ilmagico

@ilmagico@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Manjaro is experimenting with **opt-out telemetry | Hacker News (More like op-out spying)⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I had a forum account from long ago that I barely use and even I was able to vote … so if you had an account there, give it a try and vote!
⁨Comment⁩ on ⁨Podman or rootless docker?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Was this with podman or rootless docker?

I also would like to switch to rootless, I have some experience with podman and, while I generally like it, it’s not 100% compatible with (rootful) docker, and can have performance issues if you’re not careful, especiallt with certain file systems like btrfs. I wonder if rootless docker is now better than podman, or preferred for some other reason.
⁨Comment⁩ on ⁨REPORT: Arm is sensationally canceling the license that allowed Qualcomm to make Snapdragon chips which power everything from Microsoft's Copilot+ PCs to Samsung's Galaxy smartphones and tablets⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I could be wrong, but I think Qualcomm designs its own chips and only licenses the “API”, so it would be no difference for them.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I was finally able to find some technical detail on passkeys on FIDO website, and yeah, it actually looks like it’s a real improvement over passwords: it’s simple, uses proven technology (public/private keys), and should be much more secure than passwords.

Also, nothing in the “specs” says I need to entrust my private key with the OS or a third party, which is good.

That said, it seems some OS support is required nonetheless, to show the pin / biometrics prompt (or is it?), and on android at least, I’d need to buy a new device with Android 14 to use a non-Google passkey provider…
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I use KeePassXC on desktop and Keepass2Android on, well, android, and sync via nextcloud. They all seem to handle syncing correctly, merging changes made on one side, or showing a notification about a conflict, and KeePassXC can definitely merge the two “conflicted copies” together reliably with a couple of clicks (yes, a no-click solution would be better, I know, but it’s not “manual”). Keepass2Android integrates directly with nextcloud and seems to handle it fine.

The situation can definitely be improved but it’s not so bad for me. Also, two different people should probably use two different database files and not share passwords ;)

Not sure how syncthing handles conflicts, it’s been many years since I tried it.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I use KeePassXC’s browser integration daily and it works pretty well with Firefox (linux), well enough that I’m not complaining, but I cannot compare it with Bitwarden cause I never used it. On Android I use Keepass2Android and works well with autofill, but again, I can’t really compare it.

Something tells me Bitwarden works better, just by virtue of being a commercially supported product, but I have no complaints with KeePassXC & Keepass2Android (KeePassDX works well on android too). Original KeePass desktop client was never great though.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I see, that makes sense and should be more secure, in theory. Thanks for the explanation.

The issue I have is, whether I need to trust a third party with my private key, e.g. Google with Android, Microsoft with Windows, etc. (yes on linux it’s different, but that’s not my only OS).

Also if the private key does get compromised (e.g. local malware steals it), hopefully there’s an easy way to revoke it.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Ok, from a quick search, it seems passkeys rely on some trusted entity (your browser, OS, …) to authenticate you, so, yeah, I’m not sure if Ilike that. The FIDO alliance website is all about how easy, convenient and secure passkeys are, and nothing about how they actually work under the hood, which is another red flag for me.

I’ll stick to old-fashioned, long, secure, randomly generated passwords, thanks.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
From a quick search, Keepass2Android doesn’t have it, not clear if they’re working on it: github.com/PhilippC/keepass2android/issues/2099

KeePassDX similarly has an open issue, not clean when/if it will be implemented: github.com/Kunzisoft/KeePassDX/issues/1421

Good to know about Strongbox on iOS, though I’m on android so no bueno for me.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I don’t use passkeys so I don’t know. Maybe I should research into passkeys, what’s the benefit over plain on (long, randomly generated) passwords?
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox… or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.

Based on this news, I think I made the right choice back then when I decided to go with KeePass.
⁨Comment⁩ on ⁨Concerns Raised Over Bitwarden Moving Further Away From Open-Source⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
What do you mean “no cross device support”? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available…

As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that’s a feature, not a limitation :)
⁨Comment⁩ on ⁨I tried to selfhost Nextcloud at work⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
If I understand correctly, nextcloud automatically updated … which I didn’t think it would, normally. Maybe it’s a “feature” of the AIO docker image?
⁨Comment⁩ on ⁨I tried to selfhost Nextcloud at work⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Never upgrade to the latest and greatest of … anything really, especially in production. Let others test it first, or as suggested already, have a staging environment where you test the upgrade first. Still, I guess you can still downgrade nextcloud, especially if you have a backup.

Are you using the AIO image? I don’t know how well that works, but yeah, I absolutely hate automatic updates like that. I tried it once and I decided to use the plain “official but not supported” docker image instead, where I manage things myself. Never had an issue, and I can control which version I’m running, I can backup to wherever I want, using whichever system I want, etc.
⁨Comment⁩ on ⁨Advice column: Why trust Signal?⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Didn’t he promote it at some point?
⁨Comment⁩ on ⁨Microsoft donates the Mono Project to the Wine team⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
… and execution speed is faster. And they’re both open source. I mean, good thing we have choices, right?
⁨Comment⁩ on ⁨Stealthy 'sedexp' Linux malware evaded detection for two years⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Sure, once you have root on the host system you can pretty much do whatever you want … adding entries to udev isn’t anything revolutionary.
⁨Comment⁩ on ⁨ID Scanners Can Change How Your Local Bar Treats You—and Whether It Lets You In.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
From the article:

Patronscan previously had a system flag for “substance abuse,” but this flag was removed in 2019, according to Mlikotin. Its privacy policy notes a California law that limits its flags to “fraud, abuse, and material representation.”
⁨Comment⁩ on ⁨AMD to buy Finnish start-up Silo AI for $665mn in drive to compete with Nvidia⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

Silo AI is committed to “open source” AI models, which are available for free and can be customised by anyone. This distinguishes it from the likes of OpenAI and Google, which favour their own proprietary or “closed” models.

It’s funny that a company called Silo AI makes open LLM models while one called OpenAI makes closed ones…
⁨Comment⁩ on ⁨I hate Clouds - a personal perspective on why I think Clouds suck⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
You’re welcome! And yes, I can confirm it works in light mode as well :)
⁨Comment⁩ on ⁨tup - open source self-hosted tunnel proxy⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
If you want people to take you seriously about being open source, you need to have a git repo, like github, gitlab, etc. you can even self host one. Heck, you can even use a different (non git) DVCS, but not just a link to a cloud drive…
⁨Comment⁩ on ⁨I hate Clouds - a personal perspective on why I think Clouds suck⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I was reading the site on Android, and it looked dark, but after seeing this comment, I tried disabling Android system wide dark mode, and sure enough it became white like in the screenshot! For the record, I tied with both Firefox and a Chromium-based browser.
⁨Comment⁩ on ⁨US bans Kaspersky antivirus software due to 'national security risk'⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
McAfee is not Russan, just like Instagram is not Chinese (I thought it was clear enough).

Yes it’s a clear reference to TikTok, which I don’t like for many many reasons, but none of those reasons is why it was banned, it’s because it’s Chinese.
⁨Comment⁩ on ⁨US bans Kaspersky antivirus software due to 'national security risk'⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
But is not Russian, just like Instagram is not Chinese.
⁨Comment⁩ on ⁨Samsung mocks Apple’s crushing iPad Pro ad with its own ‘UnCrush’ pitch⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Maybe I should’ve specified that it was unlocked via the official “OEM Unlock” switch provided by Samsung. Yes, there are Samsung phones that can be unlocked, though you’re right, many cannoy (usually US versions).
⁨Comment⁩ on ⁨Samsung mocks Apple’s crushing iPad Pro ad with its own ‘UnCrush’ pitch⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I’m writing this from a samsung with unlocked bootloader.
⁨Comment⁩ on ⁨Terrifying reality of what airport security could actually see through an X-ray machine⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Millimeter waves is what they use in airport scanners,not x-rays.
⁨Comment⁩ on ⁨Chinese battery developer unveils new tech with 1,300-mile range that could revolutionize EVs: 'An important piece of the puzzle'⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
You’re right, I didn’t see it! I just saw a bunch of chinese writings, which I cannot read, so didn’t bother trying to read even the only thing I could 😅
⁨Comment⁩ on ⁨Chinese battery developer unveils new tech with 1,300-mile range that could revolutionize EVs: 'An important piece of the puzzle'⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:

The real numbers we need to see are watts per volume, or watts per mass

You have to chase it down, following the link to electrek.co, but then it says: “the prototype cells house an energy density of 720 Wh/kg”

(of course, I’m just stating what is claimed, no idea how true)
⁨Comment⁩ on ⁨Google Contract Shows Deal With Israel Defense Ministry⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
If you (or that website) want to spread this kind of alarmist information, some would say conspiracies, you’d better back it with credible sources for all the claims in there. I read it and saw exactly zero evidence.