There are services that allow anonymous payments. I think Proton, Mailbox.org, and Posteo all accept cash payments.

Kagi has a “privacy pass” feature, which uses some fancy ephemeral authentication tokens that are not traceable to your specific account. You lose personalized settings, naturally (like site rankings) but you can do searches that aren’t directly tied to your account.

For email, there’s no one-size-fits-all risk model. I mean, my email address is my full name, @ a domain that I own and is itself traceable to me. I have no need for anonymity, but I DO need privacy and security.

I don’t think you’ll find another major repo with so many real-world incidents though. Whether this is because of a systemic problem or just because it’s targeted more frequently, I’m not sure.

Now stand in awe of my wild, wild rolling!

I’ve also had Macs online for years without issue.

I guess it only applies to “ephemeral” ports 49152–65535, though I’m not sure what range macOS actually uses. Wikipedia has numbers for Linux and various Windows versions but not macOS: https://en.wikipedia.org/wiki/Ephemeral_port

So does that mean typical desktop usage, like email, web browsing, SSH, etc. would be unaffected? Anyone have any insight on this? I’m not a networking expert myself.

I can’t believe the claim that “everything else dies” when that goes directly against observed reality.

You can run Linux on Mac hardware if that’s what you mean.

But I was talking about the software side, in comparison to Windows.

MacOS is not a walled garden any more than Windows is. That’s just iOS/iPadOS.

You can run any software you want on macOS. It doesn’t need to be from the App Store, and it doesn’t need to be notarized by Apple or even signed.

How long that will remain true is an open question. I don’t think they can realistically enforce signing or notarization in the near future. Too much would break.

If I understand you correctly: 63.4% odds of having at least one hallucination.

The simple way to calculate the odds of getting at least one error is to calculate the odds of having ZERO, and then inverting that.

If the odds of a single instance being an error is 1%, that means you have a 99% chance of having no errors. If you repeat that 100 times, then it’s 99% of 99% of 99%…etc. In other words, 0.99^100 = 0.366. That’s the odds of getting zero errors 100 times in a row. The inverse of that is 0.634, or 63.4%.

This is the same way to calculate the odds of N coin flips all coming up heads. It’s going to be 0.5^N. So the odds of getting 10 heads in a row is 0.5^10 = ~0.0977%, or 1:1024.

Edit: This is assuming independence of all 100 prompts, which is not generally true in a single chat window, where each prompt follows the last and retains both the previous prompts and answers in its context. As the paper explains, error rate tends to increase with context length. You should generally start a new chat rather than continue in an existing one if the previous context is not highly relevant.

Which means the entire article is bullshit.

Not necessarily. It could just be that Microsoft’s “root” detection is misnamed or poorly implemented. They would not be alone in either case.

Can’t go wrong with publishing order. I refer to the Coppermind wiki for that: https://coppermind.net/wiki/Cosmere#Bibliography_of_the_Cosmere

I personally started with Stormlight Archive, which I wouldn’t call optimal, but hey, I have no regrets. In general I’m a “gates open” kind of fan, so I encourage readers to go in whatever order they like and enjoy any extra mystery that might come along with it. :)

The only ones I’d really recommend against reading without context are The Sunlit Man, and to a lesser extent Yumi and the Nightmare Painter. It kind of pains me to say that about Yumi because it’s such a fantastic book and I’d hate to discourage anyone from reading it. But you’d need to comfortable rolling with confusion if you’ve never read any Stormlight Archive, because

That said, Lost Metal includes connections to

I wouldn’t say that’s required reading before Lost Metal. I personally read Lost Metal first and, again, no regrets. But now I do kind of want to go back and read a few chapters again given the additional context I have now.

For most: yes, there is a risk that the vendor has included a backdoor. There is also the risk that they are straight-up lying about how their service operates.

For Signal in particular: You can verify that their claims are true because you can audit the source code.

The Signal client is open-source, so any interested parties can verify that it is A) not sending the user’s private keys to any server, and B) not transmitting any messages that are not encrypted with those keys.

Even if you choose to obtain Signal from the Google Play Store (which comes with its own set of problems), you can verify its integrity because Signal uses reproducible builds. That means it is possible for you to download the public source code, compile it yourself, and verify that the published binary is identical. See: https://github.com/signalapp/Signal-Android/tree/main/reproducible-builds

You might not have the skills or patience to do that yourself, but Signal has undergone professional audits if anyone ever discovers a backdoor, it will be major news.

You are more likely to be compromised at the OS level (e.g. screen recorders, key loggers, Microsoft Recall, etc.) than from Signal itself.

I’m also on a Brandon Sanderson kick (for roughly two years now). I’m currently reading The Sunlit Man. It’s good, but don’t read it until you finish the Stormlight Archive series and the standalone novella Shadows for Silence in the Forests of Hell. Most of the Cosmere stories are fairly approachable in isolation, but this one is very dense with references to established characters, places, and lore, to the point where it should be considered a sequel or spinoff. Even I feel a little lost!

If anyone’s looking for an easy way into Sanderson’s Cosmere (it’s intimidating! I get it!), I highly recommend the novella The Emperor’s Soul. It’s self-contained, it’s short, and it’s just a fantastic story. If you prefer listening to reading, Graphic Audio has an “audio movie” version which is a nice taste of what they offer, too.

@[email protected] let me know if you want recommendations on reading order before you continue on to The Lost Metal.

Last I checked, there is still no way for developers to use RCS on Android, so it’s a non-starter for me. I do not and will not limit myself to first-party apps.

Please correct me if I’m wrong. If there’s an open-source RCS-compatible messaging app out there, I’d love to try it.

One reason is that Python is not built-in on macOS anymore, so it’s hard to justify using it for management scripts. Particularly when you do not have control of the execution environment to begin with. I’ve written some obnoxiously complicated bash (or zsh) scripts because I want to make sure it will run on a vanilla Mac with no additional dependencies. 10 years ago I would’ve done all that stuff in Python, but not anymore. Thanks, Apple!

From a technical perspective, sure, I could push out a portable python environment and it wouldn’t affect the rest of the system. But that comes at a cost. I don’t want to fight for it, and I don’t want to be responsible for maintaining it. It’s easier to just use bash/zsh.

Python is also too heavy for some embedded devices. Not sure if I can count on Amber scripts to run in a busybox environment but maybe?

That said, if the question is “is it worth learning a whole new thing when I already know bash/zsh”, I am not so sure. But in principle, I dig it, regardless of how practical it is with my specific background and needs. I mean, if I learned about this 20 years ago I feel like I might still be reaping rewards.

That’s a good rule of thumb, but as a direct point of comparison, it’s not that bad with iPhones. Apple’s MDM protocol is very particular about what admins are allowed to control even on company-owned devices. For example, admins can’t see the Apple ID used on the phone and can’t grant apps screen sharing permission without user approval.

And we certainly can’t access iMessage.

Kagi actually does have an anonymous authentication option. https://blog.kagi.com/kagi-privacy-pass

I get that they don’t want to deal with Google Play

Was that the reason? Shame they didn’t just leave it on F-Droid and GitHub then. Nobody needs to use Google Play (at least not yet…)

This reminds me of a line from the novel Popco by Scarlet Thomas: “Do what can, then stop.”

I repeat this to myself when I feel overwhelmed with the scope of a task, or when I start to let “perfect” become enemy of “good”.

For example, if you feel like you should stop eating meat but find that difficult for whatever reason, don’t throw your hands up. Do what you can, then stop. Maybe that means eating meat a few times a week instead of every day.

It applies to politics as well. I know plenty of people who refuse to engage at all because they don’t feel like it’s possible to do “enough”. Do what you can, then stop. Maybe that means spending fifteen minutes before voting day to find the least odious candidate you can vote for. Maybe it means phone banking or joining a campaign. Maybe it means running for office. Or maybe it just means talking to some friends about issues that matter to them.

Or maybe you’re trying to lose weight. I think we’ve all seen people try and fail because there seems to be no middle ground between giving up and letting it dictate your entire life. Do what you can, then stop. Maybe that just means drinking more water and less of anything else.

Don’t beat yourself up just because you can’t fix the whole world.

I used to use Filen for this, but it never worked very well. The file provider path it returned to Keepass2android was only temporary, so it would break periodically. Did Filen change how that works?

I eventually started using Syncthing instead. I connect to my home wi-fi often enough that it’s never too far out of sync with my home PC. And since it’s a local file, there’s no issue with using absolute paths.

You should probably report that to the browser developer. Sounds like their tracker filter has a bug causing false positives.

I was thinking that it sounded about right, until I read beyond the headline:

Its value is approximately one hour, or half an hour for a one-way trip.

WHAT. I thought he meant one hour each way!

Are there any cities where that is the norm??? I’ve had sub-30 commutes in my life, and it felt like the height of luxury.

I had a 1.5 hour (one way) commute for a while, and I was burned the fuck out after a year of that. It takes a toll on your health.