PandaCoderPL

  • 3 Posts
  • 34 Comments
Joined 3 years ago
cake
Cake day: September 20th, 2021

help-circle
  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    please do not fight it out here publicly.

    @CHEFKOCH@lemmy.ml publicly accused me of harassing him so I felt it will be good to defend myself also publicly.

    If you want to pick a fight, go do it in DMs or a realtime chat platform like Matrix or XMPP.

    Of course that would be a better option but I didn’t want to look like I’m avoiding his baseless accusations. If someone is calling me out publicly, they can be sure I will answer publicly as well.

    All I see is a petty argument between you two, and getting riled up over what is typical privacy community drama. Do not make yourself another GrapheneOS vs CopperheadOS, it makes both look like fools.

    I was only replying to that user and for me, the argument related to his past activity is over. Hopefully he will understand that and will also stop replying to me about that issue.

    I appreciate that your reaction but I hope you will try to understand my point of view as well. Thank you in advance.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    The problem is that I provided evidence that the so-called facts are made up.

    No, you didn’t.

    Besides the GitHub staff closed the thread and the members got warned, even this fact is presented by my link which you still ignore to accept.

    The issue is still open and last comment was written two weeks ago so either you live in some different reality or your so-called evidence is made up.

    The only member who got warned and then permanently banned in that situation was you. Your GitHub account is still banned since 2018. Now try to convince me and others that this happened because GitHub stuff was wrong and they don’t know their own ToS.

    Please read the GitHub ToS regarding abusing issue tickets to harass someone, it is harassment because they never contacted me in the first place, my email and my Twitter etc. is all known and welcome for constructive criticism.

    Please quote the part of GitHub those which states that the users have to contact you in any way before exposing you and showing evidence against you.

    The problem is that you answer here in order to attempt to discreet me, please provide evidence that not one of the arkenfox members are behind this account. Those people showed multiple times that they chase me - as a person - across multiple platforms because they are obsessed with me and that I might do a better job.

    Can you show me any proof that anyone related to arkenfox is chasing you over multiple platforms and that I’m doing the same?

    It is off-topic the moment you try to discredit me with an internet link which has nothing to do with facts, Signal or that Signal now closes parts of their code and servers.

    You were the one spreading misinformation, not facts, so I reminded people about who you are so they can better understand why are you behaving that way and that they shouldn’t worry about you attacking them if they disagree with you.

    I stand to my failures

    By writing really long post, spreading misinformations and users who exposed you and claiming that amount of knowledge is measured by number of your repositories.

    I never did anything bad

    You should better educate yourself if you think that plagiarizing other’s work is nothing bad.

    Everyone makes mistakes and professionalism is to stand to them and apologize

    And that’s what you should do few years ago instead of writing long and meaningless post.

    You accuse someone which you never tried to contact before

    You have no way to know that.

    come with a link which had to be closed b an GitHub staff due to misinformation and call this fact.

    The GitHub issue is still open and even active. The only user who got punished in this situation was you.

    According to you, earth must be flat because it is also written somewhere on the internet.

    No, because it was proven that earth is not flat. You still didn’t prove that you didn’t plagiarize other’s work.

    I urge you to stop spreading misinformation regarding my person because you want to discredit me to make your stuff look better. You failed here miserably.

    You are the one trying to accuse me of harassment only because I gave you the link to facts about yourself.

    Please stay on the topic, Lemmy is FOSS community. Signal is not anymore FOSS which was the reason it got attention in the first place.

    It doesn’t matter. If you are using Lemmy, it doesn’t mean you can’t use messenger that was FOSS for most of the times.

    We have sufficient alternatives, they are mentioned here by fine people of Lemmy. This is why Signal is for FOSS enthusiasts dead, and this statement is not wrong.

    You are wrong again. Signal is dead but only for you, just one tiny person that is trying to prove that he did nothing bad.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    Claiming something without been involved, checking so-called made up facts and abusing it on a high traffic website is a smear campaign, as per definition.

    The problem is that from what I know those facts are not made up, I’m not abusing this and Lemmy is not really high traffic website. If my goal would be to spread this information about you, then I would definitely use any other website but I’m only using those facts as part of our conversation so that’s completely different situation.

    It makes it so or so not better because it is still off-topic. It is also not your argument at all, it is something you found on the internet or someone send you and an attempt to discredet me, nothing more.

    If it’s offtopic then just end this part of our discussion at this point. In future, if you don’t want people to remind you of your past then simply change your username or just don’t do anything bad.



  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    3 years ago

    I am not out of arguments, I explained multiple times that your audit argument does not hold because in reality no one audits server code. You refuse to accept it and continue your nonsense.

    Where did I even mention that auditing code of the server would change anything? I was only saying that you can’t verify what is running on the server so it doesn’t really matter if Signal makes that code open source or not.

    The app as well as the server code can be closed sourced afterwards, which happened now partially. If more and more crypto stuff gets added then what will happen next, they close that too.

    Now I can agree because you added that code of the server is partially closed.

    Some people also use XMPP with their family, according to your previous logic, why abandon XMPP.

    Who said anything about abandoning XMPP? I already said that people are free to use whatever they want because everyone has different threat model. Of course there are projects that I will recommend or not but nobody is forced to listen to my opinions.

    https://dessalines.github.io/essays/why_not_signal.html

    Thank you for the link, I will definitely check it out later.

    Because you mentioned it 3 times now

    Ans you still refuse to understand it.

    you quote everything to make a mess now to make it look like that what you say is true, which is not.

    I already said that I’m using quotes to make my reply more readable and less confusing, especially in case of longer statements. Quotes doesn’t make anything look more true, it’s just personal preference and my style of replying to others.

    Please provide evidence that normal people audit source code of the app or the server code, there is none.

    How do you know there is none? Do you know what every single person on the planet is doing right now? I highly doubt it.

    It can if you run your own, you talk about decentralization, so there you have it.

    Decentralization is not related to Signal either because AFAIK all servers are owned by one company.

    You act childish, you come with arguments written by clowns. How is that related to Signal, harassment is not wanted here on Lemmy.

    Let the moderators decide if this is harassment.

    A messenger claims to be private and then wants your phone number, well that alone is a no go.

    Privacy is not 0 or 1. Like I said before, people have different threat models so for some people will not care about using their own phone number for Signal, when others will not use Signal or even any mobile device at all.

    The server code was not updated for over one year, this is not constantly

    I said that Signal was constantly being updated, not the code of the server.

    I can and I debunked the wrong accusation here, which you refuse to read in full, as you admitted here.

    I already explained why I refused to read your explanation in full:

    I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

    What you do here is harassment and proves my point exactly.

    Saying that you were plagiarizing work is not harassment but warning for other users who will be interacting with you in any way in future.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    Please quote whoever attacked you personally, and I am going to take action against it. Harassment is not welcome on Lemmy. We all want a civil platform here.

    I’m pretty sure this user is talking about me after I disagreed with him multiple times in this discussion. Feel free to review the discussion and let me know if any of my statements is harassing this user in any way.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    3 years ago

    I suggest locking the thread, red pilled people spreading their based opinion here which is not helpful at all.

    You are basically out of arguments, you know that you were wrong so now you are suggesting locking the thread to avoid further discussion. You posted this shortly after replying to me so I wouldn’t have chance to reply back. Having last message in the discussion doesn’t mean you are right though.

    Signal went closed source with the Security through obscurity argument, which is reason enough to ditch this MF.

    Explain this: https://github.com/signalapp/Signal-Server Signal is mostly open source, only mechanisms related to blocking spam are closed source.

    You need phone number too, sure there are workaround but this is not what most people want.

    It’s not a big deal for some people because everyone has different threat model. Some people are using Signal with their family and friends who already have their phone number anyway.

    Signal Team is intransparent and has history of not answering important questions.

    Could you link to at least one source that proves it?

    Closed source is enough reason to not suggest it.

    You are using the same argument twice to make your message longer so it looks smarter? Above you can see link to source code of Signal server.

    People already tried to attack me here in this thread with BS which is not even related to Signal or anything at all

    You were the one who was constantly saying that code that is running on the server can be verified if you have access to the server. Of course it can, but how is it related to Signal?

    not going to call names here, but check it bellow.

    You don’t even have to. Also this kind of behavior is really childish: “I could do that but I will not do it”. If you are not going to do it then why did you even mention that.

    Personal comment If someone gives me 50 Mio. in funding I wont let people down like this.

    Did you give them the money? Signal got funding so they can do whatever they want with it. People have different needs and expectations so it’s not really possible to create perfect messenger that would make everyone happy.

    What Signal team does here is more than pathetic, they spit in everyones face taking the money and they expect us to swollow the pill.

    I disagree with that statement. Signal is constantly being updated, new features are being added, bugs are getting fixed, you are the only one who is complaining that Signal team got the money but they are not doing what you want them to do with it. Luckily for you, Signal is open source so you can fork it and make your own messenger that will look just like you want it.

    Give me the money I do better

    Can you do it without plagiarizing other’s work though?


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    3 years ago

    I think my GitHub Account is fine.

    I did read part of your post and to be honest I don’t think there is even reason to read the rest. Basically you are saying that no contact informations indicate that someone likes to harass people and less repositories on Git means that someone has no knowledge. Some people just don’t want to be contacted outside that one platform where they are talking to you and number of repisitories doesn’t mean that your statements are taken more seriously.

    Your quotes makes the conversation almost impossible to follow, maybe this is what you wanted.

    No, as you can see this is my style of replying to any longer statement to avoid confusion about which part I’m replying to. You are pretending to be such an expert in every area yet you are spreading complete misinformation but reading reply from top to bottom shouldn’t be an issue for you.

    Your argumentation that it does not matter because it is centralized is still wrong.

    Can you prove that code that is running on Signal servers is exactly the same code that is published? No, you can’t. Of course, if Signal would add some modifications that wouldn’t be compatible with current client but published source code of the server wouldn’t get updated then you could actually tell that something is wrong but my point is that they could do modifications that are compatible with the client and at the same time harmful to the users and in that case you wouldn’t be able to tell any difference.

    Assuming Signal changes something on the server you will get errors which forces someone to update the App.

    I’m pretth sure some modifications doesn’t need users to update the client.

    You can verify server code if you run your own, I provided the link.

    But in case of Signal you are not running your own server so you are not able to verify what is running there.

    The rest is blah blah from you agree with me, why even bother quoting me there is beyond me.

    By disrespecting me, you are not making me take you more seriously but from your blog post I see that you are just behaving that way daily until someone agrees with your every word.

    Signal is dead. Period.

    Project is not dead if there are still users using it.

    No need to use it when there are alternatives.

    Going by that logic you wouldn’t use anything because there is always some alternative. Why are you on Lemmy when Postmill is alternative? Why would you use Postmill if Lemmy is an alternative? People are using whatever fits their threat model and this is the part that you refuse to understand for some unknown reason.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    They were able, they invested time and they just integrated shitty polling without removing nonFree material because they didnt want to consider fixed notification.

    The developers now have other priorities. They will probably change how notifications work after Lokinet integration.

    They even memed the F-Droid port.

    https://github.com/oxen-io/session-android/issues/73

    Thanks for sending me this.

    They memed by telling untrue things even with a main F-Droid maintainer inside.

    Thank you for that information, I wasn’t aware of that.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    3 years ago

    Your arguments are weak, all of them.

    You are either replying to wrong comment or you see something that I didn’t write. Anyway, i just stated the fact that Signal is not dead, which is true. I didn’t defend Signal nor tried to do so and you can see it here.

    Being fully transparent on both server and client sides is the reason why people put their trust into Signal

    It doesn’t really matter in case of centralized platform because you have no way to verify that Signal servers are actually running exactly same code as the one that is public.

    otherwise you can use other apps and networks.

    This is exactly what I’m doing so I don’t have to put all trust into one central entity.

    Signal got millions of dollars yet they cannot host their own servers and trust Amazon, Google and Azure aka MS. They never said what they did with the money in detail.

    This is a good point, especially the one about Amazon. It wouldn’t really change anything if Signal would use own servers but using for that is Amazon is even worse.

    In case the server source code is there you can run some basic tests to check if what is promised is really true or not

    No, you are not able to verify what is running on the server unless you are the one who is controlling it.

    if their close the servers and add changes without releasing the source no can can detect if the servers are compromised or not. It is all about trust and verification.

    They are closing source only of small part of the server but in case of Signal it doesn’t really matter that much because there is no way of verifying what is actually running on the server.

    For example you can use new Signal app you compiled yourself with new features in it and quickly reveal if the server supports it already or not.

    Like you said, it would only verify if all new features are already supported. Still, you wouldn’t know if there are any backdoors or not because the client would work in exactly same way in both cases.

    How it works is explained here. If Signal had the docs on the new protocols, it would have been fine, but this was not the case.

    This is related only to the protocol and has nothing to do with verifying what is running on the server.

    You can break the key-exchange and use that to break open the E2E-Encryption. In theory, once you open this up you can fake auth + decide what messages are coming through.

    Technically you are right but it’s not specific to Signal.

    The only protection against tampering is that messages can’t be read and no additional metadata is stored as far as the client source tells us.

    Source of the client doesn’t tell you how the server handles your data though. Signal can store what they are collecting instead of deleting/hashing it. Hashing phone numbers is pointless anyway because those can be pretty quickly brute-forced nowadays.

    Assuming that someone is tampering with the encryption part, nothing would come trough or you would get error messages.

    Hopefully it would work that way.

    Signal acted unprofessional, first there was no updated source code, then they updated under pressure from the community

    I partially agree with that. They didn’t publish the code because they were working on new feature, but in my opinion it’s just stupid excuse.

    now they close it again. This is a serious thing.

    They close it to prevent spam. There are many other ways to mitigate spam though.

    Last time when Signal did not updated the source code in their servers we had conflicts, for example things like reactions etc. did not worked with the version of the server on public github.

    I understand that but it’s not a big deal to be honest.

    There are instructions on how to deploy the server code.

    Thank you for the links.

    Most people use Store apps like Google Play Store or Apple Clown Store and they need to trust them

    Unfortunately you are right on this one and people can’t get Signal from F-Droid either. If someone truly cares about privacy they should get Molly, it’s available in developer’s F-Droid repository as well.

    fully because they have no technical knowledge to verify the builds and Google etc do not provide checksums directly on their pages so you also cannot quickly check it against something.

    That’s nothing new but thank you for giving people next reason why they shouldn’t trust Google.

    They will not federate and they are very hostile with forks.

    To be honest I saw only one developer who was really aggressive towards anybody who even thought about forking Signal and creating alternative client.

    They think centralization and absolute control over the network is key.

    I fully agree with that statement.

    This is a problem with ethics, for some people this is important. The claim this is done because of spam is weird because most people never saw spam in years.

    Signal has so many users and everything is E2EE so it would be quite difficult to tell what percent of users actually received spam messages.

    Security by obfuscation isn’t security, Telegram pulls the same argument.

    You are right.

    It’s time to abandon ship. Let this MF die once and for all.

    Unfortunately for you, Signal will last a bit longer than your GitHub account.






  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    Try Status instead of Session.

    I tried it in the past and I was welcomed with messages from scammers and no moderation in any groups that I saw. I may give it second chance one day though.

    Fully FLOSS and their developers are not dicks who prioritize “muh dont want fixed notification” to digital rights.

    Session is quite new project, gains much more users then Status and thus generates more issues. If you would be a developer and you would prioritize fixing notifications that work for most users anyway over working on new open group server implementation to mitigate spam then your project wouldn’t last long. As a user I would rather see no notifications than get lots of spam that would make the platform unusable.


  • PandaCoderPLtoPrivacy*Permanently Deleted*
    link
    fedilink
    arrow-up
    7
    arrow-down
    2
    ·
    3 years ago

    Signal is centralized and you can’t verify what is running on the server so does it really change anything? I think it doesn’t, so people should stop panicking and switch to some decentralized messengers like Session instead.




  • PandaCoderPLOPtoPrivacyList of Briar forums
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    This is new forum created for Italian speakers. I just didn’t find anyone who would be interested in joining it yet. If you are Italian feel free to contact me on Briar and tell your friends about the forum as well.