Agreed, it’s as if you would let the locksmith go through your mail, indefinitely, after they fixed your frontdoor.

Absolutely ridiculous, right? Well… not so much when your entire digital life goes through gatekeepers like Google, Apple or Microsoft.

That’s the worst part, their justification for more information to make one safer doesn’t even work.

For-profit security theater.

what breaks the immersion

This isn’t a game, it’s about your freedom, our freedom.

If you want to use Brave to watch YouTube… well I don’t think you really care. The fact that somehow watching a video on a gaming rig isn’t fast enough so clearly not normal. That being said honestly it’s good you did try.

Artwork idea : load thermostat.

You can’t start a new application if your room is above a temperature threshold.

Extension artwork idea : load credits.

If you do delegate some load to a non digital form, e.g reading a paper book instead of watching a movie, then you “earn” some credits you might use to bypass the load thermostat “when you really need it”.

Measure your system, e.g. Zigbee thermometer for your actual room power draw so the plug for your entire system, computer obviously but also screen, speakers, etc even AirCo unit or physical fans if you have some for the room itself.

That’s the only way to know what is actually happening.

If you do not want to go down that path then the heuristic is simple : the heavier the load on either CPU, or GPU, or obviously both, the higher the temperature. If you have a dynamic system, anything built this last few decades or so, then the fans will not kick in under a threshold which you can consider won’t significantly heat up your room.

TL;DR: if you start to hear fans spinning, you have to reduce your load.

Sorry to be that guy but… why? The whole motivation behind PDF is precisely NOT to be edited, NOT to be responsive, but rather to provide the SAME output, mostly text based, anywhere and everywhere.

I’m not saying she shouldn’t edit PDF but I also have to clarify it is not "normal’.

I’ll refrain from recommending anything before actually understanding the motivation behind her workflow.

FWIW bought my Pixel 2nd hand

Yep. To give you some example I login to my self-hosted forge this way. I also use PAM on my desktop to login this way. I also sudo this way. Unfortunately I don’t use this on my phone anymore as I switched to GrapheneOS which requires GooglePlay Services for this kind of auth mechanism (with possible work around https://codeberg.org/s1m/hw-fido2-provider that I didn’t try yet).

Please note I’m no security expert but to clarify few things are important precisely when you are not a professional :

• does it support standards? Basically acronyms like TOTP, FIDO, U2F, are what you should be looking for
• is it supported without additional software by supporting standards? can you use e.g. PAM on Linux with it or does it need a companion “app” somehow?

If the answer to either is “maybe” then I recommend before buying you search online and insure it does work with your specific setup. If the answer though is yes to standards and no to additional software then you are, unless there is a weird bug basically, pretty sure to be able to use it however you want, wherever you want.

Sidenote that it’s the same heuristic for IoT. If you buy a “brandname smart thing” then you probably need their idiosyncratic stack whereas if you rely on standards, e.g. Zigbee or ZWave, then you are nearly guaranteed a smooth experience.

Hope that helps. I know that navigating acronyms can be tricky but IMHO here it’s worth investing a tiny bit of time to recognize them.

Finally as we are talking about open hardware and security I would also add 3rd party audits. I don’t have the competency to insure that the hardware and software implementation are cryptographically safe. I can test that it does in some case what it claim to do, e.g. lock after 3 failed attempt, but could some kind of weird collision hash or bad pseudorandomness be used to practically limit the pool of potential keys or passwords? I don’t have the knowledge for that. I also can’t trust that NitroKey did it right based on the claim of their website. So… audits help bridge that gap in trust. If I can’t trust the vendor and I don’t have the expertise despite being entirely open then I look for others who did verify on my behalf.

Yes precisely because I don’t rely on Microsoft or Google to handle that.

I have my own physical keys. I started like most with YubiKey, including a YubiKey Bio, then learned about NitroKey https://www.nitrokey.com/ thanks to NLNet https://nlnet.nl/project/Nitrokey-3/ so now I have passkey that I could verify https://certification.oshwa.org/list.html?q=nitrokey as they are certified and audited https://www.nitrokey.com/news/2015/nitrokey-storage-got-great-results-3rd-party-security-audit

That being said… IMHO your doubt raises an interesting question, why? Why do you NOT trust them? Do you imagine they have your data? Do you think an interactive explanation where one exchange data would help to understand why no trust is required or maybe better, where it matters?

I’m not familiar with lcpi but I’d ask in https://github.com/apprenticeharper/DeDRM_tools/issues as it’s quite active despite not being maintained.

There are some already, e.g. https://docs.brilliant.xyz/ with firmware you can replace or https://mentraglass.com/ and I even made one by sticking a RPi with its tiny camera on 3D printed frames https://twitter-archive.benetou.fr/utopiah/status/1449023602079240194/

I’m not saying it’s a good idea or that it’s private enough, just that it’s not a theoretical questions, alternatives to Meta or Google Glass do exist already and some of them are not cloud dependent.

IMHO what’s important is to be explicit about usage, understand how it’s used and have informed consent. If you use them to be sneaky and hurt others, even if they are private, fuck off.

lol, $100k+… HP revenue in 2024 was $53,559,000k.

Dell same year $88,000,000k and Lenovo $69,000,000k, so ~$50B to $90B

I let you calculate the percentage but… I’d guesstimate it’s approximately nothing.

Honestly it’s trickier than most think.

There are plenty of theoretical use cases, sure, especially for AI because it’s basically just either statistics on very large datasets or heuristics. Most of us, if not all of us, use that pretty much daily.

LLM though is a lot of less obvious but one can easily imagine public research on language, namely being able to study how language evolved.

GenAI… also, in itself honestly it might even be the most interesting of all because it’s makes us pragmatically ask what it’s like to be creative.

Yet… all that is so SO different from the commercialization and the capture of it.

So public research in AI, I’m 100% behind it. It can be useful. VC backed for-profit systems that extract and capture value, no, nearly nothing legitimate can come out of this… but to be fair it’s not limited to AI, AI just happens to be the last thing they try to capture.

Ugh… just replace them with robots! So easy I should be World CEO. /$ (obviously)

Indeed, I try to have as little apps as possible… because I don’t trust them.

Now that I mostly rely on F-Droid it’s a bit different but my default behavior when I have to use an app is “Oh no… you’re going to siphon all my data in exchange for mediocre service I’ll still have to pay for” whereas I trust my browser a lot more.

Literally posted a suggestion yesterday for a sport project to use https://developer.mozilla.org/en-US/docs/Web/API/Accelerometer so I definitely see reasons. It might be better with a permission prompt first but still it’s not without reason.

What makes you think they aren’t?

I participated to W3C workshops and privacy data was definitely part of most if not all discussions.

That being said each browser vendor have their own strategy and opinion based on their business model and culture.

That’s positive indeed. After Signal, maybe it’s time we all add PQC to our ssh, HTTPS, etc.

In fact if you are wondering OpenSSL supports PQC since 3.5 the current LTS and Debian stable relies on it https://packages.debian.org/stable/openssl

So… you might already be PQC-ready. In fact if you also run Debian on your server (or its exposed containers) maybe you connected over HTTPS already in a PQC-ready compliant fashion.

Hey there, I wrote https://forum.techreclaimers.club/public/d/36-reclaming-for-kids and few replied back. You might find that useful.

Interesting, I didn’t see it in the documentation so if you didn’t document that already, you can have your local instance as search suggestion for Firefox on mobile and desktop. I use it for my own wiki, e.g. https://mastodon.pirateparty.be/@utopiah/116351732150481942

Also how I would imagine it is default search there and if no hit then fallback to a default search engine, e.g. DDG.