Komunitas
lemmy.world
Just here to brag that when my dad upgraded to windows 11, he was tricked into making a microsoft365 acct which was promptly compromised. So I walked him through the process of downloading a Linux mint iso, checking the hash in powershell, downloading rufus, prepping install media, and getting him off windows for the remainder of his life. I had no eyes on the situation. All over the phone. His browser was giving malware results for everything so no downloads could be trusted. 2 years on his only complaint is occasional printer problems. He’s in his 70s.
Komunitas
lemmy.zip
Your options are building from source, downloading dev apks, or using an app store. If you can’t trust anyone, then you need to build from source Fdroid is the best of the app stores, they are always trying to stay ahead of the curve when it comes to privacy, security, and trust Reproducible builds are the standard for FOSS trust, see this article for an overview. They close the gap between app stores and dev apks Fdroid are constantly working to increase the prevalence of reproducible builds, and to enable you to verify more so you have to rely less on trust
Komunitas
programming.dev
If you’re not on archlinux, you should probably switch. It has the latest packages of everything, and the Arch User Repos are essentially compiling whatever xyz program you want from source, in one command. You should also be careful with doing stuff like installing deb/rpm’s directly from sites, because that’s how you can break your system. Also, I suspect you installed pip packages to the system itself, which can also can break your system. Anyway, mesa, a “system” package is definitely more challenging as well, since it needs to be deeply integrated into the system. If you actually need a newer version of it, then the easiest is to just switch to a distro that has a newer version, or if you only need the userspace version, you can use it within a docker container like the one’s offered by distrobox or junest. If you were wanting a newer version of an “application”, flatpak would probably be good enough to get it onto your system. “Applications” don’t need to be as integrated with the rest of your system. As a rebuttal to your post though, there is a very good reason why Linux does packaging the way it does. Installing a program on Windows is nowhere as simple as it may seem to you. You probably have an adblocker, and use a non google search engine, and know your way around sites. But consider the average users actual process of installing a program on Windows. It looks something more like: Search on google for program Click first link. Oh wait, that’s a sponsored link that leads to malware. Click second link. Oh wait, that site is not an ad but also probably malware Navigate through “You’ve got a virus on your PC” Go back to google Find the real link. Click through the ads on that site because of course it has ads. Download the real software Of course, to you the process probably takes 15 seconds. But to a real average, non advanced user, this experience is fraught with risks. If they select wrongly, then they get malware on their computer. Compare this to installing software on Linux from a distro’s repos: Open app store / package manager GUI Find program. Click install. Enter password. Don’t think about things like program versions, and just be happy you now have Krita or whatever program you want. No risk. No pain. Simple. There is a very good reason for older packages in distro repos as well. There are two main reasons: The first is stability. Stability vs unstability doesn’t mean anything about system reliability, but is instead about lack of change. I like to say that a stable release distros doesn’t just mean you older packages, it means you get the same system behavior over a period of time. Instead of a constantly changing set of bugs, you deal with the same set. I like Arch. I like new packages. I can find workarounds for the current annoying bug this update cycle. But the average user probably doesn’t want to have to deal with that. They probably don’t want to have to deal with the bug of the week, and they would rather just have some predictable bug that stays there for a few years that they already know their way around. I remember watching a twitch streamer hit this, actually. They were complaining about new packages, and I pointed out that the reason why older packages are there is to have the same predictable set of bugs, instead of a changing set. They dismissed me, claiming they needed new packages, which is understandable. But then they (an ArchLinux user) immediately encountered an issue with Dolphin (Linux file browser) where the top bar / UI wouldn’t load at all and got really frustrated. I didn’t say anything, but I did laugh to myself and feel vindicated when it happened. Of course, eventually that bug will be fixed. But new ones will come along. The second reason, is supply chain security. Debian, and Red Hat Enterprise Linux, where not affected by the XZ utils backdoor, due to having a policy of only doing carefully cherry picked security updates. I won’t go into detail here, but I have another comment about it.
Komunitas
lemmy.world
Cloud storage is NOT A BACKUP! PSA: I’m worried that people are going to read this thread and be confused or get the wrong idea. Syncing = A dynamic copy of files that are on your computer, if you edit or delete the file on the computer, the file in the cloud is edited or deleted automatically as well. Cloud Storage/Drive = A static copy of a file is uploaded to the cloud, typically with a limited amount of time, storage space, or number of downloads imposed. This varies wildly from service to service, especially free services, and is subject to a number of caveats that make your data less than safe even if you’re paying for it. Neither of these should be considered a reliable backup of your data. Especially in the event of data loss. If for no other reason than the title story of this post. And corporate cloud storage is the exact opposite of private. If you want online backup, pay for a dedicated backup service that is supported by a service fee. Do not trust your data to free services. Especially with data protection, you only get what you pay for. In the long run, and for what you’re getting they are typically very inexpensive. If you like to DIY, buy space on a server farm and use software of your choice to backup to that. DO NOT take 9tr6gyp3’s backup advice. Google Drive and the like are NOT suitable replacements for a real offsite backup. And “the cloud” should absolutely NOT be your only copy of anything no matter how safe and secure it i seems to be.
Komunitas
lemmy.max-p.me
Why are there so many distros out there? What’s the difference between debian + kde and manjaro + kde? They look the same, they work the same. I don’t get it. They visually look similar because both are running KDE with pretty much all the defaults, as it happens both Debian and KDE don’t diverge too much from the recommended defaults as long as they work well. But under the hood, Debian and Manjaro work completely differently: one uses apt, the other uses pacman. The way those packages are maintained, compiled and distributed is vastly different, with different kinds of QA testing. Ubuntu is a derivative of Debian, so it doesn’t look that much different but Canonical does tend to provide newer packages than Debian does. But Ubuntu also has a lot of flaws so spinoffs like Mint and Pop_OS! take on Ubuntu as a base and “fix” it to their liking and hopefully the user’s too, which, given how popular Mint is I’d say they’re pretty successful in that goal. Also why do things have to be complicated? It doesn’t, but the amount of options and choices in how to do basically anything on Linux can certainly look very overwhelming. You can click on it in your file manager, you can add it to /etc/fstab, you can use a systemd mount unit. They’re different ways of automating and configuring what ends up being mostly the same: mounting a filesystem and setting permissions on it, and they come with different defaults. You’re running into the particular area of trying to mount an NTFS Windows partition on Linux, which is nothing like what Linux expects to it fakes a few things to make it work, and that makes everything owned by the same user by default. If you do it from your file manager, it’ll get a temporary mountpoint in like /run/user/1000/media/YOUR DRIVE but is mostly intended for when you plug in a USB or something. You probably found /etc/fstab but then that made all the files owned by root, and you can temporarily change that with chmod and chown but once you reboot and it gets mounted again, it’ll revert back because it doesn’t actually store those fake permissions as to not break Windows. It’s just problems, after problems, after problems and i didn’t even start gaming. Yeah, some people end up particularly unlucky in that department. Eventually, over time, it feels as easy or easier than on Windows. It’s just, you have years of experience on how to make Windows do the thing, and Linux is completely new to you. I had a very similar experience a couple years ago when I was forced to learned macOS because the job would only issue MacBooks. Everything felt way overcomplicated and eventually you start thinking the Apple way and it goes more smoothly, you understand better how it works. I mean, how alien is it to just open disk images and copy .app files to /Applications and that’s how you “install” things?? And you get used to it and now I wield the macOS terminal like I do on Linux. What do i need to do to install a AUR package? A wall of text on the wiki, 20 minutes videos, yay. Ok let’s call it a day. So, this is why people don’t like recommending Manjaro. It’s ArchLinux with a coat of paint, but still relies on Arch’s infrastructure for the AUR. ArchLinux is well into advanced Linux: it’s a box of legos you have to assemble in the shape of a Linux distro yourself. So yes they do expect you to do a fair bit of reading, but Manjaro doesn’t, and it’s a real problem that has caused a fair bit of drama at its time. The AUR is great, but to make another analogy, the AUR is more like a recipe book: you don’t download premade meals, you have to bake them yourself (compiling source code into binary) to have your meal (the generated package file). Sending beginners that route is a recipe for a bad experience. Ironically, yay is the name of one of the tools that helps install AUR packages. Do i need to live another life to make linux work? No, but it does take some initial commitment to get to the nicer part of the learning curve. The first install is always pretty rough, you will destroy it, that’s fine, you have to learn first. Ok let’s call it a day. Honestly by the post you should have done that earlier. As with anything, when you’re frustrated with it you stop learning, you start making it much harder than it needs to be. It’s fine to take a step back and reboot into Windows and try again the next day. It doesn’t have to be all or nothing, plenty of people have started by using Linux for just one task that’s easier to do on Linux, and eventually you start thinking of migrating more workloads to Linux over time. You’re restarting your computer learning journey from pretty close to the start, give yourself a break, computers aren’t worth getting pissed off at.
Komunitas
lemmy.deadca.de
Despite the downsides of F-Droid, there’s one thing they provide that other stores like Accrescent simply can’t. F-Droid provides APK builds with the exact source used for the build available. There’s a lot of trust involved, but this trust is in a single entity, rather than random developers. F-Droid has existed for a long time without adding malicious code to builds, so when they say “this source code produces this APK”, they have years of history doing exactly that to back their claim. A random app developer has no such trust built up. Stores like Accrescent, even if you download only FOSS apps, trust the app developer with building apps. It’s less prone to one massive takeover, but APKs built by random devs are much harder to verify and check for malicious code than the source code. If F-Droid is taken over, it should be noticed relatively quickly, but affects everyone using F-Droid. If an app on Accrescent bundles malware, only users of that app are affected, but it may go unnoticed for a much longer time.
Komunitas
lemmy.ca
I don’t hate physical nor digital media. I don’t hate streaming or services which provide access to streamed content. I hate shitty business people. Those who think that paying once for something isn’t good enough. This is exactly that. You paid for the media. You should continue to have uninterrupted access to that content. The whole idea of ownership is getting muddied by all this “pay for access” and “pay for license” nonsense. It’s one thing of you’re paying to use a service and that service licenses things. Sure. Like Netflix licensing access to a show. End users of Netflix don’t need to buy the show again from Netflix, they are paying for access to the platform and can use the Netflix license to watch the show. You’re paying for a service, that service has content that’s licensed, you’re not paying for the content. My problem is that licenses are not ownership of the thing that they license. They’re not supposed to be. Even back in the days of DVD, movies had a small section of the package that was a “proof of purchase” (usually a small tearaway section inside the case) which physically represented the license for that copy of that media. You had a physical copy and a license all in one. You can have a license and no copy of the licensed content, and you can have licensed content without a license, most notably in the case of downloading a program or something and having that program but needing to activate it with a license before it works. In the past licenses were often included with or implied by ownership of a thing. You bought a record, and having the record itself implied that you had a license to own that copy of the content on that record. Over time, especially with digital content, the concept of license ownership and licensed content have been decoupled. Having a copy of… Say, Windows, does not and should not imply you have a license to use the windows operating system. This is the same idea as applied to online media. All of those people have a license to the content, but no access to the licensed content now. Get fucked I guess. I think it’s foolish to buy a license for a thing, and not keep a copy of that thing. While I think that’s foolish, it’s exactly what I do all the time with games in my steam library. The only reason I trust steam with it is because of their long history and track record. I have licenses to a bunch of games, they have the games on their servers and I can download those games and license them through steam in an entirely seamless process. It’s not the smartest choice but it’s a decision I made long ago that I’ve stuck to. Bluntly, I won’t buy games on other platforms because I don’t want to risk losing access to the content that I paid for the license to use. So I avoid epic Games and other online games libraries for that reason (though, shout out to gog, mainly for giving me the ability to transfer my license to steam when I buy something). The biggest issue I see is that media doesn’t have a universal license authorization method. With software and games, there are license keys. You get a set of seemingly random numbers (and sometimes letters too) which are a valid license for that content. It’s transferrable. With media, no such system exists, and licenses granted by a company usually are not transferable in part due to having no system to validate the license with the new service. You bought it, you have a license with x company for it, but y company doesn’t even know what you’re talking about, and won’t accept or otherwise recognise the license from company x for the media, and grant you the access you paid for to that media. Because of this, I’ve been extremely hesitant to buy any digital media. I’ll get services from a streaming service like Apple music, YouTube music, Spotify, etc for my listening, or YouTube, Netflix, Disney+, HBO+, etc for access to their licensed content that they have licenses for, but I hesitate to buy any non-physical media otherwise. If I’m relying on an online service to maintain my license and deliver the licensed content to me, I’m pretty much not going to do it unless I’m very desperate to access that content (which is rare, of its ever happened at all). Until we can get a valid license transfer system from the media conglomerates, I’m just going to stick to physical media, or get it in a way that I don’t have to worry about licensing. I have a source online for buying and downloading music. An online music store, if you will. What it does is allow me to buy albums and download them. No streaming, no muss, no fuss. Pick your format, download, transaction complete. Enjoy. I chose this because they offered the content in flac, frequently better than CD quality (I’m usually looking for studio quality, 16/24 bit, 48khz or better). Once I have the files and my receipt, everything is done. I legally have the content and the receipt is archived in my email as my proof that I purchased it and hold a license to have the media. I’m not aware of anything similar for video media, and I stopped looking for one. I will buy the physical media for now. There’s no way I’m going to hand over my money to any company for any licensed content that I can’t have a copy of. All that being said, these corporate types are dicks. They’ve taken people’s trust in them to maintain their license and access to the licensed content, and wiped their ass with it. They don’t deserve your money, and they certainly don’t deserve your trust. Boycott them until a crunchyroll competitor emerges.
Komunitas
discuss.online
I will add it to the FAQ This is an OS, not an 3 party app for the stock OS. Why does it exist? ( In my opinion at least): It doesn’t reset the whole ereader for no reason, no ads, no forced updates ( The stock OS does ) It has an app ecosystem, which won’t break after an update. We have many apps, some preinstalled some downloadable: https://github.com/Kobo-InkBox/user-applications The system is really hackable, for example: It has xorg ( It’s not super stable but yea ), an alpine rootfs so a package manager. I added USB support to it ( hot pluggable, which is not possible on the stock OS, if at all ): audio, mouse, keyboard: https://github.com/Szybet/niAudio I was interested in writing apps for my ereader. It was stupid for me that every app on the stock os ( Koreader, plato, Obenkyobo… ) has to implement their own sleep manager ( A developer in the community, Aramir still has nightmares after it ), wifi etc. Now InkBox and it’s background services manage that. It’s stable as hell: There is a recovery mode in which you can export the whole SD card over USB, enable on screen boot logs. The system is immutable which helped me many times. Once again, apps: We use musl and glibc so we are not limited by either one ( postmarketOS guys have problems running koreader because musl ). We also provide some ereader friendly libraries, a easy to use Qt toolchain ( I ported many Qt apps, with more or less success. The ones that are an official app are: feathernotes, rssguard, nachat, maps. The ones i gived up on: Marble, Okular ) We fix things broken on the main OS: At least for my kobo nia I made the touchscreen a kernel module and reset it every sleep / wakeup to prevent a lockup which happened to me on the stock OS. It also sleeps now in and doesn’t wake up, so better battery life in sleep. On every wifi connection it synces time, it drifts a bit. We have a reader up but it’s not great. A rewrite is ongoing, will finish this year for sure. It won’t be better than koreader for sure, we don’t have 200 developers but it uses Qt, which enables us to use better looking UI than simple menus like Koreader / Plato. Oh did i mention we have koreader as a user app? you can use it ;) it also enabled us to do some crazy things: https://youtu.be/hRqquXvsR1Q Yes, most or many of those things could be done on the stock OS - but no one did it for a simple reason: you want to control things or there will be chaos. As for now, InkBox is mostly an app launcher for me, but I really like it for it. No more stock OS resets :) For the average user? if you are not interested in those apps, in not hacking your ereader, not doing something unusual with it InkBox is probably not interesting for you. But if you use koreader anyway, dislike the stock OS and like open source, you are welcome. We are also looking for contributors ( Rust / C++ or anything really ), this project has more potential than it seems More questions appeared, I will update this message on the wiki: https://github.com/Kobo-InkBox/inkbox/wiki/FAQ
Komunitas
hackertalks.com
Clickbait YouTuber is clickbait… https://www.privacyguides.org/en/basics/vpn-overview/ Should I use a VPN?¶ Yes, almost certainly. A VPN has many advantages, including: Hiding your traffic from only your Internet Service Provider. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations. Hiding your IP from third-party websites and services, helping you blend in and preventing IP based tracking. Allowing you to bypass geo-restrictions on certain content. VPNs can provide some of the same benefits Tor provides, such as hiding your IP from the websites you visit and geographically shifting your network traffic, and good VPN providers will not cooperate with e.g. legal authorities from oppressive regimes, especially if you choose a VPN provider outside your own jurisdiction. VPNs cannot encrypt data outside the connection between your device and the VPN server. VPN providers can also see and modify your traffic the same way your ISP could, so there is still a level of trust you are placing in them. And there is no way to verify a VPN provider’s “no logging” policies in any way. On a personal note, the common argument is VPN providers could be recording your traffic. But if you know for certain your ISP is recording your traffic and selling your data, which is most commercial ISPs in the West, then a VPN provider is a strict improvement. They may not be, but they’re not guaranteed to be. And your ISP is guaranteed to be.
Komunitas
ibbit.at
The Death of English Literature (This essay, my review of Stefan Collini’s book Literature and Learning: A History of English Studies in Britain*, originally appeared in the New Statesman here. It is republished in Cultural Capital with their generous permission.*) English Literature — so it seemed to me when I was a bookish zealot of eighteen — was the prince of the humanities. When I was interviewed at university and asked why exactly I wanted to study English, I informed my interrogators (I still remember the phrase which I had practised beforehand and considered richly impressive) that “literature shows us what it is or might be to be human”. I believed it. In books, I felt with Tennyson, that I had sensed the living souls of the dead flashed on mine. Poems — especially poems by Hopkins, Eliot and Auden — worked on me like spells. I had contrived to download a recording of Auden’s Museé des Beaux Arts onto my primitive mobile phone, and would stand in the playground with the device pressed to my ear, enraptured by the tinny incantation, convinced I was responding to a higher call. Literature, if one were to reduce it to anything so tawdry as a formula, was history x philosophy x life. I regarded my peers who had chosen to study mere facts at university rather than to be inducted into the glamorous mysteries of the human heart with some pity (an attitude I have still not entirely shaken off). English, as Stefan Collini observes in his wry and compendious new history of the discipline, Literature and Learning, tends to inspire an extravagant attachment rarely associated with “say, Geography or Chemistry.” Half the labour of writing a history of English must lie in gathering encomia to the subject by its disciples. To the moneyed amateurs who ushered the subject into universities at the beginning of the twentieth century (men who fondled poems like antique clocks and ranked novelists like vintages of claret) the study of literature was “a glory of the universe” or “the spring which unlocks the hidden life”. To the charismatic Leavisite secondary school teachers of the 1960s it was a moral crusade against the spirit-killing incursions of machine civilisation: English had “life-enhancing powers” and its study was essential if a modern person hoped to retain “any capacity for a humane existence”. The scholarly Collini winces fastidiously at some of these “soaring affirmations”. And indeed, such confident panegyrics read oddly in an age when the subject is cowed, apologetic and shrinking. Nowadays, English is reduced to doing its pathetic, blundering best to ape the sciences, devising spurious jargons for itself, grinding scholars through the Research Excellence Framework and promising students “transferable skills” (that mad but unkillable doctrine beloved of prospectus-writers which holds that a familiarity with ecocritical perspectives on early Shelley is useful preparation for making powerpoints at PWC). But for all the Gradgrindian propaganda embattled modern departments are obliged to turn out in the forlorn hope of attracting students, it remains the case that it is only because people have felt extravagantly about books that English is taught at universities at all. The subject remains an academic anomaly, a scholarly discipline premised on the acquisition not of knowledge but of aesthetic experience; on the unlikely marriage of (in Collini’s happy phrase) “beauty and the footnote”. Students of English do not expect to emerge from their degrees able to speak a foreign language (save perhaps a smattering of Anglo Saxon) or code or say anything useful about the differences between arthropods and crustaceans. According to the purest conception of the subject, Collini points out, “the ur-exam question should be something like ‘isn’t this beautiful?’” Though surely, “the way to get high marks would not simply be to answer ‘Yes, it is.’” This has been the source of English’s insecurity as an academic discipline — couldn’t an enthusiasm for Keats be better satisfied in a student’s spare time? — but also its self-confidence as the purest and most noble of the humanities. Dove Cottage I was a late product of this passionate tradition. My English teacher father brought me up to regard Eng Lit as a secular religion. Our God was Shakespeare whose birthday we celebrated annually with a home-made cake. Like Catholic peasants our house was strewn with tasteless devotional items: Shakespeare mugs, Shakespeare socks, Shakespeare tea towels, a Shakespeare bear (clad in a t-shirt featuring a quotation from Hamlet). We quoted Shakespeare, and his attendant lesser deities Wordsworth, Tennyson and Milton like scripture. And in the summer holidays we made solemn pilgrimages to their shrines: Dove Cottage, The Globe Theatre, Stratford upon Avon. My father particularly impressed me with the information that a friend of his had once repelled a home invader by descending the staircase in the dark carrying a single lighted candle and intoning a sulphurous passage from Book One of Paradise Lost. Such — the moral of the story ran — was the power of blank verse. (I have never quite lost the conviction that should I ever find myself in similar danger the Collected Milton, rather than, say, a hammer, is the weapon I will need to have to hand.) If the atmosphere of militant Bardolatry in which I was raised was anachronistic in the early 2000s it seems as archaic as Assyria now. English is in precipitous decline. Still the most popular A-level subject when I left school in 2011, it no longer even makes the top ten, having been displaced by various STEM subjects and those vulgar parvenus, sociology and psychology. Another university English department shuts down practically every year. My friends who pursued academic careers in English — no more apocalyptically disillusioned class of person exists — feel they are heirs to a ruined inheritance. They were preparing to take possession of great mansions of learning but find the windows have been smashed, the furniture looted and the electricity cut off. Partly the problem is tuition fees — £9,535 per year to acquire a finer appreciation of moon imagery in DH Lawrence is a hefty ask in the present economic climate. But most importantly, literature is becoming culturally marginal. The screen is replacing the book. Studies show dramatic and unprecedented drops in literacy and reading, especially among teenagers. A recent survey by the National Literacy Trust found time spent reading books “at a historic low”. In this environment, the study of literature is far from an obvious use of three crucial years of young adulthood. And if the slew of viral journalistic reports from universities — “The End of the English Major”, “The Elite College Students Who Can’t Read Books” — are to be believed, even students who choose to study English are unable to actually force themselves through novels. “Most of our students are functionally illiterate” runs a characteristic de profundis wail. A young Oxbridge academic I spoke to recently described “a collapse of literacy” among his students. The first enemies of English worried not that reading novels was too hard for students, but that it was much too easy. When English arrived in universities (at Oxford in 1894 and Cambridge in 1914) conservative dons objected that the subject wouldn’t provide students with “the mental training” inculcated by Mathematics or Classics (Greek, according to one doggedly unenlightened strand of opinion was “a kind of maths without numbers”). Others feared that English was an invitation to students to be “specious and superficial” (the suspicion has never quite been dispelled). Why did you need educating in how to read poems? The literary gentlemen who were first summoned from the clan warfare of Grub Street to establish English amidst the Groves of Academe were not always reassuring models of scholarly rigour. Cambridge’s first Professor of English Arthur Quiller Couch was in the habit of addressing his audiences of mostly female undergraduates as “Gentlemen!” George Saintsbury, the king of fin-de-siecle belles lettres — with his wine cellar, “extreme Toryism”, prodigious forest of a beard and apparently omniscient command of his country’s literary heritage — was making £190,000 a year in modern money from literary journalism before he was made a don (his earnings were much enhanced by his genial willingness to review the same volume “as many as five times”). His own innumerable books, (Elizabethan Literature, Nineteenth Century Literature, The History of English Prosody from the Twelfth Century to the Present Day, an 800-page Short History of English Literature) combined panoptic ambition with “a large number of errors” and sold in the tens of thousands. George Saintsbury Saintsbury’s career was only an unusually florid symptom of a society in which English literature was culturally central to a degree not easy to grasp today and which throws a stark light on the subject’s present crisis of marginality. English was born as an academic subject in a world in which journals and magazines “carried an endless stream of critical essays celebrating or reconsidering the achievement of major and minor poets alike”. For many people “a deep intimacy with English poetry was a living presence, not simply a social affectation or a relic of a half-remembered education”. The critic AC Bradley was the subject of doggerel in Punch and his book Shakespeare’s Tragedies went on to sell half a million copies. When the socialite turned don John Bailey gave public lectures (“Can We Tell Good Books from Bad”, “Shelley”) he addressed “crowded” halls of hundreds of people (“many standing”) and met with “wild success”. When he lunched with the former Prime Minister Arthur Balfour in 1914, the two men chatted about “Dryden, Pope, Browning, etc.” Bailey and his wife habitually recited Browning to one another over dinner, after which he would go upstairs to read his children their bedtime story: Edmund Spencer’s The Faerie Queene. The apogee of Eng Lit’s prestige arrived in the “two decades after 1945”. Students streamed through the red brick portals of Manchester and across the alien concrete geometries of York for lectures on “Shakespeare and his Contemporaries”, “Milton and the Seventeenth Century”, and “The English Augustans”. By this time, the subject had been refashioned as a modern, professional discipline. To IA Richards, the father of practical criticism, the study of literature was a laboratory science (the text carefully tweezered and isolated beneath the critic’s microscope); to FR Leavis, it was a kind of non-conformist religion. The prevailing tone of high moral seriousness — “a spiritual exploration coterminous with the fate of civilization itself”, as Terry Eagleton once summarised the Leavisite view of literary studies — charged English with a charisma that no other academic discipline has ever matched, either before or since. The University of York in the 1960s Academic critics became celebrities and for a while, the culture bowed to them. The position of English at this time strikes modern readers as almost comically exalted. “It is no exaggeration to say”, writes one historian quoted by Collini, “that in the late 40s and early 50s, for the hippest of the young (even among those who were beginning to be beat) the best thing in the world to be was T.S. Eliot or Edmund Wilson. Literary criticism was the philosophers’ stone”. In the USA in the 1950s it was possible to watch “a regular TV programme featuring Lionel Trilling, Jacques Barzun, and W.H. Auden”. And in a lecture, Trilling went so far as to fret that “the place literature occupies in contemporary life is ‘actually too high’” and that its study attracted “disproportionate” numbers of students — not anxieties that much trouble modern professors of English. At this time English derived energy and confidence from its practitioners’ sense of themselves as cultural insurgents, partisans of intelligence and humane values fighting a guerilla war against the stupefying and ominously expanding empire of mass culture, what Richards called the “sinister potentialities of the cinema and the loud-speaker”. Leavis was the movement’s Castro, prolix, repetitive and superannuated, thundering away against the evils of television. His hostility was influential. “The very power to resist and question the mass media, or the misuse of technology, derives from our ability to transmit the best of the past”, urged one teachers’ handbook. English by wide consent, was “the civilising, maturing subject”. Recent academic commentators have been nervous of these painfully un-groovy defences of standards. In the complacent fastnesses of Oxford and Cambridge the idea that such frivolous technologies as the television or the cinema might pose a threat to the grand enterprise of literature was worthy only of a raised faux-worldly eyebrow. But Leavis’s perception that the new forms of electronic entertainment demanded “surrender, under conditions of hypnotic receptivity to the cheapest emotional appeals” is hard to read without foreboding in the days of TikTok. Such warnings once read as so much rhetorical thunder and lightning; today they read like prophecy. The battle against the hypnotising and stupefying forces of electronic entertainment has been definitively lost. The partisans have been routed. George Eliot was no match for the iPhone. The civilisation of the book has given way to the civilisation of the screen. English, in the view of one friend who teaches it at a university is, “not dying, it’s dead” — an incidental and probably unnoticed drive-by casualty of the Californian billionaires’ imperial campaign to annex our attention for their profit. “In time,” Collini writes, “it may become possible to be accepted as a cultivated person (whatever that archaic term will by then have come to represent) without having an acquaintance with any literature written before one’s own era, or perhaps with any literature at all.” I agree but with one qualification … “May become possible?” To anybody under forty it is clear that time is already upon us. Whether this heralds catastrophe — whether the fate of literature indeed turns out to be coterminous with the fate of civilisation — remains to be seen. When those of us raised in the faith survey the darkness of the modern world, the thought is a hard one to avoid . From Cultural Capital via this RSS feed
Komunitas
lemmy.ml
A new Atomic macOS Stealer (AMOS) attack vector weaponizes Google searches and a user’s trust in AI chatbots, researchers have found. Once infected, the AMOS can collect data, passwords, and more from the infected Mac with alarming ease. While AMOS attacks have been around since 2023, they normally involve people accidentally downloading a malicious file. But this new approach is different. Instead, it simply requires them to copy and paste a single command into the Terminal app. Researchers at security outfit Huntress identified the new AMOS approach in early December 2025 after a victim reported the incident. Huntress found that the user had searched “Clear disk space on macOS” before choosing one of the two sponsored results. Both of those results linked to a shared chatbot chat, one for ChatGPT, the other for Grok. It didn’t matter which the victim clicked because they both ultimately did the same thing. Huntress was able to repeat the infection steps, which boiled down to copying and pasting a command that was supposed to free up storage space. In reality, it downloaded a file that then set about gaining root privileges to allow it to access apps and data unchecked. In fact, the route taken by this particular AMOS ensured it never triggered any of Apple’s built-in macOS security features. Once the command was run, there was never any indication that something was amiss. Once running, Huntress found that the Stealer had the ability to capture a number of high-value data types. Those include access to cryptocurrency wallets, browser credential databases, and even Apple Keychain. All data collected by the attack is then uploaded to attacker-controlled servers. As for the Stealer itself, the attack ensures it is configured to run even after the Mac is restarted, meaning it’s always ready to steal more data. While AMOS isn’t new, the key thing to note here is the new approach, and one that Mac users should absolutely be wary of. As people become more wary of files they download from the internet, attackers need new ways of getting malware onto devices. In this instance, both the ChatGPT and Grok shared chats are legitimate and hosted on their respective services. They also give the air of a legitimate guide that will ultimately free up storage space as requested. Even pasting a command into the Terminal window makes sense given the context. It’s easy to see how people might fall for such an attack.
Komunitas
ibbit.at
Back in the mid 1990s, the release of Microsoft’s Windows 95 operating system cemented the Redmond software company’s dominance over most of the desktop operating system space. Apple were still in their period in the doldrums waiting for Steve Jobs to return with his NeXT, while other would-be challengers such as IBM’s OS/2 or Commodore’s Amiga were sinking into obscurity. Into this unpromising marketplace came Be inc, with their BeBox computer and its very nice BeOS operating system. To try it out as we did at a trade show some time in the late ’90s was to step into a very polished multitasking multimedia OS, but sadly one which failed to gather sufficient traction to survive. The story ended in the early 2000s as Be were swallowed by Palm, and a dedicated band of BeOS enthusiasts set about implementing a free successor OS. This has become Haiku, and while it’s not BeOS it retains API compatibility with and certainly feels a lot like its inspiration. It’s been on my list for a Daily Drivers article for a while now, so it’s time to download the ISO and give it a go. I’m using the AMD64 version. A Joy To Use, After A Few Snags If you ignore the odd font substitution in WebPositive, it’s a competent browser. This isn’t the first time I’ve given Haiku a go in an attempt to write about it for this series, and I have found it consistently isn’t happy with my array of crusty old test laptops. So this time I pulled out something newer, my spare Lenovo Thinkpad X280. I was pleased to see that the Haiku installation USB volume booted and ran fine on this machine, and I was soon at the end of the install and ready to start my Haiku journey. Here I hit my first snag, because sadly the OS hadn’t quite managed to set up its UEFI booting correctly. I thus found myself unexpectedly in a GRUB prompt, as the open source bootloader was left in place from a previous Linux install. Fixing this wasn’t too onerous as I was able to copy the relevant Haiku file to my UEFI partition, but it was a little unexpected. On with the show then, and in to Haiku. In use, this operating system is a joy. Its desktop look and feel is polished, in a late-90s sense. There was nothing jarring or unintuitive, and though I had never used Haiku before I was never left searching for what I needed. It feels stable too, I was expecting the occasional crash or freeze, but none came. When I had to use the terminal to move the UEFI file it felt familiar to me as a Linux user, and all my settings were easy to get right. Never Mind My Network Card If only the network setup on my Thinkpad was as nice as the one in the VM. I hit a problem when it came to network setup though, I found its wireless networking to be intermittent. I could connect to my network, but while DHCP would give it an IP address it failed to pick up the gateway and thus wasn’t a useful external connection. I could fix this by going to a fixed IP address and entering the gateway and DNS myself, and that gave me a connection, but not a reliable one. I would have it for a minute or two, and then it would be gone. Enough time for a quick software update and to load Hackaday on its WebPositive web browser, but not enough time to do any work. We’re tantalisingly close to a useful OS here, and I don’t want this review to end on that note. The point of this series has been to try each OS in as real a situation as possible, to do my everyday Hackaday work of writing articles and manipulating graphics. I have used real hardware to achieve this, a motley array of older PCs and laptops. As I’ve described in previous paragraphs I’ve reached the limits of what I can do on real hardware due to the network issue, but I still want to give this one a fair evaluation. I have thus here for the first time used a test subject in a VM rather than on real hardware. What follows then is courtesy of Gnome Boxes on my everyday Linux powerhouse, so please excuse the obvious VM screenshots. This One Is A True Daily Driver There’s plenty of well-ported software, but nothing too esoteric. With a Haiku install having a working network connection, it becomes an easy task to install software updates, and install new software. The library has fairly up-to-date versions of many popular packages, so I was easily able to install GIMP and LibreOffice. WebPositive is WebKit-based and up-to-date enough that the normally-picky Hackaday back-end doesn’t complain at me, so it more than fulfils my Daily Drivers requirement for an everyday OS I can do my work on. In fact, the ’90s look-and-feel and the Wi-Fi issues notwithstanding, this OS feels stable and solid in a way that many of the other minority OSes I’ve tried do not. I could use this day-to-day, and the Haiku Thinkpad could accompany me on the road. There is a snag though, and it’s not the fault of the Haiku folks but probably a function of the size of their community; this is a really great OS, but sadly there are software packages it simply doesn’t have available for it. They’ve concentrated on multimedia, the web, games, and productivity in their choice of software to port, and some of the more esoteric or engineering-specific stuff I use is unsurprisingly not there. I can not fault them for this given the obvious work that’s gone into this OS, but it’s something to consider if your needs are complex. Haiku then, it’s a very nice desktop operating system that’s polished, stable, and a joy to use. Excuse it a few setup issues and take care to ensure your Wi-Fi card is on its nice list, and you can use it day-to-day. It will always have something of the late ’90s about it, but think of that as not a curse but the operating system some of us wished we could have back in the real late ’90s. I’ll be finding a machine to hang onto a Haiku install, this one bears further experimentation. From Blog – Hackaday via this RSS feed
Komunitas
lemmy.world
Today’s game is Mario Kart Wii. I was originally going to setup Retro Rewind to give it a try (it was suggested to me by @[email protected]). I ended up having some issues though, namely that the mod was downloading at 0.50 mbps and would take an hour. I tried to install it manually but that didn’t really work out. So i decided to just play regular Wii, it’s not like it’s a bad game or anything. I’m pretty sure i said this last time though, but i always end up forgetting this game is kind of boring to play alone. The game hurls out red shells like it’s Halloween candy, which, if you’re playing with friends it’s fun. You can all collectively go “That’s bullshit” but then laugh it off. Singleplayer though, it’s just a bit eh. I wouldnt say i got frustrated, but after the 5th barrage of 6 red shells in a row, it got old. The models have this kind of unique charm to them with how jagged they are. I feel like Waluigi alone could shank someone with his fists. And the more flat terrain is charming too, even at 4k. It’s flaws do show, but they’re not glaring so you can kind of ignore them. I only did 4 races, kept things nice and short. I did Sherbet Land, Mario Raceway, Toad’s Factory, and Coconut Mall. I think it’s a pretty good selection of courses to spend the evening on. I was hoping Retro Rewind would be done but the download failed so i had to start over. It only just now finished, so hopefully i can get to it tomorrow. Maybe even get some friends to join me.
Komunitas
discuss.tchncs.de
cross-posted from: https://lemmy.ml/post/39870758 A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code Privacy stalwart Nicholas Merrill spent a decade fighting an FBI surveillance order. Now he wants to sell you phone service—without knowing almost anything about you. Nicholas Merrill has spent his career fighting government surveillance. But he would really rather you didn’t call what he’s selling now a “burner phone.” Yes, he dreams of a future where anyone in the US can get a working smartphone—complete with cellular coverage and data—without revealing their identity, even to the phone company. But to call such anonymous phones “burners” suggests that they’re for something illegal, shady, or at least subversive. The term calls to mind drug dealers or deep-throat confidential sources in parking garages. With his new startup, Merrill says he instead wants to offer cellular service for your existing phone that makes near-total mobile privacy the permanent, boring default of daily life in the US. “We’re not looking to cater to people doing bad things,” says Merrill. “We’re trying to help people feel more comfortable living their normal lives, where they’re not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations. I think it’s not controversial to say the vast majority of people want that.” That’s the thinking behind Phreeli, the phone carrier startup Merrill launched today, designed to be the most privacy-focused cellular provider available to Americans. Phreeli, as in, “speak freely,” aims to give its user a different sort of privacy from the kind that can be had with end-to-end encrypted texting and calling tools like Signal or WhatsApp. Those apps hide the content of conversations, or even, in Signal’s case, metadata like the identities of who is talking to whom. Phreeli instead wants to offer actual anonymity. It can’t help government agencies or data brokers obtain users’ identifying information because it has almost none to share. The only piece of information the company records about its users when they sign up for a Phreeli phone number is, in fact, a mere ZIP code. That’s the minimum personal data Merrill has determined his company is legally required to keep about its customers for tax purposes. By asking users for almost no identifiable information, Merrill wants to protect them from one of the most intractable privacy problems in modern technology: Despite whatever surveillance-resistant communications apps you might use, phone carriers will always know which of their customers’ phones are connecting to which cell towers and when. Carriers have frequently handed that information over to data brokers willing to pay for it—or any FBI or ICE agent that demands it with a court order Merrill has some firsthand experience with those demands. Starting in 2004, he fought a landmark, decade-plus legal battle against the FBI and the Department of Justice. As the owner of an internet service provider in the post-9/11 era, Merrill had received a secret order from the bureau to hand over data on a particular user—and he refused. After that, he spent another 15 years building and managing the Calyx Institute, a nonprofit that offers privacy tools like a snooping-resistant version of Android and a free VPN that collects no logs of its users’ activities. “Nick is somebody who is extremely principled and willing to take a stand for his principles,” says Cindy Cohn, who as executive director of the Electronic Frontier Foundation has led the group’s own decades-long fight against government surveillance. “He’s careful and thoughtful, but also, at a certain level, kind of fearless.” Nicholas Merrill with a copy of the National Security Letter he received from the FBI in 2004, ordering him to give up data on one of his customers. He refused, fought a decade-plus court battle—and won. More recently, Merrill began to realize he had a chance to achieve a win against surveillance at a more fundamental level: by becoming the phone company. “I started to realize that if I controlled the mobile provider, there would be even more opportunities to create privacy for people,” Merrill says. “If we were able to set up our own network of cell towers globally, we can set the privacy policies of what those towers see and collect.” Building or buying cell towers across the US for billions of dollars, of course, was not within the budget of Merrill’s dozen-person startup. So he’s created the next best thing: a so-called mobile virtual network operator, or MVNO, a kind of virtual phone carrier that pays one of the big, established ones—in Phreeli’s case, T-Mobile—to use its infrastructure. The result is something like a cellular prophylactic. The towers are T-Mobile’s, but the contracts with users—and the decisions about what private data to require from them—are Phreeli’s. “You can’t control the towers. But what can you do?” he says. “You can separate the personally identifiable information of a person from their activities on the phone system.” Signing up a customer for phone service without knowing their name is, surprisingly, legal in all 50 states, Merrill says. Anonymously accepting money from users—with payment options other than envelopes of cash—presents more technical challenges. To that end, Phreeli has implemented a new encryption system it calls Double-Blind Armadillo, based on cutting-edge cryptographic protocols known as zero-knowledge proofs. Through a kind of mathematical sleight of hand, those crypto functions are capable of tasks like confirming that a certain phone has had its monthly service paid for, but without keeping any record that links a specific credit card number to that phone. Phreeli users can also pay their bills (or rather, prepay them, since Phreeli has no way to track down anonymous users who owe them money) with tough-to-trace cryptocurrency like Zcash or Monero. Phreeli users can, however, choose to set their own dials for secrecy versus convenience. If they offer an email address at signup, they can more easily recover their account if their phone is lost. To get a SIM card, they can give their mailing address—which Merrill says Phreeli will promptly delete after the SIM ships—or they can download the digital equivalent known as an eSIM, even, if they choose, from a site Phreeli will host on the Tor anonymity network. Phreeli’s “armadillo” analogy—the animal also serves as the mascot in its logo—is meant to capture this sliding scale of privacy that Phreeli offers its users: Armadillos always have a layer of armor, but they can choose whether to expose their vulnerable underbelly or curl into a fully protected ball. Even if users choose the less paranoid side of that spectrum of options, Merrill argues, his company will still be significantly less surveillance-friendly than existing phone companies, which have long represented one of the weakest links in the tech world’s privacy protections. All major US cellular carriers comply, for instance, with law enforcement surveillance orders like “tower dumps” that hand over data to the government on every phone that connected to a particular cell tower during a certain time. They’ve also happily, repeatedly handed over your data to corporate interests: Last year the Federal Communications Commission fined AT&T, Verizon, and T-Mobile nearly $200 million for selling users’ personal information, including their locations, to data brokers. (AT&T’s fine was later overturned by an appeals court ruling intended to limit the FCC’s enforcement powers.) Many data brokers in turn sell the information to federal agencies, including ICE and other parts of the DHS, offering an all-too-easy end run around restrictions on those agencies’ domestic spying. Phreeli doesn’t promise to be a surveillance panacea. Even if your cellular carrier isn’t tying your movements to your identity, the operating system of whatever phone you sign up with might be. Even your mobile apps can track you. But for a startup seeking to be the country’s most privacy-focused mobile carrier, the bar is low. “The goal of this phone company I’m starting is to be more private than the three biggest phone carriers in the US. That’s the promise we’re going to massively overdeliver on,” says Merrill. “I don’t think there’s any way we can mess that up.” Merrill’s not-entirely-voluntary decision to spend the last 20-plus years as a privacy diehard began with three pages of paper that arrived at his office on a February day in New York in 2004. An FBI agent knocked on the door of his small internet service provider firm called Calyx, headquartered in a warehouse space a block from the Holland Tunnel in Manhattan. When Merrill answered, he found an older man with parted white hair, dressed in a trench coat like a comic book G-man, who handed him an envelope. Merrill opened it and read the letter while the agent waited. The first and second paragraphs told him he was hereby ordered to hand over virtually all information he possessed for one of his customers, identified by their email address, explaining that this demand was authorized by a law he’d later learn was part of the Patriot Act. The third paragraph informed him he couldn’t tell anyone he’d even received this letter—a gag order. Then the agent departed without answering any of Merrill’s questions. He was left to decide what to do, entirely alone. Merrill was struck immediately by the fact that the letter had no signature from a judge. He had in fact been handed a so-called National Security Letter, or NSL, a rarely seen and highly controversial tool of the Bush administration that allowed the FBI to demand information without a warrant, so long as it was related to “national security.” Calyx’s actual business, since he’d first launched the company in the early ’90s with a bank of modems in the nonfunctional fireplace of a New York apartment, had evolved into hosting the websites of big corporate customers like Mitsubishi and Ikea. But Merrill used that revenue stream to give pro bono or subsidized web hosting to nonprofit clients he supported like the Marijuana Policy Project and Indymedia—and to offer fast internet connections to a few friends and acquaintances like the one named in this surveillance order. Merrill has never publicly revealed the identity of the NSL’s target, and he declined to share it with WIRED. But he knew this particular customer, and he certainly didn’t strike Merrill as a national security threat. If he were, Merrill thought, why not just get a warrant? The customer would later tell Merrill he had in fact been pressured by the FBI to become an informant—and had refused. The bureau, he told Merrill, had then retaliated by putting him on the no-fly list and pressuring employers not to hire him. (The FBI didn’t respond to WIRED’s request for comment on the case.) Merrill immediately decided to risk disobeying the gag order—on pain of what consequences, he had no idea—and called his lawyer, who told him to go to the New York affiliate of the American Civil Liberties Union, which happened to be one of Calyx’s web-hosting clients. After a few minutes in a cab, Merrill was talking to a young attorney named Jameel Jaffer in the ACLU’s Financial District office. “I wish I could say that we reassured him with our expertise on the NSL statute, but that’s not how it went down,” Jaffer says. “We had never seen one of these before.” Merrill, meanwhile, knew that every lawyer he showed the letter to might represent another count in his impending prosecution. “I was terrified,” he says. “I kind of assumed someone could just come to my place that night, throw a hood over my head, and drag me away.” Phreeli will use a novel encryption system called DoubleBlind Armadillo—based on cutting edge crypto protocols known as… Phreeli will use a novel encryption system called Double-Blind Armadillo—based on cutting edge crypto protocols known as zero-knowledge proofs—to pull of tricks like accepting credit card payments from customers without keeping any record that ties that payment information to their particular phone. Despite his fears, Merrill never complied with the FBI’s letter. Instead, he decided to fight its constitutionality in court, with the help of pro bono representation from the ACLU and later the Yale Media Freedom and Information Access Clinic. That fight would last 11 years and entirely commandeer his life. Merrill and his lawyers argued that the NSL represented an unconstitutional search and a violation of his free-speech rights—and they won. But Congress only amended the NSL statute, leaving the provision about its gag order intact, and the legal battle dragged out for years longer. Even after the NSL was rescinded altogether, Merrill continued to fight for the right to talk about its existence. “This was a time when so many people in his position were essentially cowering under their desks. But he felt an obligation as a citizen to speak out about surveillance powers that he thought had gone too far,” says Jaffer, who represented Merrill for the first six years of that courtroom war. “He impressed me with his courage.” Battling the FBI took over Merrill’s life to the degree that he eventually shut down his ISP for lack of time or will to run the business and instead took a series of IT jobs. “I felt too much weight on my shoulders,” he says. “I was just constantly on the phone with lawyers, and I was scared all the time.” By 2010, Merrill had won the right to publicly name himself as the NSL’s recipient. By 2015 he’d beaten the gag order entirely and released the full letter with only the target’s name redacted. But Merrill and the ACLU never got the Supreme Court precedent they wanted from the case. Instead, the Patriot Act itself was amended to reign in NSLs’ unconstitutional powers. In the meantime, those years of endless bureaucratic legal struggles had left Merrill disillusioned with judicial or even legislative action as a way to protect privacy. Instead, he decided to try a different approach. “The third way to fight surveillance is with technology,” he says. “That was my big realization.” So, just after Merrill won the legal right to go public with his NSL battle in 2010, he founded the Calyx Institute, a nonprofit that shared a name with his old ISP but was instead focused on building free privacy tools and services. The privacy-focused version of Google’s Android OS it would develop, designed to strip out data-tracking tools and use Signal by default for calls and texts, would eventually have close to 100,000 users. It ran servers for anonymous, encrypted instant messaging over the chat protocol XMPP with around 300,000 users. The institute also offered a VPN service and ran servers that comprised part of the volunteer-based Tor anonymity network, tools that Merrill estimates were used by millions. As he became a cause célèbre and then a standout activist in the digital privacy world over those years, Merrill says he started to become aware of the growing problem of untrustworthy cellular providers in an increasingly phone-dependent world. He’d sometimes come across anti-surveillance hard-liners determined to avoid giving any personal information to cellular carriers, who bought SIM cards with cash and signed up for prepaid plans with false names. Some even avoided cell service altogether, using phones they connected only to Wi-Fi. “Eventually those people never got invites to any parties,” Merrill says. All these schemes, he knew, were legal enough. So why not a phone company that only collects minimal personal information—or none—from its normal, non-extremist customers? As early as 2019, he had already consulted with lawyers and incorporated Phreeli as a company. He decided on the for-profit startup route after learning that the 501c3 statute can’t apply to a telecom firm. Only last year, he finally raised $5 million, mostly from one angel investor. (Merrill declined to name the person. Naturally, they value their privacy.) Building a system that could function like a normal phone company—and accept users’ payments like one—without storing virtually any identifying information on those customers presented a distinct challenge. To solve it, Merrill consulted with Zooko Wilcox, one of the creators of Zcash, perhaps the closest thing in the world to actual anonymous cryptocurrency. The Z in Zcash stands for “zero-knowledge proofs,” a relatively new form of crypto system that has allowed Zcash’s users to prove things (like who has paid whom) while keeping all information (like their identities, or even the amount of payments) fully encrypted. For Phreeli, Wilcox suggested a related but slightly different system: so-called “zero-knowledge access passes.” Wilcox compares the system to people showing their driver’s license at the door of a club. “You’ve got to give your home address to the bouncer,” Wilcox says incredulously. The magical properties of zero knowledge proofs, he says, would allow you to generate an unforgeable crypto credential that proves you’re over 21 and then show that to the doorman without revealing your name, address, or even your age. “A process that previously required identification gets replaced by something that only requires authorization,” Wilcox says. “See the difference?” The same trick will now let Phreeli users prove they’ve prepaid their phone bill without connecting their name, address, or any payment information to their phone records—even if they pay with a credit card. The result, Merrill says, will be a user experience for most customers that’s not very different from their existing phone carrier, but with a radically different level of data collection. As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too. “I don’t know of anybody who’s ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.” Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it’s all a means to an end for him,” she says. “And the end is privacy for everyone.” Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash. Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says. But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren’t doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon. “The pendulum has swung so far in favor of total information awareness,” says Merrill, using an intelligence term of the Bush administration whose surveillance order set him on this path 21 years ago. “Things that we used to be able to take for granted have slipped through our fingers.” “Other phone companies are selling an apartment that comes with no curtains—where the windows are incompatible with curtains,” Merrill says. “We’re trying to say, no, curtains are normal. Privacy is normal.”
Komunitas
lemmygrad.ml
The great farce of late-imperial Europe is that every time Brussels stumbles into another historic blunder of its own making, it immediately searches for a foreign hand to blame. And so the EU’s court chronicler, Politico, delivers its latest fever dream: that Belgium, the most indecisive, over-medicated country in the bloc, has somehow transformed into “Russia’s most valuable asset.” In reality, the only asset Russia needed was the EU’s own arrogance. Belgium merely did the unthinkable, it told the truth. What Politico dresses up as geopolitical intrigue is actually a confession of EU derangement. The EU are trying to engineer the largest state-sanctioned theft of sovereign wealth in modern history, a direct raid on the Russian Central Bank’s reserves and expected applause, unity, and moral ecstasy. Instead, Belgium asked the only sane question left in Europe: “Are you all completely out of your minds?” For this, Politico paints De Wever as eccentric, impulsive, unstable, the same labels always deployed when someone refuses to bow to the imperial autopilot. But the deeper scandal is that Brussels expected him to sign off on detonating the post-war financial order for the sake of one more photo-op with Zelensky. Politico can hide behind metaphors of summit dinners and langoustines, but the legal reality is brutal: raiding another nation’s central bank is not a policy disagreement. It is a declaration of financial war on the entire world. It would obliterate sovereign immunity, destroy the neutrality of reserve holdings, and instantly signal to the global South that their assets in EU banks are hostage to EU’s emotional spasms. One act, one reckless stroke of a pen, and the euro collapses as a safe currency, capital flees to Asia, and the West loses its last functional pillar of power. Belgium saw the cliff’s edge, Brussels mistook it for a (perverse) moral leap of faith. Politico’s narrative stumbles further when it pretends the only danger lies in Moscow’s retaliation. It does not. Russia’s symmetric countermeasures are well-known, lawful, and devastating: nationalization of Western corporate assets, seizure of industrial infrastructure, liquidation of bond holdings, and the dismantling of Western financial footprints inside Russia. The value of Western assets exposed inside the Russian Federation rivals what sits in Euroclear. Brussels knows this. Euroclear knows this. Investors know this. Only the EU pretends the ledger is irrelevant. But the real threat is not Russia’s response , it is the irreversible collapse of trust in Western custodianship. Once the EU steals central bank reserves, no nation with self-respect will ever again store wealth in Europe. The theft of Russian reserves would be remembered not as an isolated act, but as the day the West proved it cannot be trusted with global money, let alone soverign assets. This is the part Politico is terrified to articulate. Belgium wasn’t protecting Russia. Belgium is trying to protect the very system the EU purports to defend. Yet instead of portraying De Wever as the only adult in the room, Politico stages a melodrama about a Flemish nationalist gone rogue, supposedly spoiling the EU’s grandiose plan to hurl another €140 billion onto the Ukrainian funeral pyre. The reality is simpler, Belgium refused to mortgage its own future so Europe could continue its cosplay as a geopolitical superpower utterly detached from material reality. The EU elite wanted to play empire with someone else’s risk. Belgium refused to be the guarantor of their delusion. What makes Politico’s narrative even more absurd is that it accidentally reveals the deeper rot, Europe’s elite caste are incapable of unity, incapable of strategic thought, incapable of honesty. Merz shoots from the hip. Von der Leyen improvises legal fantasies. Orbán holds a veto the size of a continental fault line. Trump instinctively knows he needs an offramp via peace talks and is happy to download project Ukraine’s corpse along with the humiliation onto Western Europe. Zelensky arrives in Brussels begging for cash while European governments fight over whether the money should be spent on their own weapons factories. This is not a union. This is a collective suicide pact. And through all this chaos, Politico clings to the illusion that Russia must somehow be “laughing.” But Russia isn’t laughing. Russia is watching. Watching as Europe destroys its own energy security, its own industrial base, its own strategic autonomy, its own diplomatic credibility, its own financial reputation, and finally — with this proposed asset raid, the very legal foundations of the Western economic system. If Moscow appears calm, it is because it doesn’t need to act. Europe is demolishing itself at a pace Russia could never have engineered. Belgium’s “no” was not an act of betrayal. It was the last flicker of European rationality. The EU’s hysteria and psychosis, not Russia, created the crisis. Europe is trying to violate international law, sabotage its own financial institutions, and torch what remains of the bygone postwar order to salvage the illusion of a war it has already lost. Belgium simply refused to join the ritual suicide. So let us rewrite Politico’s headline as history will record it: “How the EU Became Russia’s Greatest Strategic Gift.” Not because Russia manipulated Europe, but because Europe manipulated itself, into hysteria, into decay, into legal nihilism, into economic ruin. Belgium didn’t hand Russia an asset. It denied the EU the final act of self-destruction… for now. The tragic irony of the entire Politico piece is that its authors still cling to the fantasy that Europe can recover simply by shaming Belgium into compliance. But history will not be kind to this moment. When future scholars study the collapse of the Western financial empire, this attempted seizure of Russian assets and Belgium’s lonely refusal, will stand as the point where the veil fell, revealing a Europe that could no longer distinguish faux moral posturing from strategic insanity. Belgium didn’t break with Europe, it broke with Europe’s delusions. The EU convinced itself that tearing down the last pillars of the post-war order was an act of courage. Belgium saw it for what it was, a death rite dressed as morality. And when this era ends, when capitals move eastward, when trust evaporates, when the euro cracks under the weight of its own blind arrogance, historians will look back on this moment. They will not ask why Belgium said no. They will ask why Europe said yes. Source: https://xcancel.com/IslanderWORLD/status/1996577782608847087
Komunitas
lemmy.bestiver.se
I know @Aks from IRC. He works on KDE Software, has made many lovely games and I even use his colorscheme in my terminal! Please introduce yourself! I’m Akseli but I usually go as Aks on the internet. I’m in my 30s and I’m from Finland. I’ve liked computers since I was a kid, so naturally I ended up doing computer stuff as a day job. Nowadays I work on KDE software at TechPaladin. How did you first discover computers as a kid? I was 3-4 years old. We had an old 386 DOS computer and I usually played games like Stunts on it. I was always behind when it came to hardware. While all my peers at school would have PS2s, I played on NES and PS1. Over time I just liked to play and tinker with different kinds of machines, mostly old left-over computers. But games were my main hook, I always wanted to make my own. And I did! What were your first games like? My very first game was with FPS Creator when I was ~13. My friend and I had some inside joke about a game with tons of enemies and a gun with 6 bullets, so I ended up recreating that. The game is really bad, but that was sort of the point. The next game I made when I was 18 or so, with Unity. Similar theme, but this time the enemies were dancing and bouncing skeletons, and you had a shotgun. It was so silly. I then made a roguelike, and 3D platformer, and FPS called Penance that has about 19k downloads. You can find my games on Itch. Lately though, I haven’t had the energy to finish my game projects e.g. Artificial Rage: https://codeberg.org/akselmo/Artificial-Rage I sank a fair few hours into Penance! I also really liked the Christmas game you made your sister. Do you ever put Easter eggs in code or often make projects for others like that? I put some Easter eggs. For example someone complained that in Penance all the weapons look like woolen socks(?). So I added a pair of wooly socks in the starting area. I also proposed to my wife with a game, which had a small hallway with pictures of us. It was a fun little project, but a bit cut short since I tried to work on it as a secret, which proved difficult! We have made a few games together. She went to a web-dev bootcamp but doesn’t code anymore, although she gladly works with me on various game projects. How do you ideate the game play, style and such things? While playing, I usually think it “would be cool if I had this game but changed this and that…” which provides a great starting point. Then it just naturally evolves into it’s own thing. Penance was pretty much me going “I want Quake but with random generated levels” but then I ended up making a campaign with handcrafted levels to it anyway, beside the random generated endless mode. Really, I just make things I want to play. People liking it is just a bonus. One of my favorite game projects is Castle Rodok because it is full of lore about my own RPG world. It’s not very popular, but I like it a lot. It was a passion project. What languages and technologies did you use? With tools, I’m driven by need more than wants. My day job is all C++, which I’m fine with. I am very much a fan of “C-style” languages. They’re boring and get the job done. For things I want to get running quick, I usually use Python, which I used a lot in test automation for all kinds of devices. Mostly medical devices so I can’t talk about them due to NDAs. Most of my games have been in Unity, but Crypt of Darne uses Python and I also have played around with C and Odin for my game projects. I have tried LISPs and functional programming languages and such, but I just have hard time with them. Especially with those that propose a completely different syntax for me. I haven’t had any projects with Rust but I liked tinkering with it it, besides the ‘ lifetime syntax which I easily miss. I am very boring when it comes to programming languages, I like to stick with what I know. I wanderlust about what I can create: Games, apps, systems software, drivers… Many ideas but hardly any time. But work comes first, so I mostly work on KDE things right now. For my own things, If I feel like working on a game, I go with the flow and do that. What was your experience with different OS before finding KDE? I’d wanted to move on from Windows and dabbled with Linux a bunch, but could never stick to it because I could not play any games I owned in Linux. When I learned that Linux systems can in-fact game, it didn’t take me long to switch. At first, I just dual-booted and tested the waters. I tried Linux Mint and Ubuntu, which were fine, but I had some issues with X11 and it’s compositing eating all the FPS, so I gave up for a while. 6 months later I tried Kubuntu which worked really well for my needs. After some time I hopped to Fedora KDE, and there I found out that Wayland completely removed the issue with the compositing eating FPS in games. KDE was also very easy to learn and understand. I didn’t really need to customize it. Then I found an annoying bug I wanted to fix it and started to contribute. What was the first contribution experience like? I had no idea how to do anything with C++. I learned C from scratch making Artificial Rage, studying how to create a project with CMake and all that, but luckily the internet is full of advice. So I had not used C++ before and just started learning to make that first contribution! I just joined the Matrix chats and asked questions; people were very helpful. Onboarding was great. It wasn’t very big though, I just looked at the surrounding code and made my contribution look the part. Feedback in the merge request on Gitlab helped wrap it up. One of my first larger contributions though was adding region and language settings to system settings. This allowed users to change, for example, date-time settings differently than currency. This was mix of C and C++ and was difficult! Diligently reading the docs, looking at similar code and a lot of build->test->change->build again… it started to work! Then the reviews helped too. But C++ is such a different beast, I’m still learning it to this day. I’d say I know less C++ and more about problem solving. It also helps that the “Qt dialect” of C++ is rather nice. The Qt framework does a lot of the work for you. For example, the signal and slot system or objects having parent objects that clear their children when they’re deconstructed. Qt’s documentation is also pretty great. I’m still learning and don’t have much in depth knowledge, but I hate header files. Modifying the same thing (function declarations) in two places makes no sense. It should autogenerate as part of the compilation. I found some such header generating tools, but they go unused and quietly forgotten. I suspect they would confuse language servers too, so it’s a tooling issue. What are your thoughts on Linux over all, big things which need changing but no one is working on or nice initiatives which you think will improve things, etc.? The Linux desktop is getting much, much better and I see a hopeful future. Will it ever be the main OS, like Windows is? Probably not, unless hardware manufacturers/OEM’s start installing Linux distros by default, instead of Windows. But I’m hopeful we’ll get to 5%-10% worldwide usage. Now that gaming is possible on Linux, a lot of people moved over. Just few weeks ago I installed Bazzite for my friend who has been using Windows forever, but didn’t want to use Win11. Our next step is to make sure accessibility is up to snuff. At least for KDE, we have an accessibility engineer who is brilliant at their job. Then, I think immutable systems might get more popular. Personally I’m fine with either, but for those who view their computer more as an appliance than a computer, immutable systems are very nice: They allow them to jump from broken state back to working state with ease (select different boot entry at startup). Complex software’s never done; improvements are always needed. Accessibility means more than just accessibility settings: Make it easy to install, test, run, etc… If Linux desktops can get more hardware manufacturers on board to install Linux desktop as default, that will certainly help too. Also shoutout to the [EndOf10](https://endof10.org/ initiative, when I shared it around to my non-nerdy-friends, they were very curious about Linux desktop and I had an excuse to ramble about it to them! In a nutshell: I am hopeful, but we can’t rest on our laurels, we need to stop fighting “whats the best desktop” and work together more. BTW, if anyone reading this has been Linux curious, go for it! Take a secondary device and play around with it there. And I also want to point out that dont be afraid to contribute to things you like in any way you can, be it software or hardware or actual physical world. How do you see it in light of more phone usage, less desktop usage? Have you any impressions of governments or businesses moving to linux? Computers are still widely used where I live, at least within my generation. Those who game especially often have a desktop PC. It may not be top-of-the-line hardcore gaming rig, but they have one to play a bit of Counter-Strike or similar games. Phones are the king of “basic stuff” and for many people a tablet functions as a simple internet-appliance. I can only hope that projects like [PostmarketOS](https://postmarketos.org/ will help to keep these tablets and phones working when the regular android updates stop, to ease the avalanche of e-waste. When it comes to governments and businesses, I wish they did it more. I have heard that in Germany more governments are testing it out. In Finland, I do not know, but I would like to drive more for it. It’s certainly an area where we should try to help as much as possible as well. How can we (individuals or organizations) help? Individual users: Make sure to report bugs and issues, and share knowledge. Do not evangelize or push the matter, just say it’s something you use and elaborate when people ask. Too many times I’ve seen people pushed away from using Linux desktop because people are very… Pushy. As surprising it may be, not many people really care as much as we do! Organizations: Try to adopt more FOSS technologies for daily things, e.g. LibreOffice. Start small. It does not need to be an overnight change, just small things here and there. How many resources do you have compared to the demands of everything you are working on? We’re definitely stretched. We always could use more help, though C++ seems to deter that help a bit, which I can understand. But if I could start from scratch, I’m sure anyone can! Besides, more and more projects use QML and Rust. For testing, there’s Python. What prerequisites are there for contributing? We have Matrix chat for new contributors, where people can ask questions (and answering questions there is also a way to contribute.) All of it is documented. When triaging, I am trying to more often tag bugs in bugzilla as “junior jobs” to make things more approachable. Mentoring etc. is a community effort, and those who are willing to learn will receive help, though we’re all rather busy so we hope people put some effort into trying to learn things too, of course. How could bug reporting be improved? I think we could half-automate bug reports, to make things easier: Gather basic information and ask basic questions upfront, without needing to open a web browser. For crash reports, we use a tool called DrKonqi: When app crashes, it gathers backtraces etc. automagically and allows the user to type what happened in a field. Something similar for regular ol’ bugs would be great. Games do this with taking screenshots and logs when player opens the bug-report tool. But someone would still have to go through them, which is also an excellent way for anyone to contribute: Go through some bug reports, see if you can reproduce them or not, and report back to it with your system information. Anyone can do it, it’s not a difficult job, just a bit tedious, especially when there’s thousands of bug reports and 10 people going through them. How do you approach problem solving? Depends on the problem! If a bug causes a crash, a backtrace is usually helpful. If not, I go with trusty print-debugging to see exactly where things start acting weird. I like to approach it from many different angles at same time: Sometimes I try to fix the bug to figure it out: Why does a given change fix the bug? The fix may not be the correct fix yet. Of course, a well written bugreport with good reproduction steps helps a lot! git blame is a good friend, asking people who implemented things can really help. But sometimes I work on code where it just says “moved to git in 2013” and the original code’s from the 90s. Talking to other people Writing notes down as you try to understand the bug Anything that pokes your brain in multiple different directions. I really like the idea of fixing a bug in multiple ways to really see what’s needed. How do you determine whether something is the proper fix or not? Sometimes the code just “feels right” or someone more knowledgeable can tell me. Of course, fixing simple visual errors should not need a ton of changes around the codebase. Changes should be proportional to the bug’s difficulty/complexity, but there’s no clear answer. It’s more a gut feeling. What inspires you to have an online presence (in irc, commenting, blog posts etc.)? How do you decide when to make a blog post or not? For blog posts, I ask myself: “Do I need to remember this?” Some are just a note for myself, which others might find useful too. I once deleted my lobste.rs account because it took up too much time. Now that all my work is remote, I kind of miss coffee-breaks and office chitchat, so I hang about in IRC, Matrix, Fediverse, Lobsters etc. to fill my Sims status bar. I still prefer remote work, but I wouldn’t mind hybrid option at times. Also, removing the lobste.rs bookmark stopped me reflexively clicking it. Due to learning I have ADHD and very likely autism, I have worked on myself (mentally) and internalized that I don’t need to constantly go through these sites. Notice the problematic behavior, then cut it out. Whenever I notice I’m stuck in a loop opening and closing the same sites, I’ve learned to close the web-browser and do something else. The hardest part is actually noticing it. Do you have any interesting personal tools? I use your colorscheme. I journal a lot on a remarkable2 tablet when working, writing down what I have done, should do or notes figuring out problems. Writing by hand helps me remember things too. I made an RSS “newspaper” script for my tablet too, which also shows the daily weather now. I also use todo.txt for tasks, like my own list of bugs and other projects I need to go through. I even wrote an app for it called KomoDo. Then I use Obsidian for any technical notes and know-how, like programming and computer things that are pain to write by hand. When did you migrate to codeberg? It was even before Github started getting “AI” stuff. I just got tired of Github being a social media site instead of a good platform. SourceHut would have been nice too, I just didn’t know of it at the time. I’m also wary of the email workflow, but wouldn’t be opposed to learning it.
Komunitas
lemmy.ml
Privacy stalwart Nicholas Merrill spent a decade fighting an FBI surveillance order. Now he wants to sell you phone service—without knowing almost anything about you. Nicholas Merrill has spent his career fighting government surveillance. But he would really rather you didn’t call what he’s selling now a “burner phone.” Yes, he dreams of a future where anyone in the US can get a working smartphone—complete with cellular coverage and data—without revealing their identity, even to the phone company. But to call such anonymous phones “burners” suggests that they’re for something illegal, shady, or at least subversive. The term calls to mind drug dealers or deep-throat confidential sources in parking garages. With his new startup, Merrill says he instead wants to offer cellular service for your existing phone that makes near-total mobile privacy the permanent, boring default of daily life in the US. “We’re not looking to cater to people doing bad things,” says Merrill. “We’re trying to help people feel more comfortable living their normal lives, where they’re not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations. I think it’s not controversial to say the vast majority of people want that.” That’s the thinking behind Phreeli, the phone carrier startup Merrill launched today, designed to be the most privacy-focused cellular provider available to Americans. Phreeli, as in, “speak freely,” aims to give its user a different sort of privacy from the kind that can be had with end-to-end encrypted texting and calling tools like Signal or WhatsApp. Those apps hide the content of conversations, or even, in Signal’s case, metadata like the identities of who is talking to whom. Phreeli instead wants to offer actual anonymity. It can’t help government agencies or data brokers obtain users’ identifying information because it has almost none to share. The only piece of information the company records about its users when they sign up for a Phreeli phone number is, in fact, a mere ZIP code. That’s the minimum personal data Merrill has determined his company is legally required to keep about its customers for tax purposes. By asking users for almost no identifiable information, Merrill wants to protect them from one of the most intractable privacy problems in modern technology: Despite whatever surveillance-resistant communications apps you might use, phone carriers will always know which of their customers’ phones are connecting to which cell towers and when. Carriers have frequently handed that information over to data brokers willing to pay for it—or any FBI or ICE agent that demands it with a court order Merrill has some firsthand experience with those demands. Starting in 2004, he fought a landmark, decade-plus legal battle against the FBI and the Department of Justice. As the owner of an internet service provider in the post-9/11 era, Merrill had received a secret order from the bureau to hand over data on a particular user—and he refused. After that, he spent another 15 years building and managing the Calyx Institute, a nonprofit that offers privacy tools like a snooping-resistant version of Android and a free VPN that collects no logs of its users’ activities. “Nick is somebody who is extremely principled and willing to take a stand for his principles,” says Cindy Cohn, who as executive director of the Electronic Frontier Foundation has led the group’s own decades-long fight against government surveillance. “He’s careful and thoughtful, but also, at a certain level, kind of fearless.” Nicholas Merrill with a copy of the National Security Letter he received from the FBI in 2004, ordering him to give up data on one of his customers. He refused, fought a decade-plus court battle—and won. More recently, Merrill began to realize he had a chance to achieve a win against surveillance at a more fundamental level: by becoming the phone company. “I started to realize that if I controlled the mobile provider, there would be even more opportunities to create privacy for people,” Merrill says. “If we were able to set up our own network of cell towers globally, we can set the privacy policies of what those towers see and collect.” Building or buying cell towers across the US for billions of dollars, of course, was not within the budget of Merrill’s dozen-person startup. So he’s created the next best thing: a so-called mobile virtual network operator, or MVNO, a kind of virtual phone carrier that pays one of the big, established ones—in Phreeli’s case, T-Mobile—to use its infrastructure. The result is something like a cellular prophylactic. The towers are T-Mobile’s, but the contracts with users—and the decisions about what private data to require from them—are Phreeli’s. “You can’t control the towers. But what can you do?” he says. “You can separate the personally identifiable information of a person from their activities on the phone system.” Signing up a customer for phone service without knowing their name is, surprisingly, legal in all 50 states, Merrill says. Anonymously accepting money from users—with payment options other than envelopes of cash—presents more technical challenges. To that end, Phreeli has implemented a new encryption system it calls Double-Blind Armadillo, based on cutting-edge cryptographic protocols known as zero-knowledge proofs. Through a kind of mathematical sleight of hand, those crypto functions are capable of tasks like confirming that a certain phone has had its monthly service paid for, but without keeping any record that links a specific credit card number to that phone. Phreeli users can also pay their bills (or rather, prepay them, since Phreeli has no way to track down anonymous users who owe them money) with tough-to-trace cryptocurrency like Zcash or Monero. Phreeli users can, however, choose to set their own dials for secrecy versus convenience. If they offer an email address at signup, they can more easily recover their account if their phone is lost. To get a SIM card, they can give their mailing address—which Merrill says Phreeli will promptly delete after the SIM ships—or they can download the digital equivalent known as an eSIM, even, if they choose, from a site Phreeli will host on the Tor anonymity network. Phreeli’s “armadillo” analogy—the animal also serves as the mascot in its logo—is meant to capture this sliding scale of privacy that Phreeli offers its users: Armadillos always have a layer of armor, but they can choose whether to expose their vulnerable underbelly or curl into a fully protected ball. Even if users choose the less paranoid side of that spectrum of options, Merrill argues, his company will still be significantly less surveillance-friendly than existing phone companies, which have long represented one of the weakest links in the tech world’s privacy protections. All major US cellular carriers comply, for instance, with law enforcement surveillance orders like “tower dumps” that hand over data to the government on every phone that connected to a particular cell tower during a certain time. They’ve also happily, repeatedly handed over your data to corporate interests: Last year the Federal Communications Commission fined AT&T, Verizon, and T-Mobile nearly $200 million for selling users’ personal information, including their locations, to data brokers. (AT&T’s fine was later overturned by an appeals court ruling intended to limit the FCC’s enforcement powers.) Many data brokers in turn sell the information to federal agencies, including ICE and other parts of the DHS, offering an all-too-easy end run around restrictions on those agencies’ domestic spying. Phreeli doesn’t promise to be a surveillance panacea. Even if your cellular carrier isn’t tying your movements to your identity, the operating system of whatever phone you sign up with might be. Even your mobile apps can track you. But for a startup seeking to be the country’s most privacy-focused mobile carrier, the bar is low. “The goal of this phone company I’m starting is to be more private than the three biggest phone carriers in the US. That’s the promise we’re going to massively overdeliver on,” says Merrill. “I don’t think there’s any way we can mess that up.” Merrill’s not-entirely-voluntary decision to spend the last 20-plus years as a privacy diehard began with three pages of paper that arrived at his office on a February day in New York in 2004. An FBI agent knocked on the door of his small internet service provider firm called Calyx, headquartered in a warehouse space a block from the Holland Tunnel in Manhattan. When Merrill answered, he found an older man with parted white hair, dressed in a trench coat like a comic book G-man, who handed him an envelope. Merrill opened it and read the letter while the agent waited. The first and second paragraphs told him he was hereby ordered to hand over virtually all information he possessed for one of his customers, identified by their email address, explaining that this demand was authorized by a law he’d later learn was part of the Patriot Act. The third paragraph informed him he couldn’t tell anyone he’d even received this letter—a gag order. Then the agent departed without answering any of Merrill’s questions. He was left to decide what to do, entirely alone. Merrill was struck immediately by the fact that the letter had no signature from a judge. He had in fact been handed a so-called National Security Letter, or NSL, a rarely seen and highly controversial tool of the Bush administration that allowed the FBI to demand information without a warrant, so long as it was related to “national security.” Calyx’s actual business, since he’d first launched the company in the early ’90s with a bank of modems in the nonfunctional fireplace of a New York apartment, had evolved into hosting the websites of big corporate customers like Mitsubishi and Ikea. But Merrill used that revenue stream to give pro bono or subsidized web hosting to nonprofit clients he supported like the Marijuana Policy Project and Indymedia—and to offer fast internet connections to a few friends and acquaintances like the one named in this surveillance order. Merrill has never publicly revealed the identity of the NSL’s target, and he declined to share it with WIRED. But he knew this particular customer, and he certainly didn’t strike Merrill as a national security threat. If he were, Merrill thought, why not just get a warrant? The customer would later tell Merrill he had in fact been pressured by the FBI to become an informant—and had refused. The bureau, he told Merrill, had then retaliated by putting him on the no-fly list and pressuring employers not to hire him. (The FBI didn’t respond to WIRED’s request for comment on the case.) Merrill immediately decided to risk disobeying the gag order—on pain of what consequences, he had no idea—and called his lawyer, who told him to go to the New York affiliate of the American Civil Liberties Union, which happened to be one of Calyx’s web-hosting clients. After a few minutes in a cab, Merrill was talking to a young attorney named Jameel Jaffer in the ACLU’s Financial District office. “I wish I could say that we reassured him with our expertise on the NSL statute, but that’s not how it went down,” Jaffer says. “We had never seen one of these before.” Merrill, meanwhile, knew that every lawyer he showed the letter to might represent another count in his impending prosecution. “I was terrified,” he says. “I kind of assumed someone could just come to my place that night, throw a hood over my head, and drag me away.” Phreeli will use a novel encryption system called DoubleBlind Armadillo—based on cutting edge crypto protocols known as… Phreeli will use a novel encryption system called Double-Blind Armadillo—based on cutting edge crypto protocols known as zero-knowledge proofs—to pull of tricks like accepting credit card payments from customers without keeping any record that ties that payment information to their particular phone. Despite his fears, Merrill never complied with the FBI’s letter. Instead, he decided to fight its constitutionality in court, with the help of pro bono representation from the ACLU and later the Yale Media Freedom and Information Access Clinic. That fight would last 11 years and entirely commandeer his life. Merrill and his lawyers argued that the NSL represented an unconstitutional search and a violation of his free-speech rights—and they won. But Congress only amended the NSL statute, leaving the provision about its gag order intact, and the legal battle dragged out for years longer. Even after the NSL was rescinded altogether, Merrill continued to fight for the right to talk about its existence. “This was a time when so many people in his position were essentially cowering under their desks. But he felt an obligation as a citizen to speak out about surveillance powers that he thought had gone too far,” says Jaffer, who represented Merrill for the first six years of that courtroom war. “He impressed me with his courage.” Battling the FBI took over Merrill’s life to the degree that he eventually shut down his ISP for lack of time or will to run the business and instead took a series of IT jobs. “I felt too much weight on my shoulders,” he says. “I was just constantly on the phone with lawyers, and I was scared all the time.” By 2010, Merrill had won the right to publicly name himself as the NSL’s recipient. By 2015 he’d beaten the gag order entirely and released the full letter with only the target’s name redacted. But Merrill and the ACLU never got the Supreme Court precedent they wanted from the case. Instead, the Patriot Act itself was amended to reign in NSLs’ unconstitutional powers. In the meantime, those years of endless bureaucratic legal struggles had left Merrill disillusioned with judicial or even legislative action as a way to protect privacy. Instead, he decided to try a different approach. “The third way to fight surveillance is with technology,” he says. “That was my big realization.” So, just after Merrill won the legal right to go public with his NSL battle in 2010, he founded the Calyx Institute, a nonprofit that shared a name with his old ISP but was instead focused on building free privacy tools and services. The privacy-focused version of Google’s Android OS it would develop, designed to strip out data-tracking tools and use Signal by default for calls and texts, would eventually have close to 100,000 users. It ran servers for anonymous, encrypted instant messaging over the chat protocol XMPP with around 300,000 users. The institute also offered a VPN service and ran servers that comprised part of the volunteer-based Tor anonymity network, tools that Merrill estimates were used by millions. As he became a cause célèbre and then a standout activist in the digital privacy world over those years, Merrill says he started to become aware of the growing problem of untrustworthy cellular providers in an increasingly phone-dependent world. He’d sometimes come across anti-surveillance hard-liners determined to avoid giving any personal information to cellular carriers, who bought SIM cards with cash and signed up for prepaid plans with false names. Some even avoided cell service altogether, using phones they connected only to Wi-Fi. “Eventually those people never got invites to any parties,” Merrill says. All these schemes, he knew, were legal enough. So why not a phone company that only collects minimal personal information—or none—from its normal, non-extremist customers? As early as 2019, he had already consulted with lawyers and incorporated Phreeli as a company. He decided on the for-profit startup route after learning that the 501c3 statute can’t apply to a telecom firm. Only last year, he finally raised $5 million, mostly from one angel investor. (Merrill declined to name the person. Naturally, they value their privacy.) Building a system that could function like a normal phone company—and accept users’ payments like one—without storing virtually any identifying information on those customers presented a distinct challenge. To solve it, Merrill consulted with Zooko Wilcox, one of the creators of Zcash, perhaps the closest thing in the world to actual anonymous cryptocurrency. The Z in Zcash stands for “zero-knowledge proofs,” a relatively new form of crypto system that has allowed Zcash’s users to prove things (like who has paid whom) while keeping all information (like their identities, or even the amount of payments) fully encrypted. For Phreeli, Wilcox suggested a related but slightly different system: so-called “zero-knowledge access passes.” Wilcox compares the system to people showing their driver’s license at the door of a club. “You’ve got to give your home address to the bouncer,” Wilcox says incredulously. The magical properties of zero knowledge proofs, he says, would allow you to generate an unforgeable crypto credential that proves you’re over 21 and then show that to the doorman without revealing your name, address, or even your age. “A process that previously required identification gets replaced by something that only requires authorization,” Wilcox says. “See the difference?” The same trick will now let Phreeli users prove they’ve prepaid their phone bill without connecting their name, address, or any payment information to their phone records—even if they pay with a credit card. The result, Merrill says, will be a user experience for most customers that’s not very different from their existing phone carrier, but with a radically different level of data collection. As for Wilcox, he’s long been one of that small group of privacy zealots who buys his SIM cards in cash with a fake name. But he hopes Phreeli will offer an easier path—not just for people like him, but for normies too. “I don’t know of anybody who’s ever offered this credibly before,” says Wilcox. “Not the usual telecom-strip-mining-your-data phone, not a black-hoodie hacker phone, but a privacy-is-normal phone.” Even so, enough tech companies have pitched privacy as a feature for their commercial product that jaded consumers may not buy into a for-profit telecom like Phreeli purporting to offer anonymity. But the EFF’s Cohn says that Merrill’s track record shows he’s not just using the fight against surveillance as a marketing gimmick to sell something. “Having watched Nick for a long time, it’s all a means to an end for him,” she says. “And the end is privacy for everyone.” Merrill may not like the implications of describing Phreeli as a cellular carrier where every phone is a burner phone. But there’s little doubt that some of the company’s customers will use its privacy protections for crime—just as with every surveillance-resistant tool, from Signal to Tor to briefcases of cash. Phreeli won’t, at least, offer a platform for spammers and robocallers, Merrill says. Even without knowing users’ identities, he says the company will block that kind of bad behavior by limiting how many calls and texts users are allowed, and banning users who appear to be gaming the system. “If people think this is going to be a safe haven for abusing the phone network, that’s not going to work,” Merrill says. But some customers of his phone company will, to Merrill’s regret, do bad things, he says—just as they sometimes used to with pay phones, that anonymous, cash-based phone service that once existed on every block of American cities. “You put a quarter in, you didn’t need to identify yourself, and you could call whoever you wanted,” he reminisces. “And 99.9 percent of the time, people weren’t doing bad stuff.” The small minority who were, he argues, didn’t justify the involuntary societal slide into the cellular panopticon we all live in today, where a phone call not tied to freely traded data on the caller’s identity is a rare phenomenon. “The pendulum has swung so far in favor of total information awareness,” says Merrill, using an intelligence term of the Bush administration whose surveillance order set him on this path 21 years ago. “Things that we used to be able to take for granted have slipped through our fingers.” “Other phone companies are selling an apartment that comes with no curtains—where the windows are incompatible with curtains,” Merrill says. “We’re trying to say, no, curtains are normal. Privacy is normal.”
Komunitas
lemmygrad.ml
cross-posted from: https://lemmygrad.ml/post/9899994 wake up open twitter to catch up see deepseek did it again (and as a reminder, Deepseek-r1 only came out in January so it’s been less than 12 months since their last bombshell) One more graph: What this all means Traditional AI models are trained to be “rewarded” for a correct final answer. Get the expected answer, win points, be incentivized to get the answer more often. This has a major flaw: a correct answer does not guarantee correct reasoning. A model can guess, use a shortcut, or even have flawed logic but still output the right answer. This approach completely fails for tasks like theorem proving, where the process is the product. DeepSeekMath-V2 tackles this with a novel self-verifying reasoning framework: the Generator: One part of the model generates mathematical proofs and solutions. the Verifier: Another part acts as the critic, checking every step of the reasoning for logical rigor and correctness The Loop: If the verifier finds a flaw, it provides feedback, and the generator revises the proof. This creates a co-evolution cycle where both components push each other to become smarter This new approach allows the model to set record-breaking performance. As you can see from the charts above, it scores second-place on ProofBench-Advanced, just behind Gemini. But Gemini isn’t open-source, Deepseekmath-V2 is. The model weights are available on Huggingface under an Apache 2.0 license: https://huggingface.co/deepseek-ai/DeepSeek-Math-V2. This means researchers, developers, and enthusiasts around the world can download, study, and build upon this model right now. They can fine-tune or change the model to fit their needs and research, which promises a lot of exciting math discoveries happening soon - I predict (on no basis mind you) that this will help solve computing problems to start with, either practical or theoretical. Beyond just the math, the self-verification mechanism is a crucial step towards building AI systems whose reasoning we can trust, which is vital for applications such as scientific research, formal verification, and safety-critical systems. It also proves that ‘verification-driven’ training is a viable and powerful alternative to the ‘answer-driven’ method used to this day.
Komunitas
lemy.lol
I’ve chosen an outrageous option and just started buying books from used book stores, scanning library books and downloading some to my jellyfin. If I can’t trust the internet I’m just getting off it. If I couldn’t trust a restaurant to not give me food poisoning I’d stop going.
Komunitas
lemmygrad.ml
wake up open twitter to catch up see deepseek did it again (and as a reminder, Deepseek-r1 only came out in January so it’s been less than 12 months since their last bombshell) One more graph: What this all means Traditional AI models are trained to be “rewarded” for a correct final answer. Get the expected answer, win points, be incentivized to get the answer more often. This has a major flaw: a correct answer does not guarantee correct reasoning. A model can guess, use a shortcut, or even have flawed logic but still output the right answer. This approach completely fails for tasks like theorem proving, where the process is the product. DeepSeekMath-V2 tackles this with a novel self-verifying reasoning framework: the Generator: One part of the model generates mathematical proofs and solutions. the Verifier: Another part acts as the critic, checking every step of the reasoning for logical rigor and correctness The Loop: If the verifier finds a flaw, it provides feedback, and the generator revises the proof. This creates a co-evolution cycle where both components push each other to become smarter This new approach allows the model to set record-breaking performance. As you can see from the charts above, it scores second-place on ProofBench-Advanced, just behind Gemini. But Gemini isn’t open-source, Deepseekmath-V2 is. The model weights are available on Huggingface under an Apache 2.0 license: https://huggingface.co/deepseek-ai/DeepSeek-Math-V2. This means researchers, developers, and enthusiasts around the world can download, study, and build upon this model right now. They can fine-tune or change the model to fit their needs and research, which promises a lot of exciting math discoveries happening soon - I predict (on no basis mind you) that this will help solve computing problems to start with, either practical or theoretical. Beyond just the math, the self-verification mechanism is a crucial step towards building AI systems whose reasoning we can trust, which is vital for applications such as scientific research, formal verification, and safety-critical systems. It also proves that ‘verification-driven’ training is a viable and powerful alternative to the ‘answer-driven’ method used to this day.