• Assembled: 1200 USD
• Kit: 950 USD

Thanks for clarifying! I’ve heard nothing but praise for Kagi from its users so that’s what I was assuming, but Searxng has also been great so I wouldn’t have been too surprised if you’d compared them and found its results to be on par or better.

By the way, if you’re self hosting Searxng, you can use add your own index. Searxng supports YaCy, which is an actively developed, open source search index and crawler that can be operated standalone or as part of a decentralized (P2P) network. Here are the Searxng docs for that engine. I can’t speak to its quality as I still haven’t set it up, though.

there is a better open source meta search engines

I already use Searxng and have never used Kagi, but I’m curious why you say that Searxng is “better.” Are you saying that because the quality of the searches is better, because it’s open source and Kagi isn’t, or for some other reason?

Yes, but have you seen some of the decisions the Supreme Court has come up with?

Do you only experience the 5-10 second buffering issue on mobile? If not, then you might be able to fix the issue by tuning your NextCloud instance - upping the memory limit, disabling debug mode and dropping log level back to warn if you ever changed it, enabling memory caching, etc…

Check out https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html and https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html#ini-values for docs on the above.

Your Passkeys have to be stored in something, but you don’t have to store them all in the same thing.

If you store them with Microsoft’s Windows Hello, Apple Keychain, or Google Password Manager, all of which are closed source, then you have to trust MS/Apple/Google. However, Keychain is end to end encrypted (according to Apple) and Windows Hello is currently not synced to the cloud, so if you trust those claims, you don’t need to trust that they won’t misuse your data. I don’t know if Google’s offering is end to end encrypted, but I wouldn’t trust it either way.

You can also store Passkeys in a password manager. Bitwarden is open source (though they did recently introduce a proprietary, source available SDK), as is KeepassXC. 1Password isn’t open source but can store Passkeys as well.

And finally, you can store Passkeys in a compatible security key, like the YubiKey 5 series keys, which can each store 100 Passkeys. This makes them basically immune to being stolen. Note that if your primary interest in Passkeys is in the phishing resistance (basically nearly perfect immunity to MitM attacks) then you can get that same benefit by using WebAuthn as a second factor. However, my experience has been that Passkey support is broader.

Revoking keys involves logging into the particular service and revoking them, just like changing your password. There isn’t a centralized way to do it as far as I’m aware. Each Passkey is only used for a single service, after all. However, in the same way that some password managers will offer to automatically change your passwords, they might develop a similar for passkeys.

Do any of the iOS or Android apps support passkeys? I looked into this a couple days ago and didn’t find any that did. (KeePassXC does.)

You have your link formatted backwards. It should be Vaultwarden, with the link in the parentheses.

a talking collar isn’t likely to help … if the cat is even willing to wear the thing at all.

“Realistically,” Quagliozzi says, “that collar would just be saying ‘get this fucking collar off me’ all the time.”

Do you memorize all of your passwords? If so, I take that to mean that you don’t use a password manager. Password managers - really, any app with 2FA - have this problem, too. But if you use a password manager and store your 2FA methods in it, then you only need to be able to regain access to your password manager.

If you use a cross-platform password manager with Passkey support, like Bitwarden, you can use it on any of your devices. In the event that you lose all of your devices, if you don’t have an Emergency Contact set up, you will need your password and one of the following to gain access to your account:

• Access to your 2FA method
• Access to your Recovery Code
• If you’re in an enterprise using Duo 2FA, access to a Duo bypass code (contact your Duo admin to request this)

If you use security keys for 2FA, then you should have at least two - one that you keep with you and a backup that you keep in a safe place, like at home in a lockbox.

If you use a TOTP app to log in, or if you use security keys and want another backup, then making sure you’ll have access to the Recovery Code should be your priority. You can write it down and keep it in a few different places - at home, in your car, in your locker at work, etc… You can share it with someone you trust in person or over an encrypted channel (like Signal). You can store it on a flash drive, encrypted by a second password (which can be much easier than your primary password) or even unencrypted, if you generally keep the drive somewhere safe, disconnected from your computer. As long as you remember your password and can access your recovery code, you’ll also be able to regain access to your account, including all of your passkeys.

Emergency Access requires someone else to have access to their Bitwarden account, but assuming you don’t both lose access, it’s a pretty solid solution. When they request access, Bitwarden will send you an email allowing you to accept or reject their request. If you accept or don’t respond within the allotted “Wait Time” (which you configure: 1 day minimum, 90 days maximum) then they’ll be granted access. You also get a choice (when setting this up) to let them takeover the account (resetting your master password) or to just get read-only access.

Maybe you don’t like Bitwarden and want to use some other app, like 1Password, Dashlane, Roboforms, etc… Whatever your choice, familiarize yourself with how to restore access to your account in an emergency. Then you only need to worry about that and not about how to get access to your passkeys that are on your Windows laptop or only synced to your Apple devices.

But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

Nope.

Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.

The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though.

The site doesn’t need to implement this; the browser handles that part.

I confirmed this works and logged into Github using Google Chrome on my work computer using a passkey stored in Bitwarden earlier today. I had to enable Bluetooth for Chrome, since I’d had it disabled, but then everything else was seamless.

You could’ve scrolled down to the bottom, clicked on “Links,” then clicked on the repo link

The repo has instructions to install a Snap or build from source. If you build from source, it looks like you should download an archive from the releases page rather than just pulling from master.

You probably just need Google One and Youtube Premium, which includes Youtube Music Premium.

Of course, if you don’t care about YouTube Premium, you could instead get a family subscription to a different music streaming service - Spotify, Tidal, and Apple Music are all leagues better than Youtube Music, in my opinion.

I don’t personally recommend Google for anything, to be clear.

Open-Webui published a docker image that has a bundled Ollama that you can use, too: ghcr.io/open-webui/open-webui:cuda. More info at https://docs.openwebui.com/getting-started/#installing-open-webui-with-bundled-ollama-support

Synthetic media should be required to be watermarked at the source

Bit late for that (even in 2023). Best we could do now is something like public key cryptography, with cameras having secret keys that images are signed with. However:

• That would require people to purchase new cameras (though phones could likely do this without a new device, leveraging the secure enclaves to sign)
• Depending on the implementation of the signing, even applying filters to images, color grading, or cropping an image could make it stop matching. If you remove something from the background or make other overt changes, it’s definitely not going to match.
  • Adobe has a system for handling changes and attesting that no AI was used. Optimally other major photo editing tools will do something similar. However, I don’t think it’s feasible to securely sign such an attestation history locally, so all such images would need to be uploaded to be signed remotely.
• This won’t work for traditional art

For artists and photographers with old school cameras (“old school” meaning “doesn’t compute and sign a perceptual hash of the image”), something similar could still be done. Each such person can generate a public / private key pair for themselves and sign the images they’ve created manually. This depends on you trusting that specific artist, though, as opposed to trusting the manufacturer of the camera used.

This isn’t true or how it works, but there is a law being proposed that would sorta make it so: https://arstechnica.com/information-technology/2024/08/senates-no-fakes-act-hopes-to-make-unauthorized-digital-replicas-illegal/

(In the US), your likeness is protected under state laws and due to case law, rather than federal laws, and I don’t know of any such law that imposes a responsibility upon sites like Twitter to take down violations upon your report in the same way that the DMCA does. Rather, they allow you to sue the entity who used your likeness for damages in civil court. That isn’t very useful to Jane when her ex-boyfriend uploads revenge porn of her or to Kate when a random Twitter account deepfakes her face onto a nude.

However, if a picture you have copyright to (like a selfie) is used as an input into an AI, arguably you do have partial copyright to it, as the AI elements are not copyrighted and it could not have been created without your input. As such, I think it would be reasonable to issue a DMCA takedown request if someone posted a nonconsensual deepfake of you, on the grounds that you have a good faith belief that you do have copyright to it. However, if you didn’t take the picture used as an input yourself, you don’t have copyright to it and therefore don’t have partial copyright to the output, either. If it’s a deepfake face swap, then whoever owns copyright of the original scene image/video would also have partial copyright, and they could also issue a DMCA takedown request.

It’s like how they slapped ‘Smart’ on every tech product in the past decade. Even devices that are dumb as fuck are called ‘Smart’ devices.

I’m not a big fan of “Smart” as a marketing term, either, but “Automatable” doesn’t exactly roll off the tongue, and “Connected” doesn’t really have the same appeal. That said, “smart” was used pretty consistently to refer to devices that could be controlled as part of a “smart home.” It wasn’t supposed to refer to a device that itself was intelligent, though.

I always thought of AI as artificial consciousness, an unnatural and created-by-humans self-aware and self-thinking being.

Sounds like you’re thinking of AGI (artificial general intelligence) or that your understanding is based off sci fi as opposed to the academic discipline/field of research, which has been around since the 1950s.

And yes, marketing is often inaccurate… but almost every instance I’ve seen where they say they’re using AI, they were.

In fact stuff like ChatGPT would’ve made more sense to actually be called ‘Smart’ search engines instea of ‘AI’.

IMO “Smart” would be more misleading than “AI,” even if “Smart” didn’t have an existing, unrelated meaning. I do think we could use better words - AI is such a broad category that it doesn’t say much to call a product “AI-powered.” Stable Diffusion and Llama use completely different types of AI, for example. But people broadly recognize the term (even if they don’t understand it properly) and the same can’t be said for terms like “LLM.”

They might be technological achievements, but they’re not AI.

You’re illustrating the AI effect - “discounting of the behavior of an artificial-intelligence program as not “real” intelligence.” AI is used in a ton of different ways that you likely don’t ever think about or even notice.

I recommend reading over at least the introduction to the Artificial Intelligence article on Wikipedia before proclaiming that something that fits cleanly into the definition of AI isn’t AI.

Both numbers are based off market value, though

I made a typo in my original question: I was afraid of taking the services offline, not online.

Gotcha, that makes more sense.

If you try to run the reverse proxy on the same server and port that an existing service is using (e.g., port 80), then you’ll run into issues. You could also run into conflicts with the ports the services themselves use. Likewise if you use the same outbound port from your router. But IME those issues will mostly stop the new services from starting - you’d have to stop the services or restart your machine for the new service to have a chance to grab the ports while they were unused. Otherwise I can’t think of any issues.