• 0 Posts
  • 13 Comments
Joined 6 months ago
cake
Cake day: June 10th, 2024

help-circle




  • “NixOS project” did not call anyone nazis, there was no “purge”, this article is clickbait and ragebait. What one contributor, however prolific, says, doesn’t represent the entire project (even though I somewhat agree with him here - there are sadly some bigots in the community).

    Nobody forced Eelco (the founder of Nix) to “abdicate”, but there was indeed pressure to step down as the de-facto BDFL put on him by various people. He’s respected as an engineer, architect, maintainer and mentor, but his community management skills were perceived to be lacking, and there were other perceived issues in the community - which boiled down to the fact that a lot of contributors didn’t feel like they could influence the direction of the project. Note that he’s not expelled from the project in any way, he’s still a maintainer of Nix itself, which AFAIU from my interactions with him is what interests him the most, and he’s more or less happy to leave administrative/community stuff to other people.

    Then began a process to establish a new governance structure. Currently, we’re up to a stage where there’s now formal community values and a new constitution for the project. There’s an election happening right now, with all active contributors able to become candidates or vote (although the deadline for candidate nominations has passed, so now we can only vote).



  • UNIX was kinda designed to be an IDE (of its time) by itself. Desktop/Server Linux (whether GNU or non-GNU) mostly continues this tradition; you are provided with some powerful tools for text manipulation, development, debugging and deployment out of the box in most distros. As such, any modern Linux distro is pretty good for development even out of the box. However, you must learn to use this power, and I’m not claiming it’s easy (I still regularly look up various manpages despite doing development on Linux for 10+ years in various forms).

    With that said, I myself prefer NixOS. It really feels more developer-oriented that other distros, as you get the power of Nix out of the box, and integrated into the system. With Nix you get easy access to the biggest software repository in the world. You get per-project development shells, so that you never have to worry about different toolchain versions for different projects, or your system being contaminated with bloat you no longer need. You get the power of reproducible packaging, to eliminate a lot of (but unfortunately not all of) “Works on my machine”-type of problems. It’s also got a hell of a learning curve, but I think it’s worth it.


  • Problem is not how weak or strong the encryption is

    Here it’s definitely part of discussion. The context was

    It’s encrypted anonymous communication capabilities.

    It’s barely anonymous, and poorly encrypted. The latter is the reason Durov is in custody while Signal devs are scott free. He could easily turn illegal stuff over to French authorities, but doesn’t.

    The bigger problem is that people somehow assume this a huge threat, while all previous cases didn’t involve anything like that.

    There have absolutely been cases where a backdoor/weakness/lack of encryption used to catch criminals before: https://en.wikipedia.org/wiki/Operation_Trojan_Shield https://en.wikipedia.org/wiki/Ennetcom https://en.wikipedia.org/wiki/EncroChat . I distinctly remember that there were also arrests of opposition activists in Russia based on personal messages in VKontakte, but can’t find the news right now.

    real criminals do their stuff everywhere (especially on telegram) for years, staying safe.

    Some are staying safe, others are being caught precisely because of this.

    Problem is not how weak or strong the encryption is, but that once you are under oppression and do opposition activities, you’re going to learn by yourself how to deal with it.

    Using better encryption schemes is definitely part of that.


  • Toy may call it TLS but it’s a custom protocol.

    Sure, it’s mtproto. The security it provides for non-encrypted chats (which are the absolute majority of chats) is not any different from just having TLS for transport. It’s potentially even worse as it’s not as well-audited.

    Data is not kept unencrypted on their servers, according to their docs.

    That just means that they store both your data in some encrypted way and the key. They can still read it trivially. You don’t even have to know the protocol to understand why: you can add new devices without having any other device online, and read all non-secret chats. It might also just mean disk encryption, in which case it’s plain-text in RAM while the server is running.




  • There’s user to server encryption, just not e2e.

    That’s exactly what the comment said: The only encryption that applies to most chats on that platform should be transport encryption via TLS. It’s about the same level of encryption as Lemmy PMs.

    The fact that Telegram doesn’t cooperate with French authorities doesn’t mean that it doesn’t cooperate with other authorities or sell your data to the highest bidder. They have all the technical means for it.

    Don’t use a regular Telegram chat if your life depends on the messages being private. Use XMPP, Matrix with E2EE, or at the very least Signal. Heck, even WhatsApp is (reportedly) better, as it claims to provide E2EE and that’s been checked by some security professionals who have been given access to the source code. If you absolutely must use Telegram for something like that, only use secret chats.


  • Telegram is categorically less encrypted than Signal for most chats. It’s mostly the same level of security as Facebook Messenger, Instagram DMs, even Email (SMTP/IMAP over TLS) or SMS: it only encrypts communications between the client and the server. Telegram can read everything you send in regular chats. The only way to get end-to-end encryption (such that Telegram technically can’t access your communication) is by starting a fussy and inconvenient “secret chat”. It can only be done between two people (so no E2E group chats at all), only when both are online at the same time, and it only works on the devices on which the secret chat was initiated and accepted; in other words, as a frequent user I’ve only used it once for some really sensitive personal information. Even then Telegram still has access to a lot of metadata about messages: phone numbers of both parties, when the messages are sent, how big they are, etc.

    I’m not saying that cooperating with intelligence/LE agencies is always an ethical, or even a good choice, but Telegram demonstrably had the ability to do so.