IRS doesn't reject in time for you to correct it and resubmit before interest charges accrue.

Also, a lot of IRS processes require the software to be certified (or at least did the last time I looked at it) because their software isn't sophisticated enough to validate the complex forms, so getting that certification might be difficult for FOSS software. I'll be interested to see how that plays out.

If you want to be as secure and private as possible, your best option is to set up your own build servers and automate builds, and validate the components used by each product conform to your needs and standards for security and privacy, and deployment to your own repository that your devices use for updates.

Beyond that, there are tradeoffs based on your needs with each app store out there. If you need total privacy on what you install and your devices are already not connected to the internet, then a VPN or Tor to obfuscate your identity might be all you need. If you're more concerned about components of applications that contain spyware, then some stores like fdroid has a lot of data available to hep you decide if the app is OK for your needs, otherwise you'd need to build your own packages or verify them manually before installation. And there are various other tradeoffs between more accessibility vs. more security and/or privacy.

Can't do that with email. Email doesn't have the necessary protocols to keep a file from being copied, scrub file systems, or maintain external links to trusted time keeping sources or control over the hardware to prevent screenshots or other methods to save the data as it's being displayed to the user.

There are some possible partial implementations like encrypting a file and only allowing decryption and display on a remote server. But then what's the point of making it an email in the first place? And if the method for viewing the data is something like a website, that doesn't prevent screenshots or other ways of storing the data.

The only way to truly have self-destructing content of any kind is to use a device that's fully controlled, a sever that makes sure the device is not compromised, and a neutral third party you trust to keep all recipients from tampering with the server and devices. Otherwise, if one of the users gets control of any component, they will be able to compromise the system. Unfortunately, there are no trustworthy companies who aren't under pressure to profit fr your data or from governments to allow access to your data. So there can never be a commercial product like that. And email doesn't have any of this as it's designed to be portable, not controllable.

Mobilizon works well for me. I only wish more organizers used it so I could get events from local communities without having to enter it myself.

There are three points I could make:

1. Most software that is not free these days is also stealing all your private data. The value in these applications is generally greatly reduced, and in many cases, truly free alternatives exist, so the need to pirate should be much reduced from the past.
2. Where the first point doesn't apply, there is usually a reason. Either the company has used their monopoly powers to force people to use their software in order to do their job or to interact with government agencies (Adobe is one that often comes to mind). In this case, the ethics of the situation IMHO mean that pirating is OK. If the company is doing unethical things to force you to buy something, then doing something unethical to not pay for it is an exception in my opinion. The person would not be buying the software if they weren't forced to and purchases should not be forced.
3. Access for the poor is another issue where I don't see this as an issue. The poor will never be able to afford the software, so no one is losing money on the sale and it only benefits the company to have people using it if it's a locally running application. There may be some concerns if there are essential services involved that require servers or other systems that have to be maintained by the vendor, but otherwise, Windows having been pirated for decades made it ubiquitous. Without that, poor people likely would never have touched Windows and would have learned Linux or Mac or something else instead and Windows wouldn't have as many people locked in as it does now. So, for the poor, assuming it's software that runs locally, I see no issues from an ethical standpoint in general.

These are just my opinions, but I'm not alone. And this is not to be used as justification for specific actions, just very general points about the ethics of software piracy. For reference, I've done a lot of research on software ethics from both the user and vendor side and used to run a nonprofit on this subject.

There's a plugin for compose, but podman itself does have some differences here and there. I'm starting to migrate my own stuff as Docker is getting more money hungry. Womder if they'll try to IPO in a few years. Seems like that's what these kinds of companies do after they start to decline from alienating users. Just wish that portainer and docker hadn't killed all the GUIs for docker and swarm was better supported.

The company i work for has also required us to migrate from Docker as the hub and desktop app are no longer totally free. I expect more and more limitations will show up on the free versions as usually is the case with companies like this.

Depends on the carrier and the specific deal. I have a Pixel 7 Pro from T-Mobile. And it was able to be unlocked after one year of service in good standing. T-Mobile has traditionally been pretty good about that, though that kind of thing often shifts once companies have major mergers. And the Sprint merger screwed them up in a lot of ways that are still working their way down to customers losing services and features.

As an atheist, it's no more odd than any other religion to me. And since it's more connected to nature, which I can see and touch, rather than fully supernatural like Christianity, it's more interesting to me.

For domain registration? I don't see much of an issue. I also use their DNS services, but not caching or proxying or anything that would allow them access to any data in flight or info on connections to my servers or anything like that. I'm not trying to be anonymous, though, just private.

Wicca, witchcraft, and similar are generally are types of legitimate religions. I personally belong to a coven despite the fact that I'm atheist. These types of groups are generally focused more on community and connecting with the natural world than the supernatural or gods like modern monotheistic religions. Though many practice spells and other supernaturally rooted ceremonies similar to how many Christians prey, use rosaries, or take communion which are all types of supernatural ceremonies. And most have a huge amount of traditions from "pagan" religions to choose from to practice and have very little strict dogma forcing them to be prejudiced or exclusionary, so they tend to attract a wide variety of interesting people and thus have to be very welcoming of those who are less conformant like neurodivergent people, LGBTQ+ people, ethically non-monogamous people, etc. Many of whom are excluded from most modern monotheistic religious communities.

Reading on Summit right now. I tried all the free apps and this is by far the best.

Most companies stopped making both the discs and the drives/players. Not a long term strategy.

Sounds like they're basically abandoning it but at least giving the code out so the community can still use and keep it up until it becomes incompatible with Windows. It is one of the few ways I'm able to get my Windiws 11 work computer to do what I need with all the security and tracking junk my company installs on our laptops, even for developers, so I hope it sticks around for a while.

Really? I have had my legal name in my account and my common name on my shipping address on Amazon for ages. And I've shipped gifts from Amazon for over a decade with the name of the recipient.

If the meter is plugged into the UPS, then the UPS has nothing to do with the power flowing into the meter. Power is "pulled" not "pushed" to devices in that a device supplying power can limit the amount of power provided, but can't increase it beyond what the devices request.

Just like with plumbing. The water company can't force your faucets to open and use more water. Now they could increase pressure and break pipes, similarly the UPS could provide the wrong voltage and short or burn out wires or devices causing them to draw more, but that is unlikely to be the issue here. As long as voltage is constant, amperage (the other component in wattage) is pulled, not pushed.

What you're seeing in the input load, if it matches what is flowing out of the meter, is some device requesting more power and thus more power flowing into the UPS to be passed to those devices, not the UPS forcing something to use power which isn't possible as explained above, or the UPS itself using power because the meter has no connection to what power is being used by the UPS, only things plugged into the meter.

So, there must be something else using the power. Likely the devices, even if they aren't really doing anything you consider significant, are doing something. Probably maintenance, checking for updates, the monitoring proceses requesting information from the devices since the TrueNAS server is on that end, etc. You'd need to put a meter on each device to determine what is drawing the power specifically.

Also, does the power meter only display power used by devices plugged into it, or does it also display it's own power usage? Could be that the plug itself is using WiFi or something to communicate with external services to log that data. But that would be quick bursts.

Also, without putting a meter on each device, this is probably cumulative. For example, if the NAS is requesing info for monitoring the network, that would spin up the processors on the RPi an cause the switch to draw more power as it transmits that information across the network. Again, this should only be small bursts, but it's also possible the devices are not sleeping properly after whatever process wakes them so they continue to run their processors at higher amperage for some time. Tweaking power profiles can help with something like tuned on Linux or similar to make things sleep more agressively. With the drawback that they take some amount of time to spin back up when needed.

Reduce spam bot accounts and other malware, as well as to allow for user discovery so you can find your contacts more easily. It's not designed to be an anonymous service, just a private one.

Signal isn't that kind of app. It protects your data in flight, but only has minimal protections after the recipient gets the message. It's a whole other game to protect data at the endpoint. If you can't trust your recipients to protect data, then you shouldn't send them data needing protection. In order to do that you need control over all levels of the device receiving the data, hardware, operating system, file system, and software. Anything else will always leave openings for data at rest at tge destination to be compromised by untrustworthy recipients.

It you're talking about TOTP exclusively, that only needs the secret and the correct time on the device. The secret is cached along with the passwords on the device.

LLMs are perfectly fine, and cool tech. Problem is they're billed as being actual intelligence or things that can replace humans. Sure they mimic humans well enough, but it would take a lot more than just absorbing content to be good enough at it to replace a human, rather than just aiding them. Either the content needs to be manually processed to add social context, or new tech needs to be made that includes models for how to interpret content in every culture represented by every piece of content, including dead cultures who's work is available to the model. Otherwise, "hallucinations" (e.g. misinterpretation and thus miscategorization of data) will make them totally unreliable without human filtering.

That being said, there many more targeted uses of the tech that are quite good, but always with the need for a human to verify.