Link, for most of the people in this thread surprised that Proton does what it’s pretty clear in saying they’ll do.

And people getting into trouble for using proton for stuff they are saying not to do.

https://proton.me/blog/protonmail-threat-model

Not recommended

If you are attempting to leak state secrets (as was the case of Edward Snowden) or going up against a powerful state adversary, email may not be the most secure medium for communications. The Internet is generally not anonymous, and if you are breaking Swiss law, a law-abiding company such as Proton Mail can be legally compelled to log your IP address. A powerful state adversary will also be better positioned to launch one of the attacks described above against you, which may negate the privacy protection provided by Proton Mail. While we can offer more protection and security, we cannot guarantee your safety against a powerful adversary.

https://proton.me/blog/protonmail-threat-model

I’ve eventually switched from NameCheap to Cloudfare, because they kept drastically raising my email domain price.

Cloudfare is one of the few (not sure if the only one) who has guaranteed wholesale prices (as in, the prices set by the tld owner), with nothing added on top. I moved my domain over, and I saved around 15$ a month.

The best thing to do is buy a domain in some other registrar, like NameCheap, because they will give you the domain for cheaper than wholesale (and then raise your price by a lot in the next few years, way above wholesale). So I just buy it cheap, and once the next renewal is higher than wholesale, I move it over to Cloudfare and keep it there.

This is a really good point.

This post is a great example of what will skipping a research and just trusting the first solution you find lead to.

When you are researching the thing yourself, you usually don’t find the solution immediately. And if you immediately have something that seems to work, you’re even less likely to give up on that idea.

However, even taking this into account (because the same can probably happen even if you do research the thing yourself - jumping to a first solution), I don’t understand how it’s possible that the post doesn’t make a single mention of any remote desktop protocols. I’m struggling to figure out how would you have to phrase your questions/promts/research so that VNC/RDP, you know - the tools made for exactly the problem they are trying to solve - does not comes up even once during your development.

Like, every single search I’ve tried about this problem has immediately led me to RDP/VNC. The only way how I can see the ignorance displayed in the post is that they ignored it on purpose - lacking any real knowledge about the problem they are trying to solve, they simply jumped to “we’ll have a 60 FPS HD stream!”, and their problem statement never was “how to do low-bandwith remote desktop/video sharing”, but “how to stream 60 FPS low-latency desktop”.

It’s mindboggling. I’d love to see the thought and development process that was behind this abomination.

Uh, I’m pretty damn sure I have seen an office with hundreds of people, all connected remotely to workstations, on enterprise network, without any of the problems they are talking about. I’ve worked remotely from a coffee shop Wifi without any lag or issues. What the hell are they going on about? Have they never heard about VNC or RDP?

But our WebSocket streaming layer sits on top of the Moonlight protocol

Oh. I mean, I’m sitting on my own Wifi, one wall between me with a laptop (it is 10 years old, though) and my computer running Sunshite/Moonlight stream, and I run into issues pretty often even on 30FPS stream. It’s made for super low-latency game streaming, that’s expected. It’s extremely wrong tool for the job.

We’re building Helix, an AI platform where autonomous coding agents…

Oh. So that’s why.

Lol.

It’s IMO pretty clear that the purpose of the rule is to rule out AI slop and games that cheapened on artists and replaced them by genAI., which I extremely agree with.

Expeditin is neither. It feels like an (succesful) PR stunt by a lesser known award show not many people knew about.

While there’s no doubt that they have technically break the rules, just the fact that they afaik patched the few textures before this controversy (as far as I know, it’s possible that it was a reaction to this?), this simply sounds like a (very succesful) PR attempt by Indie Game Awards.

There’s no doubt that Clair Obscire isn’t a AI slop that cheapened on artists or art with GenAI, whis is the spirit of the rules IGA has. If you don’t take the rules literaly, they deserve the award. And that’s IMO important.

I’ve never heard about IGA before this, so it worked to draw attention to them.

I’m very OK with having rules in place to reject work where you replaced artists with AI. But this is not the case.

Is there any OS that allows this config?

At least with Linux, if I encrypt my hard drive, I have to enter my encryption password on every login, for some even during boot.

Not sure about Windows. I wpuldn’t be surprised if you can have bitdefender on with auto login.

This holds true for any kind of secure communication you want to do.

Manually handling keys and encryption with GPG is the core of good opsec, and also a reason why 99% of “crime prevention” backdoors are probably not going to do much. But people are lazy, been a while since I saw a drug dealer hand out public GPG keys, ever since Telegram and the like got popular.

And a thermostat for AC is an agentic AI.

I was just looking where to donate to them. The chads aren’t even accepting donations.

Unless I’m mistaken, this mostly depends on software/os you install.

A RPI with OpenWRT will be secured in exactly the same way as a router with OpenWRT and a laptop with OpenWRT. (At least I think so, I vaguely remember hearing about some Intel CPU vulnerabilities, but I don’t think there’s anything remote).

Power draw will be the main problem, along with more limited range because of the strength of the WiFi card.

I’m kind of interested how will it go, especially further development and their issue handling.

It doesn’t do anything I need, though.

I hope this will bacfire heavily and shuts down their tourist industry.

I’ve had a few people around me who were to US, or planned to go. All of them has lost all desire to do so. I can’t imagine why would anyone who doesn’t have to (i.e for work, and even then I’d really reconsider it) volunteraly go to US at this point, for a vacation of all things.

If you aren’t already using it, https://vencord.dev/ is a good Discord client mod that lets you get rid of some of the annoying features.

Might be against ToS, but so far I don’t think people had any issues with it.

Another option (that I use when I don’t need voice) is having your own Matrix server with Discord bridge. With double puppeting it can bridge both servers and DMs, and post in your name (without needing a bot on the server).

As far as I know you can do double puppeting with Matrix discord bridges, or whatever it is called.

As in “the bridge posts using your account, and not a bot”. I have it set up on my own Matrix server, and I have servers and DMs bridged without issues.

Also, setting up a server with the ansible project is super easy, it’s one of those rare cases where the ansible is robust, easy to use and actually doesn’t break.

I have no experience with React, so I couldn’t tell. Thanks for the info, I’ll keep it in mind.

I think I’ve seen it mentioned that in case RSC isn’t used, it might be vulnerable but it’s not really confirmed, but you’re right that it probably doesn’t warrant shutting down the server.

I don’t really need it that much, though, so I’ll just wait for the update, take a scour through logs and use it as a learning opportunity for forensics, and skip the reinstall.

Well, Element seems to still be running at the unupdated version even after update, so I’m just shutting the server down.

I’m bummed that it took me 5 days to learn about it, does anyone have some tips how to get early warnings for techs you’re using? I’m guessing there’s a way with npm.

Also, anyone has some tips how to properly compromise-check your server? I’m guessing there are logs to check for compromise, and audit your startup scripts for persistence? Any tools that could help with that?

Fuck, Element for Matrix is apparently build on React, and I was updating like 4 days ago after few months.

Well, time to update again, I hope it’s fine. Never really learned how to properly compromise-check your server.

People whose thread model requires high stakes and serious encryption are probably using PGP with hardware keychain, with Tails or something similar on a live USB.

Adding a high-profile law like this will probably just cause them to increase their op-sec and make it even harder to actually get any evidence where it really matters, while having a huge PR cost and abuse potential. But it’s very probably not about catching criminals anyway.

Also, it’s kinda funny that they moved from SS to AA :D