Pup Biru

codeberg seems to be the new hotness

you install a distro because of all the software it includes and how they interact out of the box

you’re completely right that systemd is a background service that most people don’t care about, but it does make the whole system more reliable, and much easier to administer for servers or workstations (enterprise management; not personal)

you certainly do want an init system… even sysv-init is an init system: you need something that runs as pid 1 that triggers other services. systemd starts services, and also ensures they’re in the correct security contexts, running as the correct users, makes sure they’re healthy, tracks dependencies (not just order; this speeds things up because it can be parallel, ensures failures don’t cascade, and means there’s far less jank in random bash scripts)

this isn’t a big political statement: this is an acknowledgment that linux users - not all, but some - will want/require something like this… and systemd user database is the place where that information is stored on modern linux systems

waiting for california would be us-centrism… california isn’t the only place in the world that exists; it was just the trigger

forget cookies, reload, begin; forget cookies, reload, begin

… auto clicker

they’ve said “we speak for the widest used extended user service in linux”… because… that’s what they are

to say they “speak for the distros” is ridiculous: in that case, every time they merge a feature they “speak for the distros”… they speak for their own software, which is implemented by distros precisely because they implement things like this

because theyre being pragmatic… laws are starting to be introduced around the globe for parental controls - whatever that means in each jurisdiction. given that, there needs to be options available to people wanting to, or required to comply with said laws… the best place to do that is in a user record, as an optional field… extensible user records, in modern linux, are stored in systemd

it needs it in a similar manner to how it needs location, email, real name, etc: it doesn’t functionally need it, but it’s a place to store the metadata associated with a user such that other applications can use it

because whilst systemd-initd is the part that everyone is generally aware of, that’s linked to systemd-logind so that processes can be started as different users… process init, session management, and user management are intertwined

they don’t have to be for sure - sysv init proves that - but in modern linux, they are and that comes with a load of benefits

https://deepwiki.com/systemd/systemd/6-user-and-session-management

https://systemd.io/USER_RECORD/

good thing it’s entirely optional then!

or just don’t set it

tell me you have only a passing understanding of how modern linux is architected without telling me you have only a passing understanding of how modern linux is architected

PWAs do have severe limitations though… i wish it wasn’t; i love PWAs but they’ve been massively hamstrung by the big players. sadly, they’re not really comparable other than for basic apps IMO

idk about the don’t but inkjet… i don’t print much but got an epson surecolor (large format; prints up to a1 off a roll of paper… i got it because i think the idea of being able to do that is excellent more than actual use case) and it’s been absolutely glorious… the ink doesn’t dry out fast, and because it’s a borderline professional printer they don’t gouge you on the ink: they just sell you the printer for what it’s worth, and then sell the ink for what it’s worth

i think there are reasonable arguments for ink, but i guess that if you have to give 1 recommendation (outside of a brand to go with), laser is probably a safe bet

this post helps to feed the AI beast

there’s no escaping it; let’s not do with AI what we’ve done with CO2 and plastic and shift blame to individuals

for large companies, i think you’re probably right… but there are plenty of transactions that happen cash. i think it’s a case of not letting perfect be the enemy of better. some people might lie, and if they get caught that should have some punishment… but we hope that most people don’t lie, because the risk just isn’t worth it

what’s stripping these companies lying about their financial data to tax authorities?

there are lots of self-report mechanisms that we use… it’s just not worth the blowback of non-disclosure to lie about it. some people do, and sometimes they get caught; not always, but overall it’s a net benefit to transparency

agreed!

you can’t, and shouldn’t… lemmy never claimed to be, nor has the architecture to enable it to be a private service. lemmy instances are run by arbitrary people on the internet, and some of them do run forked versions of the codebase (eg blahaj)… we have no way of verifying what’s running on the server

but interaction on lemmy doesn’t require trust. i don’t think anyone is expecting lemmy to be private

It’s not really a partial solution

disagree, and that’s fine… STEM is full of partial solutions that become complete solutions as additional pieces are added (and as i said with the proxy, imo the proxy makes it a complete solution)

The complete and obvious solution to the problem is to not collect personally identifying information in the first place.

but that creates other problems… for example, with spam and usability

it’s all trade-offs, and signal has done a lot of global privacy when compared to alternatives exactly because of the compromises they’ve made

You have a very charitable view of Signal making the base assumption that people running it are good actors

i don’t consider it charity… they’re making a lot of right moves, and are explaining their compromises. they’ve given me no reason not to trust them, and plenty of reasons to say they’re a good compromise that will have the greatest impact to global privacy

are there better privacy solutions? sure… will they ever take off? personally, i doubt it… not letting perfect be the enemy of better or good enough is important: a solution that keeps people who don’t care about privacy relatively safe is important, including for the privacy of people who do care about their privacy because it allows everyone to blend in with the crowd

Yet, given that it has direct ties to the US government, that it’s operated in the US on a central server, and the team won’t even release the app outside proprietary platforms

imo the fact that it’s hosted in the US is pretty irrelevant… as you’ve pointed out: it shouldn’t be a matter of trust… validation of the client is the only thing you can rely on, so even if the NSA hosted the servers you should still theoretically be able to “trust” the platform (outside of the fact that you couldn’t ever trust that they’re using encryption that they don’t have a secret back door in or something)

I do not trust the people operating this service, and I think it’s a very dangerous assumption to think that they have your best interests in mind.

i trust them as much as i trust anyone running any other privacy service

i think it’s a very clever partial solution, but when combined with signals other ethos (making privacy simple so that more people use privacy-centric options), that means people aren’t going to change IPs between temp token and message to solve the last part of the puzzle: thanks for explaining your line of reasoning

i also think that there’s a way forward where messages are sent or tokens are retrieved via a 3rd party proxy to hide IPs (i thought i read something about signal contracting a 3rd party to provide some of those services but i can’t find the reference to that, and also it’s not verifiable so limited in usefulness), which is a complete solution to the problem, as long as said proxies aren’t controlled by signal (thinking about it now, you could also simply route signal traffic through a proxy so many people share an IP, and they do provide proxy functionality separate to the system proxy configuration)

i still think that signal has made a pretty reasonable set of trade-offs in order to balance privacy and usability in order to have a large impact on global privacy

*edit: actually, adding to the proxy point, turns out EFF run a public proxy

and there’s a big list of public proxies available (not a big list to avoid censorship, but still a good resource)

and they also have support for tapping a link to configure the proxy, so very quick and easy

yeah, bad choice of words on my part… and i think the verification doesn’t have to be identity-based… it just has to be some limited resource (which identity is, and guarantees fairness because it’s n per identity)

it’s all compromises, and i don’t think there’s a perfect solution… what we want is the largest impact on general privacy the world over, and options that allow verifiable perfect privacy when needed - but understanding that that requires compromise in things like usability simply because it’s more complex to set up things like trust networks than to … just not