• 1 Post
  • 77 Comments
Joined 3Y ago
cake
Cake day: Apr 18, 2019

help-circle
rss

Have you read the Doctorow novel about jailbreaking a toaster? It’s fantastic


Not everyone is wanting 100% anonymity when using Signal.

Strongly disagree. As someone who has lots of friends and comrades using Signal on a daily basis, the fact that you have to tie it to a phone is (rightfully) perceived by anarchists as a threat against us.


The project you’re describing looks a lot like Hubzilla or Diaspora. And Hubzilla could certainly be helped with some design volunteers :)


Yes. Facebook has been involved in surveillance and censorship of anarchist/antifascist milieux for a while.


What good does nationalization do when there’s no workers self-organization? The USSR (even before stakhanovism) is a good example of how top-down organization is a complete failure for workers, for users, and for society at large.

We need self-organization at all levels, right now.


I think it’s great languages borrow ideas from others. Rust didn’t invent anything (seriously) but took good parts from many existing languages and refined them into a consistent whole. I’m certainly happy to see the direction Python is headed (type hints) or PHP (enums). It’s not necessarily related to Rust, but i believe many people from different backgrounds finding interest in Rust (not just for the borrow checker) certainly helps other languages advance.


Rust is really bad with global side-effects from one object to another. In some regards, Rust is a really good object-oriented language (in the “original” definition) because it has strong typing guarantees, first-class interfaces (traits) and the best (de)serialization library i’ve ever encountered [0].

But Rust being parallel-friendly by default will prevent you from all sorts of patterns common in dynamic languages (JS, Python, PHP), where all objects hold mutable references to any other object (without clear hierarchy/interface) and anything can be mutated from any part of the program. In single-threaded programming, this kind of object tinkering can lead to unexpected behavior (not undefined behavior) where one tiny function somewhere will have crazy side-effects that will break some other part of the program. But in parallel programming, it’s certain to cause all sorts of quirks due to race conditions (two threads accessing/modifying the same data).

In that sense, Rust takes some inspiration from functional programming, and side-effects are declared with mutable pointers (&mut Type). So it’s still technically possible to do everything you do in a dynamic language in Rust, but the language doesn’t make it especially easy. I personally think it’s a very good trade-off. Although i’m sometimes bored to write more boilerplate, i can’t stress enough how relaxing it is to have your code working expectedly as soon as it compiles. It feels like a superpower.

[0] serde. Seriously, serde is so powerful and standard across the Rust ecosystem that writing serialization code in golang/python feels very clunky after trying that out.


Why is rust bad for unsafe? Isn’t that like a superpower to be able to “override” the borrow checker on a specific line instead of having a whole unsafe codebase?


How? You still have to check wether it’s NULL or not.

I think that’s the parent’s point: in C/C++ you don’t have to deal with null. You can just pass it around and potentially start unintended/undefined behavior. While in Rust, it’s a compile-time error if you don’t unwrap the option somehow (eg. if let Some(content) = optional_content).

So yes it’s more concise and “beautiful”, but you’ll probably bite your own hand at some point playing this game


vassal state Israel

I’m not saying you’re wrong suggesting USA and Israel (and France and some others) work hand-in-hand, but Israel is not exactly a vassal state. It’s got political autonomy, a strong military industrial complex of its own, and of course its own colonies.


There’s more precise criticism in the article. For example, that the “portals” system tries to be transparent to applications instead of exposing an explicit API. Or that maintaining multiple huge runtimes makes it likely you’ll need a lot of storage just to run new apps (contrary to a system like guix/nix where only specific deps would have to be duplicated). Or that the drivers/graphics stack should be part of the OS for consistency, not be bundled with applications. Or that layering many forms of containerization is not sustainable/debuggable.

There’s an entire “Is Flatpak Fixable?” section full of recommendations.


Note that you could do that with any program without flatpak. For example with firejail


Is it though? is it integrated by default in your desktop environment? Can you easily add 3rd party repos from GUI? Can you finely edit the sandboxing settings for an app from GUI?

Hell, i can’t even find how to make flatpak apps respect my keymap for keybindings. Inside a flatpak run’ed app, typing respects AZERTY but pressing Ctrl+A will trigger quit dialog (Ctrl+Q) as if i used QWERTY keymap.


The distro packages are not distro-agnostic. But a linux release tarball is distro-agnostic, although some system settings can affect it.

We’ve been doing release tarballs for literally decades now and there’s nothing wrong with them, but package managers help with updates, GUI, and dependency management. AppImage in particular supports PGP signatures and differential upgrades, which is pretty cool. Flatpak has interesting approach about “portals” for sandboxing, although it’s far from user-friendly or secure so far. Snap has really nothing going on for it and there’s absolutely 0 reason to use it. [0]

[0] Yes there’s one reason, as always, it’s pushed by a big corp. So leap.se project for example packages bitmask only for snap because that’s where their userbase is. Such a shame.


Exactly. Both very good examples of why manual memory management is… untrustworthy? (that’s the polite way i could say it)


I assume you mean because of size limits.

ooooh my bad i thought i read “8 bits” not “8 bytes” so i thought that was a little low for anything :D :D

because the point of this feature is to emulate group chats, where that’s desired

Isn’t there other ways to do so? Like using a group identifier? Or hashing the addresses?

I wasn’t confident enough in any particular one to want to use it as a transport.

Very good point. I would say as long as you don’t do anything particular on the network, remaining transport-agnostic is a good idea so that people can route over Tor/I2P or any other network of their choice.

(Briar) The main reason I wrote it off was for requiring a phone

Why would Briar require a phone? It should work perfectly on Anbox emulator, and i personally can’t wait for a proper desktop/TUI client :)


The easiest way is to use the admin interface of your router to see connected devices. Turn on plane mode on your phone, then connect again. See if the device is “recognized” (with the same MAC) on your router or not.



I think the best shot you have atm is simply to accept donations on LiberaPay, OpenCollective, or wtv.

What’s wtv? But yes sure donation sounds like a much healthier model than microtransaction. I never understood the craze about those: why would i use microtransactions (as a spender or receiver)? Isn’t that essentially the appeal of capitalism and pay-per-view reaching into cyberspace?


8-byte number of milliseconds since the epoch (the start of 1970) 1-byte number of recipients other than the one reading the message

For future-proofing, both of these are probably terrible ideas :)

the other recipient IDs

Not sure if that’s good or not. That’s one of the problems with email, leaking so many addresses in the CC field (that’s why we have BCC). Spam protection is hard in p2p networks, but i’d imagine that by “threading” discussions you could generate specific keypairs so that if some spam starts flowing in your direction from a discussion you can just drop that keypair (like email aliases).

traffic never flows through the same node in both directions

That’s pretty cool. Have you considered using I2P or an even-more experimental mixnet (like katzenpost) as transport layer?

Thanks for the read I’ll finish tomorrow (getting late). In the meantime, are you familiar with the Briar? They also use some gossiping (wifi, USB keys…) as well as onion services to broadcast messages.


For those who have ignored the news for the past 2 years, Hong Kong is now under control from the chinese government/law. See also Hong Kong National Security Law on wikipedia…