I uninstalled syncthing-fork when I first heard “foul voices on the air” (LotR ref) because I haven’t needed it recently, & decided to reinvestigate when I next need it (& the dust might have settled itself by then). In the meantime someone commented that you can configure & use vanilla syncthing on termux instead. I use termux for so much already that it is the obvious choice (for me) if actually true. If you hadn’t heard that either it might be a viable choice for you too…

Related: Someone commented the following gem on another Lemmy thread a month or two ago - “They get to choose their business model, I get to choose my customer model”.

It’s always DNS.

The one I’m really hoping for is a torch-song sung by Darth Vader in the style of Adelle’s “Hello”. In the video, Darth stands in a warrior-pose, fist raised to the heavens, fan-generated wind billowing through his cape, singing “hello from the dark side”…

Inflected Mushroom

I love this typo/autocorrect. In fact, I think it’s a better name for the band. They should definitely add that “L”.

Anyone who knows enough about Wireguard, iproute2 tools, iptables/nftables, etc (firewall-marking certain packets based on criteria, then directing them through alternate route-tables based on that) can hand-roll split-tunneling, internal point-to-point tunnels/meshes, etc. For (most) people who want to achieve this in a less painful/fragile way, from what I’ve understood it seems Tailscale just does exactly this under the hood in a less arduous and more intuitive way for users, while also providing a static internet-facing ingress point when needed. Headscale exists for those wanting that but with their own static ingress (self-hosted at their own IP) instead of Tailscale’s.

Very well said. I will make a concerted effort to inject “hypernormalization” into my speech more often going forward. For decades I’ve been saying to friends that the reductionist obsession with “normal” (whatever the hell that means) is a cancer to modern society.

In particular it already sounds creepy when you replace usage with its verb-form, e.g. changing “all my friends are normal” to “all my friends have been normalized”. It’s common practise to use a re-encoder to normalize a “background” playlist of songs to the same dB threshold so no single song sticks out and distracts us from what we are trying to focus on while listening. Similarly, authorities of an authoritarian ilk try to normalize populations so none of them stick out and distract from the primary focus (centralization of power and money). Hypernormalization involves taking that to its logical conclusion, telling the vast majority of people “stay in your lane” - meaning “shut up and consume, and when we tell you what to buy you buy it”, AKA be “normal(ized)”).

Just a heads-up to anyone who - like me - thought this was about Radicle and got confused about mentions of caldav/cardav/LDAP… Radicale != Radicle

Although I agree with the implied sentiment that “the Perfect is the enemy of the Good Enough” (especially for low-profile personal web-presence) and that naval-gazing about protocols can become a counterproductive rabbit-hole, sometimes it can also be risky to oversimplify in the other direction without at least parenthesizing the caveats too. For example this “HTTP/1.1 must die” site points out how desync attacks make HTTP/1.1 robustness a bit of a game of Whack-a-Mole. For certain sites (even some personal sites) this can occasionally matter.

The URL includes “-lets-learn-everything-” so I guess that is it.

I don’t know the details of that part directly, but I do remember reading things like this which seemed to indicate delisting of some maintainers (positions of responsibility, as opposed to blocking all developer contributions) who were associated with certain sanctioned Russian companies. This seems to be in line with standard sanctions being imposed by many companies & organisations in various countries (not just USA). Regardless of personal opinions about whether that was “right, wrong, or otherwise” at the time it at least seems a far cry from “an NSA compromise”.

I will try to answer these, and hope someone corrects any potential innaccuracy:

what’s red?

There is a comment there saying “see deep-dive for details” so the red-highlight caveat is likely explained there.

what’s the globe icon?

My assumption is that icon just indicates Free/Open-Source projects which have no “owning company” (not “based” anywhere), just globally scattered contributors.

how come some products marked not majority EU owned have the EU flag?

My guess (merely a guess) is that those are run by EU-based companies, but which don’t have a solid policy guaranteeing “majority of shareholders are in the EU” (…?)

Having not heard of this one, I was curious so checked some sites about it, like:

https://www.reddit.com/r/linux4noobs/comments/kd0yml/does_the_nsa_have_a_backdoor_to_linux_this/

https://www.theregister.com/2022/02/23/chinese_nsa_linux/

https://www.bleepingcomputer.com/news/security/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years/

My quick impression from those seems to match what was said by some commenters on the FreeBSD forum - https://forums.freebsd.org/threads/nsa-linked-bvp47-linux-backdoor-widely-undetected-for-10-years.84258/

msplsh: This looks like an implant that opens a backdoor, not an intrinsic backdoor built into the OS.

and:

sko: From el reg: To us it seems whoever created the code would compromise or infect a selected Linux system and then install the backdoor on it. So if someone already gained privileges to install anything on one of your machines, it doesn’t matter what it is - this host is compromised and has to be nuked from orbit.

So, unless I’m missing something this is not really about “the Linux kernel devs being compromised by NSA” as much as the endless list of Windows-targetting malware is not about “the NT kernel devs being compromised by NSA”.

For those who might skip this video thinking it will be in French which they don’t speak, it is actually in English.

I hadn’t even heard of the underlying protocol NNCP yet, and it seems to solve out of the box several things I was trying to do in some of my own hobby-projects. I’d been battling with automating and integrating Tor/I2P, Openssl, Tox, GPG, Wireguard, etc. If NNCP lives up to the hype it will be a big shortcut, when I next get time to work on stuff :-)

Green Cola from Greece

Maybe this is a good “gap in the market” moment then - some global, at least not US-centric, CDN/DDOS-mitigation/edge-compute/WAN/DNS/registry competition to cloudflare’s core tech. Maybe the way to increase the odds of success would be to develop an easy-install (integrated, containerised/packaged) FLOSS framework and federated control-protocol for those things with main target-userbase being IXPs around the world (yes, IXPs, not ISPs, which means it would all have to be free and open, and able to be deployed in a way that cost-handling doesn’t put the IXPs in an awkward conflict-of-interest position). Importantly there is already a lot of FLOSS code available for much of this, so a large part of the work would be integration, UX, etc. Maybe it would then not need to “compete” with a behemoth like Cloudflare but instead iterate towards making some of it “default internet functionality”, sidestepping it being opt-in/paid extras entirely. I know such a simplistic high-level definition sounds woefully naive, but I think starting there and discussing real-world details could lead to something…

In the context of the parallels now being drawn between post-WW1 Germany’s slide to WW2 and present-day USA’s situation, I worry that the major quality-of-life hit starting to happen in the US might be at least slightly on purpose.

Aside from the “Krasnov” explanation for such intention (which seems compelling but I haven’t yet seen enough evidence to have a strong opinion either way about), another perhaps simpler explanation (either instead of or in addition to that) could be that he is gambling that the same poor, disempowered, uneducated subset of people in the US who end up being easily stirred into a military mindset fever are the same ones who will easily forget that the leader promising them their “national pride and identity” back is the same one whose decisions accelerated that very descent into poverty, disempowerment, and poor education (& undermined press) in order to create that pliable situation.

I vividly remember in history class seeing the photos from the post-Versailles-treaty period, of German kids flying kites made of nearly worthless Deutchmarks, and people with wheelbarrows full of notes paying for bread. Hitler was able to so easily stir up people “with no hope or dignity left” by promising prosperity based on building autobahns, factories, etc - manipulating their despair to hijack rational or compassionate thought. Anyone informed and principled enough to see through that slide to madness and act accordingly ended up running for their lives (along with the many others who had to run just for being born a certain way). It looks a bit like the situation in the US is on the precipice of sliding that way, with the compounding factor that online click-hungry faux-press and automated disinformation/propaganda bots on social networks are able to very quickly create and maintain cult-like bubbles in which a “leader” can manufacture shadows and “instruct” followers to jump at those shadows in the same breath, under the assumption that enough people will be gullible and/or lazy enough to fall for it unquestioningly.

I really think the people in the US who are not part of that subset need to be very proactive (in real-life terms, not just rage-scrolling & rage-clicking) in being the bulwark against that slide to madness, and right now - starting to react months from now might already be too late to avoid dangerous global conflicts escalating, and new ones starting. I am very wary of doom-and-gloom hyperbole, and aware that overstating things can risk fostering apathy instead of overcoming it, but I think this is one of those rare historic moments when such statements are not hyperbole.

Having just watched it with little ones I mostly concur - any - but would suggest that with kids <= 6 be a watchful parent/guardian during some of the more intense scenes. Not due to anything graphic, just a few emotionally harrowing bits where I saw my co-viewers gripping the armrests with widening eyes, so had to whisper that I think it will all be fine in a moment.

In-band periodic key-exchange. Pre-arrange that keys expire every X messages, and that the last (Xth) message is dedicated to sending the new key encrypted by the previous one.