Fortunately, getting killed by the CIA by means of predator drone strike is not everybody's threat model. For others - certain French judges for example - a real threat can be getting sanctioned by the US government and completely locked out of US services.
So yes, know your threat model when picking between #Signal and #Conversations_im.
...
Older...
If getting killed by means of a #predatorDrone strike were among my realistic #threatModels, I'ld avoid owning a #SIM card in the first place. Which is one of the prerequisites for a Signal account. #Jabber ftw.
...
...
It's a well-known fact, that not even eating the #SIM card as #antisurveillance measure prevents feds from #tracking them 🙂
https://invidious.nerdvpn.de/watch?v=wxJkLKjdMcc
(The real problem is, that at least in #Europe, it's difficult to get an #anonymous phone number.)
#FourLions #ChristopherMorris #film #surveillance
Alt...
Dialogue between wannabe terrorists, from "Four Lions" (UK 2010):
Look, the way to stop the Feds
tracking you is very simple.
You eat your SIM card.
Get your SIM cards out.
You remove the SIM card and...
Yes?
- Can I cook mine?
- No. You must eat it raw, like this.
Good boys.
Salaam, lads.
Walaykum asalaam.
- Right.
- We're eating our SIM cards.
Anti-surveillance.
You know they still work
inside you, Barry.
- They can still track them inside you.
Alt...
Drawing of a mechanic fixing a bike. The bike is upside-down, with the rider still attached, lying on the floor. Underneath, the hand-lettered caption reads 'Support your local bike shop'
We're a small group of UK-focused hackers, from far and wide across the country, looking to bring some of the CCC spirit back home with us!
We're hoping to grow a grassroots community, fostering spaces and meetups aimed at keeping the chaos spirit flowing 1st Jan to 26th Dec.
We'll be looking to meet and connect with other UK-focused hacking communities and like-minded groups.
We're looking forward to seeing you at #39c3 and online!
Stay tuned for more info on how to find us.
It’s not #DNS
#azure #aws #cloudflare
Alt...
Harry Potter meme where McGonagall asks "Why is it when something happens, it's always you three?" in the top image half.
The bottom image half shows the labels "Azure", "AWS" and "Cloudflare" on respectively Hermione Granger, Roy Weasley and Harry Potter.
I love how the only way I noticed the outage of AWS is that people on Fedi are shitposting about it.
Nothing I use depends on it, that's lovely.
(But let's not imagine Hetzner going down, mkay?)
I suspect that each individual company cares only whether its own services, and those on which it relies, are available.
Others going down may even be a bonus, with safety in numbers: don't blame us for a Cloudflare outage which is being reported everywhere, guv. We're victims too etc.
But, for *users*, having so many services behind the same reverse proxy, all going down at the same time, very much looks like bad decision-making.
...
I'm not judging anyone for not self-hosting. Self-hosting is not a panacea.
It would be a pain if both our primary and backup Internet connections went down, or there was a problem at A&A's end. If A&A ceased, I'd be rather stuck.
Everything would stop running if we have a power outage which outlasts my UPSs, before I could rush and start the generator.
If our home blew up, or burglars decided that the best thing to take was a massive locked rack full of aged cheap computers, it would cause me a problem while I reinstated things.
All of these are possibilities, and I do what I can to mitigate against them.
But at least it would just be *my* things.
...
Older...
@neil The worst part about the cloudflare outage is that even if you *are* self-hosting you may still be fronted by cloudflare as it's the only well-known free/affordable way to either fend off the AI bot swarm or expose a behind-the-firewall service to the outside.
I'm using Cloudflare's free tunneling service and got burned by this but I don't know that there's any alternative (and setting that up myself is both even more work/expense and also more hassle and annoyance, which sucks)
...
@wordshaper @neil we had to drop support for customers fronting their sites with CloudFlare on our shared servers because it's not effective at stopping the AI bot swarm, and using it makes it impossible for us to do so ourselves. https://www.mythic-beasts.com/blog/2025/09/03/web-hosting-and-cloudflare/
I have had no reason - yet, anyway - to put anything I host behind someone else's reverse proxy.
Perhaps that day will come, although I very much hope not, because wow things would need to have gone badly wrong.
...
@neil it has been, annoyingly, very useful at blocking some very dedicated AI scrapers hitting a couple of my sites - and although I *could* do it at the web hosting end, it's a lot more complicated (partially because I'm not running the web server myself)
The positives are rapidly dropping below the negatives, however
@neil you also have the benefit of having a website that serves content efficiently. Those who just throw up Wordpress with fancy plugins and themes, ever convoluted object caches, page caches and third party forward proxies are those that probably need those forward proxies to avoid it spewing hundreds of megabytes with every page (even to gibberish queries) killing the server's cpu and I/O.
Older...
@neil I think I agree, although I would argue that part of the point of reliability is to be up when others are not, though...
...
> part of the point of reliability is to be up when others are not, though
It might depend on one's perspective, I think.
The goal of reliability might be to be up to continue making money, to avoid being in breach of SLAs (if there is a penalty attached to them) and to avoid reputational damage.
And sometimes the cost/benefit analysis sides with "meh, that's reliable enough for our needs".
...
@neil fair. Linked: I think M&S/Co op's reputations were rescued somewhat by suffering from an attack at the same time. It made it bigger news and helped people understand why their online shopping was down/stock was unreliable etc.
@neil I said the same thing (about "safety in numbers") when CrowdStrike shattered Windows last year, so I'm glad someone else made the same observation🙂
@neil It's the business model that says "let's bet the house on the internet", but then outsource and consolidate infrastructure because I can get rid of staff and don't have to buy hardware or run a data centre.
Then be surprised when some third party bit breaks and all trading stops.
@neil The average availability of most of these services is likely still much higher than they'd be able to manage on their own.
@neil I've seen this happen a few times, to the point I wonder if there's some kind of statistical law: that beyond a certain point, you run out of ability to reduce risk on average. After that, you can only shape whether you have a high rate of low-impact issues, or a low rate of high-impact issues.
And it does seem that way too much of the time, people just see "low rate of issues" and push for that, eventually leading to massive correlated failures
...
@rachelplusplus @neil always assumed that was a function of practice. Regular low stakes issues to get good at incident response means the big stuff isn't so big because everyone knows what to do.
@neil I think safety in numbers is under-appreciated, both for backside-covering and also people aren't going to assume you've been hacked if everyone else is down, whereas they will if you're the only one (and it's pretty difficult to prove that you've *not* been hacked).
...
@pwaring Exactly.
...
@neil @pwaring
Isn't this just the new version of "no-one was ever fired for buying IBM"?
If you choose the dominant market player, and stuff goes south: "you can't blame me, it was general consensus that this was the thing to do"
If you choose to self-host, and anything at all goes even slightly wrong: "this wouldn't have happened if we had just gone with [insert relevant monopoly company]"
...
| Fruit: | 0 |
| Vegetable: | 8 |
| Both: | 1 |
Closed
Watering down the GDPR is, IMHO, utterly undesirable, and most likely harmful to the rights of data subjects.
A personal principle of mine is, when I realistically can (and that's a massive caveat), to do business with people and organisations that I trust, rather than for whom the slight possibility of regulatory enforcement or litigation is all that's holding them back from taking advantage of me.
Unsolicited advice [SENSITIVE CONTENT]
This may or may not help, but there's a public bridge at aria-net.org which lets you join Matrix rooms and 1:1 chats, without a Matrix account or server, from XMPP.Like all bridges, I'm never 100% confident it's working properly on the other end! But, it's worked quite well for me so far.
Parliament is going to debate the petition you signed – “Repeal the Online Safety Act”.
https://petition.parliament.uk/petitions/722903
The debate is scheduled for 15 December 2025.
Can a toddler be a terrorist?
A shocking new report has found that babies and toddlers have been referred to the UK's controversial counter-terrorism scheme Prevent hundreds of times since 2016.
ORG has shown that data collected under the Prevent programme is widely shared and retained for years even when referrals are marked ‘no further action’. Lives are being impacted from an absurdly young age.
Read more from Hyphen:
https://hyphenonline.com/2025/11/12/babies-referred-to-prevent-counter-terror-islamist/
Other changes:
"Completely open source" → "based on open standards"
Specific deadlines → open consultation period
Technical specs (OpenAPI) → general principles
Fixed roadmap → iterative development
@sebastian Don’t threaten me with a good time. I *wish* package registries didn’t exist. Centralised package registries of this kind are an absolute terrible idea.
“What if everybody did it?” is the cornerstone of Kantian ethical morality: “Take every action, as if, by acting it's willed into universal law”.
… which is a fancy way of saying “Do onto others as you would have do unto you”.
So, I'm totally ok with a “what if everyone did it?” analysis.
& I'm not sure there is even a utilitarian comeback here.
Cc: @AnnieBuddy @evan
I’m glad @servo exists, is hosted by the European arm of the Linux Foundation, has excellent engineers from @igalia paid to work on it, and is funded by @nlnet.
Web browsers are a crucial component of how we access to (and share) information. The status quo is not okay, and it’s likely to deteriorate further.
Tonight I am grumpy that IPv6 adoption is not universal.
Spinning up a new (public facing) service would be so much easier if I didn't have to faff around with v4.
Websites often pressure users to change browsers needlessly.
I run Firefox ESR 128.14.0.
https://www.firefox.com/en-US/firefox/128.14.0/releasenotes/ says it's nary 3 months old. Yet my bank says:
> “Your browser is no longer supported. For…improved security, update to…latest version.”
Reading bank's FAQ it's b/c they only support last 2 #Firefox releases (ignoring ESRs).
Web designers once aspired to “graceful degradation” — but that principle slowly declined in fashion since ≈ 2011.
Today, those who aspired to it now shun it.
> The number of sick and disabled people out of work is putting the UK at risk of an "economic inactivity crisis" that threatens the country's prosperity, according to a new report.
What an inhumane framing.
I appreciate that I am going out on a limb here, but perhaps we should sodding well care for and look after people so that they can live their best, most fulfilling lives, not so that they can "return to work".
Honestly, this is disgusting.
⏰ NEXT WEEK ⏰
We're going beyond the screen and hosting a meet up IRL. Whether you're a supporter or just curious, everyone is welcome to pop down.
Hear from our team, mingle and join the movement!
🗓️ Monday 10 November
🕡 6:30-9pm GMT
📍 Newspeak House, London, UK
Sign up ➡️ https://www.openrightsgroup.org/events/org-london-meet-up/
I almost want to try deleting random parts of a throwaway install, but then doing that on a real system is something else entirely. I'd definitely be worried that I missed something subtle/important.
python3.Not many experiences since have replicated that sinking feeling, seeing the system get removed in front of my eyes, kicking myself for having not spent 2 seconds looking at the list of packages to be removed.
Like you @KatS@chaosfem.tw I ended up reinstalling the whole thing, maybe it was salvagable but I for one had no idea how to do that 😀
Thought: I should dress my bicycle up as a human crawling on all fours for Halloween, then I will dress myself up as a bicycle and ride it around.
…
No, I am not drunk or high right now, why do you ask?
My “old man yelling at clouds” moment is: we shouldn’t have allowed html in emails, markdown (without any html tag) is enough.
This! Buy from local (independent) stores instead of online giants; attend live shows, and buy merch directly from the bands; eat locally-grown (organic) food; use privacy-focused, community-built online services; buy used gear & equipment instead of brand new ones; and of course, do it all based on what you can afford and as a best-effort thing, without being hard on yourself if/when it just isn't possible.
For sure, it won't change the world, but it will feel good 😎
https://terminal.ahumanfuture.co/posts/2025-10-17/the-world-is-something-that-we-make/
I have written a blogpost about my first mainline driver, that lets you use night light on #LinuxMobile smartphones from the last 10 years, but also laptops and tablets.
Please support your local decentralised messenger and stop this parasocial relationship with the blue messenger. You will never be able to fix him. Your decentralised alternative may not work as well, but that's because it's not effectively subsidized by big tech hyperscalers.
But hey, maybe we're not meant to have seamless calls everywhere and everytime and not pay anything! *loses 90% of the crowd*
Awww. We're fucked.
Do you turn off your alarm clock and continue sleeping? Get the new VimAlarmClock: you need to type :q to quit. The Pro version has an unsaved buffer in the background.
A little more than 2 months after Debian, we’re finally releasing Mobian Trixie as our new stable release! We’re also taking this opportunity to start rotating the PGP/GPG keys we’re using for signing both our images and package archive.
You can read more on our blog: https://blog.mobian.org/posts/2025/10/new-stable-rotating-keys/
If you design an on-hold audio loop, you shouldn't put it into production until you spend a day trying to do your regular job while on hold. If so, you'll learn:
1st: offer a callback queue if possible.
2nd: offer user the *choice* of pure silence or audio loop while holding.
3rd: the audio loop should:
* have completely consistent volume level.
* never break in w/ human voices in the loop (eg: “Remeber our website…”) once loop starts. It *will* sound like live agent every time to most users.
apk upgrade when I am on the tube and know I'm about to lose connection?I started migrating from #NextCloud to #Radicale, but iOS threw a spanner in the works (turns out accountsd only checks for A and not AAAA DNS records!) I decided to go into a "half-migrated" state: pointing myself to the new instance to continue testing while leaving my partner pointing to the old one.
That caused a problem: any events we created in the meantime wouldn't be synced to the other's devices.
vdirsyncer came in super handy and enabled a three-way sync between NextCloud, Radicale and my laptop! So, despite being on two completely different #CalDAV servers, we both see exactly the same state and all updates flow through seamlessly. And, when they switch instance, it will be like nothing ever happened, despite being on different servers for a few weeks.
Thank you #openStandards and #freeSoftware!
UK Politics, civil liberties [SENSITIVE CONTENT]
I can highly recommend listening to this Prospect Magazine podcast featuring the late Conor Gearty.It's a scary but very worthwhile listen. It covers public support of civil liberties, the right to protest, the proscription of Palestine Action as well as what Labour should be doing to fortify against an authoritarian takeover.
I have thought a good bit about what government could do, and I believe there are a number of simple things they could do that they're not doing. And those are to fortify democracy against the forthcoming fight.So you could - obviously, obviously - change the voting system. Don't have any stupid internal independent commission, don't have any stupid royal commission, don't consult, just have "Single Transferable Vote - PR Act". You'll get Liberal support, Labour support - push it through. Unfortunately it's not in the manifesto, the Lords would try and delay it.
You would ban foreign influence on elections - it would be straightforward. You would make it impossible to have something like GB News. You would not allow Mr Marshall (lovely man though he is) to run a whole lot of outlets in pursuit of an obvious and transparent political agenda.
It's called parliamentary sovereignty, it's called legislation, it's called having will. There used to a requirement that all media was balanced - return to it. A lot of this is return to the past! A lot of this is recover what Mrs. Thatcher began shredding. The community that benefited from the end of the cold war, through the lack of fear of communism, they destroyed many of the social entitlements originally, and they've turned now to the civil and political, and they're seeking, in my opinion, to perpetually empower themselves. But we can fight back.
Let's have some fights with the right enemies. And if you go down, you go down. That strikes me as a more attractive set of scenarios than simply surrendering on the basis that you didn't achieve some growth that you set out to achieve in 2029.
@neil there are degrees of self hosting, too. I "self host" many services, but it's on rented VPSes on other people's servers.
It outsources the tedious "keeping servers and networks alive", while giving me control over the actual services. Does that count as self hosting?
(to my mind, yes, but not in the purist path of having it running on a computer you can see and touch...)