freedomPusher

joined 4 years ago
MODERATOR OF
gdpr
netneutrality
bugs
right_to_unplug
bugs_in_services
personalfinance
paperless
cyber_activism
collaboration
sorted by: new top controversial old
lemmy.blahaj.zone and blahaj.zone are both down in c/fediverse@discuss.online
[–] freedomPusher@sopuli.xyz 1 points 1 year ago (1 children)

!isitdown@infosec.pub is a better place for this info.

(the whole fediverse) Mechanism lacking to tag shitty links and sites in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 1 year ago* (last edited 1 year ago)

And speaking of replacement links, we need a way to add them and have the alternative links voted on, and ultimately the replacement link should potentially outrank the original link and take the spotlight. I will add this to the OP.

(the whole fediverse) Mechanism lacking to tag shitty links and sites in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 1 year ago (1 children)

Perhaps. Simplicity is important. But what if I circumvent the exclusivity of an article by finding a mirrored copy on archive.org? If the content is quite insighful, would then want to say it is both exclusive and insightful. Those metrics together could then be used to work out whether it’s worthwhile to find a replacement source for the same content.

(the whole fediverse) Mechanism lacking to tag shitty links and sites in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 1 year ago* (last edited 1 year ago)

Which is almost as ridiculous as acting like an admin shouldn’t be able to ban someone from their instance.

The admin did not know why they were suppressing the messages. Apparently they did not keep notes. So they reversed the action. But no one here said admins should not have the power to ban. Quite the contrary: they should. And because they should have that power, it should not be disproportionate. One million people should not lose access to civil posts from Bob because Mallory the admin did not like one of Bob’s ideas. This is why decentralisation is important.

(the whole fediverse) Mechanism lacking to tag shitty links and sites in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 0 points 1 year ago* (last edited 1 year ago) (2 children)

Your account is 3 years old (strangely almost no posts or comments though)

Then your view is being restricted¹. I don’t know how sheltering lemmyworld admins are of their users generally but the Mastodon analog to #lemmyworld would be mastodon.social, and mastodon.social is quite loose with the censor button. There have been conversations where people only saw part of the conversation and were confused because they knew someone else was engaged but they could not see the whole conversation. After investigation, it was not a federation issue but in fact the mastodon.social admin simply decided to block a particular person. I would not be surprised if lemmyworld were blocking me in some way because anyone who outspokenly advocates for decentralisation is directly undermining lemmyworld’s position (lemmyworld is centralised both by Cloudflare and also by disproportionate userbase).

and I’ve noticed the people that were here before everyone else seems to hate the new wave of people that showed up a year ago

The fediverse was created out of love for a #decentralised free world. Centralised nodes like #LemmyWorld, #FBThreads, #shItjustWorks, #LemmyCA, #LemmyOne, etc work against the philosophy of decentralisation. Users on those nodes are either not well informed about the problems of concentrated imbalances of power, or they simply do not care and do not value digital rights; they only care about their personal reach. Fixing the bug reported here addresses the former (uninformed users).

The bug report herein is specifically designed to be an inclusive alternative to what you suggest, which is:

Why don’t you just convince your admin to defederate? Or go make you own instance for just people you agree with?

Locking people out on the crude basis of which node they come from is somewhat comparable to what Cloudflare (and lemmyworld) does by discriminating against people on the crude basis of IP reputation. It over selects and under selects at the same time if the goal is to separate good links from bad links. Anyone can post a shitty link. A majority of shitty links would come from the lemmyworld crowd, but it’s not a good criteria for a spam/ham separation. The fedi needs to improve by tagging bad links appropriately, which should not be influenced by the host the author uses.

¹(edit) you should see over 400 posts and comments. Visit https://sopuli.xyz/u/freedomPusher to see the real figures.

EU accuses Micrsoft of secretly collecting children's data in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 2 points 1 year ago* (last edited 1 year ago)

Ungoogled Chromium with uMatrix running over a Tor circuit gave Yahoo’s typical blurred out paywall yesterday. Today (likely on a different Tor circuit) it gives “Too many requests -- error 999.”

EU accuses Micrsoft of secretly collecting children's data in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 5 points 1 year ago* (last edited 1 year ago) (2 children)

Engadget/yahoo is fully enshitified. If you can read that article it probably means your browser is insufficiently defensive. A tl;dr bot would be useful here.

grep/pdfgrep’s inability to match across lines in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 0 points 1 year ago* (last edited 1 year ago)

It’s not a bug if it works as designed.

What you claim here is that software cannot have a defective design. Of course you have design defects. These are the hardest to correct.

I’d also accept “it used to do this and it doesn’t any more and not on purpose”.

This is conventional wisdom. Past behavior is no more an indication of correctness than defectiveness. GREP’s purpose was to process natural language. A line feed is not a sensible terminator in that application. For 50 years people just live with the limitation or they worked around it. Or they adapt to single token searches. It does not cease to be defect because workarounds were available.

that doesn’t make it a bug if it was never designed in to the program.

The original design was implemented on an extremely resource-poor system by today’s standards, where 64k was HUGE amount of space. It was built to function under limitations that no longer exist. I would say the design is not defective so long as your target platform is a PDP-11 from the 1970s. Otherwise the design should evolve along with the tasks and machines.

grep/pdfgrep’s inability to match across lines in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 1 year ago* (last edited 1 year ago) (2 children)

If all you’re advocating for is allowing grep to use some other character as a delimeter, I might be able to get behind something like bash’s $IFS or awk’s $FS variable (maybe). But I couldn’t get behind anything backwards-incompatible.

Of course. GREP has an immeasurable number of scripts dependant on it worldwide going back 50 years and it’s among Debian’s 23 essential packages:

dpkg-query -Wf '${Package;-40}${Essential}\n' | grep yes

Changing grep’s default behavior now would bring the world down. Dams would shatter. Nuclear power plants would melt down. Traffic lights would go berzerk. It would be like a Die Hard 3 “firesale”. Planes would fall out of the sky. Skynet would come online and wipe us all out. It would have to be a separate option.

TIL there are people who (try to) use grep for natural language.

The very first task grep was created for is specifically natural language input. Search “Federalist Papers grep”. There’S also a short documentary about this out in the wild somewhere but I don’t have any link handy.

Oh, and this is 100% feature/enhancement request territory. Not a bug report in any sense.

This is conventional wisdom coming from a viewpoint that simultaneously misses grep’s intended purpose.

But now that the defect has been rooted in for ~50 years, perhaps fair enough to leave grep alone. For me it depends on how lean the improvement could be. Boating grep out too much would not be favorable, but substantial replication of code between two different tools is also unfavorable. Small is good, but swiss army knives of tools also bring great value if they can be lean and internally simple.

I don’t know if you’re saying “because PDFGREP is good at handling natural language, grep should be too”

Not at all. They both have the same problem. But this same limitation in pdfgrep is a nuissance in more situations because PDFs are proportionally more likely to process natural language input.

Either way, I don’t follow how PDFGREP is relevant to discussions about grep

They have the same expression language and roughly same options. PDFGREP is most likely not much more than a grep wrapper that extracts the text from the PDF first.

grep/pdfgrep’s inability to match across lines in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 1 year ago (1 children)

grep isn’t really designed as a natural language search tool

My understanding of GREP history is that Ken Thompson created grep to do some textual analysis on The Federalist Papers, which to me sounds like it was designed for processing natural language. But it was on a PDP-11 which had resource constraints. Lines of text would be more uniform to manage than sentences given limited resources of the 1970s.

Thanks for the PERL code. Though I might favor sed or awk for that job. Of course that also means complicating emacs’ grep mode facility. And for PDFs I guess I’d opt for pdfgrep’s limitations over doing a text extraction on every PDF.

the wisdom of a Danish & German apartment buildings replacing coin-fed laundry machines with the cloud (yikes!) in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 2 points 1 year ago

I think it’s too hard for many to grasp the full consequence of surveillance via forced banking. They link cash to privacy which they then mentally reduce to “confidentiality”. It’s a lossy reduction but in the naïve brain privacy=confidentiality. They don’t realise privacy is about /control/, not just purely infosec concept of confidentiality, which then leads to the mental short-sightedness of thinking they’re dealing with “paranoia” (which is hinted in vzq’s next reply).

From there, I don’t have the answer as far as how to convey the full depth of the whole concept of privacy within the span of a post or comment that’s short enough to not be automatically ignored.

[update](Lemmy) security issue: spontaneous access given to admin’s account in c/bugs@sopuli.xyz
[–] freedomPusher@sopuli.xyz 2 points 1 year ago* (last edited 1 year ago)

UPDATE: it just now happened again, but this time not with the admin account (@QuentinCallaghan@sopuli.xyz) but with another user account. I was refreshing my profile and the user @baltakatei@sopuli.xyz appeared in the profile pulldown position on the page with my profile. This time I had time to take a screenshot before it changed:

It’s interesting that it shows my profile page but not as I see it. That is, when I visit my own profile page I normally have a “subscribed” sidebar. This shows what someone else would see if they visit my profile while they are logged in, which still differs from what a logged out profile looks like (as send msg options were given). So I wonder if I could have sent myself a msg.

2
Did Mastodon quit shielding people blocked by Cloudflare? Why did the error code change to 404? (infosec.pub)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/netneutrality@sopuli.xyz
0 comments fedilink
 

Mastodon used to show people the mirrored version of federated content which shielded users from Cloudflare’s discriminatory blockade. But something apparently changed. If I try to visit this mirror of a mastodonapp.uk status on layer8.space:

https://layer8.space/@tmmj@mastodonapp.uk/112387605497275701

it redirects to:

https://mastodonapp.uk/@tmmj/112387605489133663

which is apparently a shitty Cloudflare node that deceives us into thinking the account does not exist. If you are logged into the mirrored node, then it does not redirect and you can see the content. Of course, only if you have an account on the mirror which means anonymous viewing is no longer possible.

If I want to share that layer8.space link with other people, it would be an injustice to share the mastodonapp.uk link because it’s in a walled garden that excludes people. It would be like sharing a Facebook link with an audience that includes people outside of Facebook. So naturally I would share the layer8.space version because layer8.space allows all people to visit. But now this is impossible. Cloudflare’s stranglehold of control has been increased by this Mastodon move.

Worse, Cloudflare has started pushing error code 404, not 403. So CF is misrepresenting the error to suggest that the page does not exist. Cloudflare has carte blanche in fucking up the web. A 404 error is supposed to inform users that an object is not found, not that they are not authorised to access it.

The attached image is what Cloudflare-excluded people see when trying to visit this image:

https://files.mastodonapp.uk/media_attachments/files/112/387/580/865/787/635/original/f4442c8789ad52c2.png

6
(Lemmy) Images from Cloudflared instances are blocked to everyone who CF blocks -- centralisation prevails in the fedi (sopuli.xyz)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/bugs@sopuli.xyz
0 comments fedilink
 

cross-posted from: https://sopuli.xyz/post/12858874

When an image is posted by someone on a Cloudflared instance like the following:

  • #LemmyWorld
  • #ShitJustworks
  • #LemmyCA
  • #LemmyEE
  • #LemmyZip
  • #LemmyOne

the image is inaccessible to all demographics of people who Cloudflare discriminates against because images are not mirrored to federated nodes.

We expect corporations to not give a shit about marginising people who are not profitable enough to care about. But when naive asshole users outnumber progressive egalitarians, it highlights a problem with the fedi, which still lacks the tooling needed to keep oppression at bay.

The six listed nodes above effectively host the AOL users of our time. Lacking the sophistication needed to detect and grasp situations of eroded digital rights with a degree of blindness and lack of concern for centralised corporate control.

Suggestions needed for Lemmy nodes that are defederated from the above listed six.

4
Images from Cloudflared Lemmy instances are blocked to everyone who CF blocks -- no mirroring despite federation (sopuli.xyz)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/netneutrality@sopuli.xyz
0 comments fedilink
 

When an image is posted by someone on a Cloudflared instance like the following:

  • #LemmyWorld
  • #ShitJustworks
  • #LemmyCA
  • #LemmyEE
  • #LemmyZip
  • #LemmyOne

the image is inaccessible to all demographics of people who Cloudflare discriminates against because images are not mirrored to federated nodes.

We expect corporations to not give a shit about marginising people who are not profitable enough to care about. But when naive asshole users outnumber progressive egalitarians, it highlights a problem with the fedi, which still lacks the tooling needed to keep oppression at bay.

The six listed nodes above effectively host the AOL users of our time. Lacking the sophistication needed to detect and grasp situations of eroded digital rights with a degree of blindness and lack of concern for centralised corporate control.

Suggestions needed for Lemmy nodes that are defederated from the above listed six.

2
Forced use of e-receipts in Europe → forced data sharing with MS and Google (no data minimisation?) (web.archive.org)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/gdpr@sopuli.xyz
0 comments fedilink
 

cross-posted from: https://sopuli.xyz/post/12558862

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

-7
The forced use of e-receipts in Europe (France, Belgium, Netherlands, Denmark, England, & Italy) (web.archive.org)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/privacy@sopuli.xyz
6 comments fedilink
 

cross-posted from: https://sopuli.xyz/post/12558862

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the #GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

3
The forced use of e-receipts in Europe (France, Belgium, Netherlands, Denmark, England, & Italy) (web.archive.org)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/right_to_unplug@sopuli.xyz
0 comments fedilink
 

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

-5
Who solves a CAPTCHA as a prospective paying customer? (sopuli.xyz)
 

A bathroom remodeling service who sells bathrooms on the order of $5k—15k has a contact page that requires a CAPTCHA. It’s as if customer dignity has been tossed out and merchants no longer see the need to respect the traditional role of serving their customer. So I have to wonder, are customers who are willing to spend 4—5 figures on a custom bathroom really willing to solve a CAPTCHA and effectively become subservient to the business they are patronizing?

I’m like, if you’re going to trouble me because you can’t be bothered to do your own spam filting, maybe you don’t really need my business.

3
wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet (sopuli.xyz)
 

cross-posted from: https://sopuli.xyz/post/12515826

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

1
wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet (sopuli.xyz)
 

cross-posted from: https://sopuli.xyz/post/12515826

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

1
lemmy.escapebigtech.info down (lemmy.escapebigtech.info)
 

No idea how long it has been down.. just noticed the escapebigtech server has been nonresponsive all day. (Could be tor-hostility as I did not test further, but I doubt it)

-2
wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet (sopuli.xyz)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/privacy@sopuli.xyz
8 comments fedilink
 

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

4
PSA: .netrc file needs different syntax for different apps (sopuli.xyz)
submitted 1 year ago* (last edited 1 year ago) by freedomPusher@sopuli.xyz to c/bugs@sopuli.xyz
0 comments fedilink
 

Different apps expect passwords in the .netrc file to be quoted in different ways. E.g. fetchmail expects passwords to be quoted in a bash style way (quotes needed if there are special chars, but quotes themselves need quotes), while cURL gives no special meaning to quotes and takes them literally if present.

Who to blame for this is a bit unclear, but I believe the original purpose of .netrc was for the standard CLI FTP program, so in principle everything should be aligned on that, IMO.

Some apps will complain if they spot a .netrc syntax they don’t like, as if they get to decide that -- even if the line it complains about is not the record the app is looking for. OTOH, it’s useful to know what an app accepts and rejects.

What a mess.

view more: ‹ prev next ›