mox
@mox@lemmy.sdf.org
- Comment on We're Back! 1 week ago:
In that case, I think you’ll appreciate the voice cast in this new adaptation.
- Comment on We're Back! 1 week ago:
I ended up watching some new anime. Ranma ½ (2024) is kind of bonkers, in a fun way.
SDF is a quirky instance, isn’t it? It might go down once in a while, but at least to me, it feels more like a community system than some of the bigger instances. I love that it hasn’t made Cloudflare an observer and gatekeeper of everything we read and write on Lemmy.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
You can’t know with certainty on Signal that the client and the server are actually keeping your messages encrypted at rest, you have to trust them.
This is untrue. By design, messages are never decrypted on the server when end-to-end encryption is in use. They would have to break the encryption first, because they don’t have the keys.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
Some advantages are listed in this /c/Technology comment:
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
Room membership and various other room state events are not currently end-to-end encrypted, which means a nosy admin on a participating homeserver could peek at them. (They’re still not visible on the wire, though, nor on homeservers that don’t host members of the room.)
I don’t know if Signal is actually much better, since I haven’t looked at their protocol. They hyped their Sealed Sender feature as a solution to things like this, but it can’t really protect from nosy server admins who are able to alter the code, and they fundamentally cannot hide network-level meta-data like who is talking with whom. There’s a brief and pretty accessible description of why in the video accompanying this paper.
I don’t have a list of Matrix events that are typically unencrypted. You could read the spec to find them, if you were motivated enough to slog through it, but be warned that network protocol specs tend to be long and boring. :) Unfortunately, the few easy-to-digest blog posts about it that I’ve encountered have been both alarmist and inaccurate on important points (one widely circulated one was so bad that the author even retracted it), so not very useful for getting an objective view of the issue.
However, the maintainers have publicly acknowledged the issue as something they want to fix, both in online forums and in bug reports like this one:
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
Could someone smarter than me explain Matrix to me?
It’s a real-time messaging platform. The most common use case for it is text chat, both in groups (like Discord or IRC) and person-to-person (like mobile phone text/SMS). It has other features as well, like voice chat, video conference, and screen sharing, although much of that is newer and only just beginning to get support in clients.
- What would be the utility for someone, who cares about privacy and currently uses Signal and email for communication?
Compared to Signal:
- Matrix doesn’t require a phone number, or even an email address (although some public homeservers want an email address as a recovery option in case you forget your password).
- Matrix has a variety of clients, so finding an app that fits your needs is likely to be easier.
- Matrix clients typically don’t require Google services at all; neither to get the software nor to receive notifications.
- Matrix cannot be monitored at any single location, so it’s more resistant to meta-data tracking at the network level.
- Matrix cannot be shut down by any single organization, so it’s more resistant to censorship and denial-of-service attacks. If a homeserver is ever forced offline, only the accounts on that homeserver go away; all your other contacts remain intact.
- Matrix (last time I checked) had better support for using multiple devices on the same account.
- Matrix homeservers can be self-hosted by anyone, and still participate in the global network.
- Signal’s encryption covers more meta-data at the application level than Matrix currently does. This might be important if you’re a whistleblower or journalist whose safety depends on hiding your contacts from well-positioned adversaries, for example.
Compared to email:
- Matrix has end-to-end encryption, with forward secrecy, built in.
- Matrix is geared for instant messaging.
- Matrix supports features that people have come to expect from modern chat platforms, like reaction emoji and message editing.
- What advantage would it give me over other services?
We already covered Signal, and there are too many other services to compare every difference in all of them, but here are some common advantages:
- Matrix is a completely open protocol, developed through a public and open process, with open-source servers and client apps. This is important to people who care about privacy because it can be scrutinized by anyone to verify that it operates as it claims to, and can be improved by anyone with a good idea and motivation to participate.
- Matrix has multiple clients for every major platform: desktop, mobile, and web.
- Matrix handles groups of practically any size (including just one or two people).
- Matrix messages can be delivered even when you’re offline, no matter for how long, and they persist until you’re online again.
- Is Matrix anything good already, or is it something with potential that’s still fully in development?
Until recently: Ever since cross-signing and encryption-by-default arrived a couple years ago, it has been somewhere between “still rough” and “pretty good”, depending on one’s needs and habits. I have been using it with friends and small groups for about five years, and although encrypted chats have sometimes been temperamental, they have worked pretty well most of the time. When frustrating glitches have turned up, we sorted them out and continued to use it. This has been worthwhile because Matrix offers a combination of features that is important to us and doesn’t exist anywhere else. I haven’t recommended it to extended family members yet, because not everyone cares as much about privacy or has the patience for troubleshooting in order to get it. However…
Recently: The frequency of glitches has dropped dramatically. Most of the encryption errors have disappeared, and the remaining ones look likely to be solved by the “Invisible Encryption” measures in Matrix 2.0. Likewise with things like set-up and sign-in lag.
If you’re considering whether it’s time to try it, I suggest waiting until Matrix 2.0 features are officially implemented in the clients and servers you want to use, which should be pretty soon. I wouldn’t be surprised if I could confidently recommend it to family members in the coming year.
- How tech savvy does one need to be to use Matrix?
If you just want to chat, not very. Even one or two of my friends who can barely use email got up and running pretty quickly with a little guidance. Someone who can get started using Lemmy by themselves can probably handle it without guidance.
If you want to host your own server, moderately tech savvy.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
You shouldn’t crap on people being honest about the problems that have existed,
I haven’t “crapped on” anyone. I just pointed out that a comment, which was an absolute declaration in present tense, is misleading, poorly informed, and needlessly quarrelsome. Because it is. And the author then tried to justify it by putting words (“always”) in someone else’s mouth. None of that is honest. It was arguing in bad faith, and it’s important to call that sort of thing out, because letting it go is how misinformation spreads.
If they had instead just presented their view as historical experience to help inform about track record, I wouldn’t have taken issue with it.
Too much in the open source community is people saying this is great!
Perhaps, although that’s common around proprietary software as well.
Great is subjective. Matrix has struggled with some problems that rightly frustrated people, but it also has accomplished some things that no other messaging platform has. By that measure, it is a great project. And the announcement we’re all discussing here demonstrates that it is getting better. Just as barkingspiders said.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
rolling their own crypto
No, it uses well-known, well-proven, standard crypto.
It also uses double-ratchet key management, much like what Signal does.
The reference server is a bit heavy if you’re federating with large public rooms, but lighter alternative servers are available.
- Comment on AMD's Weak Q4 Guidance Leads To 7% Share Price Drop In Aftermarket Trading. 2 weeks ago:
I sometimes report such posts when I think of it.
I don’t think corporate news satisfies Rule 2 just because the corporation happens to do something with technology. (Practically every corporation does things with technology, after all.) I expect posts here to be about the technology itself.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
So you were aware that this announcement includes fixes for the encryption issues, yet you decided to post a comment complaining about them anyway, ignoring the point of this post and giving readers the false impression that the issues are unaddressed.
And you did it just to contradict someone who has found the project useful.
That’s not helpful to anyone. Quite the opposite, I’d say.
- Comment on AMD's Weak Q4 Guidance Leads To 7% Share Price Drop In Aftermarket Trading. 2 weeks ago:
This is /c/technology, not /c/stocks.
- Comment on Matrix 2.0 Is Here! 2 weeks ago:
Looks like someone didn’t read the article. See part 4: Invisible Encryption.
- Comment on Video game libraries lose legal appeal to emulate physical game collections online 2 weeks ago:
The argument against it is founded on copyright.
We fund copyright in order to enrich our culture, by incentivizing creative works.
Blocking creative works preservation strips away the cultural enrichment.
What’s left? People being compelled through taxes to fund profit police for copyright holders who aren’t holding up their end of the bargain.
It’s worth noting that publishers, and especially the “rightsholder groups” that they hire, are not artists. They are parasites. They are paid more than fairly for their role in getting creative works out there in the first place. I can’t think of any reason why they should have continued control after they’ve stopped publishing them.
- Submitted 2 weeks ago to retrocomputing@lemmy.sdf.org | 1 comment
- Comment on DEF CON 32 - Inside the FBl's Secret Encrypted Phone Company 'Anom' - Joseph Cox 3 weeks ago:
Fixed link: www.youtube.com/watch?v=uFyk5UOyNqI
- Comment on SF ads call out tech firms for not paying for open source. 3 weeks ago:
I don’t want their money. Money means they’ll feel even more like they own it.
I wonder if this could be avoided by having companies pay into funding pools instead of paying specific developers. Something like the Sovereign Tech Fund, perhaps with different structures or selection processes, might mitigate any sense of corporate entitlement.
- Comment on Day 100 of posting a Daily Screenshot from the games I’ve been playing until I forget to post Screenshots 3 weeks ago:
Nice timing. This arrived during my Bubble Nebula stop while exploring in Elite Dangerous. (I put a screen shot in that community, in case you’re curious.) Space sure can be pretty.
- Comment on Dragon Age: The Veilguard | Official Launch Trailer 3 weeks ago:
Or Google’s “sign in to confirm your age” nonsense by watching it somewhere else, like here:
- Comment on I'll share a troubling fact with you if you share one with me 3 weeks ago:
Would this be a good time to bring up prions?
- Comment on Youtube - Bryan Lunduke - Sanctions Hit Linux Kernel, Russian Programmers Banned 3 weeks ago:
For those who prefer news in a text forum to be in text format, here’s some detail, including quotes from Linus:
- Comment on Netflix has closed its AAA gaming studio 3 weeks ago:
They had one?
- Comment on Naughty Dog’s next game will reportedly offer ‘a lot of player freedom’ | VGC 3 weeks ago:
Naughty Dog did some solid storytelling in TLoU. It would be great if they could figure out how to apply that well to a game that isn’t on rails.
“I think some of the best storytelling in The Last of Us – yes, a lot of it is in the cinematics – but a lot of it is in the gameplay, and moving around a space, and understanding a history of a space by just looking at it and examining it.
I do appreciate this in game worlds, although this alone is not enough to make an open world fun. The world has to be interesting and diverse, full of unique things, places, and situations to discover, so players will want to spend their time exploring it. Here’s hoping Naughty Dog doesn’t repeat the mistake other studios have made by churning out another open world of monotony.
- Comment on Is there a video-game .ics/calendar that I can subscribe to keep up with recent releases? 3 weeks ago:
If you don’t find one, you might consider looking for RSS (or Atom) feeds that list new game announcements or reviews. Maybe one of these, for example.
- Comment on Intel is a security risk for China, says influential industry group. 3 weeks ago:
Your hypothetical energy savings from new hardware is meaningless unless you subtract from it the energy use from manufacturing and distributing a new system, as well as that from disposing of the old one.
Also, you haven’t addressed the other problems mentioned at all.
- Comment on Intel is a security risk for China, says influential industry group. 3 weeks ago:
Government comprises many departments and organizations, which do many things. It’s not a single blob of all good or all bad.
Also, not all back doors and CPU bugs are government-imposed.
- Submitted 3 weeks ago to technology@lemmy.world | 0 comments
- Comment on Intel is a security risk for China, says influential industry group. 3 weeks ago:
I’m online, and I commend you for continuing to use your hardware for as long as it does the job, instead of adding to the world’s energy, material, and e-waste problems. Well done.
- Comment on Intel is a security risk for China, says influential industry group. 4 weeks ago:
According to the translation I read, the security-related complaint in CSAC’s post is mainly about Intel Management Engine. And you know what? They’re right. It is a back door, and it is a security risk. Not a new or obscure one, though, and not just for China.
The risks imposed by Intel Management Engine and AMD’s Platform Security Processor have been known for several CPU generations. Obviously, a lot of us are unhappy about this and would like a way to disable them.
support.system76.com/articles/intel-me/
hackaday.com/…/disable-intels-backdoor-on-modern-…
Instead, these components have been made more and more integrated with core system functionality, making the prospect of disabling them less and less practical. I fear it may take legislation to give us back control of the computers we supposedly own.
- Comment on Former Intel CPU engineer details how internal x86-64 efforts were suppressed prior to AMD64's success 4 weeks ago:
Mirror of Phil Park’s tweet: