It’s both. Governments have started subpoenaing the push notification servers for data, instead of targeting individual devices. That little pop-in that says who the message was from, and maybe a little bit of the body of the text? Yeah, the push notification server handled that, and the government has access to that server. So any notification you see on your screen, you can be pretty positive that the government has also seen.

But this is about the notification data being stored in a part of the phone that isn’t encrypted. Signal is (or at least claims to be) E2E encrypted, so it shouldn’t be possible for a warrant to get access to the messages in the app. But since the phone is storing those notifications in a separate area (which isn’t encrypted), the warrant was able to read them.

The point is that there are two different attack vectors, and you should harden your device against both.

They only understand when it personally affects them in some capacity.

I keep this image saved on my phone, because it is relevant way too often:

The study asked participants to mark the farthest region from center that they cared about. For instance, marking 4 means you also care about 3, 2, and 1. Liberals largely marked high numbers near the perimeter. Things like “all sentient life” or “all life, including non-sentient”… While conservatives tended towards marking low numbers near the center. Things like “my extended family” or “my closest friends”. So yes, in fact, many of them genuinely don’t care unless it affects them (their family or closest friends) directly.

She was studying Japanese at Uni, and I am 90% sure she was writing fan subs for Death Note, as it was coming out.

Another solid data point for my “horse girl to elder emo pipeline” theory. My working theory is that all horse girls eventually evolve into (at least) one of the following two groups: Elder emo girls, or tail girls.

Umamusume is a gotcha game

Small nitpick, but it’s actually “gatcha” or “gasha” because it comes from the Japanese word “gatchapon/gashapon”. The word is derived from two different Japanese onomatopoeias:
Gasha - The sound of a toy capsule dispenser handle being cranked/turned.
Pon - The sound of a toy capsule landing in the output slot of the machine.

Basically, you know those little coin-operated toy capsule dispensers that you can find in arcades? The ones that have little toys, stickers, candy, etc. inside? They usually look something like this:

Yeah, these things are wildly popular in Japan. They’re colloquially referred to as “gatchapon”. There are massive stores full of these gatchapon machines. Brands will do promos for new anime, TV shows, band album releases, etc… Collectors spend a lot of money to get the rare collectibles from these machines, because not all the toys are the same rarity.

And a gatchapon game is the same basic concept, but in a digital format. You get pulls/draws/{whatever the game calls them} via some method (usually purchasing them, because that is usually how the game makes money), and then those pulls are used to get new things. Sometimes characters, sometimes equipment, sometimes new outfits, etc… It’s literally gambling, because the best stuff is virtually always gated behind some hilariously small jackpot odds.

Again, small nitpick. I just think it’s interesting (and horrifying, because it’s literally slot machine style “keep rolling cuz the next one may be a jackpot” style gambling) how much the mobile game market has come to rely on gatcha mechanics in recent years. There is a lot of (well deserved) condemnation of loot boxes in kids games, but somehow gatcha games have managed to skirt around it.

Well you got an account made, and that’s a start! Lemmy’s UI may feel familiar if you’re an old.reddit user. There are apps like Voyager that feel like spiritual successors to AlienBlue and Apollo, so if you used those apps before they were killed, you’ll feel right at home.

The best way I’ve seen to describe the platform is to think of it like email. An @gmail account can send email to an @yahoo account just fine. The specific platform is agnostic because they all use the same email backend. That’s essentially how federation works, with a bunch of different servers/instances agreeing to use the same data sharing backend.

So you’re on lemmy.zip, so you’ll be able to see and interact with any instances that lemmy.zip is federated with. Federation is simply the decision to actively share that data. And defederation is when a server chooses not to share data with another instance. One of the biggest impacts your server choice makes is which instances it is federated/defederated with. That will determine which communities you can access, as you’ll only be able to see communities on local or federated instances.

The one big caveat is that defederating from an instance won’t stop you seeing posts from those users on another instance. For example, I’m on dbzer0. Let’s say dbzer0 and zip decide to defederate. You’d stop seeing communities on dbzer0, and vice versa. But if I posted to lemmy.world, you’d be able to see my post as long as you’re still federated with lemmy.world. The third instance (lemmy.world, in this example) essentially acts as a proxy to allow both to see each other. So defederation isn’t the same thing as a filter or block, as it only stops you from seeing things that are posted on that defederated instance.

They’re only “really cool” because the ml admins are so heavy handed with moderation. From the outside looking in, it looks like calm waters. But dig into the modlog, and you’ll quickly discover that it’s only calm because the admins only leave a very small and tightly controlled window for discourse.

There will inevitably be some YouTube video that explains how to do all of this, and it will be followed without question by thousands of 12 year olds who don’t understand the security implications. They just want to play the new shiny game, and their parents told them they’d only buy the game if they got all A’s on their report card. So now their computer is orders of magnitude less secure (and likely running some mining/botnet in the background) because they wanted the game for free. This is just going to be the current generation’s version of “accidentally nuked the family computer with LimeWire downloads.”

Exactly. And that’s honestly why I doubt it will ever truly contend with Plex. It’s fine for sharing with friends who can figure out how to connect via VPN, but it’ll never be robust enough to share with your tech-illiterate grandparents on the open internet. Plex wins handily in that regard, because their sign in process is basically the same as Netflix, HBO, Hulu, etc…

Plex has problems of its own, but (at least as of me writing this) it doesn’t have any major known security vulnerabilities. They had some level 10.0 vulnerability last year, but they followed standard CVE protocols and patched it before the vulnerability was actually released.

There has been a known “anyone can access your media without authentication” vulnerability for seven years and counting, and the Jellyfin devs have openly stated that they have no intentions of fixing it. Because fixing it would require completely divesting from the Enby branch that the entire program is built upon. And they never plan on refactoring that entire thing, so they never plan on fixing the vulnerabilities.

The “don’t expose it to the internet” people aren’t just screaming at clouds. Jellyfin is objectively insecure, and shouldn’t be exposed.

No, a machine won’t even contact the pihole if it finds the address in its hosts file. Hosts is step 0 for DNS, so if it finds something there it doesn’t even bother with contacting an external server (like a pihole).

They’ve stated that they have no intention of ever fixing some of the biggest “anyone can access your media without a login” vulnerabilities, because it would require completely divesting from the Kodi branch that they initially used to start the entire project. And they never plan on rebuilding that from scratch, so those vulnerabilities will never be fixed.

Implying you have access to some major Docker 0-day exploit, or just talking out of your ass? Because a container is no more or less secure than the machine it runs on. At least if a container gets compromised, it only has access to the volumes you have specifically given it access to. It can’t just run rampant on your entire system, because you haven’t (or at least shouldn’t have) given it access to your entire system.

My wife’s contact photo is a candid of her absolutely demolishing some chocolate covered strawberries, while dressed in full cosplay. She’s in the middle of taking a massive bite, and has a look of absolute focus, like she’s eating these berries to save mankind.

She hates it, and I absolutely refuse to change it because it makes me chuckle every single time she calls.

Yeah, “I’m cheap/broke” is a reason to pirate, but so many people shy away from admitting it. Simply because they feel the need to morally justify it in some other way. I guess because saying “I took this shit for free. I could pay for it but I don’t wanna” doesn’t feel good.

Yeah, rallying against SSL is a weird way to go about it. SSL is one of the biggest and most meaningful changes to come about as a result of the Snowden leaks. The leaks were literally what prompted http to shift towards https instead, because it shined a bright spotlight on how insecure http truly is.

In the short term, it made self-hosting more difficult. But nowadays, with things like nginx and Let’s Encrypt, enabling SSL on your self-hosted site is as simple as selecting a few drop-down boxes, pasting an API key, and automating a cert refresh.

The true “has the potential to gatekeep the entire internet” existential threat is when a company like Meta or Google becomes the authority for things like ID verification or SSO.

Yup, they somehow managed to bundle obvious spyware and bold-faced propaganda into a single app, and somehow plenty of people seem okay with that.

Yes, it includes things like a TOTP manager, text file storage, family sharing, etc… Nothing super groundbreaking, but it’s some quality of life stuff that plenty of people have been happy to pay less than a dollar per month for.

Pretty much this. Cloud storage isn’t perfect, but it sure does make proper 3-2-1 backup hygiene easier. 3 backups, on 2 different mediums, 1 of them off site. Cloud storage accomplishes both the 2 and 1, because it is both a different medium and off site.

The fact that you can automatically sync remotely is a big bonus too, because off-site backups historically have a problem where they fall out of date without active attention. For instance, if you have a tape backup system stored in a warehouse across town, those tapes are only as up-to-date as the last time you took the time to drive across town and update them. But with cloud storage, you can automatically sync your folders to keep things up to date in near real time. Plus, your traditional off-site backup is only as secured from things like natural disasters if you’re willing to travel fairly long distances to make them. Those tapes in a warehouse across town won’t survive if the entire town is hit by a natural disaster like a wildfire or flood.

For instance, maybe I make an update on my laptop, and then want to access it on my phone. Even with SyncThing, my laptop and phone won’t sync with each other unless they’re able to find each other on the same network. If I’m not on a trusted network at the time, (e.g. I’m at work on my employer’s WiFi, or traveling and using hotel WiFi) that makes syncing difficult. But with cloud storage, they can both essentially use that as a relay. My laptop updates the cloud, and then my phone pulls that update. Now both devices are up-to-date without actually needing to discover each other on a trusted network.

Yeah. That really jumped out at me. My very first thought was “Americans have privacy protections?” Since Roe v Wade was overturned, Americans have basically no right to privacy.

$3M to a single person. The real headline should be that this opens the door for hundreds of thousands of similar lawsuits, which will use this case as precedent.