I find it bold stating that #DeltaChat doesn’t need a hyperscaler like #Signal does when it is based on… email servers. Where there is no audio/video calling. Where every sender and recipient server knows who is communicating with whom. Where you need to trust every decentralized server to not keep that information. Maybe be less smug if you can’t provide metadata protection. 🙄 @deltachaos.social/@delta/1154540411…
Signal's president claimed it takes billions to replicate the availability and reliability of "hyperscalers" (AWS/Google/Microsoft/Cloudfare) that Signal uses.
sure, nobody said avoiding hyperscalers is easy. In 8 years of project time we got about a tenth of the money that signal gives to hyperscalers, yearly. We can only tackle the challenges one by one, with the resources and skills we have, and see how far we get. Still some way 🤷🏽
So how are you going to disprove the claim that you need hyperscalers when providing a service like #Signal does? Because that is what your post said. But I don’t see you providing a service like Signal does. And I’m sure DeltaChat does good stuff, but I was using PGP for mails 20 years ago. So maybe don’t try do dunk on another service while providing the same metadata protection we had 20 years ago?
with all due respect and recognition that pgp has a troubled history, pgp twenty years ago and #openpgp now are different things. See for example chaos.social/@delta/1145902670… or for a more thorough security talk including discussing metadata passthesalt.ubicast.tv/videos/…
our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with
- streaming decryption and encryption
- post-quantum-cryptography
- API streamlining.
#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) github.com/rpgp/rpgp/
Not what I was asking. Maybe just try to do good work without smug comments about another service that also provides a much needed way of secure communication.
But you don’t address any of the privacy issues that exist in a post-Snowden threat model. Designing something that works in this context at all is hard, doing it in a decentralised setting is even harder (doing it in a federated model is probably impossible). But you continue to criticise Signal while not even attempting to solve the problems.
You are working with the same threat model that we used when I worked on XMPP 20+ years ago, which is no longer relevant to the modern Internet.
@syphdias 1) end-to-end latency on a 33EUR chatmail relay with ~200K monthly active users is sub-second. see attachment.
2) metadata details are here: delta.chat/en/help#message-met… including a note on sealed sender (which btw Signal only does opportunistically by default, and easily falls back to non-sealed)
What is Delta Chat? Delta Chat is a reliable, decentralized and secure messaging app, available for mobile and desktop platforms. Delta Chat feels like Whatsapp or Telegram but you can also use and...
tempted to ask about tooling details; distracted by a sudden mental image of the curl factory with curlsmiths manually forging code out of furnaces and hammering the last bugs out before dropping the finished binaries into cold stream water.
La Direction interministérielle du numérique annonce mardi devenir le premier État partenaire de la Fondation Matrix, qui est derrière le protocole open source qui fait fonctionner Tchap, la messagerie instantanée sécurisée des agents publics.
„This curl release is being done with the help of AI. While we strive for accuracy and quality, please note that the information provided may not be entirely error-free or up-to-date.“
@pianosaurus @icing it has some truth: at no previous time in history have we had as many people involved using AI powered tools in the curl factory as we do now. Primarily they have been relatively successful in their pursuit of finding flaws and defects in our code.
Get ready for a special episode of the Old Wooden Barn this Friday. Every artist that @jmd2000 will play will be dead. Join him at 8 PM Eastern over at hkcradio.com
Prodám zhruba tři až čtyři týdny používané hodinky Garmin Instinct 2 (bez solárního nabíjení). Hodinky jsem pořídil minulý rok, ale nakonec jsem došel k závěru, že si s tímto ekosystémem nesednu, tak jsem se vrátil zpátky k Huawei. Od té doby mi tady jen leží v šuplíku a nemají využití. Mám k nim stále originální nabíjecí kabel, v ceně. Cena: 2000 Kč + doprava. Pořizovací cena byla tehdy přes 5 tisíc. Vzhledem k velikosti není problém poslat poštou. Originální balení už ale nemám. Záruku by taky ještě pár měsíců měli mít. Kdo máte zájem o více info, napište.
> A prominent media analyst is proposing an unorthodox solution for Comcast to win over Donald Trump’s approval in its bid to purchase rival media giant Warner Bros. Discovery: make the widow of slain right-wing activist Charlie Kirk the top editor of the merged company’s news networks.
First, this is such a failure of an idea because you couldn't even write her name in the first paragraph: you literally referred to her as "widow of the slain..."
I just read a partial review of a cross-body bag. The (I assume male) writer wrote something like, "Turns out I'm a huge fan. It's nice to get my iPhone out of my pocket, and be able to carry sunglasses, AirPods, and other essentials." I feel like he just discovered the purse. Women have been doing this for decades. I like having things with me, too, so I'm glad bags seem to be coming into fashion for men, but this isn't exactly some amazing new invention.
Farmer Brown believed his injuries from the accident were serious enough to take the trucking company to court. But the company’s slick, high-priced lawyer was ready to tear his case apart.
“Mr. Brown,” the lawyer said, straightening his designer tie, “is it true that at the scene of the accident, you told the responding officer, ‘I’m fine’?”
Farmer Brown scratched his head. “Well now, I was just about to load my favorite mule, Bessie, into—”
“I don’t need a story,” the lawyer interrupted sharply. “Just answer yes or no—did you or did you not say, ‘I’m fine’?”
Brown frowned. “Well, like I was saying, I was loading up Bessie, and we were headed down the—”
“Objection, Your Honor!” the lawyer huffed. “The witness is being evasive.”
But the judge, now curious, leaned forward. “Actually, I’d like to hear what he has to say about Bessie.”
Farmer Brown smiled. “Thank ya, Judge. Now, as I was saying, I had just loaded Bessie into my trailer, and we were driving along when this big ol’ semi blew right through a stop sign and smashed into us. BOOM! My truck flipped, I flew one way, and poor Bessie went the other.”
He shook his head. “I was hurt bad—couldn’t even move—but I could hear Bessie moanin’ something awful. Next thing I know, a highway patrolman shows up. He walks over to Bessie, listens to her groanin’, shakes his head, pulls out his gun, and BANG! Puts her down right then and there.”
The courtroom gasped.
Farmer Brown continued, “Then, the patrolman walks over to me, still holding his gun, and says, ‘Your mule was in bad shape, so I had to put her down. Now… how are YOU feeling?’”
The jury erupted in laughter. The lawyer slumped in his seat, defeated. And Farmer Brown? Well, he walked out of that courtroom with a fat settlement—and a brand-new mule named Lucky.
Yeah, god the state of optical media is damn pathetic.
They never released a UHD BD-R.
They released BD-R XL, but according to wikipedia: "Although the 66 GB and 100 GB BD-ROM discs used for Ultra HD Blu-ray use the same linear density as BDXL, the two formats are not compatible with each other, therefore it is not possible to use a triple layer BDXL disc to burn an Ultra HD Blu-ray Disc playable in an Ultra HD Blu-ray player, although standard 50 GB BD-R dual-layer discs can be burned in the Ultra HD Blu-ray format."
My request is to do 30x fast forward over the network with decent images showing where it is at. This is apparently impossible, unless you're a PS3. Even the dune hd player I bought can't do it.
POSIX allows an implementation of getpgid (pubs.opengroup.org/onlinepubs/…) to fail when the process calling getpgid() is not in the same session as the process it wants the pgid of.
Reasonably, Linux and FreeBSD ignore that part, and simply return the pgid, no matter who asks.
But OpenBSD sees a standards-conformant opportunity to be a giant pain in the ass, so it has to jump on it. And so, when A calls getpgid(B) and B is in a different session, it returns -1 EPERM, even when A and B have the same uid and gid, and it would be perfectly legit for A to send signals to B and its whole process group.
The behaviour is the same for getsid, of course.
As a consequence, s6-supervise on OpenBSD is unable to target the process group of its supervised process, which disables one of its mitigation strategies for misbehaving daemons that leave children behind when they die. And since OpenBSD doesn't have cgroups, that doesn't leave many mitigation possibilities.
I am curious of why POSIX allows this. It seems to go against the common Unix principle that the uid is the key to which process is allowed to communicate with which.
It might make sense to forbid setpgid from the outside, but forbidding reading the pgid feels wrong. Especially since it's defeatable: since I control the parent and child, the child can getpgrp() and communicate its pgid to the parent. But that's a lot of work for something so niche that only breaks on OpenBSD.
I am starting to believe that OpenBSD's reputation for security is mostly due to the fact that no rational person bothers to port software to it.
yeah, it's old. If you can spelunk out a rationale somewhere, I'm interested - but I'm not interested enough to do the archaeological work myself. To me it's yet another OpenBSD quirk that I may write a workaround for in the future if I have nothing better to do.
Sadly I don't think I can spelunk further myself, messed up how the version numbers match (this stuff is a mess) and it actually goes back to SUSv1, so I don't even have version control going earlier.
I mean quite generally the "rationale" for anything like this is usually: some implementor already did it like this so we need to write the standard s.t. it fits. POSIX started out as XPG, so mostly just documenting preexisting common interfaces rather than defining ones for the future. If they tried the latter, that often failed (e.g., pax). So my money is on: Some UNIX did something weird in that case and that's why this clause is part of POSIX ^^'
Yeah, but effectively if that Unix is either gone or has changed since, it can help on moving things along. That's why details on rationales are useful.
absolutely! but arguing about a UNIX being "gone" is very difficult territory in a working group that's defining what UNIX™ is and mostly about cosplaying a time where this matters. I love POSIX, I really do, but I've attended one of the Austin Groups meetings as an intern. And that was enough for a lifetime.
Well a lot of UNIX systems were last released/discontinued in the 90's like Amiga Unix, Digital Unix/Tru64, A/UX, …
IRIX last got an update in 2006 but writing was on the wall in ~2001 already, SunOS (BSD) got replaced by Solaris (SysV with bits of BSD-compat), …
And in the last few years I think I've yet to see someone actually check behavior of ones like AIX or HP-UX beyond the manpages, usually it's major foss systems and a bit of Solaris + macOS.
I tried porting skalibs to AIX once. I made an honest, serious effort. I eventually had to give up because too many very reasonable things weren't working. For instance, gcc -o /dev/null failed, and it was one of the least egregious failures.
Some OSes are just beyond hope and deserve the oblivion they're sliding into.
Heh the gcc -o /dev/null thing reminds me that if you run tcc -o /dev/null as root you actually end up with an executable at /dev/null since it does an unlink+creat
With the recent rise of things like Sora and Grokapedia, I think we need to invent a new term for websites that are basically nothing but AI slop. How about slopasites? Slopsville? Something.
TBH, Grokipedia is (mostly) just a copy of Wikipedia, with an LLM running over all the sources / references.
You can click "see edits" on many articles, and it'll show you the changes between Wikipedia and Grokipedia (in a perfectly accessible pop-up, no less).
A lot of those changes are like "the article says 'in a 1971 paper' and cites the paper, but the cited page clearly says the paper was released in 1972."
Just to be clear, I don't think AI should have free reign over factual articles quite yet, but if human editors could see, fact-check and decide on these edits, I genuinely think we could have a better Wikipedia.
So, tbh, I would not change anything about having #Autism and #ADHD. Sure, if I had been diagnosed properly and had more support, some aspects of my life would have been better. But I have no regrets on having a semi-eidetic memory, being able to recognize patterns, thinking outside the box, etc. What I could have used less of? Being bullied, not knowing there were others like me out there (and the subsequent isolation), over-masking and paying the price, having meltdowns from not understanding sensory overstimulation, etc. But it's never too late to delve into self-understanding and awareness, and, most importantly, building community with like-others!
Delta Chat
in reply to Sebastian • • •Sebastian
in reply to Delta Chat • • •Delta Chat
in reply to Sebastian • • •with all due respect and recognition that pgp has a troubled history, pgp twenty years ago and #openpgp now are different things. See for example chaos.social/@delta/1145902670… or
for a more thorough security talk including discussing metadata passthesalt.ubicast.tv/videos/…
Usable end-to-end security with Delta Chat and Chatmail
Pass the SALT ArchivesDelta Chat
2025-05-29 08:51:53
Sebastian
in reply to Delta Chat • • •David Chisnall (*Now with 50% more sarcasm!*)
in reply to Delta Chat • • •But you don’t address any of the privacy issues that exist in a post-Snowden threat model. Designing something that works in this context at all is hard, doing it in a decentralised setting is even harder (doing it in a federated model is probably impossible). But you continue to criticise Signal while not even attempting to solve the problems.
You are working with the same threat model that we used when I worked on XMPP 20+ years ago, which is no longer relevant to the modern Internet.
Christian Kugler
in reply to Sebastian • • •Delta Chat
in reply to Christian Kugler • • •@syphdias
1) end-to-end latency on a 33EUR chatmail relay with ~200K monthly active users is sub-second. see attachment.
2) metadata details are here: delta.chat/en/help#message-met…
including a note on sealed sender (which btw Signal only does opportunistically by default, and easily falls back to non-sealed)
Delta Chat: FAQ
delta.chat