Yeah. SimpleX has a similar problem, because it’s basically creating a bunch of 1:1 connections between everyone to preserve anonymity - IIRC (I freely admit I could be misremembering this). As I understood, it’s a decent limit, though - more than the 7-12 friend/family group you’d reasonably trust in a chat group.

I did not consider this a blocker - who’s using encrypted chat for large groups? Large group chats are fundamentally insecure; is the use case about anonymity, not encryption?

I would still like to understand why Jami is never mentioned in these posts. I’m not aware of any technical or security objections, and the less I hear about Jami, the more concerned I become about using it.

Amazon has a non-existent customer support, so you may have limited options.

If they had customer support, I’d suggest contacting them and tell them to either refund, or else you’d give them the ID immediately followed by a GDPR request to purge your data. That might have gotten some movement, because those GDPR requests have the force of law, and are also a fair PITA for Amazon. However, there’s no way to give them a shot across the bow. I think your options are:

• process a charge-back, as someone else suggested, which might result in an Amazon ban
• take the loss (that’s entirely your call, regardless of anyone else’s opinion)
• give them the ID, get your refund
• you can still initiate a GDPR purge request. I’m going to guess it’s going to result in a block, but maybe not. You might be able to recreate your account

The happy news is that you are protected by GDPR. Many of us are not, and don’t even have the option to demand they purge the information.

Second this.

• message delivery can be iffy
• VoIP works well
• you connect with people like a normal app that isn’t going to scare your family off, not trying to get them to put in GUIDS
• it has all the creature comforts, attached/embedded photos, markup, attached files, attach pictures, share your location for 10 minutes (I’m on my way), history editing, deleting
• it has concurrent multi device support, so you can get messages on your phone, tablet, and desktop at the same time
• There’s a full desktop client (Electron, i think 🤮 but it works)
• the dev team is small and they seem to like to work more on features than user issues. development is slow
• multi-person groups work fine

It’s still the best E2E messaging system I’ve found; the only one my mom, wife, and sisters-in-law reliably use.

I just want them to focus on fixing the sketchy DHT that seems to cause every problem.

Penalty: the equivalent of $100, probably. And even that will be contested; the second judge will drop it to $50, and the third to $10, and then the Meta lawyer will pay that out of her pocket change.

My recommendation is to put all of the variables in an environment file, and use systemd’s EnvironmentFile (in [Service] to point to it.

One of my backup service files (I back up to disks and cloud) looks like this:

[Unit]
Description=Backup to MyUsbDrive
Requires=media-MyUsbDrive.mount
After=media-MyUsbDrive.mount

[Service]
EnvironmentFile=/etc/backup/environment
Type=simple
ExecStart=/usr/bin/restic backup --tag=prefailure-2 --files-from ${FILES} --exclude-file ${EXCLUDES} --one-file-system

[Install]
WantedBy=multi-user.timer

FILES is a file containing files and directories to be backed up, and is defined in the environment file; so is EXCLUDES, but you could simply point restic at the directory you want to back up instead.

My environment file looks essentially like

RESTIC_REPOSITORY=/mnt/MyUsbDrive/backup
RESTIC_PASSWORD=blahblahblah
KEEP_DAILY=7
KEEP_MONTHLY=3
KEEP_YEARLY=2
EXCLUDES=/etc/backup/excludes
FILES=/etc/backup/files

If you’re having trouble, start by looking at how you’re passing in the password, and whether it’s quoted properly. It’s been a couple of years since I had this issue, but at one point I know I had spaces in a passphrase and had quoted the variable, and the quotes were getting passed in verbatim.

My VPS backups are more complex and get their passwords from a keystore, but for my desktop I keep it simple.

I hope this isn’t a step towards replacing the native app with an SPA.

This seriously got an out-loud chuckle from me. It’s funny, because it’s true! Thanks!

I’m not talking about your application at all; I was responding to @chrash0’s comment that JSON may not be great, but it’s better than YAML, and TOML is better than both, for configuration.

I was agreeing with them and adding more reasons why YAML stinks.

Nothing at all directly to do with your project, just having a convo with @chrash0.

Sourcehut also supports Mercurial, so you also have an option to the herd mentality.

Sourcehut also has zero, or almost zero, JavaScript in the interface, so it doesn’t suck

Sourcehut is also componentized, so you can mix and match the pieces you want or need:

• VCS hosting
• masking list management
• issue management
• build server
• man server

Sourcehut is by far the best hosted VCS option at the moment. The Mercurial support alone puts it miles ahead of the others, which are all hobbled by tight coupling to git.

Are China Parties like Tupperware Parties, where friends get together and one shills a pyramid scheme? That’s what CP is, right?

You also don’t get runtime errors with TOML when an invisible tab turns out to be invisible spaces.

虇

UTF-8 codepoint 8674

E2E usually suffers from the same thing HTTP does: the MITM might not be able to read what you’re saying, but they know who you’re saying it to, and they may know in what context. This is a lot of information that can be used in profiling.

So you end up with systems like SimpleX, where everyone has a different UID for every contact, but that has its own problems, as anyone who’s used systems like that are aware. We haven’t really solved making that a good user experience for messaging; I don’t see it translating to broader social media any time soon.

Nostr has some really good specs and tooling that neatly addresses these topics, including great cryptography support, signing, ad-hoc IDs, and an entirely voluntary simple naming lookup; it doesn’t exactly solve zooko’s triangle, but it provides a toolset sufficient to mix and match characteristics for whatever your threat model is. Sadly, Nostr is utterly dominated by the crypto crowd (and is associated with some controversial personalities), and even if you’re not cryptocurrency-hostile, it’s a really dull echo chamber with little other content that has prevented people who might otherwise build interesting platforms in it from doing so.

Mastodon was around for ages before (the in practice centralized) Bluesky; why did it take Bluesky to open a mass exodus from X?

This is a hard problem to solve. Throwing E2E at it doesn’t make it easier; it’s just tossing a buzzword in.

What do you mean by “all right?” What are your concerns?

restic backups are encrypted by default; it should be safe to store them almost anywhere in the cloud. The container needs the credentials, but you can improve security with something like OpenBAO (Hashicorp Vauly fork, github.com/openbao/openbao), SOPS (gitgub.com/getsops/sops), infisical (github.com/Infisical/infisical), or any number of other secrets management tool.

Why don’t you like LDAP? OpenLDAP is a PITA (necessarily, I guess, to be considered “enterprise”), but lldap has been pretty nice to me. I mean, it’s the identity protocol, it’s just that the server software has been complex until relatively recently.

What would you use instead? A SQL DB with some custom schema, that just re-invents LDAP?

I like the motivation behind this, but have a allergy to running critical infrastructure like authentication on node.

To each their own, though, and good luck with the project. Diversity is life.

When I lost my job, someone I knew at the C level in a different industry put me in touch with a guy closer to my field. After we introduced ourselves he said,

“After hearing X describe you, I was expecting a deep bass voice.”

The conversation faltered after that.

Yeah, yeah, you can write the guy off for being superficial, but I’m the guy who needed the favor, and all the help I could get.

First impressions matter. I’d absolutely have used a voice alteration tool to make my voice deeper on interviews; people respond differently to bass.

solder one destroy a PCB yourself

FTFY.

In my hands, a soldering iron is not a finely tuned instrument, it’s a hand grenade. The US government classifies me with a soldering iron as a WMD. Physicists are trying to determine commercial applications for my ability to instantly coat a PCB in a layer of solder with a single drop. The ATF added a special rule requiring a background check for me to purchase a soldering iron.

I can paint eyelashes on D&D miniatures, but I bear some ancient curse when it comes to solder. In all seriousness, I’ve literally destroyed hundreds of dollars of equipment attempting the most simple soldering task; it’s cheaper for me to find someone competent selling already soldered solutions than to ruin them myself. I no longer try.

This is why I don’t interact with family or friends. My mom doesn’t know my email address.