I too have issues with silicone earbuds, and also with them falling out. Which is why I was over the moon when I discovered wireless clip-on earbuds. They meet my criteria of being convenient (because wireless) while also not falling off (because clip-on). The specific ones I bought (Anker Soundcore c30i) are not noise-cancelling, but I found that I can adjust their position up or down my ears to meet conditions. For example, I wear them high up when out in public, to hear wayward automobiles that might run me down.

Fair, though I personally don’t let my ISP indirectly dictate what I do with my LAN. If I didn’t already have a v6-enabled WAN, I would still manage my LAN using IPv6 private range addresses. There are too many benefits to me, like having VMs and containers be first-class citizens on my LAN, rather than sitting behind yet another layer of NAT. That lets me avoid port forwarding at the border of my home Kubernetes cluster (or formerly, my Docker Swarm), and it means my DNS names correctly resolve to a valid IP address that’s usable anywhere on my network (because no NAT when inside the LAN).

I will admit that NAT64 is kinda a drag to access v4-only resources like GitHub, but that’s only necessary because they’ve not lit up support for v6 (despite other parts of their site supporting v6).

This is my idea of being future-ready: when the future comes, I’m already there.

The approach isn’t invalid, but seeing as you already have the framework set up to deny all and log for IPv4, the same could be done with IPv6.

That is to say, your router advertises an IPv6 gateway to the global internet, but you then reject it because your VPN doesn’t support v6 (sadly). I specifically say reject, rather than drop, because you want that ICMP Unreachable (administratively prohibited) message to get returned to any app trying to use v6. That way, Happy Eyeballs will gracefully and quickly fall back to v6. Unless your containers have some exceptionally weird routing rules, v6 connections will only be attempted once, and will always use the route advertised. So if your router denies this attempt, your containers won’t try again in a way that could leak. v6 leaks are more likely when there isn’t even a route advertised.

This makes your apps able to use v6, for that day when your VPN supports it, and so it’s just a question of when the network itself can be upgraded. IMO, apps should always try for v6 first and the network (if it can’t support it) will affirmatively reply that it can’t, and then apps will gracefully fall back.

This also benefits you by logging all attempted v6 traffic, to know how much of your stuff is actually v6-capable. And more data is always nice to have.

I’m so confused on what the point of such a hash would be. If the time that an email was sent was so important, would existing DKIM timestamps also work? Is this basically the digital equivalent of including today’s newspaper in a ransom note?

Not to say that DKIM as-used is perfect.

For an example of where constant current sources are used – and IMO, deeply necessary – we can look to the humble LED driver circuit. LEDs are fickle devices, on account of their very sharp voltage-current curve, which also changes with operating temperature and is not always consistent from the factory. As a practical matter, the current through an LED is what predominantly controls the brightness, so constant current sources will provide very steady illumination. If instead an LED were driven with a constant voltage source, it would need to be exceedingly stable, since even a few tens of millivolts off can destroy some LEDs through over-current and/or over-heating.

For cheap appliances, some designs will use a simple resistor circuit to set the LED current, and this may be acceptable provided that the current is nowhere near overdriving the LED. Thing of small indicator LEDs that aren’t that bright anyway. Whereas for expensive industrial LED projectors, it would be foolish to not have an appropriately designed current source, among other protective features.

In a nutshell, voltage incompatibility is generally more damaging than current mismatch, typically in a frightening or energetic manner. Many Americans tourists find this out when they bring their 120v AC hairdryers to an overseas hotel with 230v AC power. If there is only room for one number to be emblazoned on an outlet or plug, it should be the rated voltage, first and foremost.

For current protection, we’ve had thermal fuses since the 1890s, and thermo-magnetic circuit breakers since the 1940s. There are even more fancy transistor-based current protections available for industrial equipment that can shut off extremely fast. In a sense, protection against over-current has basically been solved, in the scenarios where there’s enough of a risk of humans or property.

Whereas voltage mix-ups still happen, although consumer electronics are now moving to automatic voltage detection (eg an 18v electric drill battery charger refuses to charge a 12v battery) and through actively negotiated power parameters (eg USB PD). And even without human error, under- and over voltage transients still happen in residential and commercial environments, leading to either instant damage or long-term product degradation (eg domestic refrigerator motor drive circuits).

It should be noted that a current starvation scenario, such as when an ebike is current-limited per regulations, does not generally cause a spike in voltage. Whereas in a voltage starvation situation, resistive loads will indeed try to draw more current in order to compensate. Hence why current protection is almost always built-in and not left to chance.

Firstly, I wish you the best of luck in your community’s journey away from Discord. This may be a good time to assess what your community needs from a new platform, since Discord targeted various use-cases that no single replacement platform can hope to replace in full. Instead, by identifying exactly what your group needs and doesn’t need, that will steer you in the right direction.

As for Element, bear in mind that their community and paid versions do not exactly target a hobbyist self-hosting clientele. Instead, Element is apparently geared more for enterprise on-premises deployment (like Slack, Atlassian JIRA, Asterisk PBX) and that’s probably why the community version is also based on Kubernetes. This doesn’t mean you can’t use it, but their assumptions about deployments are that you have an on-premises cloud.

Fortunately, there are other Matrix homeservers available, including one written in Rust that has both bare metal and Docker deployment instructions. Note that I’m not endorsing this implementation, but only know of it through this FOSDEM talk describing how they dealt with malicious actors.

As an aside, I have briefly considered Matrix before as a group communications platform, but was put off by their poor E2EE decisions, for both the main client implementation and in the protocol itself. Odd as it sounds, poor encryption is worse than no encryption, because of the false assurance it gives. If I did use Matrix, I would not enable E2EE because it doesn’t offer me many privacy guarantees, compared to say, Signal.

Obligatory mention: [email protected]

Approximately 90% of people are right-handed. In European writing systems that use quills and pens, reading and writing left-to-right makes more sense so that you can hold the pen in your right hand and drag it rightward, not into the ink you just laid down.

In East Asia, before writing on paper was a thing, they wrote using inscribed bone, but then eventually moved to vertical wood boards, bound together by string. Each character on the board would be ready from top-to-bottom, and then move to the next board. The most logical choice for a right handed person is to stack the wood pile on their left, and use their right hand to draw the next board to meet their gaze, then set it down on their right. Later, this bundle of wood boards would become paper scrolls, but would still be pulled from left-to-right by a right-handed scholar.

For this reason, the historical writing system common to China, Japan, Korea, and Vietnam for centuries was read right-to-left (because instead of scrolls, we have pages, which can be moved easily). But the native Korean script is left-to-right, as is the modern Vietnamese script. And Chinese and Japanese in the 20th Century switched to left-to-right. And yet, Japanese books are still ordered “backwards” so that the title page is what Westerners would say is the back of the book, and manga panels are read from the right side toward the left.

So far as I’m aware, this means some Japanese signs can be rendered left-to-right (modern), right-to-left (historical standard), and top-to-bottom (traditional). The only orientation that’s disallowed is bottom-to-top (although vertical news tickers will do this, so that readers see the text from top-to-bottom).

It all boils down to right handedness, but it depends on whether your hand is moving, or the text is moving.

Are ham radio operators in the EU able to use LoRa radios and be exempt from duty cycle limitations?

Admittedly, I haven’t finished reflashing my formerly-Meshtastic LoRA radios with MeshCore yet, so I haven’t been able to play around with it yet. Although both mesh technologies are decent sized near me, I was swayed to MeshCore because I started looking into how the mesh algorithm works for both. No extra license, since MeshCore supports roughly the same hardware as Meshtastic.

And what I learned – esp from following the #meshtastic and #meshcore hashtags on Mastodon – is that Meshtastic has some awful flooding behavior to send messages. Having worked in computer networks, this is a recipe for limiting the max size and performance of the mesh. Whereas MeshCore has a more sensible routing protocol for passing messages along.

My opinion is that mesh networking’s most important use-case should be reliability, since when everything else (eg fibre, cellular, landlines) stops working, people should be able to self organize and build a working communications system. This includes scenarios where people are sparsely spaced (eg hurricane disaster with people on rooftops awaiting rescue) but also extremely dense scenarios (eg a protest where the authorities intentionally shut off phone towers, or a Taylor Swift concert where data networks are completely congested). Meshtastic’s flooding would struggle in the latter scenario, to send a distress message away from the immediate vicinity. Whereas MeshCore would at least try to intelligently route through nodes that didn’t already receive the initial message.

Very interesting! Im no longer pursuing Meshtastic – I’m changing over my hardware to run MeshCore now – but this is quite a neat thing you’ve done here.

As an aside, if you later want to have full networking connectivity (Layer 2) using the same style of encoding the data as messages, PPP is what could do that. If transported over Meshtastic, PPP could give you a standard IP network, and on top of that, you could use SSH to securely access your remote machine.

It would probably be very slow, but PPP was also used for dial-up so it’s very accommodating. The limiting factor would be whether the Meshtastic local mesh would be jammed up from so many messages.

I’ve only heard bits and pieces of this from friends and strangers through some specific events so far

Can you tell us what bits you’ve heard, so that we don’t have to give redundant answers?

The catch with everything that implements E2EE is that, at the end of the day, the humans at each end of the message have to decrypt the message to read it. And that process can leave trails, with the most sophisticated being variations of Van Eck phreaking (spying on a CRT monitor by detecting EM waves), and the least sophisticated being someone that glances over the person’s shoulder and sees the messages on their phone.

In the middle would be cache files left on a phone or from a web browser, and these are the most damning because they will just be laying there, unknown, waiting to be discovered. Whereas the techniques above are active attacks, which require good timing to get even one message.

The other avenue is if anyone in the conversation has screenshots of the convo, or if they’re old-school and actually print out each conversation into paper. Especially if they’re an informant or want to catalog some blackmail for later use.

In short, opsec is hard to do 100% of the time. And it’s the 1% of slip-ups that can give away the game. As an example, we need only look to the group chat of cabinet members using a knock-off Signal client to discuss military operations, and accidentally added the editor of The Atlantic to the chat. Although that scenario highlights more PEBKAC than SIGINT.

Sadly, I’m not familiar enough with Nginx Proxy Manager to know. But I would imagine that there must be a different way to achieve the same result.

BTW, when I read “NPM”, I first think of Node.JS Package Manager. The title of your post may be confusing, and you might consider editing it to spell out the name of Nginx Proxy Manager.

I’ll take a stab at the question. But I’ll need to lay some foundational background information.

When an adversarial network is blocking connections to the Signal servers, the Signal app will not function. Outbound messages will still be encrypted, but they can’t be delivered to their intended destination. The remedy is to use a proxy, which is a server that isn’t blocked by the adversarial network and which will act as a relay, forwarding all packets to the Signal servers. The proxy cannot decrypt any of the messages, and a malicious proxy is no worse than blocking access to the Signal servers directly. A Signal proxy specifically forwards only to/from the Signal servers; this is not an open proxy.

The Signal TLS Proxy repo contains a Docker Compose file, which will launch Nginx as a reverse proxy. When a Signal app connects to the proxy at port 80 or 443, the proxy will – in the background – open a connection to the Signal servers. That’s basically all it does. They ostensibly wrote the proxy as a Docker Compose file, because that’s fairly easy to set up for most people.

But now, in your situation, you already have a reverse proxy for your selfhosting stack. While you could run Signal’s reverse proxy in the background and then have your main reverse proxy forward to that one, it would make more sense to configure your main reverse proxy to directly do what the Signal reverse proxy would do.

That is, when your main proxy sees one of the dozen subdomains for the Signal server, it should perform reverse proxying to those subdomains. Normally, for the rest of your self hosting arrangement, the reverse proxy would target some container that is running on your LAN. But in this specific case, the target is actually out on the public Internet. So the original connection comes in from the Internet, and the target is somewhere out there too. Your reverse proxy simply is a relay station.

There is nothing particularly special about Signal choosing to use Nginx in reverse proxy mode, in that repo. But it happens to be that you are already using Nginx Proxy Manager. So it’s reasonable to try porting Signal’s configuration file so that it runs natively with your Nginx Proxy Manager.

What happens if Signal updates that repo to include a new subdomain? Well, you wouldn’t receive that update unless you specifically check for it. And then update your proxy configuration. So that’s one downside.

But seeing as the Signal app demands port 80 and 443, and you already use those ports for your reverse proxy, there is no way to avoid programming your reverse proxy to know the dozen subdomains. Your main reverse proxy cannot send the packets to the Signal reverse proxy if your main proxy cannot even identify that traffic.

The simple answer is probably no, because even where those experts aren’t driven solely by the pursuit of money – as in, they might actually want to improve the state of the art, protect people from harm, prevent the encroachment of the surveillance state, etc… – they are still only human. And that means they have only so much time on this blue earth. If they spend their time answering simple questions that could have been found on the first page of a web search, that’s taking time away from other pursuits in the field.

Necessarily then, don’t be surprised if some experts ask for a minimum consultation fee, as a way to weed out the trivial stuff. If nothing else, if their labor is to have any meaning at all when they do their work professionally, they must value it consistently as a non-zero quantity. Do not demand that people value their labor at zero.

With that out of the way, if you do have a question that can’t be answered by searching existing literature or the web, then the next best is to ask in an informal forum, like here on Lemmy. Worst case is that no one else knows. But best case is that someone works in the field and is bored on their lunch break, so they’ll help point you in the right direction. They may even connect you to a recognized expert, if the question is interesting enough.

Above all, what you absolutely must not do is something like emailing a public mailing list for cryptography experts, gathered to examine the requirements of internet security, to look at your handmade data encryption scheme, which is so faulty that it causes third-party embarrassment when read a decade later.

You were in fact lucky that they paid any attention at all to your proposal, and they’ve already given you many hundreds if not thousands of dollars worth of free consultancy between them

Don’t be the person that causes someone to be have to write this.

There are separate criminal and civil offenses when it comes to copyright infringement, assuming USA. Very generally, under criminal law, it is an offense to distribute copyrighted material without the right or license to do so. Note the word “distribute”, meaning that the crime relates to the act of copying and sharing the work, and usually does not include the receiving of such a work.

That is to say, it’s generally understood that mere possession of a copyrighted work is not sufficient to prove that it was in your possession for the purpose of later distribution. A criminal prosecution would have to show that you did, in fact, infringe the copyright by distributing a copy to someone or somewhere else.

Separately, civil penalties can be sought by the copyright owner, against someone found either distributing their work, or possessing the work without a license. In this case, the copyright owner has to do the legwork to identify offenders, and then would file a civil lawsuit against them. The government is uninvolved with this, except to the extent that the court is a branch of the federal government. The penalty would be money damage, and while a judgement could be quite large – due to the insanity of minimum damages, courtesy of the DMCA – there is no prospect of jail time here.

So as an example, buying a bootleg DVD for $2 and keeping it in your house would not accrue criminal liability, although if police were searching your house – which they can only do with a warrant, or your consent – they could tip-off the copyright owner and you could later receive a civil lawsuit.

Likewise, downloading media using Megaupload, usually also doesn’t meet the “distribution” requirement in criminal law, but still opens the door to civil liability if the copyright owner discovers it. However, something like BitTorrent which uploads to other peers, that would meet the distribution requirement.

To that end, if officers searching your home – make sure to say that you don’t consent to any searches – find a running BitTorrent server and it’s actively sharing copyrighted media, that’s criminal and civil liability. But if they only find the media but can’t find evidence of actual uploading/distributing, and can’t get evidence from the ISP or anyone else, then the criminal case would be non-existent.

That said, in a bygone era, if multiple physical copies of the same copyrighted media were found in your house, such as officers finding a powered-off DVD copy machine that has sixty handwritten discs all labeled “Riven: The Sequel to Myst” next to it, then the criminal evidence is present. Prosecutors can likely convince a jury that you’re the one who operated the machine to make those copies – because you had the ability (the machine) – and that nobody would make so many copies as personal backups. The quantity can only suggest an intent to distribute. This is not unlike how a huge amount of marijuana is chargeable as “possession with intent to distribute”, although drug laws have a different type of illogical-ness.

This logic does not apply when dealing with digital files, because computers naturally keep copies as part of handling files. A cache file temporarily created by VLC does not turn people into copyright criminals.

TL;DR: when the police are searching your house, tell them: 1) you do not consent to any searches, 2) you want a copy of their warrant, which should be signed by a judicial judge, and 3) do not volunteer info to the police; call and talk to a lawyer

If this is about that period of human history where we had long-distance transportation (ie railroads) but didn’t yet have mass communication infrastructure that isn’t the postal service – so 1830s to 1860s – then I think the answer is to just plan to meet the other person at a certain place every month.

To use modern parlance, put a recurring meeting on their calendar.

It can be, although the example I’ve given where each counter is a discrete part is probably no longer the case. It’s likely that larger ICs which encompass all the requisite functionality can do the job, at lower cost than individual parts.

But those ICs probably can’t do 4:20:69, so I didn’t bother mentioning that.