you should’ve stayed in the other thread

once upon a time a guy named paully sucked at lisp, but most people couldn’t tell so they figured he must be good at it

then he made a website that was an ugly orange color, and everyone assumed it was ugly on purpose even though every web site paully makes is ugly and barely functions under load

then paully implemented moderation structures on the orange site that both cloak and enable discrimination and bullying, and everyone figured that couldn’t be correct because the orange site said it had good moderation

and now paully’s godawful startup accelerator is run by openly fascist little freaks and all it does anymore is AI, but the orange site says it’s prestigious and not at all a multi-layered affinity grift

the moral of the story is fuck paul graham

yeah, apparently you’re missing all of the comments

The phoronix screenshot is the only one that contains open trans hate, though

Pretty much proves that it is the „anime alter ego” of the guy. My god, the times we live in.

and if you think the orange site is at all safe for trans people, that tells me everything I need to know

Yeah classic attention seeking behaviour. Just say you’re stopping work on it for personal reasons, or give details. The only reason to tease gossip like this is because you like the drama.

hey fucker I found one of those toxic posts you don’t seem to be able to see

jesus fuck

it’s not particularly gonna help or even make me feel better, but I’m probably gonna reopen that first Lemmy thread a little later and just start banning these awful fuckers from our instance. nobody attacking Asahi has a god damn thing to say to any member of our community.

yep, your second attempt’s still a fashy dad quip about art and it’s still as funny as the grave. you haven’t produced anything with the subjective value of even terrible art, and I think it’s about time you stop trying

You: literally splatters shitty posts into a thread

”Why am I being downvoted”

I vaguely remember that one of the articles talking about the physics forum mentioned it happening elsewhere, but I haven’t dug into it myself. it might just be one or two shitty admins doing this, but I suspect (without evidence, I just can’t think of another reason to do it) there’s some party offering a financial incentive for them to go back and fuck up their old forums

I think you’re absolutely correct, and this feels to me like the only reason why we’re seeing some of the bizarre shit we’ve been keeping an eye on:

• several old forums, all of which are unique high-quality data sources, are being polluted by their own admins with backdated LLM-generated answers. this destroys that forum as a trustworthy data source and removes it as competition for the LLM that already scraped the forum — and, as a bonus, it also makes training a future LLM on that data source utterly impractical without risking model collapse.
• Wikipedia refuses to compromise on quality in general, so it’s under increasing political pressure to change. the game here is to shut down or pollute the original data source by any means necessary, so that the only way to access that data becomes an LLM. the people behind the AI startups are experts at creating monopolies, and shutting down a world-class data source like Wikipedia or making it otherwise unusable would guarantee a monopoly position for them.

I keep stopping myself from doing this exact project, with the fediverse as the curation source, several times. I’ve talked about this before, but interestingly Postgres’ full-text search is effectively the complete core of a search engine, minus what you’d need for crawling and ranking (which is where curation and a bit of scripting would come in)

other than resources and time, one big open question is how to do this kind of thing as a positive part of the fediverse — to not make the same mistake that a bunch of techbros already have and index the fediverse without consent. how does one make the curation process simultaneously consensual and also automated enough that it can be reasonably ruggedized against abuse?

also, I forgot to point this out earlier, but it’s worth saying: the only reason why I’m considering GrapheneOS as a viable path forward is because as an AOSP fork, it isn’t all-or-nothing. I can create a private space or profile for Google Play Services and all my spyware shit and keep it isolated, and ending the session kills all the processes those apps might have been running.

that’s fantastic! I finally don’t have to switch fully to open source apps and do without working non-janky notifications to have a modicum of privacy on Android! the graphene devs assume I’m not gonna be perfect and they ruggedized their fork against that and put a ton of effort into making even stuff that’s deeply reliant on Google safer! why in fuck aren’t they like that for everything?

To be clear, this is not a rant against security… I treat security of my devices seriously.

exactly! and taking this shit seriously is why this overbearing shit sucks, especially when it’s theater or enforced for threats that aren’t realistic for your threat model. unlike some of these fuckers, we both actually intend to daily the devices we’re locking down.

because apparently having non-smooth scrolling can be fingerprinted (that being possible is IMO reason alone to burn down the modern web altogether)

oh I fucking hate this. it’s the same shit as forcing dark mode off/on as part of fingerprinting protection. not only is this the absolute wrong way to fix that shit, it’s pretty monstrous for anyone who needs dark mode or light mode to use their device in anything resembling comfort — your user may have a visual impairment or severe light sensitivity, and now they’re fucked cause the developers couldn’t accept a minor fingerprinting risk (and light/dark mode and smooth scrolling are both utterly minor, to be real)

Possibly controversial, but I’ll say it: web browsers being so annoying about self-signed certificates.

motherfucker yes! the CA infrastructure is nowhere near usable for all cases and we all know it, but locking down the web and making development and self-hosting fucking annoying is the game for the browser vendors and Google in particular. to add to this: why the fuck is my browser acting like me not having a cert for localhost is a tragedy? why does the browser sandbox not allow certain shit unless I’m using https of all things to access localhost? where precisely is the fucking threat here? (I’m sure some well-paid security asshole at one of the browser vendors could snark a list of unlikely shit as reasons why local host needs to be treated as insecure with no toggle or dev tools option to treat it otherwise… and I just don’t give a fuck)

The entire reality of secure boot on most platforms

I’d love good secure boot! the one on PCs ain’t it at all, and unfortunately the secure ones tend to be used to lock out device owners from modifying what they own and implement shit like attestation that’s just there to violate your rights and make sure you’re not blocking ads, so unfortunately good secure boot might be incompatible with capitalism. for now though at least graphene seems to benefit from a secure secure boot chain that hasn’t been locked down yet?

the GrapheneOS developers would like you to know that switching to Ironfox, the only Android Firefox fork (to my knowledge) that implements process sandboxing (and also ships ublock origin for convenience) (also also, the Firefox situation on Android looks so much like intentional Mozilla sabotage, cause they have a perfectly good sandbox sitting there disabled) is utterly unsafe because it doesn’t work with a lesser Android sandbox named isolatedProcess or have the V8 sandbox (because it isn’t V8) and its usage will result in your immediate death

so anyway I’m currently switching from vanadium to ironfox and it’s a lot better so far

speaking of privacy, if you got unlucky during secret santa and got an echo device and set it up out of shame as a kitchen timer or the speaker that plays while you poop: get rid of it right the fuck now, this is not a joke, they’re going mask-off on turning the awful things into always-on microphones and previous incidents have made it clear that the resulting data will not be kept private and can be used against you in legal proceedings (via mastodon)

oh I meant the rant that started this thread, but fuck it, let’s go, welcome to the awful.systems privacy guide

grapheneOS review!

pros:

• provably highly Cellebrite-resistant due to obsessive amounts of dev attention given to low-level security and practices enforced around phone login
• almost barebones AOSP! for better or worse
• sandboxed Google Play Services so you can use the damn phone practically without feeding all your data into Google’s maw
• buggy but usable support for Android user profiles and private spaces so you can isolate spyware apps to a fairly high degree
• there’s support coming for some very cool virtualization features for securely using your phone as one of them convertible desktops or for maybe virtualizing graphene under graphene
• it’s probably the only relatively serious choice for a secure mobile OS? and that’s depressing as fuck actually, how did we get here

cons:

• the devs seem toxic
• the community is toxic
• almost barebones AOSP! so good fucking luck when the AOSP implementation of something is broken or buggy or missing cause the graphene devs will tell you to fuck off
• the project has weird priorities and seems to just forget to do parts of their roadmap when their devs lose interest
• their browser vanadium seems like a good chromium fork and a fine webview implementation but lacks an effective ad blocker, which makes it unsafe to use if your threat model includes, you know, the fucking obvious. the graphene devs will shame you for using anything but it or brave though, and officially recommend using either a VPN with ad blocking or a service like NextDNS since they don’t seem to acknowledge that network-level blocking isn’t sufficient
• there’s just a lot of userland low hanging fruit it doesn’t have. like, you’re not supposed to root a grapheneOS phone cause that breaks Android’s security model wide open. cool! do they ship any apps to do even the basic shit you’d want root for? of course not.
• you’ll have 4 different app stores (per profile) and not know which one to use for anything. if you choose wrong the project devs will shame you.
• the docs are wildly out of date, of course, why wouldn’t they be. presumably I’m supposed to be on Matrix or Discord but I’m not going to do that

and now the NextDNS rant:

this is just spyware as a service. why in fuck do privacyguides and the graphene community both recommend a service that uniquely correlates your DNS traffic with your account (even the “try without an account” button on their site generates a 7 day trial account and a DNS instance so your usage can be tracked) and recommend configuring it in such a way that said traffic can be correlated with VPN traffic? this is incredibly valuable data especially when tagged with an individual’s identity, and the only guarantee you have that they don’t do this is a promise from a US-based corporation that will be broken the instant they receive a court order. privacyguides should be ashamed for recommending this unserious clown shit.

new generational trauma just unlocked: your parents let spicy autocomplete make all their parenting decisions for them and think they’re too logical and rational to go to any of your art exhibitions

Apple’s Siri Chief Calls AI Delays Ugly and Embarrassing, Promises Fixes

it’s not the delays that people seem to hate, it’s that the shipped features barely fucking work and nobody’s excited to burn battery life or buy new phones for any of them

that’s one of the problems I’ve noticed in almost every online privacy community since I was young: a lot of it is just rich asshole security cosplay, where the point is to show off what you have the privilege to afford and free time to do, even if it doesn’t work.

I bought a used phone to try GrapheneOS, but it only runs on 6th-9th gen Pixels specifically due to the absolute state of Android security and backported patches. it’s surprisingly ok so far? it’s definitely a lot less painful than expected coming from iOS, and it’s got some interesting options to use even potentially spyware-laden apps more privately and some interesting upcoming virtualization features. but also its core dev team comes off as pretty toxic and some of their userland decisions partially inspired my rant about privacy communities; the other big inspiration was privacyguides.

and the whole time my brain’s like, “this is seriously the best we’ve got?” cause neither graphene nor privacyguides seem to take the real threats facing vulnerable people particularly seriously — or they’d definitely be making much different recommendations and running much different communities. but online privacy has unfortunately always been like this: it’s privileged people telling the vulnerable they must be wrong about the danger they’re in.

I’ve started on the long path towards trying to ruggedize my phone’s security somewhat, and I’ve remembered a problem I forgot since the last time I tried to do this: boy howdy fuck is it exhausting how unserious and assholish every online privacy community is