what’s wrong with Tor?

Yeah what’s with the homegrown repo viewer. Why not just embed a sourcehut page with some custom styling.

ime rideshare drivers are generally incredibly good at driving, so I trust their judgement. Are there stats that they get in more crashes?

that’s probably generalized too far and reaches into pseudo-science.

Just understand the concept of Turing-completeness, and the idea that many systems are Turing equivalent.

I agree with not providing the encryption, and having the user provide it themselves. If the server provides the encryption, then it could be backdoored. If you as the user can’t be bothered to encrypt the files yourself, then you definitely aren’t inspecting the client-side code yourself either.

Just be safe and encrypt the files yourself

They want to be able to scan content for illegal contents, without users needing to report it and provide the decryption key first

CMV burner phones were always questionable in their privacy. How do you know the anonymous seller of your burner phone, isn’t the government in disguise?

Rustdesk did have some massive controversies in the past, like:

• installing root certificates without fully understanding the implications
• ignoring AGPL for their proprietary bits
• and other questionable decisions

Which raises doubts as to how trustworthy the development team is.

And while some other people say “it’s ok that was in the past they fixed it”, keep in mind that most of Brave Browser’s controversies were in the past, and yet lemmy still hasn’t forgiven them yet…so I’d like to know how long it takes for lemmy to forgive past mistakes

deleted by creator

Just check the permissions of an app before installing. Bazaar has a gauge for how “safe” an app is based on permissions. If it doesn’t request internet, filesystem access, and other powerful permissions, it’ll be marked as the safest.

Really it’s the same as docker. It’s secure most of the time, but don’t come crying about getting hacked if you give all your containers access to /dev, host networking, etc

You’re not wrong but when you use somebody else’s config you use somebody else’s…configuration. Like if they use ProtonVPN, you’ll need to use ProtonVPN as well. If they use Usenet instead of torrents, that’s what you’ll get as well. If somebody uses Podman instead of Docker, etc etc. So this is why it can be more difficult than just ripping configs from strangers.

This is the classic problem where the more flexibility a program has, the more fragmentation comes out of it. The *arr stack is complicated for this reason. It’s a million different pieces that can be configured in a million different ways. Something like Nextcloud is much more plug-and-play. I’ve been doing self-hosting for years now and even I find *arr a chore to deal with.

Though nothing wrong with referencing other people’s configs to get a sense of what it’s supposed to look like. Start simple, look for somebody who has a radarr + qbittorrent + gluetun stack working, and go from there.

The idea is sound. Give it 10 years to mature further. The public cares about privacy less than you think, just look at the past 20 years.

Well the innovations clearly must be good because people use them so much. Frankly the term “illegal” doesn’t carry much weight for me. Piracy is illegal, but I think copyright is far worse.

it reduces cars in public parking lots and spaces though, which is nice

Doesn’t dread’s captcha force you to check the url? Afaik it makes you fill in specific parts of the url, so that you check that the url you are using is the same one they are using. Curious how the mirror was able to bypass that.

Regardless I just spent some initial investment saving the pgp public keys and making sure they are legit, so that I can use them to verify dread’s mirrors.txt whenever needed. Faster than walking out to the street imo

I prefer internal data abuses because it removes me from being at fault. If I send e-mail to a gov agency whose MX lookup leads to a Microsoft server and MS abuses the data, I have a hand in the abuse of my own data. A well-lawyered opponent would rightfully argue: “you handed your message to MS; you reap what you sow. If you did not trust MS with your message then you should not have handed your message to them.”

You’re not at fault if email is the only option. The lawyer would rightfully recognize that. So making (online) email the only option absolves you of the blame. Is that really all you want? I really don’t understand this reasoning behind the idea that only “internal data abuses” are ok.

To keep things short, there are two things that I feel like would satisfy a lot of your concerns:

1. government services should minimize sharing data with third-parties
2. copyright should be abolished

The first addresses your issues with interacting with government services. It would allow you to say, boycott Microsoft while still using government services. It would extend to internal data processing. And it would even cover things like allowing Tor, since Tor is used to minimize data sharing with your ISP, which is a third-party.

The second addresses your desire to play games offline. The main reason why games force online connection even when the game doesn’t need it, is to prevent piracy. Without copyright, there is no piracy.

These are both fairly big goals, especially the latter, but still more reasonable and achievable than enforcing offline access imo.

Other package managers (npm pypi) don’t need namespaces to avoid these issues

idk maybe there were roads for carriages before cars were invented? I’m not old enough to know

Nobody believes virtualization is perfect, it’s just the best we got because:

• smaller attack surface
• security is the priority over adding new features (the opposite of most other development cycles)
• in practice we have seen how secure it is relative to other systems like the kernel

And anyways, even a separate physical computer can be hacked. If it has networking, there could be a vulnerability in the networking stack. Just making an outbound tcp connection can be enough to be pwned.

I think the closest thing we have to an “invincible” system is seL4, but I rarely hear about amybody using them

The problem is that people underestimate the risk. For many it’s not worth the risk, they just don’t realize it