toastal

joined 4 years ago
[–] [email protected] 1 points 7 months ago

Sure if you need that protection, but there is a lot of fearmongering about VPNs that are misinformation to sell products most folks don’t need to be worrying about versus more pressing matters in security/privacy

[–] [email protected] 1 points 7 months ago

Everything after Hello is encrypted tho. The metadata is important, but takes some leaps of assumption to know what that data means—moreso than the metadata of say WhatsApp since the payload could be just about anything & from anywhere, not just a P2P text/multimedia message. And DNS over HTTPS does exist now & has support in all browsers & mobile operating systems. If it’s the hostnames you are worried about, a simple SSH SOCKS5 proxy with remote DNS could work with many older technologies. Not saying there isn’t some worry, but there are solutions now, the ISP is getting close to nothing, & for most folks subscribing to a comericial VPN is not worth giving monthly money to these actors that you probably can’t trust.

[–] [email protected] 3 points 7 months ago

You can go to the Blink + V8 engine without using Google Chrome; in fact that’s exactly what you should be doing as Google’s browser has way more spyware built into it.

The thing that killed it for me was the lack of PWA support

I hear ya. I’m still butthurt about Fx killing SSB (site-specific browser) before it even had a chance. They had the feature locked behind a flag & then removed it due to low usage. It seems a lot of folks hadn’t even heard of it til the news was out about it being removed. It would have been great to use since you could run something akin to firefox --ssb https://url (I forget exactly the command, & you’d want to write it to cover Gecko forks), but it means you could ship some apps with just exec. Since the process was pooled with the main browser instance too, it wasn’t as taxing on resources as Electron.

[–] [email protected] 1 points 7 months ago

Brave Search has been alright, tho I’m not entirely sure how their algorithms are working & they index much slower so they probably aren’t doing full aggregation themselves nor does it seem that they are just using Bing like DuckDuckGo. Yandex is great for image search & I use their translation service even if it’s a little weaker just to spread my data across services instead of centralizing. Even if I preferred content written by a human, a lot of general queries it seems I am more prone to reaching for an LLM …even tho it could be a hallucination, a lot of the content written by folks on the highest SEO sites are just as much bullshit.

[–] [email protected] 1 points 7 months ago (1 children)

By who? Who is auditing the auditors? That’s not to say audits aren’t good, but when the code is proprietary, a lot of trust is required. I would prefer banking on solid, open tech which the TLS standard is. There is still use cases for VPNs, but outside like streaming piracy, you might be better served by the Tor network.

[–] [email protected] 1 points 7 months ago (5 children)

What metadata? The headers are as encrypted as the payload. That there was a key exchange between you & a server isn’t too useful.

“Usually” is a strong word for DNS as well since all OSs let you change it & the megacorporations like Google & Cloudflare have already compelled a lot of folks to use their DNS ta resolve faster since the ISP ones are slow (& the smarter, curious folks used that as a launching point to find other provider or self-host). Some platforms have even been shipping DNS-over-HTTPS to get around some of these issues (since the payload & headers are encrypted under TLS).

[–] [email protected] 1 points 7 months ago (11 children)

If it’s all encrypted & they don’t have the DNS requests, all they can see is that you sent X bytes to some IP which isn’t very helpful. Who’s to say these VPNs aren’t selling their data back to the ISPs anyhow?

[–] [email protected] 7 points 7 months ago (13 children)

Didn’t watch the video, but… Traffic is often already encrypted with TLS or other encryption & you don’t have to use the ISP for DNS. This would cover a lot of the data you would be discussing. Instead if using these advertized commercial VPNs you are giving the data to those corporations instead which is hardly better in many cases—luckily most of your traffic is encrypted with TLS & you don’t have to use them for DNS …which takes us back to the previous statement for concerns.

There’s still value in VPNs for a several online activities (censorship, piracy, activism, etc.) & threat models to certain folks, but assuming the ISP is the bogeyman in most common scenarios for non-niche use cases is incorrect—but it isn’t how these commercial VPNs are selling themselves. If the ISPs possess the ability to break TLS encryption we’d have bigger issues to worry about & VPNs wouldn’t help. I would assume the video goes in this route but chooses the clickbait title for views.

[–] [email protected] 1 points 7 months ago

Read the Markdown spec where it says the > denotes a blockquote. There isn’t room to overload it without breaking that into something not backwards compatible (such as CommonmsMark which will follow the spec & render a blockquote—which, according to the HTML spec, must be text quoting a source). Just because some of the bigger players—namely the proprietary forks, Obsidian & MS GitHub—doesn’t mean it’s not breaking with the original spec. Go ahead & do it, but don’t lie & say it is Markdown or Markdown-compatible. Instead these entities try to push & sway everyone to adopt their syntax rather than working with say CommonMark with RFCs.

CommonMark has the ::: block syntax, but folks using this are relying on stringly-typed, not-well-defined options when they do ::: note as it just becomes a CSS class where anyone could style it.

As callouts are such an everpresent construct in technical writing, documentation, & so on, what you need is first-class support. Docbook as an output has first-class support, but sadly W3 shot down the last attempt at an element proposal (but can be properly by manually constructed with role=note & aria-labelledby). reStructuredText & AsciiDoc are both lightweight markup syntaxes that support first-class callouts & other elements (definition lists, summary/details, figures, etc.) as well as having first-class metadata (like basically every other creative work format for images, audio, documents).

All of this is to say what Microsoft is doing is no longer Markdown & only they hold the keys to the spec (you can complain in their forums, but you can’t submit an RFC or pull request). But also, Markdown / CommonMark are honestly ill-suited for the task of technical writing since it doesn’t support basic features for that task (embedding HTML defeats the purpose & portability)—and instead we have a lot of ad-hoc hacks & bad HTML output due to choosing the wrong tool for the job.

[–] [email protected] 1 points 7 months ago

The real issue is the base Markdown spec is absolutely barren. Folks have tried to shoehorn Markdown into something general purpose so everyone & their brother needed to fork it to add some level of usability since base Markdown isn’t suitable for blogging, technical documentation, white papers, etc. which it was never designed to do

[–] [email protected] 1 points 7 months ago

OP, if you want an arguably easier escape from MS GitHub, have you considered not using Git? The unfortunate current truth is these two are married to the point that a lot of new (& even experienced) folks think MS GitHub is Git & even if you start a project elsewhere, somebody will fork it onto the platform the the SEO bots will put their fork at the top of the ranks. You might be better off choosing a different DVCS all together as the interoperability will be much more difficult. That said, it wouldn’t just be to escape Microsoft, but also since there are a lot of interesting, less explored ideas in the space (like how learning functional or object-oriented code for the first time will broaden your perspective for tools & ideas you already know). Personally, I find the Patch Theory-based VCSs pretty compelling so it could be worth it to dig into Pijul or Darcs.

view more: ‹ prev next ›