• 1 Post
  • 37 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle



  • When I had my homelab services exposed to the broader web, I enjoyed using Authelia with NGINX. It supported MFA and worked well enough.

    That said, I HIGHLY suggest you expose as few of your home systems to the web as possible. Ideally, I would set up a VPN like WireGuard or OpenVPN and use that to connect into your LAN while on the go.

    The more of your home network you expose to the web, the bigger your attack surface. If you can just turn on a VPN that already has strong authentication like asymmetric key pairs, you significantly reduce the ways someone can break into your home network while making as many (or few) of your home services available through that VPN as you want.








  • I guess my first question would be: do you have a need that device can fill, or are you looking to take on a project for some other reason (education, boredom, etc.)?

    I honestly don’t see to what great use a router (and modem) that was discontinued a decade ago can be put that couldn’t be accomplished with less complication and less power draw by using a modern device. I’m not trying to rain on your parade, but knowing nothing else about your situation I don’t know that I can see any utility in a device like that anymore.





  • I hear you, and fair enough, but I think the fact that none of these gaming-specific phones has physical controls like you described built in speaks to how impractical that ask is.

    And I think it’s important to note: there’s weren’t just powerful phones (in fact, many of them seemed to get bested by other phones in more benchmarks than they won), they were specifically marketed and sold as gaming phones; that was the specific niche that Asus, Lenovo, Razer, and others all sought to fill. Despite that, and despite basically all those companies having a ton of general experience building gaming hardware of one sort or another, none of them thought it was a good idea to include physical input methods on-device. They pretty much all have accessories that turn it into something looking akin to a Switch or DS, but none had them baked into the actual phone.

    And I honestly think that makes a lot of sense. Thumb sticks aren’t super pocket-able, and I feel like even if they could be made to fit into a pocket, sliding them in and out of bags and pants over and over would make them fail faster. And while A/B/X/Y buttons might be more reasonable on that pocket-ability metric, do you want to smush them (or thumb sticks, for that matter) against your face while you take a call?

    While current controller-esque buttons and thumb sticks remain the primary input method for games, I really don’t see gaming phones including those input methods within their physical form factor. It might be a limitation of my imagination, but I just can’t envision how one would make that work (and it seems I am not alone in that).



  • Sorry for not replying in some time.

    You may be happy to know that you convinced me to at least give Matrix a try. So, you won? lol

    I stood it up on one of my public servers via Docker with Traefik, and I am able to connect with a client. I cannot, however, for the life of me figure out how to get the federation side of things working in Traefik, so if you know anything about that I would sincerely appreciate the help. At least with it running and accepting client connections, I can have chats with the people I allow to set up an account on my server. It also gives me a chance to play with the bridges.

    I still REALLY don’t like all the data Element (and Element X) collect on iOS, and I refuse to use it. FluffyChat sems ok, though…


  • My turn for a wall of text, sorry!

    I do appreciate your preface, and I can certainly empathize with your frustration. Like you, I think that secure, private communications is generally a good thing and I am happy that there are awesome FOSS devs and groups devoting their time and skill to try and bring stuff like that to life. It is inspiring and I really do appreciate it. I, too, have had many a similar conversation :)

    That said, I cannot disagree with your “it’s not that hard” statement. At best it’s well meaning but wrong, and at worst it is dismissive and counterproductive. Every change of any kind has a cost, as you pointed out (correctly): there is always some friction. When it comes to something that most non-tech enthusiast users view as pretty insignificant as messaging platform’s privacy policies, any entrant is going to need to have a lot going for it to overcome the existing market inertia of the current players.

    Honestly speaking, most people settled on their chat platforms of choice out of convenience a long time ago. Their friends used WhatsApp, so they hopped on. Meta bought them, but did that drive anyone away? Not really. They changed their privacy policy in ways that raised all sorts of alarm bells, but did it really change anything with their general user base? The fact that they still have somewhere between 2 and 3 billion people on the platform would seem to suggest it didn’t have much, if any, effect either.

    And it is important to highlight that that sort of inertia - a single platform being used by somewhere between a quarter and a third of every human being on this planet - is what needs to be overcome. Even Signal, arguably the current most mainstream FOSS app designed for private (though not anonymous) communication, which has been operating for around half a decade and has millions of dollars behind its development, has only managed to capture a measly 50 million or so users.

    Then there’s the reality that these standards keep changing which leads to new apps and protocols coming out. Again, I don’t view this as a bad thing as a techie, but it could lead a reasonable user to ask: “why bother switching to this platform when I just switched to that other platform a year or two ago?”.

    I don’t think the argument you are trying to make is that the overwhelming majority of people should be onboard with chasing after a new, more secure/private/anonymous/whatever platform every few years, but that’s what it honestly amounts to at this point. No platform has everything, and even if something were written today that does have the everything of today, there’s nothing to stop someone else from developing something new to entice people away yet again especially when you factor in profit motive to do stuff like that (case in point could be Meta’s entering, and planned expansion within, the fediverse).

    None of the above should be seen as arguments to accept the status quo or that people shouldn’t be looking to move to something better. I wrote the above only to illustrate that moving platforms, especially for non-technical users, really is hard. It’s frustrating for me because I, like you, would love to see users move to privacy-respecting and secure platforms. The reality, though, is that most people genuinely just don’t care; nothing can make that more clear to me than WhatsApp. That is why having bridges (that wouldn’t break native security and privacy features and wouldn’t potentially get your account banned) would have been a gigantic feature that maybe could have enticed the average user. Unfortunately, that is not what the Matrix bridges do so I am left without a strong reason for even me, as a technical individual, to move off my current platforms.

    Matrix doesn’t provide better encryption than Signal (or even WhatsApp, ignoring the privacy side), it still requires trust someone just like Signal (your own paid, or someone else’s, server vs Signal’s servers), and even if I do adopt it I don’t know that I would feel comfortable trying to convince the few members of my social groups to move as well given they are entrenched in their platforms and don’t value the few additional benefits Matrix would seem to bring over something like Signal (which most of them didn’t switch to, either).

    I would love something like Matrix to “win” if it is as good as you say it is, but if its biggest (maybe only) selling point is privacy and security then I really don’t think most users will move. Given Signal’s security and seeming lack of a profit motive to sell my metadata, I am also ok (though not necessarily screaming with joy) with what they offer as well.

    If you feel I missed or got anything wrong, I am open to hearing it! I feel we agree on way, way more than we do not.



  • Same to you regarding the politeness, I’m appreciating the conversation!

    I’m with you regarding Facebook Messenger and even (to a more limited extent) WhatsApp Messenger. Their motivation is to provide the cheapest ways possible to keep you engaged with their platform so they can collect as much data about you as possible to sell. That is their reason for existence, essentially. Whether that trade off is worth it to the individual user is up to them, and I have decided it is not worth it for me.

    Where I’m getting confused is with your characterization of Signal. It is neither closed source, nor is it a for-profit company. It is a non-profit organization whose mission is “to develop open-source privacy technology that protects free expression and enables secure global communication.”. The app they built leverages end-to-end encryption, and you can find their source code here.

    I will be honest, I feel Signal is the closest I’ve found to a FOSS, E2EE messaging solution that has a chance at some adoption by people who aren’t technology enthusiasts. It makes some compromises to achieve that - the fact that your account must be associated with a valid phone number is a point of frustration for privacy advocates, and it isn’t perfect when it comes to anonymity in some ways - but it is encrypted. It seems to favor security over anonymity, which is something with which I have seen the average user be able to get onboard.

    Given the ease of use and security of Signal, it leaves me even more confused as to where some of the competitors differentiate themselves in ways that would make most people are likely to adopt them.