Website and blog:

Full bio

Gemini: gemini://

Main fedi:

PGP: see website

  • 12 Posts
Joined 1Y ago
Cake day: Jan 28, 2021


Check out the removeparam and redirect directives in the static filter syntax docs.

GitHub is both (proprietary) software and a service. The main product is the service, and the software is just a means to that.

The service consists of SaaS and/or paid support. They sell at least one of these to the military and/or ICE.

If GitLab or Sourcehut did something similar, the same would apply even those are open-core and FLOSS, respectively.

Given the attack surface of addons, I’ve downsized my addon usage.

  • I’ve replaced HTTPS-Everywhere with the built-in HTTPS-first/only modes in FF and Chromium.

  • In FF, I use userContent.css instead of Stylus.

  • I use uBlock Origin’s url-rewriting filters in place of redirection addons.

  • In Chromium, you can choose to have an addon only be enabled on certain sites. I do this with Stylus and Dark Background Light Text.

EDIT: more information:

  • I have a shell script that uses regex to “clean” urls in the clipboard and remove tracking params instead of the CleanURLs addon, since this is most useful when sharing links with others. I’ve gotten in the habit of previewing URL content before navigation (e.g. with a mouseover or by pasting into the URL bar) as well. If I want to navigate to a messy url, I just copy it and enter a keybind to clean the copied URL.

I use multiple browsers and profiles.

  • Normal browsers: Firefox with Cookie Autodelete, uBO, Stylus, Dark Background and Light Text; Chromium with uBO and Stylus. Stylus is only selective enabled.

  • For security-sensitive non-anonymous stuff, I run Chromium with flags to disable JIT and to disable JS by default, in a bubblewrap sandbox. This browser profile has no addons.

  • For peak anonymity (e.g. when using one of my anon alts), I run the Tor Browser in a Whonix VM. For quick anonymity I just use the regular Tor Browser Bundle in a bubblewrap sandbox. In an act of mercy towards my weak 2013 Haswell laptop’s battery, I no longer run Qubes. The Tor Browser should not ever be used with custom addons if you want anonymity.

Because the Tor browser should never run with addons and because I use a browser profile that has none, I don’t want addons to be a “crutch” that I depend on too much.

I do global hostname-blocking at the DNS level, so I can live without an adblocker. DNS blocking doesn’t do fine-grained subpage-blocking, conditional blocks, cosmetic filtering, redirects, etc. so a more complete solution is still worthwhile.

I also try to avoid injecting content into webpages with JS enabled, since that is extremely fingerprintable and opens a can of (in)security worms.

Some addons that I do not recommend at all:

  • Canvas Fingerprinting Defender: injects JS into pages, which is very fingerprintable and can trigger a CSP report if you don’t disable those. CSP reports can identify you even if you disable JS execution.

  • Anything that you can do without an addon, TBH. They do weaken the browser security model.

@SeirdytoMemesJust have a look

I prefer the previous version, but this works too.

A recent article on Corporate Memphis: Why does every advert look the same? Corporate Memphis.

Its popularity is the result of a feedback loop: it’s popular because it’s popular. It also makes people feel safe and comfortable (a form of brain-hacking, if you will).

Honestly, I wouldn’t mind it too much if it wasn’t so overused. Now I immediately feel distrustful the second I see it. It makes me assume that I’m looking at a page made by an advertiser rather than something honest. Product information shouldn’t try to make me feel something, it should tell me why I should and shouldn’t use something.

Unfortunately, lots of people used it because it had Google’s logo which made it much easier for management to get on-board. Re-writing the entire frontend while including all the user-hostile trackers/ads is a harder sell for the decision-makers.

In other words, AMP is faster and easy to convince your boss’ boss to use. Regular sane websites with a different CDN are even faster but less convincing.

Some of these sites are also trying to optimize their Core Web Vitals, and Amp makes it easier to do this. It’s far from the optimal way, though.

I personally don’t have a problem with pages loading more honestly and taking a second or two to send the first byte from a server across the world if it means less dependence on corps with enough money to build global CDN networks. In addition to giving Google more control of the Web, which is problematic enough, AMP seems targeted mostly towards the “corporate” web.

I agree that the PR process is bureaucratic, but that’s not the workflow that Git was made for. It’s a workflow popularized by GitHub.

The workflow that Git was made for was “make commits” + “export patches” + “send patches”. This typically happens over a mailing list. Under this workflow, sending a contribution is a two-step process: git commit and git send-email. The recipient could be a mailing list, or it could just be the developer’s email address you grabbed from a commit message. That’s part of the reason why Git has you include your email in every commit.

IRC diehard checking in. I prefer IRC to Matrix (been using both daily for a year or two now), but a switch wouldn’t be the end of the world.

Matrix has a high and growing complexity that makes developing a new client/server hard; as the spec grows, devs need to keep updating servers/clients with new features or risk being left behind. IRC clients can be whipped up by an individual in a short amount of time and then enter “maintenance mode”.

System requirements for running a Matrix server are extremely high with Synapse, and not that great with Dendrite and Conduit compared to most IRC implementations because of the need to sync room histories.

Matrix also has a lot of features that I’ve come to find unnecessary/distracting: typing notifications, stickers, profile pics, etc. It’s possible to carve out a subset of the protocol and just use that, but at that point it’s probably better to just use IRC.

Google AMP isn’t dead, it’s just not given preferential treatment in Google search anymore.

Yandex also has an equivalent technology called Turbo Pages; I’m not sure if Yandex has preferential treatment for that ATM.

I think both are awful and can be replaced by plain HTML/CSS 90% of the time.

@SeirdytoPrivacy*Permananently Deleted*

My enterprise-grade notes setup:

mkdir ~/Documents/Notes
cd ~/Documents/Notes
$EDITOR name_of_note.txt

For lecture notes, I do this:

$EDITOR "$(date +'%Y-%m-%dT%H:%M:%S%:z').md"

I don’t actually type out commands like these; I have alises for them. I sync my notes with git, so I don’t have to learn another tool just for notes.

I updated the “What explicitly opting out actually entails” section to further elaborate on why adding this header might not really improve user privacy.

Server side categorization for sites with ads is where this Permissions action is aimed at. What this is saying is that if an ad tries to get a cohort id from an opted-out site, it will receive a meaningless default value. This knowledge is for the benefit of advertisers, not webmasters.

The solution is not to include trackers on your page in the first place, such as third-party ads. Permissions-Policy applies to the page requested and its contents.

As for cohort calculation, things are messy. If one site is opted out and another consequently has a greater weight, the implications wrt. fingerprinting are vague. Opting out doesn’t necessarily reduce a user’s fingerprint. FLOSS is one aspect of a user’s interests, but there are countless others. There is/was no legal or technical obligation to obey either the DNT header or this permissions-policy header (strictly for the purposes of cohort calculation), since the latter isn’t standard usage of the permissions-policy header and the former isn’t even a standard header in the first place.

A coordinated effort is better spent getting users off Chrome than getting upstream software and webmasters to add this band-aid to their sites.

I updated the article to explicitly address this; check the “What explicitly opting out actually entails” section.

Lots of people have been spreading the often-unnecessary advice to add a Permissions-Policy response header to their sites to opt-out of Google’s FLoC, and some have been going so far as to ask FLOSS maintainers to patch their software to make this the default. When discussions got heated to the poi…

I wrote about both issues, and why Matrix isn’t a perfect solution, previously: part 1, part 2. Starring WhatsApp, Firefox, Signal, XMPP, Email, and Matrix.

Also discussed on Lemmy: part 1, part 2.

Signal’s problem is being a closed platform; Matrix suffers primarily from complexity. Both enable dependence on a single small group, and therefore enable user domestication. That being said, Matrix is considerably less bad than Signal.

For large public rooms, IRC continues to be the best option. All its issues are client-side; IRCv3 supports history, multiple devices, authentication without NickServ, and even typing notifications. All these features are supported on Oragono. For small, private E2EE rooms, all existing solutions have major trade-offs.

Qt Flatpak apps running outside of a KDE session (I run Sway) can’t even use Breeze-Dark. The only dark theme they have available is Adwaita-Dark, and you can only use that if you add a commandline parameter to override the theme with an envvar.

Wiby - Search Engine for the Classic Web

A search engine that’s optimized for surfing/discovery rather than finding specific information. Focuses on simple, non-commercial, hobbyist sites reminicent of the “old web” without much CSS/JS…

I’m not really sure if Lemmy is a good fit for Wiby, since it does use a lot of “CSS for cosmetic effect” (which is advised against on the submission page) and it only looks good in modern browsers. It’s a complex piece of software, not a simple webpage reminiscent of the “classic web”. Wiby is better for discovering really simple “Web 1.0” sites I can open in Dillo or edbrowse. Click “surprise me…” a few times and you’ll get the overall vibe.

Then again, I didn’t make Wiby so I don’t know this for sure.

Thanks! Glad people found it useful.

I love Wiby! Runarroo also features a random hit from Wiby every now and then, which I think is the perfect use-case; Wiby is better for surfing than searching.

I follow peoples’ gemlogs, browse geddit, and host my own Gemini capsule which has pretty much the same content as my Web site.

I love the information flow; one line has exactly one meaning (heading, link, bullet, blockquote, or preformatted-text toggle), and that meaning doesn’t change halfway through the line. Different clients can render pages with wildly different appearances; presentation is up to the user agent, not the author.

All it’s missing IMO is optional compression and some sort of hint to give screenreaders around preformatted blocks to let them know whether or not to skip them. The former could help in low-bandwidth settings and the latter would improve accessibility.

Most “alternative” search engines to the big three (Google, Bing, Yandex aka GBY) just proxy their results from GBY. I took a look at 30 non-meta search engines with their own crawlers/indexers to find actual alternatives. …

Most “alternative” search engines to the big three (Google, Bing, Yandex aka GBY) just proxy their results from GBY. I took a look at 30 non-meta search engines with their own crawlers/indexers to find actual alternatives. …

  • Official docs might mention them
  • Static analyzers/linters typically have docs in which they describe rationales for their rules
  • Crack open a book or two
  • Subscribe to RSS feeds for blogs from reputable people involved in the language’s development

I’ve been using a self-hosted webmentiond on my own site for about a month and a half, and I’ve loved the experience so I thought I’d share. Deploying is easy; it’s just a single statically-linked binary and an assets directory for the web UI…

I wrote a follow-up to a previous post, “Whatsapp and the domestication of users” (previous discussion)…

I wrote a follow-up to a previous post, “Whatsapp and the domestication of users” (previous discussion)…