I was surprised to find that dbzer0 has 290 communities.

I guess they have 290 communities which are federated to the instance where you’re collecting these stats; according to dbzer0’s front page they actually have 332 communities. (Also your screenshot shows 1337 communities on lemmy.ml but we actually have 4.74K, and 3919 for .world which actually has 13.1K.)

unfortunately, like its predecessor (Nokia’s Maemo/Meego), Jolla’s SailfishOS has never been (and has never had plans to be) fully free/libre open source software.

many components of it are freely licensed, but not nearly enough to constitute an actual mobile operating system you can use.

signal’s “sealed sender” feature has an incoherent threat model

Regarding TVs, WikiLeaks’ Vault 7 publication in 2017 included “Weeping Angel”, CIA malware for Samsung TVs which streams audio from them while they’re in “fake off” mode.

https://mashable.com/article/cia-samsung-tv-hack-weeping-angel

Activity lights are useful

in even more ways than one might think.

(see also this and this later work from the same author…)

based on the other comments here i had to double check if this thread was in !shittyasklemmy@lemmy.ml smh my head

You’re correct on both points (🤦‍♂️ indeed).

I’ve now edited this post to link to their advisory text file instead of their advertising-heavy blog post about it which I had initially linked when the above comment was posted. Thanks.

FYI, the day after you published this blog post, a spam blog posted… their AI reimplementation of it 🤦

signal’s claimed inability to collect metadata being an obvious albeit elaborate lie is a strong indicator

Nice post. Relatedly, see also malus.sh and this talk by the people that made it (both of which I posted in this lemmy community here).

A couple of minor corrections to your text:

Blanchard’s account is that he never looked at the existing source code directly.

Blanchard doesn’t say that he never looked at the existing code; on the contrary, he has been the maintainer (and primary contributor) to it for over a decade so he is probably the person who is most familiar with the pre-Claude version’s implementation details. Rather, he says that he didn’t prompt Claude with the source code while reimplementing it. iirc he does not acknowledge that it is extremely likely that multiple prior versions of it were included in Claude’s training corpus (which is non-public, so this can only be conclusively verified easily by Anthropic).

The GPL’s conditions are triggered only by distribution. If you distribute modified code, or offer it as a networked service, you must make the source available under the same terms.

The GPL does not require you to offer GPL-licensed source code when using the program to provide a network service; because it is solely a copyright license, the GPL’s obligations are only triggered by distribution. (It’s the AGPL which goes beyond copyright and imposes these obligations on people running a program as a network service…)

Nice, thanks.

It would certainly be nice to be able to pre-download language pair models without selecting to and from and then actually initiating a translation using the model i don’t have yet.

re: getting uBlock externally, i also see the attraction of that approach but unfortunately Debian’s package was last updated in October (from 1.62 to 1.67) while AMO has a release from January (1.69) :/

imo it would be better to bundle UBO and ship its updates along with browser updates.

are there plans to distribute Konform via flathub?

Full-page machine translations are disabled

Firefox translations are done offline (after downloading the model for a langauge pair).

Does anybody know why Konform decided to disable this very useful feature?

It’s a library for detecting which character encoding a string is encoded with.

Here are the docs for the vibe-coded rewrite, and here is the version before it.

The new vibe-coded version also adds language detection; it isn’t clear to me why the current version of the readme shows it classifying the string "It’s a lovely day — let’s grab coffee." as Spanish with 99% confidence, without any comment in the docs about that being a misclassification, but I guess that if the LLM-authored program says it is then that must be one of those phrases that looks the same in Spanish as in English 👀

Why do you think Proton stores the association between accounts and payment identity?

Many privacy-oriented companies actually accept credit card payments and simply don’t store that information.

article in case you can’t read it: https://lemmy.ml/post/44086795

that link only has two paragraphs of the article; there are 8 more in the full article here on archive.org

could Red Hat eventually take control of the project

Fedora started in 2002 and merged with “Red Hat Linux” in 2003.

Red Hat, Inc has had full control of it ever since then.

It is a “community project” inasmuch as there are Fedora developers who are volunteers (and some who are paid by companies other than Red Hat), and the Fedora Council includes people who are not employed by Red Hat - but the Project Leader is always a Red Hat employee, and if the Council ever has an irreconcilable difference with Red Hat then Red Hat can simply ignore and/or dismiss them.

Red Hat owns all Fedora-related trademarks, and the Fedora Project is not an independent legal entity: it is a part of Red Hat.

If Fedora developers don’t like Red Hat’s decisions regarding the project, they can fork it but they’d need to change the name and find some other sources funding.

Also, icymi, Red Hat became a subsidiary of IBM in 2019.

Zionism is, and has always been since the modern movement started in the 19th century, intrinsically antisemitic.

So in summary. You’re right. Sealed sender is not a great solution. But

Thanks :)

But, I still maintain it is entirely useless - its only actual use is to give users the false impression that the server is unable to learn the social graph. It is 100% snake oil.

it is a mitigation for the period where those messages are being accepted.

It sounds like you’re assuming that, prior to sealed sender, they were actually storing the server-visible sender information rather than immediately discarding it after using it to authenticate the sender? They’ve always said that they weren’t doing that, but, if they were, they could have simply stopped storing that information rather than inventing their “sealed sender” cryptographic construction.

To recap: Sealed sender ostensibly exists specifically to allow the server to verify the sender’s permission to send without needing to know the sender identity. It isn’t about what is being stored (as they could simply not store the sender information), it is about what is being sent. As far as I can tell it only makes any sense if one imagines that a malicious server somehow would not simply infer the senders’ identities from their (obviously already identified) receiver connections from the same IPs.