RSS Recommendations

submitted by imattau to rss_recommendations 9 points | 0 comments If you've moved away from the 'Big Tech' companies, keeping up with the latest news and information may be a little harder.. Thankfully, RSS is still around, but which feeds to follow?? Hopefully people can share their quality feeds here for others to benefit from

group_work RSS Recommendations - Lemmy 27 February, 2021

This is NOT how Open Source works - Common Myths and misconceptions

Try KernelCare+ for free for 30 days by signing up here: https://lp.kernelcare.com/kernelcare-plus-experiment A lot of people assume open source projects, as they are community driven, are completely malleable, and subject to the desires of their users. Other people think that open source means free, as in "no charge", and others even mistake open source for "privacy respecting". Become a channel member to get access to a weekly patroncast and vote on the next topics I'll cover: https://www.youtube.com/channel/UC5UAwBUum7CPN5buc-_N1Fw/join Support the channel on Patreon: https://www.patreon.com/thelinuxexperiment Follow me on Twitter : http://twitter.com/thelinuxEXP My Gaming on Linux Channel: https://www.youtube.com/channel/UCaw_Lz7oifDb-PZCAcZ07kw Follow me on LBRY: https://lbry.tv/@TheLinuxExperiment:e Join us on Discord: https://discord.gg/nN8wwZPpwr The Linux Experiment merch: get your goodies there! https://teespring.com/en-GB/stores/the-linux-experiment Open source means free This is the one you hear the most often. A lot of people assume wrongly that software that has its source code open for everyone to see or download should not cost anything. This is obviously false, and, most licences allow for the final product of an open source project to be sold. As a matter of fact, all three of the mist popular licenses, the Apache, MIT, and GNu Public Licenses, all allow for this. An FOSS project can charge anything they want for users to download the binaries, or the source code, or both. The user is always right Another common misconception is that since FLOSS projects are based on community contributions, they should always listen to their users, and implement every feature that is asked or demanded. This is obviously completely wrong as well. Just because a project is built by many different individuals that form a comunity, doesn't mean that the project has no direction or goals. Generally, FLOSS projects have very specific goals that they are trying to achieve, and strong visions, especially when they are forks of another project. The developers are lazy Another one that is frequently heard, generally when a project hasn't been moving fast enough in one's opinion, or when a specific bug "still hasn't been fixed". FLOSS projects, while they can ask for money, are generally free of charge, use small teams that don't work full time. There are some exceptions for major projects, that are financed by companies, and have full time staff, but that's not the case for everything. People expect that, when they have taken the time to submit a bug report, it should be fixed fast. The bug has been identified, so surely it shouldn't take too long to fix, right? Wrong. There are plenty of reasons why developers might not fix a bug, or redesign their application or desktop environment in mere days or months. The developers might not have the time to dedicate to it. They might not have the hardware to reproduce the bug. They might have noticed that it only affects a small percentage of the users, and as such, isn't an immediate priority. They might also not be able to reproduce the results, or they might just be working on a feature that will render this bug report obsolete. ## Open source projects should never include telemetry This one is also very frequent. People tend to assume that FLOSS projects should never, in any circumstance, invade a user's privacy. While I agree with the sentiment, privacy IS, after all, a very important value to defend, a lot of people tend to go overboard there, and include telemetry in the process. Telemetry, put simply, is a class of data collection, that is generally completely anonymous when used by FLOSS projects, and that will help a team decide on what feature, or bug fix to focus. Conflating telemetry and privacy invasion is dubious at best, but let's assume that telemetry IS bad, however the implementation. There is nothing preventing a FLOSS project from integrating telemetry in their project. Period. It's not against the values of "Linux", or "Open source". It's not. It's there for everyone to see, in the code. If users don't like it, they can move to something else. Open source is less secure This is also a myth that one often hears. After all, if the code is open for everyone to see, it's easier to find vulnerabilities, right? And to exploit them? Well, yes, but that's assuming that everyone looking for vulnerabilities has malicious intentions. The very fact that anyone could take a look at the code and find security issues within it, means that they can also be fixed a lot faster than in proprietary software. Anyone can fix it, or give feedback to the developers, so that the issue can be fixed quickly. People propagating that myth also often ignore the fact that most hackers don't need to see the code to find vulnerabilities. The various "pawn" contests prove that proprietary software is just as easily hacked that open source software.

group_work The Linux Experiment - Peertube 23 February, 2021

Techlore Privacy Panel - Covering Modern Surveillance, Advocacy, & User Freedom

Welcome to the Techlore Privacy Panel, feature 4 panelists to discuss the largest privacy issues of 2021! This panel brings @Switched to Linux, @Nixie Pixel, Sean O'Brien, and Niek de Wilde into the same room to discuss solutions to privacy issues facing the world today. Watch side-tangents on Nixie's Channel: Coming Soon Watch the shortened reel on STL's Channel: https://youtu.be/OvJ2oogGAiY Nixie Pixel: https://www.youtube.com/user/nixiedoeslinux Switched to Linux: https://www.youtube.com/channel/UCoryWpk4QVYKFCJul9KBdyw Sean O'Brien (Privacy Researcher): https://cyberclear.cc/ Niek de Wilde (PTIO Editor-in-chief): https://privacytools.io/ 0:00 Introduction 2:55 Topic 1 - COVID 19 16:00 Topic 2 - Responsibility 30:45 Topic 3 - Freedom 45:00 Topic 4 - Realism vs Idealism 58:09 Topic 5 - Advocacy 1:03:16 Final Words 🔐 Techlore Website: https://techlore.tech 🕵 Go Incognito Course: https://techlore.tech/goincognito.html 🎧 Surveillance Report Podcast: https://techlore.tech/sr.html 📹 Odysee: https://odysee.com/@techlore:3 📹 PeerTube: https://tube.privacytools.io/accounts/techlore/video-channels Support our mission to spread privacy to the masses: 👕 Privacy Shop: https://teespring.com/stores/techlore-merch 🧡 Patreon: https://www.patreon.com/techlore 💙 Ko-Fi: https://ko-fi.com/techlore 💛 Amazon Support Page: https://www.amazon.com/shop/influencer20170928875 💖 All Other Support Methods (PayPal, Monero, etc.): https://techlore.tech/support.html Connect with our communities: 🐦 Twitter: https://twitter.com/techloreistaken 👾 Discord: https://discord.gg/Xd7baMSpqS Ⓜ️ Matrix: https://matrix.to/#/#techlore:matrix.org ✉️ Telegram: https://t.me/techloreofficial #privacy #security #panel

group_work Techlore - Peertube 15 February, 2021

The 2021 review of Messaging Service Providers: Movim (on up?)

In our Messenger roundup we always try to look at encryption, decentralisation, privacy and the company behind the platform but , of course, usability has to be another important factor. We have looked at XMPP in the past, and it seems to be one of the better solutions, most of all as you can host it yourself. We've noticed and complained before about how security updates are not always applied by the administrators are 'in charge'...so you need to host it yourself, or you need to trust the administrators with your metadata. As usual there are pluses and minuses! With WhatsApp sharing data with Facebook many people have flocked to Signal and Telegram. The first being believed to be the Gold Standard when it comes to encryption. However, Signal not only uses AWS (Amazon Web Services servers) but also Microsoft and Google servers, and now to make things even more toxic they are also using Cloudflare. Cloudflare - why the fuss? Cloudflare has spent the last 10 years building itself into one of the world’s largest cloud service providers, however, after recent revelations regarding their network being ‘hijacked’ by paedophiles, terrorists and drug runners as well as the continuing concerns about the way they manage data an… Decentralize.today Decentralize.Today Which, even with great encryption, gives me goosebumps (but not in a good way). So connect the dots here...even if you have every message encrypted and AWS and the like can't actually see your messages, they can see your IP address which connects to the server. Amazon might already have your IP address from something that you ordered or from any other function for which you used Amazon. Perhaps Google has the IP from your phone, the problem being that they have your exact address and more, so they could use that with existing metadata to connect it to you and all your contacts now using Signal. Now it can be argued that not much metadata is provided but that's an entirely different discussion! Point is they can find you! This month's review - Movim The best solution is always decentralisation and our two favourites are probably Matrix (Element) followed by Status.im. However, XMPP has been around a long time, since 1998 in fact, which makes it a super early pioneer after it was developed and deployed to allow the exchange of information and data. This is where XMPP still shines and, importantly, you can easily host it yourself. As a great 'for instance' you could use YunoHost to set it up and even have it on your Raspberry Pi! (Oh yes, the Privacy Advocate is doing “The One with the Pi” in the Privacy Cookbookat the moment). So XMPP is decentralized unlike Signal, Telegram, Threema and the likeand a list of free XMPP servers can be found here: Server overview · XMPP Compliance Tester Pick and choose your Jabber server from a list of compatible servers or check if your current server supports all required features. Movim is an open-source decentralized social media platform. So, it's a bit more than your usual XMPP messenger and more than your usual messenger setup. Think of it as a Facebook/Messenger/Blogging community software. It is based on and compatible with all XMPP setups out there. Movim calls its instances 'pods' and offers the following official Pods: https://nl.movim.eu/ server hosted in The Netherlands https://jp.mov.im/ server hosted in Japan https://de.movim.eu server hosted in Germany The 2020 review of Messaging Service Providers: XMPP/Conversations In the last edition of the messenger series ‘Secure or not too secure’ we looked at Delta Chat [/the-2020-review-of-messaging-service-providers-delta-chat/] which is a provider that uses your existing email account. Personally, we’re not fans of this route as a solution but it remains your call. Th… Decentralize.today Decentralize.Today If you would like to host a pod for yourself get a Debian based setup and all you have to do is type sudo apt install movim The beauty of doing it by yourself is that you are the master of your own setup. No-one-in-the-middle, no company to trust. The setup lets you interact with Conversations (Android), Siskin IM (iOS) and Dino (desktop) and, of course, every other XMPP platform that you may like. Movim is more than just the chat you would usually have with an XMPP setup, as it offers Chatrooms (one-on-one and group) plus you can also organize video conferences. These calls are supported by WebRTC which means one-on-one calls are encrypted. This is kind of funny considering Movim didn't have the OMEMO chat encryption implemented even thoough it was raised in 2015 on GitHub. E2EE (End-to-End-Encryption) on most of the better XMPP setups and apps use OMEMO or the alternative OpenPGP. Both methods are based on the Double-Ratchet-Algorithm and PEP (XEP-0163). Double Ratchet was developed for Signal, but it is also used by other messaging apps such as Wire. The good news is that OMEMO uses PFS (Perfect Forwarding Secrecy) which should ensure no 'man in the middle' attacks can occur. Movim, however, hasn't even got E2EE integrated yet! This means the chats are not done through E2EE encryption but just server encrypted. This takes the 'privacy by design' tag of away from Movim. Another issue with XMPP are server logs which it has! The administrators can theoretically see all your logs, which can even include your login password, contacts, messages that been sent and received (those which were not encrypted — meaning all chats on Movim) and IP address connected. Pretty much everything we just complained about on Signal,except Signal actually has encryption implemented. Now that all ofthat is out of the way, if you host a pod yourself you do not need to rely on administrators and no-one can see the logs. XMPP and Movim are not great privacy setups when you consider metadata. The latter does not even encrypt your messages! The own setup also only secures users on your pod, once you interact with users of different pods, you need to trust other admins to not look at your logs. And of course, you always need to have the security updates in mind. In communities, you can publish articles and stories to the federated network, Movim automatically embeds links and images to your posts, explores topics by hashtags, auto-saves drafts, follows topics or publications, comments on topics and posts etc. so you can start your own blog within Movim. (We're looking at linking our articles into Movim in the future and imbedding it with our Write.as and Ghost setup.) A couple of the best features are that during typing you can use Markdown and your drafts are saved automatically, Movim supports stickers (oh yes that'll pleases the Telegram and Signal people), edits and deletes chat messages, supports screen sharing! Yes, just like discord, you can insert pictures and videos to your conversations, reply to messages on a conversation, share articles in the discussion and react to posts. You can search Chatrooms, communities, tags and contacts instantly, be notified on likes, mentions and comments and invite contacts into your chat room. And of course, it has a dark and light mode, so you can take it easy on your eyes during the night. Movim is available on F-Droid which is another big plus, it is not available on iOS but does have a web version what works. Overall Movim has great potential to be your Telegram replacement. Hell! it is even a great addition for social media like Mastodon, perhaps even see it as your Facebook replacement! Telegram also has no E2EE in group chats but only in secret chats. Of course, you could always have conversations in your E2EE messenger and then use Movim as your group chat, blogging federated network. However, even with all this potential Movim will not become a killer privacy app until E2EE is fully implemented. It can however be your social media app where you share your stories with like minded people. For pictures and more private conversations, use XMPP/Conversations or a more privacy focussed messenger. As already mentioned, you can, and should, look at hosting your own instance: https://github.com/movim/movim Till next month's review!

group_work Decentralized Today 17 February, 2021

The Part-Time Show Podcast on decentralize.today - Bitcoin isn't decentralized - Sunday 21st February 2021

ICYMI - first run on decentralize.today in November 2020 - In this week's broadcast entitled 'Bitcoin is not decentralized but decentralised ecommerce will be' Dr Kapil Amarasinghe explains the inherent contradiction behind the assertion that bitcoin allows even & equal distribution in which all can participate - in theory! Dr Kap then presents the case for true decentralization being found in Proof of Stake (POS) and decentralized marketplaces. "The path towards a truly decentralised nation lies in de-commerce" Believe me, this is 19 minutes well spent! Bitcoin is not decentralized but decentralised Libre Music from the Commons Open.Audio - Funkwhale Dr Kap, as he is universally known, is a leading Speciality Doctor in Emergency Medicine and is the UK Community Ambassador to the Particl Project/Foundation. His interests include Emergency Medicine, Business Management, Arts, Geopolitics, Emerging Currency Markets and Distributed Ledger Technologies. He is also the MD of artradio, a creative social network that enables artists worldwide to share their work, see more at www.artradio.tv Dr Kap is contactable through Twitter, LinkedIn, at particl.io or via hello@decentralize.today Enjoy the podcast, more next week!

group_work Decentralized Today 20 February, 2021

Movim 0.19 - Ikeya is out!

This version is a major step for Movim with a lot of improvements on the performances and many (many!) small fixes and new features. Chat and chatrooms A criticism that was coming once in a while is how difficult it was to join and/or create a chatroom in Movim. The 0.19 version follow the Modern XMPP Multi-user Chats recommendations that is already implemented in several other XMPP clients. This standard is bringing a common naming convention and flow to create and configure chatrooms in XMPP. On top of that the join/create chatroom flow was completely redesigned. The new one is inspired by the Telegram one, with one unique "+" button to start a new one-to-one or one-to-many conversation. The global chatroom search was also directly integrated in the flow to allow you to quickly search and join one of the few thousands already listed ones. The one-to-one chat conversations views are now cached server side. This simple trick is saving some precious milliseconds during the page load. The performance boost allowed us to simply remove the chat list placeholder (you don't need a placeholder if the content is loading instantly). Conversations improvements The encrypted messages are now displayed in the bubbles. You can receive messages read confirmation in group chats and in small channels (when there are less than 10 persons connected). XEP-0201: "Best Practices for Message Threads" has been implemented. Now Movim handles replies on received messages. Useful to follow multiple topics during a conversation. Like images before, now videos are also embedded in conversations with the support of the WebM and H264 video format. With this awesome feature, the Tenor API was also integrated. You can now search in millions of GIFs and publish them instantly in your conversations. The Tenor API is disabled by default, the server administrator can enable it by adding its custom API key in the Movim admin panel. All the published message URLs are also now embedded in the discussions. Now you can also easily browse the URL related pictures directly in the Movim picture preview gallery widget. Chat rooms with unread messages are put on top of the chat rooms list now. A package of ~1500 new emojis were added to the emoji picker. Communities and blogs The explore page was reorganized with a few new features. You can now filter the explore panel to return only the communities or blog articles (the same way you can filter the articles on the news page). A "More" button is also now allowing you to retrieve older articles. The communities on the servers are now ordered by last updated. But also… The preview widget is now having a "copy to clipboard" button. Useful! There is a first integration of the Firebase Push notifications in Movim. This is currently in test with the Android app and will require some more improvements and adjustments before being released as a stable feature. You can now directly drag & drop files or copy & paste pictures in Movim to trigger the upload dialog box. Performances Batch insertion Lets now dive in the more technical aspects with the performances improvements. Most of the performances bump in Ikeya are actually regarding how he database is requested. In the previous Movim version, a presence buffer was introduced to save "batches" of incoming requests in one database query and not hundred of them. The presence is a core concept of XMPP (eXtensible Messaging and Presence Protocol). During the connection, you will receive a presence from each online contact from your contact list, similarly, when you join a chatroom, you will as well receive a presence for each member connected to the room. So now imagine that you have a big account, with hundreds of contacts and a few dozen chat rooms with hundreds of connected users in each of them. During the login, your XMPP client will then receive thousands of presences. The presence buffer is there to "stack them" when they are received and save them in batches in the database and then notifies the UI (your browser) only once that "all those presences were saved". This presence buffer element was greatly improved and will not only save the presences in batches now, but also handle some related data like capabilities requests (those information are used to know what your contacts XMPP clients are capable of) as well as vcard requests (your contact personal information and avatars). In a similar aspect, the retrieved bookmarked conferences and community subscriptions are also now saved in batches in the database, saving dozens of requests. Preload Another important optimisation that can be done when dealing with databases is to preload some information when retrieving list of items. Lets imagine that you need to retrieve 50 messages from the database. Those messages might have related data, such as reactions, replies or attached files. It is often good to load in parallel all those data "in batches". The wrong way 1. Get the messages A, B, E and F 2. Process the messages - Check if A has an attached file - Check if B has an attached file … The good way 1. Get the messages A, B, E and F 2. Try to get files for the A, B, E and F messages 3. Once the two lists are retrieved, see if some files matches the messages This was already done in many places in Movim (hopefully), but even after years we are still finding some small improvements that were missing. All those small improvements are now allowing Movim to retrieve full conversations and scroll the history in a few hundred milliseconds, even if the database is filled with millions of messages. You should know that each time you open a discussion in Movim, your browser is actually asking the server about all the contact that will be displayed, there is no local cache. If you have a backend that is fast enough, you don't need complex Javascript frontends to process and store things ;) Database connection auto-close Each connected user on a Movim instance is having it's own specific process launched on the server. This is bringing some nice isolation and performances distribution, especially on servers with many parallel available threads (this also brings some memory consumption issues that will be improved in the upcoming versions). For each of those launched "user-session-processes" a database connection was opened to allow them to perform database queries quickly. The main issue there is that database servers (such as MySQL and PostgreSQL, the two supported servers for Movim) can only handle a certain limit of parallel connections. Movim is then now automatically closing unused connections after a few seconds and resume them once a new query is sent. This allows Movim to handle hundreds of parallel sessions without overloading the database server anymore. Translations cache The languages translations are now cached when the daemon is launched once for all. This brings a few milliseconds gain during page load. It's not much but it's an easy win! The translations can also be manually recompiled using the following command php daemon.php compileLanguages Picture proxyfying and caching Most of the Movim pictures are now proxyfied by Movim. This way the Movim pod will hide its users personal IPs and browser information when the pictures are retrieved. The proxy is also moving all the pictures URL under a specific picture/ directory. This simple trick allows server admins to create a nice caching system directly on the web-server level. For example, if a friend in a chatroom is sharing a nice picture that is a bit heavy. The first person that will receive the picture will ask Movim, through the Movim web-server to download it and return an optimized version of it. The web-server will then keep a copy of the optimized picture. All the other users will then ask the same resource, and the web-server will simply return the cached version, without even asking anything to Movim anymore. A specific section in the Movim setup tutorial was added to explain you how to setup and configure this cache system during the Movim deployment. To conclude This was quite a big version indeed, we hope that you will enjoy it. The upcoming one will be a special release and will focus on one specific feature. We will come back to it in the upcoming weeks, be patient. As always, if you like Movim please share it around. You can always help us by directly contributing to the project and help funding us on our Patreon. That's all folks!

group_work Movim 20 February, 2021