litchralee

@litchralee@sh.itjust.works

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨4⁩ ⁨hours⁩ ago⁩:
The absolute first thing is to establish the jurisdiction of this scenario. The answer will be vastly different if the jurisdiction is California/USA than if the jurisdiction were South Susan. No shade against South Sudan, but we are talking about criminal and civil law, so the details might be very different.

But supposing this is a jurisdiction that follows in the Anglo-American common law (such as California, and I’ll proceed using California as the setting), then we can make some generally-true statement, some of which confirm what you’re already written:
1. Criminal law exists to punish bad acts committed against society at-large
2. Criminal law can only punish the persons or entities which have committed an act or omission that is proscribed in law, and only those persons or entities within the territory
3. Dead people or dissolved corporations are beyond the reach of criminal law
4. The notion that the next-of-kin will “inherit” the criminal liability was abolished long ago; see US Constitution “Bill of Attainder” prohibition, and equivalent in other jurisdiction like the UK or Australia
5. Anyone that is still alive and collaborated to aid or supply the dead assailant can be pursued using criminal law
6. In parallel to the criminal law system, civil lawsuits can be filed against the remaining property of the dead assailant. This is known as the “estate” of that person, and the lawsuit would be captioned as "XYZ v the Estate of [dead assailant]"
7. A civil lawsuit can only win as much property as the respondent (ie person being sued) has, or any insurance policy they had which might apply, or any debt which was owed to the respondent at the time of their death.
8. Mass murder commonly result in civil lawsuits that do not obtain anywhere near the full amount to compensate for the victims’ families’ loss.
9. As a result, the target of civil lawsuits can be expanded to include adjacent parties, such as the manufacturer of the weapon or materials used, under a claim of product liability or something similar. This is not a guaranteed result, but they often have deeper pockets and good insurance policies.
10. Civil lawsuits can only bring a monetary compensation. The law cannot revive the dead, cannot erase or amend history, and cannot salve the void left when victims are removed from this world unjustly.
With all that said, the entire line of inquiry into the dead assailant’s will, or to their parent’s will, or anything like that, is entirely inapplicable. Children or parents do not inherit the sins of others, at least where criminal liability and civil lawsuits are concerned. Unless, of course, the parents participated somehow or willfully neglected a duty to report (very few of these exist in California, unless the victims were undoubtedly known to be children; see mandatory reporting laws). Thus, these other people cannot be sued nor criminally punished.

The other commenter correctly said that what we call the “justice system” is more accurately called “harm reduction”. That’s not wrong, but I would post that the crimimal law system is about harm reduction (nb: I do not endorse the carcereal state of imprisoning huge segments of the population, disproportionately by race), whereas civil lawsuits are about equity and compensation.

Both systems exist in tandem to prevent people from achieving a bloodier form of justice in the streets, like in days of yore: pistols at dawn, dueling in general, “bigger army” diplomacy, midnight slaughters of whole families, and other such unpleasantries. It’s definitely not perfect, and it needs reforms in many parts, but the structure serves a purpose and so far, it’s what we have and the best that we have.
⁨Comment⁩ on ⁨Why don't my shit and urine stink while they're inside me?⁩ ⁨⁨12⁩ ⁨hours⁩ ago⁩:
I think this would easily qualify for !brandnewsentence@lemmy.world
⁨Comment⁩ on ⁨I vibe coded a driver to monitor and control the temperatures and fans in my Aoostar WTR PRO.⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:

I’ve even seen people vibe code ethernet drivers for freeBSD.

Please make sure to read what considerations that developer had before undertaking that effort using an LLM: github.com/Aquantia/aqtion-freebsd/issues/32#issu…

Specifically, they (the human) were kept in the loop for the entire process, which included referencing the working Linux driver to do a clean-room reimplementation. This already means they have some experience with software engineering to spot any issues in the specifications that the LLM might generate.

Also, Aquantia (before the merger) already had a published FreeBSD driver but it hasn’t been updated. So this port wouldn’t have to start from zero, but would be a matter of addition support for new NICs that have been released since, but Aquatia hadn’t updated the driver.

This is very much not an example of an Ethernet NIC driver being “vibe coded” from scratch, but a seasoned engineer porting Linux support over to FreeBSD, a kernel that already has a lot of support for easily adding new drivers in a fairly safe manner, and then undertaking a test plan to make sure the changes wouldn’t be abject slop. That’s someone using their tools with reasonable care. In the industry, this is called engineering.

Admiration for what people can do with the right tools must always be put into the right context. Even with the finest tools, it’s likely that neither you nor I could build a cathedral.
⁨Comment⁩ on ⁨Booklore is officially dead⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:

I don’t think they can be force applied to everyone who contributes

This is certainly an opinion, but here is a list of major projects that have a code of conduct: opensourceconduct.com/projects . How well those projects enforce their CoCs, idk. But they are applied, otherwise they wouldn’t bother writing out a CoC.

it’s not fair to hold people to standards they didn’t personally agree to

Software development is not the only place which holds people to standards. The realm of criminal and civil law, education, and business all hold people to standards, whether those people like it or not. In fact, it’s hard to think of any realm that allows opt-out for standards, barring the incel-ridden corners of the web.

this guy might have just decided to make a project

Starting any project – as in, inviting other people to join in – is distinct from just publishing a public Git repo. I too can just post my random pet projects to Codeberg, but that does not mean I will necessarily accept PRs or bug reports, let alone even responding to those. But to actually announce something, that where the project begins. And to do so recklessly does reflect poorly upon the maintainer.
⁨Comment⁩ on ⁨Booklore is officially dead⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
I’ve not heard of Booklore or the critiques against it until seeing this post, but I don’t think this take is correct, in parts. And I think much of the confusion has to do with what “open source” means to you, versus that term as a formal definition (ie FOSS), versus the culture that surrounds it. In so many ways, it mirrors the term “free speech” and Popehat (Ken White) has written about how to faithfully separate the different meanings of that term.

Mirroring the same terms from that post, and in the identical spirit of pedantry in the pursuit of tractable discussion, I posit that there are 1) open source rights, 2) open source values, and 3) community decency. The first concerns those legal rights conferred from an open-source (eg ACSL) or Free And Open Source (FOSS, eg MIT or GPL) license. The details of the license and the conferred rights are the proper domain of lawyers, but the choice of which license to release with is the province of contributing developers.

The second concerns “norms” that projects adhere to, such as not contributing non-owned code (eg written on employer time and without authorization to release) or when projects self-organize a process for making community-driven changes but with a supervising BDFL (eg Python and its PEPs). These are not easy or practical to enforce, but represent a good-faith action that keeps the community or project together. These are almost always a balancing-act of competing interests, but in practice work – until they don’t.

Finally, the third is about how the user-base and contributor-base respect (or not) the project and its contributors. Should contributors be considered the end-all-be-all arbiters for the direction of the project? How much weight should a developer code-of-conduct carry? Can one developer be jettisoned to keep nine other developers onboard? This is more about social interactions than about software (ie “political”) but it cannot be fully divorced from any software made by humans. So long as humans are writing software, there will always be questions about how it is done.

So laying that foundation, I address your points.

Open source should mean that anyone can write anything for fun or seriously, and we all have the choice to use it or not. It doesn’t matter if it’s silly or useful or nonsense or horrible, open source means open. Instead we shut down/closed out someone who was contributing.

This definition of open-source is mixing up open-source rights (“we al have the choice to use it or not” and “anyone can write anything”) with open-source values (“for fun or seriously” and “doesn’t matter if it’s silly or useful”). The statement of “open source means open” does not actually convey anything. The final sentence is an argument in the name of community decency.

To be abundantly clear, I agree that harassing someone to the point that they get up and quit, that’s a bad thing. People should not do that. But a candid discussion recognizes that there has been zero impact to open source rights, since the very possibility that “Some contributors are working together on an unnamed replacement project” means that the project can be restarted. More clearly, open-source rights confer an irrevocable license. Even if the original author exits via stage-left, any one of us can pick up the mic and carry on. That is an open-source right, and also an open-source value: people can fork whenever they want.

How they were contributing is irrelevant

This is in the realm of community decency because other people would disagree. Plagiarism would be something that violates both the values/norms of open-source and also community decency. AI/LLMs can and do plagiarize. LLMs also produce slop (ie nonfunctioning code), and that’s also verbotten in most projects by norm (PRs would be rejected) or by community decency (PRs would be laughed out).

We should all feel ashamed that an open source project was shuttered because of how our community acted.

I would draw the focus much more narrowly: “We should all feel ashamed ~~that an open source project was shuttered~~ because of how our community acted”. Open-source rights and open-source values will persevere beyond us all, but how a community in the here-and-now governs itself is of immediate concern. There are hard questions, just like all community decency questions, but apart from Booklore happening to be open-source, this is not specific at all to FOSS projects.

To that end, I close with the following: build the communities you want to see. No amount of people-pleasing will unify all, so do what you can to bring together a coalition of like-minded people. Find allies that will bat for you, and that you would bat for. Reject those who will not extend to you the same courtesy. Software devs find for themselves new communities all the time through that wonderful Internet thing, but they are not without agency to change the course of history, simply by carefully choosing whom they will invest in a community with. Never apologize for having high standards. Go forth and find your place in this world.
⁨Comment⁩ on ⁨Considering self hosting my own git repositories. What are some options?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I second the option of Git + SSH. That will scale to one hundred repos. And if you don’t want the repos to be checked out, use “git clone -n” to not do that. It’ll just be dozens of repos which only have the minimal .git/ directory. All other repos that specify this one as the upstream will have no issues pulling or pushing code.

You won’t have PR features nor a web UI though.
⁨Comment⁩ on ⁨If Programmers are wizards then what are Computer Architects?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Castle builders
⁨Comment⁩ on ⁨Can one use someone's previous argument against themselves in a different legal case?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
In Anglo-American common law, if a party has previously argued a position in one of their own cases, and later argues a different position in a subsequent case that they’ve a party to, then the doctrine of equitable estoppel would foreclose on certain claims from that party. As usual, the devil is in the details.

Firstly, they must be a party to both the prior and prospective case. A motorist that is injured in a multi-vehicle pile-up cannot assert different facts when suing each of the participants in the crash. However, an advocacy group that files a petition on behalf of another is, by definition, not the party that is bringing suit. Nor is anyone that offers an amicus (ie “friend of the court”) brief that advises the court on how a case ought to be decided.

Secondly, the exact things which are foreclosed will depend. The most common benefit available under equitable estoppel is the loss of a presumption of good faith. So if party A is a corporation and claimed in an earlier employer/employee case that their CEO’s crass, sex-pest behavior was a result of substance abuse (in an attempt at a medical defense or a defense about temporary inability to perceive the situation), then that assertion – irrespective of whether it actually won them that earlier lawsuit – could be used against them in a later case litigated by the shareholders. If the company is sued for the CEO not conveying accurate business info, the defense that their CEO acted in good faith is not going to carry water, if the events coincided in time.

As you can see, the exact remedy that equitable estoppel provides isn’t exactly clear-cut in every instance. But the goal is to prevent the same litigant from abusing the judicial system. One cannot come into court on Monday claiming the sky is blue when it’s convenient for them, then claim on Wednesday that the sky is not blue when it’s inconvenient for them. Two-face assertions are not allowed.

To be clear, these must be actual assertions. Sometimes a civil case can be won merely by the likely possibility that someone else is at fault, making it impossible to determine fault. And so no assertion may be needed as a defense. If a pedestrian is struck and injured by a hit-and-run motorist driving a red car, and five red cars are identified later, any of those motorists can correctly state that there were four other such cars in the area. Pointing out facts unfavorable to the plaintiff is exactly what the defense is supposed to do. But if a motorist actually says “I didn’t injure her”, then that’s an assertion. And judicial estoppel means they may not later claim, for some reason in a later case, that they did do it.
⁨Comment⁩ on ⁨What's going to happen to gas stations as cars electrify?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Predominantly in Texas, Buc-ees is nominally a chain of gasoline stations but they’re known for the stores attached to the station, selling all manner of kitsch but also fast food. Ok, they’re also known for having 100+ pumps at each location. But that’s important because it means they’ve always been located at the periphery of city boundaries, usually on the highways into or out of town.

When the gasoline business dries up, Buc-ees still has other business interests to keep them going in the road travel market, and they have real estate along major corridors that could be redeveloped. One option is to invite businesses that occupy motorist’s time while parked charging their electric cars, like wayside attractions (besides Buc-ees itself, obviously). Another would be to entrench themselves: develop a hotel so that visiting business people always stop at the Buc-ees before leaving.

So while neighborhood fuel stations would see a slow demise, Buc-ees can turn their fuel locations into new cash cows. This is why diversification is so important.
⁨Comment⁩ on ⁨(serious) What would we be losing in a world where most people didn't own a car? Please read the OP before posting.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Whole sections of the country that are zoned for suburban single family housing would not exist as they are today. Not because they’d be illegal or anything, but they’d be incredibly unpopular if most people didn’t own a car, which is needed to basically get to or from a suburban neighborhood.

I understand the question to be something like: what happens if a majority of people are unwilling/unable to own a private automobile. And I think the immediate answer is that suburban neighborhoods cease to exist, at least at the current density levels. Either a neighborhood must densify so that transit options make sense, or they must aim to become rural living. This also means that things like suburban schools either turn into walkable urban schools, or into small one-room rural schools.

I don’t actually think rural living will go away, because the fact is that the grand majority of people – USA and abroad – do not prefer rural living. The 18th, 19th, 20th, and 21st Century trends are that people tend towards urban areas, where services and jobs exist. There will always be people that want to live in the hills on 20 acres, and therefore need an automobile. But that has never been the majority, so if a majority of people refuse owning an automobile, they will also mostly refuse rural and suburban living.

There is no plausible situation where over 50% of people willing decide to: 1) not own a car, and 2) live in a suburb or rural area. This is from the fact that all other modes of transport into a suburb or rural area are either: 1) nonexistent (ie metro rail), or 2) ludicrously expensive (ie Lyft, or transit with 15% fairbox recovery) if the cost was borne by the people living there (as opposed to being subsidized heavily by other taxpayers… Ahem, America).
⁨Comment⁩ on ⁨Earbugld question: Does anyone actually like to silicone tipped earbuds over the solid plastic ones?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I too have issues with silicone earbuds, and also with them falling out. Which is why I was over the moon when I discovered wireless clip-on earbuds. They meet my criteria of being convenient (because wireless) while also not falling off (because clip-on). The specific ones I bought (Anker Soundcore c30i) are not noise-cancelling, but I found that I can adjust their position up or down my ears to meet conditions. For example, I wear them high up when out in public, to hear wayward automobiles that might run me down.
⁨Comment⁩ on ⁨what is this⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’m so confused on what the point of such a hash would be. If the time that an email was sent was so important, would existing DKIM timestamps also work? Is this basically the digital equivalent of including today’s newspaper in a ransom note?

Not to say that DKIM as-used is perfect.
⁨Comment⁩ on ⁨How do I get my oscilloscope to read voltage correctly?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I wish you the best of luck in your automotive endeavors. But specific to that field, be advised that automobile power can have a lot of voltage spikes, most notably right after the starter motor shuts off after ignition. So if you’re not probing during this dynamic event, then your scope will likely still be useful.

I will also note that a used benchtop scope can be had for about $200, often with good tactile controls and acceptable bandwidth and voltage capabilities. A cursory search on eBay shows a 2-channel 50 MHz Siglent SDS1052DL with 400 volt inputs. For general technician and hobbyist diagnostics work, that’s a good deal for an instrument that is one step above what a competent DMM can provide.
⁨Comment⁩ on ⁨How do I get my oscilloscope to read voltage correctly?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I read your question and was wondering how an oscilloscope could be giving such widely-differing values, with the widest being 0.4 volts against itself and nearly 0.8 volts against a separate instrument. Then it dawned upon me that this oscilloscope is a PC-attached scope with some unique operating limits. I say this having come from a background of using only benchtop digital scopes.

The first limitation is that your scope has a very narrow input voltage range, with the manual listing it as +/- 5 volts but damage would only occur at +/- 35 volts. This is voltage measured at the input BNC connector, so it’s before any probe multiplication is accounted for. Whereas if we look at an inexpensive benchtop oscilloscope like the now-fairly-old Rigol DS1052E, it has an input voltage range of +/- 40 volts. The practical result is that to measure something like a laptop power supply, the Hantek must use attenuation probes, whereas the Rigol can measure that voltage directly.

Attenuation probes are great for measuring wider voltage ranges, but they come at the cost of both precision and accuracy. The loss of precision comes from the fact that the resolution of the oscilloscope is unchanged, but the voltage range is wider. In concrete terms, both the Hantek and Rigol use an 8-bit ADC, meaning that the span of input voltages visible on the display are mapped to 256 discrete values. If the ADC is imprecise by 1 bit, then that will amount to the reading being off by a certain number of millivolts. But something like a 20:1 attenuation probe causes that millivolt error value to be multiplied by 20x. Whereas the Rigol doesn’t need attenuation probes, and thus doesn’t suffer this penalty.

Furthermore, the Rigol has a neat trick: it uses a separate, more-precise internal attenuation circuit for voltages smaller than +/- 2 volts, and then uses its normal-precision input circuit for all other voltages up to +/- 40 volts. The ADC is unchanged in both modes, and the scope switches seamlessly between the two (though usually with an audible click), but this means that a 20x scope measuring a laptop charger would actually cause the Rigol to switch into its precision circuit, which means the Rigol might never pay the penalty that the Hantek might. Perhaps the Hantek has a similar feature, but it is not listed in the manual.

As for accuracy loss due to attenuation probes, this is not affected by the amount of attenuation, but rather is a function of how accurate the attenuation is. When a probe is marked as 20:1, it could actually be 19:1 of 21:1 or anywhere around there, depending on the manufacturing tolerances. However, accuracy issues can be resolved through calibration, which you’ve done.

Overall, it seems that you are operating at the very limits of what your Hantek scope can deliver, with its 8-bit ADC and limited input range. Yet your test calls for a voltage 4x higher, so some error is to be expected from the 20:1 probe. With the 10:1 probe, the error is a bit smaller, but now you’re outside the affirmative safe voltage range of the scope. Calibration can only fix accuracy issues, but I think your error is now predominantly due to loss of precision, which cannot be resolved after-the-fact.

If your intended use is to measure signals in the range of a laptop charger and require faithful analog voltage measurements, I’m afraid that you may need to find a different instrument.
⁨Comment⁩ on ⁨Why is amperage more "obscure" than voltage (or watts)?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
For an example of where constant current sources are used – and IMO, deeply necessary – we can look to the humble LED driver circuit. LEDs are fickle devices, on account of their very sharp voltage-current curve, which also changes with operating temperature and is not always consistent from the factory. As a practical matter, the current through an LED is what predominantly controls the brightness, so constant current sources will provide very steady illumination. If instead an LED were driven with a constant voltage source, it would need to be exceedingly stable, since even a few tens of millivolts off can destroy some LEDs through over-current and/or over-heating.

For cheap appliances, some designs will use a simple resistor circuit to set the LED current, and this may be acceptable provided that the current is nowhere near overdriving the LED. Thing of small indicator LEDs that aren’t that bright anyway. Whereas for expensive industrial LED projectors, it would be foolish to not have an appropriately designed current source, among other protective features.
⁨Comment⁩ on ⁨Why is amperage more "obscure" than voltage (or watts)?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
In a nutshell, voltage incompatibility is generally more damaging than current mismatch, typically in a frightening or energetic manner. Many Americans tourists find this out when they bring their 120v AC hairdryers to an overseas hotel with 230v AC power. If there is only room for one number to be emblazoned on an outlet or plug, it should be the rated voltage, first and foremost.

For current protection, we’ve had thermal fuses since the 1890s, and thermo-magnetic circuit breakers since the 1940s. There are even more fancy transistor-based current protections available for industrial equipment that can shut off extremely fast. In a sense, protection against over-current has basically been solved, in the scenarios where there’s enough of a risk of humans or property.

Whereas voltage mix-ups still happen, although consumer electronics are now moving to automatic voltage detection (eg an 18v electric drill battery charger refuses to charge a 12v battery) and through actively negotiated power parameters (eg USB PD). And even without human error, under- and over voltage transients still happen in residential and commercial environments, leading to either instant damage or long-term product degradation (eg domestic refrigerator motor drive circuits).

It should be noted that a current starvation scenario, such as when an ebike is current-limited per regulations, does not generally cause a spike in voltage. Whereas in a voltage starvation situation, resistive loads will indeed try to draw more current in order to compensate. Hence why current protection is almost always built-in and not left to chance.
⁨Comment⁩ on ⁨Element/Matrix Official Docker Install Method?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Firstly, I wish you the best of luck in your community’s journey away from Discord. This may be a good time to assess what your community needs from a new platform, since Discord targeted various use-cases that no single replacement platform can hope to replace in full. Instead, by identifying exactly what your group needs and doesn’t need, that will steer you in the right direction.

As for Element, bear in mind that their community and paid versions do not exactly target a hobbyist self-hosting clientele. Instead, Element is apparently geared more for enterprise on-premises deployment (like Slack, Atlassian JIRA, Asterisk PBX) and that’s probably why the community version is also based on Kubernetes. This doesn’t mean you can’t use it, but their assumptions about deployments are that you have an on-premises cloud.

Fortunately, there are other Matrix homeservers available, including one written in Rust that has both bare metal and Docker deployment instructions. Note that I’m not endorsing this implementation, but only know of it through this FOSDEM talk describing how they dealt with malicious actors.

As an aside, I have briefly considered Matrix before as a group communications platform, but was put off by their poor E2EE decisions, for both the main client implementation and in the protocol itself. Odd as it sounds, poor encryption is worse than no encryption, because of the false assurance it gives. If I did use Matrix, I would not enable E2EE because it doesn’t offer me many privacy guarantees, compared to say, Signal.
⁨Comment⁩ on ⁨I made a way to remotely control my homelab without any internet access required⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Obligatory mention: !keming@lemmy.world
⁨Comment⁩ on ⁨why is the beginning on the left and the end on the right?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Approximately 90% of people are right-handed. In European writing systems that use quills and pens, left-to-right makes more sense so that you can hold the pen in your right hand and drag it rightward, not into the ink you just laid down.

In East Asia, before writing on paper was a thing, they wrote using inscribed bone, but then eventually moved to vertical wood boards, bound together by string. Each character on the board would be ready from top-to-bottom, and then move to the next board. The most logical choice for a right handed person is to stack the wood pile on their left, and use their right hand to draw the next board to meet their gaze, then set it down on their right. For this reason, the historical writing system common to China, Japan, Korea, and Vietnam for centuries was read right-to-left. But the native Korean script is left-to-right, as is the modern Vietnamese script. And Chinese and Japanese in the 20th Century switched to left-to-right. And yet, Japanese books are still ordered “backwards” so that the title page is what Westerners would say is the back of the book, and manga panels are read from the right side toward the left.

It all boils down to right handedness, but it depends on whether your hand is moving, or the page is moving.
⁨Comment⁩ on ⁨I made a way to remotely control my homelab without any internet access required⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Are ham radio operators in the EU able to use LoRa radios and be exempt from duty cycle limitations?
⁨Comment⁩ on ⁨I made a way to remotely control my homelab without any internet access required⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Admittedly, I haven’t finished reflashing my formerly-Meshtastic LoRA radios with MeshCore yet, so I haven’t been able to play around with it yet. Although both mesh technologies are decent sized near me, I was swayed to MeshCore because I started looking into how the mesh algorithm works for both.

And what I learned – esp from following the #meshtastic and #meshcore hashtags on Mastodon – is that Meshtastic has some awful flooding behavior to send messages. Having worked in computer networks, this is a recipe for limiting the max size and performance of the mesh. Whereas MeshCore has a more sensible routing protocol for passing messages along.

My opinion is that mesh networking’s most important use-case should be reliability, since when everything else (eg fibre, cellular, landlines) stops working, people should be able to self organize and build a working communications system. This includes scenarios where people are sparsely spaced (eg hurricane disaster with people on rooftops awaiting rescue) but also extremely dense scenarios (eg a protest where the authorities intentionally shut off cell towers, or a Taylor Swift concert where data networks are completely congested). Meshtastic’s flooding would struggle in the latter scenario, to send a distress message away from the immediate vicinity. Whereas MeshCore would at least try to intelligently route through nodes that didn’t already receive the initial message.
⁨Comment⁩ on ⁨I made a way to remotely control my homelab without any internet access required⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Very interesting! Im no longer pursuing Meshtastic – I’m changing over my hardware to run MeshCore now – but this is quite a neat thing you’ve done here.

As an aside, if you later want to have full networking connectivity (Layer 2) using the same style of encoding the data as messages, PPP is what could do that. If transported over Meshtastic, PPP could give you a standard IP network, and on top of that, you could have SSH to securely access your remote machine.
⁨Comment⁩ on ⁨What powers does the Secret Service have and exhibit to protect the POTUS?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

I’ve only heard bits and pieces of this from friends and strangers through some specific events so far

Can you tell us what bits you’ve heard, so that we don’t have to give redundant answers?
⁨Comment⁩ on ⁨Would we be seeing these emails involving Epstein if they were all using E2EE email service?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The catch with everything that implements E2EE is that, at the end of the day, the humans at each end of the message have to decrypt the message to read it. And that process can leave trails, with the most sophisticated being variations of Van Eck phreaking (spying on a CRT monitor by detecting EM waves), and the least sophisticated being someone that glances over the person’s shoulder and sees the messages on their phone.

In the middle would be cache files left on a phone or from a web browser, and these are the most damning because they will just be laying there, unknown, waiting to be discovered. Whereas the techniques above are active attacks, which require good timing to get even one message.

The other avenue is if anyone in the conversation has screenshots of the convo, or if they’re old-school and actually print out each conversation into paper. Especially if they’re an informant or want to catalog some blackmail for later use.

In short, opsec is hard to do 100% of the time. And it’s the 1% of slip-ups that can give away the game.
⁨Comment⁩ on ⁨Can you help me adapt the Signal TLS Proxy to be used behind NPM?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Sadly, I’m not familiar enough with Nginx Proxy Manager to know. But I would imagine that there must be a different way to achieve the same result.

BTW, when I read “NPM”, I first think of Node.JS Package Manager. The title of your post may be confusing, and you might consider editing it to spell out the name of Nginx Proxy Manager.
⁨Comment⁩ on ⁨Can you help me adapt the Signal TLS Proxy to be used behind NPM?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I’ll take a stab at the question. But I’ll need to lay some foundational background information.

When an adversarial network is blocking connections to the Signal servers, the Signal app will not function. Outbound messages will still be encrypted, but they can’t be delivered to their intended destination. The remedy is to use a proxy, which is a server that isn’t blocked by the adversarial network and which will act as a relay, forwarding all packets to the Signal servers. The proxy cannot decrypt any of the messages, and a malicious proxy is no worse than blocking access to the Signal servers directly. A Signal proxy specifically forwards only to/from the Signal servers; this is not an open proxy.

The Signal TLS Proxy repo contains a Docker Compose file, which will launch Nginx as a reverse proxy. When a Signal app connects to the proxy at port 80 or 443, the proxy will – in the background – open a connection to the Signal servers. That’s basically all it does. They ostensibly wrote the proxy as a Docker Compose file, because that’s fairly easy to set up for most people.

But now, in your situation, you already have a reverse proxy for your selfhosting stack. While you could run Signal’s reverse proxy in the background and then have your main reverse proxy forward to that one, it would make more sense to configure your main reverse proxy to directly do what the Signal reverse proxy would do.

That is, when your main proxy sees one of the dozen subdomains for the Signal server, it should perform reverse proxying to those subdomains. Normally, for the rest of your self hosting arrangement, the reverse proxy would target some container that is running on your LAN. But in this specific case, the target is actually out on the public Internet. So the original connection comes in from the Internet, and the target is somewhere out there too. Your reverse proxy simply is a relay station.

There is nothing particularly special about Signal choosing to use Nginx in reverse proxy mode, in that repo. But it happens to be that you are already using Nginx Proxy Manager. So it’s reasonable to try porting Signal’s configuration file so that it runs natively with your Nginx Proxy Manager.

What happens if Signal updates that repo to include a new subdomain? Well, you wouldn’t receive that update unless you specifically check for it. And then update your proxy configuration. So that’s one downside.

But seeing as the Signal app demands port 80 and 443, and you already use those ports for your reverse proxy, there is no way to avoid programming your reverse proxy to know the dozen subdomains. Your main reverse proxy cannot send the packets to the Signal reverse proxy if your main proxy cannot even identify that traffic.
⁨Comment⁩ on ⁨Are there any reputable cybersecurity experts that I could just email them to ask for free advice?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
The simple answer is probably no, because even where those experts aren’t driven solely by the pursuit of money – as in, they might actually want to improve the state of the art, protect people from harm, prevent the encroachment of the surveillance state, etc… – they are still only human. And that means they have only so much time on this blue earth. If they spend their time answering simple questions that could have been found on the first page of a web search, that’s taking time away from other pursuits in the field.

Necessarily then, don’t be surprised if some experts ask for a minimum consultation fee, as a way to weed out the trivial stuff. If nothing else, if their labor is to have any meaning at all when they do their work professionally, they must value it consistently as a non-zero quality. Do not demand that people value their labor at zero.

With that out of the way, if you do have a question that can’t be answered by searching existing literature or the web, then the next best is to ask in an informal forum, like here on Lemmy. Worst case is that no one else knows. But best case is that someone works in the field and is bored on their lunch break, so they’ll help point you into the right direction.

Above all, what you absolutely must not do is something like emailing a public mailing list for cryptography experts, gathered to examine the requirements of internet security, to look at your handmade data encryption scheme, which is so faulty that it is caused third-party embarrassment when read a decade later.

You were in fact lucky that they paid any attention at all to your proposal, and they’ve already given you many hundreds if not thousands of dollars worth of free consultancy between them

Don’t be the person that causes someone to be have to write this.
⁨Comment⁩ on ⁨If the government raided your house and found a bunch of .mkv files but you insist its all legally obtained, how do they ascertain if they are actually pirated or not?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
There are separate criminal and civil offenses when it comes to copyright infringement, assuming USA. Very generally, under criminal law, it is an offense to distribute copyrighted material without the right or license to do so. Note the word “distribute”, meaning that the crime relates to the act of copying and sharing the work, and usually does not include the receiving of such a work.

That is to say, it’s generally understood that mere possession of a copyrighted work is not sufficient to prove that it was in your possession for the purpose of later distribution. A criminal pprosecution would have to show that you did, in fact, infringe the copyright by distributing a copy to someone or somewhere else.

Separately, civil penalties can be sought by the copyright owner, against someone found either distributing their work, or possessing the work without a license. In this case, the copyright owner has to do the legwork to identify offenders, and then would file a civil lawsuit against them. The government is uninvolved with this, except to the extent that the court is a branch of the federal government. The penalty would be money damage, and while a judgement could be quite large – due to the insanity of minimum damages, courtesy of the DMCA – there is no prospect of jail time here.

So as an example, buying a bootleg DVD for $2 and keeping it in your house would not accrue criminal liability, although if police were searching your house – which they can only do with a warrant, or your consent – they could rip-off the copyright owner and you could late receive a civil lawsuit.

Likewise, downloading media using Megaupload, usually also doesn’t meet the “distribution” requirement in criminal law, but still opens the door to civil liability if the copyright owner discovers it. However, something like BitTorrent which uploads to other peers, that would meet the distribution requirement.

To that end, if officers searching your home – make sure to say that you don’t consent to any searches – find a running BitTorrent server and it’s actively sharing copyrighted media, that’s criminal and civil liability. But if they only find the media but can’t find evidence of actual uploading/distributing, and can’t get evidence from the ISP or anyone else, then the criminal case would be non-existent.
⁨Comment⁩ on ⁨Before social media/internet/cell phones/landlines/payphones; how would 2 friends living across the same city arrange in person meetings and stay in touch?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If this is about that period of human history where we had long-distance transportation (ie railroads) but didn’t yet have mass communication infrastructure that isn’t the postal service – so 1830s to 1860s – then I think the answer is to just plan to meet the other person at a certain place every month.

To use modern parlance, put a recurring meeting on their calendar.
⁨Comment⁩ on ⁨Why there is no clock that displays time 4:20:69 ?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It can be, although the example I’ve given where each counter is a discrete part is probably no longer the case. It’s likely that larger ICs which encompass all the requisite functionality can do the job, at lower cost than individual parts.

But those ICs probably can’t do 4:20:69, so I didn’t bother mentioning that.