Dark Arc

Video posts are something I kind of miss, particularly for gaming communities to share clips of gameplay

It’s called Voyager now

In a selfish way… I’d like for the UK to do this and for it to go horribly horribly wrong for them. Maybe that would finally get the US reps to get their heads out of their butts so l don’t have to keep signing petitions and writing essays about why weakening encryption is a horrible idea.

I’m curious - does this kind of report make people less likely to go with an AMD cpu?

For me, nah. This is well within the vein of “normal” problems for a CPU these days (neither AMD nor Intel seem to be able to avoid this sort of thing 100%)… and this particular issue seems to be fixed in hardware already for their Zen 3 chips (Nov 2020-Sept 2022) and Zen 4 chips (Sept 2022 - Present).

and that it’s owned by Google.

I mean yes, but it’s patent irrevocably royalty free, so it’s effectively owned by the public.

Google hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer implementations of the WebM Specifications, where such license applies only to those patent claims, both currently owned by Google and acquired in the future, licensable by Google that are necessarily infringed by implementation of the WebM Specifications. If You or your agent or exclusive licensee institute or order or agree to the institution of patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that any implementation of the WebM Specifications constitutes direct or contributory patent infringement, or inducement of patent infringement, then any rights granted to You under the License for the WebM Specifications shall terminate as of the date such litigation is filed. “WebM Specifications” means the specifications to the WebM codecs as embodied in the source code to the WebM codecs or any written description of such specifications, in either case as distributed by Google.

Source: https://www.webmproject.org/license/bitstream/

(But Dark, that’s WebM not WebP! – they share the same license: https://groups.google.com/a/webmproject.org/g/webp-discuss/c/W4_j7Tlofv8)

I mean… if you’re running millions of sites on one box, and that itself isn’t an issue, I’d assume your port saturation/traffic is pretty low.

I don’t know anything about Netbird, but I’ll link you to my ZeroTier pitch the last time I noticed someone talking about Tailscale: https://lemmy.world/comment/1058287.

If you vote in it or open it, it’s marked read in most apps (the default web UI included).

Yeah, it just got me on lemmy.world with a post that had no replies (prior to mine): https://lemmy.world/comment/1225371

Whoa, that’s pretty funny… It was near the top of my feed under the hot algorithm. 😂 Maybe this was upvoted by somebody recently…?

Also makes the question make more sense, that might be a new(er) feature.

Yes? There’s an icon for it on every community’s page (bottom right of the screenshot).

Yeah, it would be nice if they let people buy storage at a reasonable rate.

I use Bitwarden for passwords, but I think Proton Pass is an honorable mention. It’s possibly more secure, but still new.

Same, I was on world when it got hacked, rotated the simple login email, and rotated the password post hack (and deactivated the old email) just to be on the safe side.

The safest option would be for Lemmy to implement OAuth and apps that aren’t in some “official front end for xyz website mode” to authorize via OAuth with the backend instead of via credentials.

I’m using one for myself and one for my grandpa (who gets tons of landline spam calls).

I haven’t noticed a lot that’s different for either of us. I think the real reason to use one of these sites is if you want your contact information to be a bit harder to find.

That only stands true when the issue is not being actively exploited.

If you send these files over SSH, you’re good as that’s encrypted by ZeroTier and then encrypted again inside the SSH connection (and SSH does have perfect forward security).

See their cryptography section of their docs for more info.

You can read more here about what they’re working on:

• https://www.zerotier.com/blog/research-notes-on-2-x-cryptography/
• https://www.zerotier.com/blog/research-notes-aes-gmac-ctr-siv/

It’s been to long since I’ve read that to give anything more than a condensed “they’re improving their crypto significantly with ZeroTier 2” (not to mention memory safety via Rust).

I think it’s pretty secure and it will be getting better soon. In reality, I think it’s much more secure than what most people will end up with otherwise.

ZeroTier is open source, long running without incident, and the traffic is encrypted between peers.

The threat model is basically two fold though, in theory someone who has control of the ZeroTier roots (if you’re not using your own controller, if you’re using your own, then s/their roots/your roots/) could add routes to your devices, and add/remove devices that are part of your confirmation.

The encryption also doesn’t currently have perfect forward security, so if there’s a compromise in one of your connections, in theory some past state of that connection could be decrypted. In practice, I’m not sure this matters as traffic at a higher level for most sensitive things uses its own encryption and perfect forward security (but hey maybe you have some software that doesn’t).

The other thing I will note about that last point is that they’re working on a rust rewrite that will have updated crypto, including perfect forward security.

FOSS just means the software is open source. As I said, you can self host ZeroTier and not involve their servers (if you’re not doing things commercially, you pay for the license but still run your own controllers, or you use an older version which has been automatically relicensed by the change date to Apache 2.0).

That said, the traffic is peer-to-peer, in the majority of use cases there servers are acting as a bit more than syncthing’s servers (acting to facilitate the connection between two devices that want to talk together). See the other comment for some more thoughts here.