mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-11-21 19:49:27 +01:00
run prettier (mainly proseWrap)
This commit is contained in:
parent
b6704b8da6
commit
85153f7ac2
4
.github/workflows/jekyll.yml
vendored
4
.github/workflows/jekyll.yml
vendored
@ -46,7 +46,9 @@ jobs:
|
||||
uses: actions/configure-pages@v5
|
||||
- name: Build with Jekyll
|
||||
# Outputs to the './_site' directory by default
|
||||
run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
|
||||
run:
|
||||
bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path
|
||||
}}"
|
||||
env:
|
||||
JEKYLL_ENV: production
|
||||
- name: Upload artifact
|
||||
|
@ -11,7 +11,8 @@ cache:
|
||||
- ${CI_PROJECT_DIR}/vendor
|
||||
|
||||
before_script:
|
||||
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev build-base libffi-dev libxml2-dev
|
||||
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev
|
||||
build-base libffi-dev libxml2-dev
|
||||
- bundle install
|
||||
|
||||
test:
|
||||
@ -37,7 +38,8 @@ pages:
|
||||
gitlab-ci-pre-commit:
|
||||
stage: build
|
||||
before_script:
|
||||
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev bash nodejs-current npm ruby ruby-bundler
|
||||
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev
|
||||
bash nodejs-current npm ruby ruby-bundler
|
||||
- pip install pre-commit --break-system-packages
|
||||
script:
|
||||
- pre-commit run --all-files --show-diff-on-failure
|
||||
|
@ -58,7 +58,8 @@ repos:
|
||||
[
|
||||
--update-only,
|
||||
--title,
|
||||
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>',
|
||||
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em
|
||||
lang="en">Automatically generated Table of Contents</em>',
|
||||
]
|
||||
|
||||
- repo: https://github.com/python-jsonschema/check-jsonschema
|
||||
|
@ -1,8 +1,7 @@
|
||||
cff-version: 1.2.0
|
||||
title: Aminda.eu
|
||||
message: >-
|
||||
If you use this website, please cite it using the
|
||||
metadata from this file.
|
||||
If you use this website, please cite it using the metadata from this file.
|
||||
type: software
|
||||
authors:
|
||||
- given-names: Aminda
|
||||
|
@ -32,29 +32,37 @@ checkmark.
|
||||
|
||||
- `sitemap.xml` — automatically generated by Jekyll when building
|
||||
- `sitemaps.xml` — manually written sitemap index pointing to sitemaps on my
|
||||
sites. I am not sure how it works when there are multiple domains, so
|
||||
I am keeping all sitemaps in robots.txt and sitemaps.xml on bottom
|
||||
of it. Same will possibly happen with other domains.
|
||||
sites. I am not sure how it works when there are multiple domains, so I am
|
||||
keeping all sitemaps in robots.txt and sitemaps.xml on bottom of it. Same will
|
||||
possibly happen with other domains.
|
||||
|
||||
## Unusual directories
|
||||
|
||||
Or directories that generally aren't encountered in other similar projects.
|
||||
|
||||
- `n/` - quick notes for my personal reference with memorable addresses.
|
||||
- `r/` - my personal url redirector for links that I have to refer to more or less often.
|
||||
- `txt/` - signed text files such as account list to decrease impact of identity theft attempts.
|
||||
- `r/` - my personal url redirector for links that I have to refer to more or
|
||||
less often.
|
||||
- `txt/` - signed text files such as account list to decrease impact of identity
|
||||
theft attempts.
|
||||
- `PGP/` - my current and some previous PGP keys.
|
||||
|
||||
### Submodules
|
||||
|
||||
- `ir/` - list of I2P services, previously a part of this repository for memorable addresses.
|
||||
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However it doesn't work with GitHub pages.
|
||||
- `ir/` - list of I2P services, previously a part of this repository for
|
||||
memorable addresses.
|
||||
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However
|
||||
it doesn't work with GitHub pages.
|
||||
- `or/` - same as `ir/`, but for Tor Onion Services.
|
||||
|
||||
## Building
|
||||
|
||||
1. Install `bundler` onto your system.
|
||||
1. `cd` to root of this repository, if you didn't already.
|
||||
1. _Optionally_ configure where you wish bundler to install everything. This repository already specifies `bundle config set --local path 'vendor/bundle'` in the gitignored `.bundle/config` file.
|
||||
1. _Optionally_ configure where you wish bundler to install everything. This
|
||||
repository already specifies `bundle config set --local path 'vendor/bundle'`
|
||||
in the gitignored `.bundle/config` file.
|
||||
1. Run `bundle install`
|
||||
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should work, just remember `bundle exec` in front of the command so the system wide installation doesn't unintentionally get used.
|
||||
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should
|
||||
work, just remember `bundle exec` in front of the command so the system wide
|
||||
installation doesn't unintentionally get used.
|
||||
|
10
_config.yml
10
_config.yml
@ -6,10 +6,12 @@ author:
|
||||
# Jekyll seo, appended after title
|
||||
tagline: Aminda Suomalainen ⚧︎
|
||||
description: > # this means to ignore newlines until "baseurl:"
|
||||
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment. ⚧︎
|
||||
<br/><br/><em lang="en">This website is licensed under the
|
||||
<a href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>
|
||||
by <a href="https://aminda.eu">Aminda Suomalainen</a>.</em>
|
||||
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am
|
||||
familiar with git and looking for employment. ⚧︎ <br/><br/><em
|
||||
lang="en">This website is licensed under the <a
|
||||
href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons
|
||||
Attribution 4.0 International License</a> by <a
|
||||
href="https://aminda.eu">Aminda Suomalainen</a>.</em>
|
||||
baseurl: "" # the subpath of your site, e.g. /blog/
|
||||
# I would like to use www subdomain to not have all cookies passed to top
|
||||
# level, but there seems to be a redirect issue otherwise.
|
||||
|
@ -9,24 +9,24 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
`@Annwenn` got me opering at her network after long pause with my opering.
|
||||
She also named this blogpost and requested me to write this and I don't
|
||||
have any better place where to put this, but I am starting with other talk
|
||||
before getting to the subject.
|
||||
`@Annwenn` got me opering at her network after long pause with my opering. She
|
||||
also named this blogpost and requested me to write this and I don't have any
|
||||
better place where to put this, but I am starting with other talk before getting
|
||||
to the subject.
|
||||
|
||||
It appears that I am not as bad oper as I thought as I was able to identify
|
||||
and find solutions to multiple issues including server-side aliases not
|
||||
working, SASL being loaded with services, but not with IRCd, CertFP loaded
|
||||
with services, but not IRCd, missing oper-only channels (and allowing
|
||||
everyone to join #services) etc.
|
||||
It appears that I am not as bad oper as I thought as I was able to identify and
|
||||
find solutions to multiple issues including server-side aliases not working,
|
||||
SASL being loaded with services, but not with IRCd, CertFP loaded with services,
|
||||
but not IRCd, missing oper-only channels (and allowing everyone to join
|
||||
#services) etc.
|
||||
|
||||
The services package is Atheme and IRCd InspIRCd which are the same I would
|
||||
have picked if I had started running IRC server which I was avoiding
|
||||
before. The forks of Atheme don't have any stable releases yet and Atheme
|
||||
is still getting security fixes.
|
||||
The services package is Atheme and IRCd InspIRCd which are the same I would have
|
||||
picked if I had started running IRC server which I was avoiding before. The
|
||||
forks of Atheme don't have any stable releases yet and Atheme is still getting
|
||||
security fixes.
|
||||
|
||||
I am not linking to the network or complete issue list here as I don't want
|
||||
too much traffic there.
|
||||
I am not linking to the network or complete issue list here as I don't want too
|
||||
much traffic there.
|
||||
|
||||
And now to the subject.
|
||||
|
||||
@ -59,12 +59,11 @@ First, register a channel, for example #test.
|
||||
```
|
||||
|
||||
Here $oper adds people who are opered to access list (if EXTTARGET $oper is
|
||||
enabled) and allows people who have +c in group !test to see the access
|
||||
list (even with PRIVATE on), invite themselves or see the channel key using
|
||||
ChanServ and have autovoice on the channel.
|
||||
enabled) and allows people who have +c in group !test to see the access list
|
||||
(even with PRIVATE on), invite themselves or see the channel key using ChanServ
|
||||
and have autovoice on the channel.
|
||||
|
||||
4. Set the options and flags of !test.4. Set the options and flags of
|
||||
!test.
|
||||
4. Set the options and flags of !test.4. Set the options and flags of !test.
|
||||
|
||||
```
|
||||
/msg groupserv set !test channel #test
|
||||
@ -72,10 +71,9 @@ ChanServ and have autovoice on the channel.
|
||||
/msg groupserv set !test open on
|
||||
```
|
||||
|
||||
joinflags +cvi means that when people join the group, they automatically
|
||||
have +cvi which allows them to have access in channels where !test has
|
||||
flags, take vhosts which are offered to the group and invite other people
|
||||
to the group.
|
||||
joinflags +cvi means that when people join the group, they automatically have
|
||||
+cvi which allows them to have access in channels where !test has flags, take
|
||||
vhosts which are offered to the group and invite other people to the group.
|
||||
|
||||
5. Offer vhosts to the group (requires you to be oper).
|
||||
|
||||
@ -92,5 +90,5 @@ to the group.
|
||||
/hs on
|
||||
```
|
||||
|
||||
`/hs offerlist` shows which vhosts are offered to you or groups where you
|
||||
have `+v`.
|
||||
`/hs offerlist` shows which vhosts are offered to you or groups where you have
|
||||
`+v`.
|
||||
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
layout: post
|
||||
comments: true
|
||||
title: "Getting help from network operators with channel issues when ops are away"
|
||||
title:
|
||||
"Getting help from network operators with channel issues when ops are away"
|
||||
category: [english]
|
||||
tags: [irc, english]
|
||||
redirect_from: /english/2015/01/24/getting_help_with_channel_issues.html
|
||||
@ -9,19 +10,18 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
In case you wish network operators to help you when your channel operators
|
||||
are away, please authorize them to do so. You can do this simply by
|
||||
command `/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this
|
||||
assumes that your network uses Atheme with exttarget $oper loaded._
|
||||
In case you wish network operators to help you when your channel operators are
|
||||
away, please authorize them to do so. You can do this simply by command
|
||||
`/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this assumes that
|
||||
your network uses Atheme with exttarget $oper loaded._
|
||||
|
||||
If you don't do this and there is trouble on your channel, it can be
|
||||
assumed that you don't want network operators to intervene and they most
|
||||
likely take no action. Taking action would also require using operator
|
||||
privileges such as `/samode` which might not be so nice unless the flags
|
||||
are set.
|
||||
If you don't do this and there is trouble on your channel, it can be assumed
|
||||
that you don't want network operators to intervene and they most likely take no
|
||||
action. Taking action would also require using operator privileges such as
|
||||
`/samode` which might not be so nice unless the flags are set.
|
||||
|
||||
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`.
|
||||
The only thing that must be changed is `#channel`.
|
||||
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`. The
|
||||
only thing that must be changed is `#channel`.
|
||||
|
||||
## Explanation of these flags
|
||||
|
||||
@ -32,9 +32,8 @@ The only thing that must be changed is `#channel`.
|
||||
- r - allows using kick/kickban/ban/unban commands
|
||||
- t - allows using topic/topicappend commands
|
||||
- A - allows seeing channel access lists and (MemoServ) sendops command
|
||||
- most of our alerts seem to be coming from opers who are accidentally
|
||||
using their priviledges and seeing access list of channel they have
|
||||
no access to.
|
||||
- most of our alerts seem to be coming from opers who are accidentally using
|
||||
their priviledges and seeing access list of channel they have no access to.
|
||||
- `<ChanServ> Mikaela ACCESS:LIST: #channel (oper override)`
|
||||
- e - exempts from akick and allows unbanning yourself
|
||||
|
||||
@ -48,22 +47,22 @@ Some flags change their meaning if written with wrong case:
|
||||
- H - automatic halfop and allows using halfop/dehalfop on yourself
|
||||
- O - automatic op and allows using op/deop on yourself
|
||||
- R - allows using recover, sync and clear commands
|
||||
- recover - deop everyone, remove key, invite yourself, add ban
|
||||
exception on yourself, unban yourself, set modes +im (invite-only,
|
||||
only voiced users can talk), op yourself and other fun...
|
||||
- recover - deop everyone, remove key, invite yourself, add ban exception on
|
||||
yourself, unban yourself, set modes +im (invite-only, only voiced users can
|
||||
talk), op yourself and other fun...
|
||||
- sync - sync the channel according to access list
|
||||
- clear - allows clearing akicks (+b flags), bans, flags, users
|
||||
(=kick everyone)
|
||||
- clear - allows clearing akicks (+b flags), bans, flags, users (=kick
|
||||
everyone)
|
||||
- a - allows using protect/deprotect commands
|
||||
- protect is sometimes also known as admin and is higher than op, but
|
||||
lower than owner/founder. Combine with +O to make it automatic.
|
||||
- protect is sometimes also known as admin and is higher than op, but lower
|
||||
than owner/founder. Combine with +O to make it automatic.
|
||||
|
||||
So you don't want to accidentally confuse different letters. `+VHO` aren't
|
||||
so dangerous and you can freely set them, but avoid confusing +r and +R and
|
||||
So you don't want to accidentally confuse different letters. `+VHO` aren't so
|
||||
dangerous and you can freely set them, but avoid confusing +r and +R and
|
||||
avoiding confusing +A and +a can also be a good idea.
|
||||
|
||||
## One last note
|
||||
|
||||
`$oper` matches everyone who is opered and requires Atheme to have
|
||||
exttarget $oper loaded. Some other networks use different ways to add opers
|
||||
to be on access list.
|
||||
`$oper` matches everyone who is opered and requires Atheme to have exttarget
|
||||
$oper loaded. Some other networks use different ways to add opers to be on
|
||||
access list.
|
||||
|
@ -12,55 +12,59 @@ redirect_from:
|
||||
|
||||
**TL;DR: if you don't verify SSL certificates, don't use SSL!**
|
||||
|
||||
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple
|
||||
improvements such as taking IP addresses from round-robins randomly instead
|
||||
of always resolving them into same IP and most notably it actually verifies
|
||||
SSL certificates.
|
||||
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple improvements
|
||||
such as taking IP addresses from round-robins randomly instead of always
|
||||
resolving them into same IP and most notably it actually verifies SSL
|
||||
certificates.
|
||||
|
||||
- [Changelog](https://wiki.znc.in/ChangeLog/1.6.0)
|
||||
|
||||
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which
|
||||
would be stupid, but sadly
|
||||
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which would
|
||||
be stupid, but sadly
|
||||
[Quakenet is right about most of people just accepting certificates blindly](https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless)
|
||||
as people are asking how to disable the SSL certificate verification on
|
||||
\#znc a lot.
|
||||
as people are asking how to disable the SSL certificate verification on \#znc a
|
||||
lot.
|
||||
|
||||
Some people even wrote [a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
|
||||
Some people even wrote
|
||||
[a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
|
||||
This isn't a good idea as patching ZNC can cause all kinds of issues as
|
||||
sometimes seen with zncstrap [1](https://github.com/ProjectFirrre/zncstrap/issues/16) [2](https://github.com/ProjectFirrre/zncstrap/issues/18) [3](https://github.com/znc/znc/issues/384).
|
||||
See also [contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
|
||||
sometimes seen with zncstrap
|
||||
[1](https://github.com/ProjectFirrre/zncstrap/issues/16)
|
||||
[2](https://github.com/ProjectFirrre/zncstrap/issues/18)
|
||||
[3](https://github.com/znc/znc/issues/384). See also
|
||||
[contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
|
||||
|
||||
I believe same policy should apply to patching ZNC as to config files,
|
||||
patch ZNC or edit config file and you will forfeit all support.
|
||||
I believe same policy should apply to patching ZNC as to config files, patch ZNC
|
||||
or edit config file and you will forfeit all support.
|
||||
|
||||
## And to the subject
|
||||
|
||||
If you don't verify SSL certificates, you only have a false sense of
|
||||
security as you let anyone between your ZNC and the IRC network. This is
|
||||
called as [Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
|
||||
There are also people asking for ZNC to trust the certificate for the
|
||||
first time and then be alerted if the certificate changes. What if the
|
||||
MITM is there during your first connection attempt and then you are
|
||||
alerted when the real IRC server gives you wrong certificate?
|
||||
If you don't verify SSL certificates, you only have a false sense of security as
|
||||
you let anyone between your ZNC and the IRC network. This is called as
|
||||
[Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
|
||||
There are also people asking for ZNC to trust the certificate for the first time
|
||||
and then be alerted if the certificate changes. What if the MITM is there during
|
||||
your first connection attempt and then you are alerted when the real IRC server
|
||||
gives you wrong certificate?
|
||||
|
||||
## So what is the correct way?
|
||||
|
||||
- Check the website of your IRC network in case the fingerprints are
|
||||
listed on their website.
|
||||
- Try asking the operators of your IRC network somewhere else if you know
|
||||
them (like another network or email).
|
||||
- Check the website of your IRC network in case the fingerprints are listed on
|
||||
their website.
|
||||
- Try asking the operators of your IRC network somewhere else if you know them
|
||||
(like another network or email).
|
||||
- This might not be so recommended, but also check the fingerprints from
|
||||
multiple locations.
|
||||
|
||||
> But the IRC network has hundreds of servers with different certificates!
|
||||
|
||||
In this case do what was recommened before ZNC 1.6.0, check some of the
|
||||
servers that are geographically close to you and use them.
|
||||
In this case do what was recommened before ZNC 1.6.0, check some of the servers
|
||||
that are geographically close to you and use them.
|
||||
|
||||
## Checking the fingerprint from multiple locations
|
||||
|
||||
I have shell function (which you can find later on this page) which I run
|
||||
from multiple places:
|
||||
I have shell function (which you can find later on this page) which I run from
|
||||
multiple places:
|
||||
|
||||
- my home, Kotka, Finland
|
||||
- [Kapsi (shell)](https://www.kapsi.fi/english.html), somewhere in Finland
|
||||
@ -83,36 +87,34 @@ serversslcertfp() {
|
||||
```
|
||||
|
||||
I hope this article has helped you to understand the issues with blindly
|
||||
accepting SSL certificates or at least to understand that _if you don't
|
||||
want to verify SSL certificates, don't use SSL._
|
||||
accepting SSL certificates or at least to understand that _if you don't want to
|
||||
verify SSL certificates, don't use SSL._
|
||||
|
||||
- _Updated on 2015-02-26 10:43Z: just use environment variables in the
|
||||
function like suggested by @DarthGandalf on \#znc._
|
||||
- _Updated on 2015-02-26 10:43Z: just use environment variables in the function
|
||||
like suggested by @DarthGandalf on \#znc._
|
||||
|
||||
## I am asked to verify fingerprint for network with valid certificate
|
||||
|
||||
_Added on 2015-09-03. 4. added on 2016-01-26._
|
||||
|
||||
There are usually four causes for this. Lets use liberachat as example
|
||||
network.
|
||||
There are usually four causes for this. Lets use liberachat as example network.
|
||||
|
||||
1. You don't have the `ca-certificates` package installed (`ca_root_nss`
|
||||
on FreeBSD), so your system trusts no certificate authority. Install it
|
||||
and try again.
|
||||
1. You don't have the `ca-certificates` package installed (`ca_root_nss` on
|
||||
FreeBSD), so your system trusts no certificate authority. Install it and try
|
||||
again.
|
||||
2. You are connecting to wrong address. liberachat's certificate is valid for
|
||||
\*.libera.chat, but there are CNAMEs pointing there. If you connect to
|
||||
CNAME and the certificate isn't valid for that CNAME, the certificate
|
||||
is invalid.
|
||||
\*.libera.chat, but there are CNAMEs pointing there. If you connect to CNAME
|
||||
and the certificate isn't valid for that CNAME, the certificate is invalid.
|
||||
- You should always connect to `irc.libera.chat`.
|
||||
3. There is MITM which is unlikely, but unlikely is not impossible.
|
||||
Validating the certificates either by trusted certificates or verifying
|
||||
the fingerprints securely manually protect you from this. If MITM is the
|
||||
case, you shouldn't connect.
|
||||
4. You have `ca-certificates` installed, but the remote certificate is
|
||||
signed by CA that is not included in it. You could try installing
|
||||
system updates in case `ca-certificates` have been updated or you will
|
||||
have to treat the certificate as invalid until ZNC starts supporting
|
||||
it's own CA storage. See (and comment if you encounter this)
|
||||
3. There is MITM which is unlikely, but unlikely is not impossible. Validating
|
||||
the certificates either by trusted certificates or verifying the fingerprints
|
||||
securely manually protect you from this. If MITM is the case, you shouldn't
|
||||
connect.
|
||||
4. You have `ca-certificates` installed, but the remote certificate is signed by
|
||||
CA that is not included in it. You could try installing system updates in
|
||||
case `ca-certificates` have been updated or you will have to treat the
|
||||
certificate as invalid until ZNC starts supporting it's own CA storage. See
|
||||
(and comment if you encounter this)
|
||||
[znc/znc#909](https://github.com/znc/znc/issues/909).
|
||||
|
||||
---
|
||||
@ -121,13 +123,14 @@ Section added on 2018-11-10: I have started using the new option to allow
|
||||
invalid SSL certificates in some cases as this post is only written with
|
||||
clearnet in mind.
|
||||
|
||||
I am on some networks over Yggdrasil or Cjdns which already have E2EE like
|
||||
Tor hidden services so as long as they are accessed directly, all benefits
|
||||
of TLS are there already and TLS certificates are an additional burden as
|
||||
with LetsEncrypt they will change often and LetsEncrypt doesn't support
|
||||
any network I mentioned.
|
||||
I am on some networks over Yggdrasil or Cjdns which already have E2EE like Tor
|
||||
hidden services so as long as they are accessed directly, all benefits of TLS
|
||||
are there already and TLS certificates are an additional burden as with
|
||||
LetsEncrypt they will change often and LetsEncrypt doesn't support any network I
|
||||
mentioned.
|
||||
|
||||
---
|
||||
|
||||
_As I seem to be updating this page more than I originally thought I should
|
||||
probably add [this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_
|
||||
probably add
|
||||
[this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_
|
||||
|
@ -9,33 +9,32 @@ tags: [irc, english]
|
||||
redirect_from: /english/2015/03/18/nodcc.html
|
||||
---
|
||||
|
||||
DCC was way to send files and chat without having IRC server in the
|
||||
between. It's not very common nowadays and what is done nowadays is
|
||||
uploading images etc. to social media services or web servers or using
|
||||
other file transfer protocols.
|
||||
DCC was way to send files and chat without having IRC server in the between.
|
||||
It's not very common nowadays and what is done nowadays is uploading images etc.
|
||||
to social media services or web servers or using other file transfer protocols.
|
||||
|
||||
Here are some reasons to not use it:
|
||||
|
||||
- There is no proper standard or if there is, no one follows it, all
|
||||
clients speak their own dialects and may be unable to communicate with
|
||||
other clients. Not all clients even implement the same features.
|
||||
- There is no proper standard or if there is, no one follows it, all clients
|
||||
speak their own dialects and may be unable to communicate with other clients.
|
||||
Not all clients even implement the same features.
|
||||
- NAT and firewalls break it
|
||||
- As DCC requires port on sending/hosting side, it must be opened in
|
||||
firewall and if there is NAT which there is in most of situations
|
||||
nowadays, the port must be forwarded. Most of average users have
|
||||
no idea how to do the latter if even the first.
|
||||
- As DCC requires port on sending/hosting side, it must be opened in firewall
|
||||
and if there is NAT which there is in most of situations nowadays, the port
|
||||
must be forwarded. Most of average users have no idea how to do the latter
|
||||
if even the first.
|
||||
- The only place where most of people see it is spam. The only thing lately
|
||||
where people have seen is two attacks which @grawity has documented
|
||||
[here](https://nullroute.eu.org/~grawity/dcc.html)
|
||||
|
||||
## Disabling DCC
|
||||
|
||||
This depends on your client and I am only able to give instructions for
|
||||
three:
|
||||
This depends on your client and I am only able to give instructions for three:
|
||||
|
||||
- WeeChat: "`/plugin unload xfer`" and "`/set weechat.plugin.autoload *,!xfer`"
|
||||
- The option in second command can be also be used to not automatically
|
||||
load other plugins, I personally use `/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
|
||||
- The option in second command can be also be used to not automatically load
|
||||
other plugins, I personally use
|
||||
`/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
|
||||
The `*,!xfer` simply means load everything else than xfer.
|
||||
- HexChat: "`/ignore *!*@* DCC`"
|
||||
- ZNC & clients behind it: "`/znc *controlpanel addctcp $me DCC`"
|
||||
|
@ -14,78 +14,72 @@ A little on my life currently
|
||||
|
||||
**TRIGGER WARNING: suicide, school bullying, transphobia**
|
||||
|
||||
I am 19 years old trans woman who also has Asperger's syndrome
|
||||
studying <s>for vocational qualification in business information
|
||||
technology</s> or would be studying if there wasn't one "small bullying
|
||||
issue." I haven't been at
|
||||
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for
|
||||
month and more.
|
||||
I am 19 years old trans woman who also has Asperger's syndrome studying <s>for
|
||||
vocational qualification in business information technology</s> or would be
|
||||
studying if there wasn't one "small bullying issue." I haven't been at
|
||||
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for month
|
||||
and more.
|
||||
|
||||
It started some time ago when I went there and it was mainly in three
|
||||
events on different days:
|
||||
It started some time ago when I went there and it was mainly in three events on
|
||||
different days:
|
||||
|
||||
- Coming from school canteen someone said "hi Mikaela, you are beautiful"
|
||||
in one boy group where I have no idea who said it or who they even are.
|
||||
- Going to school canteen someone of the same group said "hi" and I replied
|
||||
"hi" and I got third reply imitating my horrible masculine voice.
|
||||
- The last time going to school canteen I went to nearby bathroom to
|
||||
\<if I understood correctly, trans people do so horrible things in
|
||||
bahtroom that I cannot write it here :P\> and I heard my name being
|
||||
shouted there multiple times. When I leeft it and went to canteen, I
|
||||
just ignored them and went to canteen normally and heard them shouting
|
||||
after me "ONKO SULLA MUNAT!" which in spoken (Finnish) language
|
||||
translates to "DO YOU HAVE TESTICLES?".
|
||||
- Coming from school canteen someone said "hi Mikaela, you are beautiful" in one
|
||||
boy group where I have no idea who said it or who they even are.
|
||||
- Going to school canteen someone of the same group said "hi" and I replied "hi"
|
||||
and I got third reply imitating my horrible masculine voice.
|
||||
- The last time going to school canteen I went to nearby bathroom to \<if I
|
||||
understood correctly, trans people do so horrible things in bahtroom that I
|
||||
cannot write it here :P\> and I heard my name being shouted there multiple
|
||||
times. When I leeft it and went to canteen, I just ignored them and went to
|
||||
canteen normally and heard them shouting after me "ONKO SULLA MUNAT!" which in
|
||||
spoken (Finnish) language translates to "DO YOU HAVE TESTICLES?".
|
||||
|
||||
I informed this to school social worker and two teachers, but then I
|
||||
learned that the school is unable to do anything as I have no idea who
|
||||
the people are (what class or names). I was one day away and on then went
|
||||
back for some time and got more and more anxious and stressful on what
|
||||
if I saw the people somewhere or if they walke to canteen using the side
|
||||
door that I had been using. Since then I have been unable to go anywhere
|
||||
near Hamina.
|
||||
I informed this to school social worker and two teachers, but then I learned
|
||||
that the school is unable to do anything as I have no idea who the people are
|
||||
(what class or names). I was one day away and on then went back for some time
|
||||
and got more and more anxious and stressful on what if I saw the people
|
||||
somewhere or if they walke to canteen using the side door that I had been using.
|
||||
Since then I have been unable to go anywhere near Hamina.
|
||||
|
||||
There was one exception where I had scheduler appointment with the school
|
||||
social worker and I went there with my mother, but the school social
|
||||
worker was away with label on the door saying "if you had scheduled
|
||||
appointment, please contact me using Wilma (place to message teachers
|
||||
etc.)" so we wasted time 50 minutes per trip from [Kotka] to [Hamina] and
|
||||
[Hamina] to [Kotka].
|
||||
There was one exception where I had scheduler appointment with the school social
|
||||
worker and I went there with my mother, but the school social worker was away
|
||||
with label on the door saying "if you had scheduled appointment, please contact
|
||||
me using Wilma (place to message teachers etc.)" so we wasted time 50 minutes
|
||||
per trip from [Kotka] to [Hamina] and [Hamina] to [Kotka].
|
||||
|
||||
[kotka]: https://www.kotka.fi/en/residents
|
||||
[hamina]: https://hamina.fi/en/
|
||||
|
||||
---
|
||||
|
||||
_Update:
|
||||
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||
|
||||
I would graduate in summer without this issue and the only thing I have
|
||||
missing is work training. As I don't have work training place I was doing
|
||||
it at school with some other students until the bullying started.
|
||||
I would graduate in summer without this issue and the only thing I have missing
|
||||
is work training. As I don't have work training place I was doing it at school
|
||||
with some other students until the bullying started.
|
||||
|
||||
The work training didn't went too well as it felt like it was as far
|
||||
from real work environment as possible, teacher giving some tasks that are
|
||||
done in maybe 15 minutes and rest of time other people just playing games
|
||||
and drinking energy drinks.
|
||||
The work training didn't went too well as it felt like it was as far from real
|
||||
work environment as possible, teacher giving some tasks that are done in maybe
|
||||
15 minutes and rest of time other people just playing games and drinking energy
|
||||
drinks.
|
||||
|
||||
There is also another issue, me being scared of real work environment, but
|
||||
nothing can be done to it now and the fear will just be moved to trouble
|
||||
either my next school that I have thought to be
|
||||
[KyUAS](https://www.kyamk.fi/Frontpage) (but it seems likely that I will
|
||||
try to get to [Helsinki] or [Jyväskylä] and study there as people have
|
||||
offered to help me find apartment either from there) or anywhere where I
|
||||
will work in the future if I ever will.
|
||||
nothing can be done to it now and the fear will just be moved to trouble either
|
||||
my next school that I have thought to be [KyUAS](https://www.kyamk.fi/Frontpage)
|
||||
(but it seems likely that I will try to get to [Helsinki] or [Jyväskylä] and
|
||||
study there as people have offered to help me find apartment either from there)
|
||||
or anywhere where I will work in the future if I ever will.
|
||||
|
||||
[helsinki]: https://www.hel.fi/www/helsinki/en
|
||||
[jyväskylä]: https://www.hel.fi/www/helsinki/en
|
||||
|
||||
The school also offered to also give remote tasks, but it was too late and
|
||||
I don't feel like I can do anything anymore as the school hasn't done
|
||||
anything to help the situation.
|
||||
The school also offered to also give remote tasks, but it was too late and I
|
||||
don't feel like I can do anything anymore as the school hasn't done anything to
|
||||
help the situation.
|
||||
|
||||
How does this affect me? As people say, bullying leaves eternal scars and I
|
||||
am not someone who could stay away from school just for fun, I have talked
|
||||
about suicide daily and I have also just been talked out of it for the
|
||||
second time in two days. I don't believe I can live like this forever.
|
||||
How does this affect me? As people say, bullying leaves eternal scars and I am
|
||||
not someone who could stay away from school just for fun, I have talked about
|
||||
suicide daily and I have also just been talked out of it for the second time in
|
||||
two days. I don't believe I can live like this forever.
|
||||
|
||||
---
|
||||
|
@ -9,25 +9,26 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Or why am I using umode -iI and thus showing all channels that I am on at
|
||||
IRC? So you can find channels that may interest you if we have similar
|
||||
interests._
|
||||
_Or why am I using umode -iI and thus showing all channels that I am on at IRC?
|
||||
So you can find channels that may interest you if we have similar interests._
|
||||
|
||||
People ask this question from me a lot, often the same people as they don't
|
||||
remember my answer.
|
||||
|
||||
I am in umode -iI which shows the channels that I am on so if you think
|
||||
that I seem sane or interesting or whatever person and feel like you have
|
||||
similar interests, you can simply `/whois Mikaela` to see the public
|
||||
channels that I am on and join if you see anything interesting.
|
||||
I am in umode -iI which shows the channels that I am on so if you think that I
|
||||
seem sane or interesting or whatever person and feel like you have similar
|
||||
interests, you can simply `/whois Mikaela` to see the public channels that I am
|
||||
on and join if you see anything interesting.
|
||||
|
||||
But what about the trolls? I haven't had many trolls following me around
|
||||
and if that happens to you, you can simply send logs to network operators
|
||||
and if they are good opers, they will take action.
|
||||
But what about the trolls? I haven't had many trolls following me around and if
|
||||
that happens to you, you can simply send logs to network operators and if they
|
||||
are good opers, they will take action.
|
||||
|
||||
**_This section on (un)setting umodes was broken and moved [here]({% post_url blog/2015-06-03-setting-umodes %})_**
|
||||
**_This section on (un)setting umodes was broken and moved
|
||||
[here]({% post_url blog/2015-06-03-setting-umodes %})_**
|
||||
|
||||
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding
|
||||
all channels from whois depending on the modules loaded and IRCd config._
|
||||
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding all
|
||||
channels from whois depending on the modules loaded and IRCd config._
|
||||
|
||||
_Update on 2015-06-03: setting/unsetting umodes moved [here]({% post_url blog/2015-06-03-setting-umodes %})._
|
||||
_Update on 2015-06-03: setting/unsetting umodes moved
|
||||
[here]({% post_url blog/2015-06-03-setting-umodes %})._
|
||||
|
@ -14,8 +14,8 @@ redirect_from:
|
||||
This seems to confuse many WeeChat users, so I will try to explain it more
|
||||
simply as I am repeating myself everywhere about this same thing.
|
||||
|
||||
SASL is mechanism for identifying to services at IRC automatically even
|
||||
before you are visible to the network.
|
||||
SASL is mechanism for identifying to services at IRC automatically even before
|
||||
you are visible to the network.
|
||||
|
||||
---
|
||||
|
||||
@ -25,10 +25,10 @@ First set mechanism as plain if you have it as anything else.
|
||||
/set irc.server_default.sasl_mechanism PLAIN
|
||||
```
|
||||
|
||||
PLAIN is simple "login using username and password" mechanism that sends
|
||||
the username and password in plaintext which isn't an issue if you also use
|
||||
SSL (like you should) and trust the server (and
|
||||
**use different password everywhere**).
|
||||
PLAIN is simple "login using username and password" mechanism that sends the
|
||||
username and password in plaintext which isn't an issue if you also use SSL
|
||||
(like you should) and trust the server (and **use different password
|
||||
everywhere**).
|
||||
|
||||
Then simply set your username and password
|
||||
|
||||
@ -39,11 +39,11 @@ Then simply set your username and password
|
||||
/save
|
||||
```
|
||||
|
||||
_Replace NETWORK with the name of network that you have in WeeChat, for
|
||||
example `liberachat`._
|
||||
_Replace NETWORK with the name of network that you have in WeeChat, for example
|
||||
`liberachat`._
|
||||
|
||||
And now after `/reconnect` you should be identified automatically using
|
||||
SASL, but you might also ensure that you use SSL.
|
||||
And now after `/reconnect` you should be identified automatically using SASL,
|
||||
but you might also ensure that you use SSL.
|
||||
|
||||
## Using SSL
|
||||
|
||||
@ -62,10 +62,9 @@ _6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194)._
|
||||
liberachat has valid SSL certificate, but if it didn't, you would have two
|
||||
choises:
|
||||
|
||||
1. Trust the fingerprints manually using
|
||||
`irc.server.NETWORK.ssl_fingerprint`, see [this post].
|
||||
1. Trust the fingerprints manually using `irc.server.NETWORK.ssl_fingerprint`,
|
||||
see [this post].
|
||||
2. Disable SSL certificate checking using
|
||||
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
|
||||
[this post].
|
||||
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see [this post].
|
||||
|
||||
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}
|
||||
|
@ -14,54 +14,53 @@ robots: noai
|
||||
_Why I think that you should keep the ops opped instead of following
|
||||
LiberaChat's recommendations._
|
||||
|
||||
Is there an issue with your IRC channel needing op attention? Without
|
||||
having ops visible, your users will very likely go to the network support
|
||||
channel instead of informing you or your ops.
|
||||
Is there an issue with your IRC channel needing op attention? Without having ops
|
||||
visible, your users will very likely go to the network support channel instead
|
||||
of informing you or your ops.
|
||||
|
||||
Without ops being visible, who are ops or how to alert them?
|
||||
|
||||
- `/msg chanserv flags #channel`
|
||||
- requires whoising all ops to see if they are present
|
||||
- idle time gets reset by CTCP replies, OTR and possibly other
|
||||
things. LiberaChat staffers may also base their judgement on are
|
||||
there ops present to handle the issue on idletime of ops.
|
||||
- idle time gets reset by CTCP replies, OTR and possibly other things.
|
||||
LiberaChat staffers may also base their judgement on are there ops present
|
||||
to handle the issue on idletime of ops.
|
||||
- new users most likely have no idea on the command
|
||||
- remote (=different server) whois is rate-limited
|
||||
- lists accountnames, not nicknames the people are actually using
|
||||
- e.g. I have a less privileged account `Mikaela-`, but my Matrix
|
||||
connection is usually called `Michaela` which may not instantly connect
|
||||
in people's minds. Ciblia which is one of my fallback usernames is
|
||||
even further away from `Mikaela`.
|
||||
- e.g. I have a less privileged account `Mikaela-`, but my Matrix connection
|
||||
is usually called `Michaela` which may not instantly connect in people's
|
||||
minds. Ciblia which is one of my fallback usernames is even further away
|
||||
from `Mikaela`.
|
||||
- `/msg memoserv sendops #channel help! X is spamming`
|
||||
- requires +A flag which isn't mostly given to everyone
|
||||
- new users are unsure whether they have the flag if they even know
|
||||
about existense of the flag or the MemoServ command.
|
||||
- new users are unsure whether they have the flag if they even know about
|
||||
existense of the flag or the MemoServ command.
|
||||
|
||||
There is also third commonly used method, having trigger word that either
|
||||
highlights all the ops or makes bot PM or highlight the ops which again
|
||||
has it's own issues:
|
||||
highlights all the ops or makes bot PM or highlight the ops which again has it's
|
||||
own issues:
|
||||
|
||||
- are the ops surely highlighting on it?
|
||||
- the users can be confused for not getting any kind of acknowledging to
|
||||
the triggerword without bot and possibly spam it even more
|
||||
- the users can be confused for not getting any kind of acknowledging to the
|
||||
triggerword without bot and possibly spam it even more
|
||||
- if the bot PMs the ops, what if they are on umode +g and miss the bot?
|
||||
- if the bot highlights all the ops, what if the ops automatically ignore
|
||||
mass highlights (multiple nicks highlighted on the same line)?
|
||||
- if the bot highlights all the ops, what if the ops automatically ignore mass
|
||||
highlights (multiple nicks highlighted on the same line)?
|
||||
- and again, are the users aware of the triggerword?
|
||||
- if you clearly document it on webpage of your channel, the users
|
||||
should be aware of it, but what if they didn't bother to read it or
|
||||
forgot it? Their fault probably, but your channel is having issues
|
||||
for longer time...
|
||||
- if you clearly document it on webpage of your channel, the users should be
|
||||
aware of it, but what if they didn't bother to read it or forgot it? Their
|
||||
fault probably, but your channel is having issues for longer time...
|
||||
|
||||
And there is also the issue of having to trust services or your bots.
|
||||
What if the services go down or netsplit and the same happens to your bot?
|
||||
You are out of luck unless you had the ops opped in which case the outage
|
||||
doesn't affect you that much at all.
|
||||
And there is also the issue of having to trust services or your bots. What if
|
||||
the services go down or netsplit and the same happens to your bot? You are out
|
||||
of luck unless you had the ops opped in which case the outage doesn't affect you
|
||||
that much at all.
|
||||
|
||||
Counter argument: if ops are shown on a support channel, that can make
|
||||
people new to IRC ping them about everything instead of asking in the
|
||||
channel in gneral. I think it's up to the channel operators to decide how
|
||||
much that weights and can the new users be educated without much effort.
|
||||
Counter argument: if ops are shown on a support channel, that can make people
|
||||
new to IRC ping them about everything instead of asking in the channel in
|
||||
gneral. I think it's up to the channel operators to decide how much that weights
|
||||
and can the new users be educated without much effort.
|
||||
|
||||
## Fixing LiberaChat
|
||||
|
||||
@ -74,18 +73,19 @@ Tell ChanServ the following three commands:
|
||||
```
|
||||
|
||||
The ! means "add these flags to everyone who currently matches the template
|
||||
exactly" so when you do this everyone who you have made xOP with
|
||||
`/msg chanserv someone xOP" gets opped or voiced automatically.<br/>
|
||||
_Note: templates including F (founder) are not automatically updated even
|
||||
with the !._
|
||||
exactly" so when you do this everyone who you have made xOP with `/msg chanserv
|
||||
someone xOP" gets opped or voiced automatically.<br/> _Note: templates including
|
||||
F (founder) are not automatically updated even with the !._
|
||||
|
||||
Alternatively if you have been setting flags manually use
|
||||
`/msg chanserv flags #channel someone +O` to automatically op them. You
|
||||
must also do this to yourself if you are channel founder, for auto-voicing
|
||||
use +V. _Note: +o allows you to manually op/deop anyone, +v is the same,
|
||||
but for voice, so don't confuse the casing._
|
||||
`/msg chanserv flags #channel someone +O` to automatically op them. You must
|
||||
also do this to yourself if you are channel founder, for auto-voicing use +V.
|
||||
_Note: +o allows you to manually op/deop anyone, +v is the same, but for voice,
|
||||
so don't confuse the casing._
|
||||
|
||||
Changelog:
|
||||
|
||||
- Part 1: https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
|
||||
- Part 2: https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md
|
||||
- Part 1:
|
||||
https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
|
||||
- Part 2:
|
||||
https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md
|
||||
|
@ -12,39 +12,37 @@ redirect_from: /finnish/2015/04/01/saasta.html
|
||||
|
||||
> Minun pitäisi kai myös antaa jonkinlainen mielipide.
|
||||
>
|
||||
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua
|
||||
> asioita, mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja
|
||||
> kai tälle sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut
|
||||
> käytettyä, mutta luulen että joskus loukkaantuneena olen käyttänyt,
|
||||
> en muista enempää ja minulla ei muisti ole toiminut viimeaikoina.
|
||||
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua asioita,
|
||||
> mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja kai tälle
|
||||
> sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut käytettyä,
|
||||
> mutta luulen että joskus loukkaantuneena olen käyttänyt, en muista enempää ja
|
||||
> minulla ei muisti ole toiminut viimeaikoina.
|
||||
>
|
||||
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin
|
||||
> yhä koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti
|
||||
> kuvaa... Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi
|
||||
> Nimi, olet kaunis", seuraavalla kerralla "moi" ja pilkattu
|
||||
> maskuliinista ääntäni ja kolmannella kerralla en ole saanut käydä
|
||||
> vessassa rauhassa vaan nimeäni huudettiin ja kun en kiinnittänyt niihin
|
||||
> minkäänlaista huomiota ne huusivat perääni onko minulla munat.
|
||||
> No kouluhan ei luonnollisesti voi tehdä yhtikäs mitään, koska en ole cis,
|
||||
> enkä neurotyypillinen eli minä olen vain kotona ollut kuukauden ja
|
||||
> varmaan päivittäin puhunut itsemurhasta.
|
||||
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin yhä
|
||||
> koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti kuvaa...
|
||||
> Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi Nimi, olet
|
||||
> kaunis", seuraavalla kerralla "moi" ja pilkattu maskuliinista ääntäni ja
|
||||
> kolmannella kerralla en ole saanut käydä vessassa rauhassa vaan nimeäni
|
||||
> huudettiin ja kun en kiinnittänyt niihin minkäänlaista huomiota ne huusivat
|
||||
> perääni onko minulla munat. No kouluhan ei luonnollisesti voi tehdä yhtikäs
|
||||
> mitään, koska en ole cis, enkä neurotyypillinen eli minä olen vain kotona
|
||||
> ollut kuukauden ja varmaan päivittäin puhunut itsemurhasta.
|
||||
>
|
||||
> Olenhan minä kai myös huono ihminen, koska olen riidoissa kaikkien kanssa
|
||||
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain
|
||||
> toivon, että olisin cistyttö ja neurotyypillinen ja, että joku voisi
|
||||
> joskus rakastaa minua. En tiedä onko ulkona oleminen minulle paras
|
||||
> vaihtoehto, mutta en voi muutakaan ja ehkä se auttaa jotakuta edes vähän,
|
||||
> vaikka en koskaan kuulisi koko henkilöstä mitään ja minä yritän tehdä
|
||||
> minkä voin, vaikka mikään ei onnistukaan ja teen ja sanon kaiken aina
|
||||
> väärin.
|
||||
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain toivon,
|
||||
> että olisin cistyttö ja neurotyypillinen ja, että joku voisi joskus rakastaa
|
||||
> minua. En tiedä onko ulkona oleminen minulle paras vaihtoehto, mutta en voi
|
||||
> muutakaan ja ehkä se auttaa jotakuta edes vähän, vaikka en koskaan kuulisi
|
||||
> koko henkilöstä mitään ja minä yritän tehdä minkä voin, vaikka mikään ei
|
||||
> onnistukaan ja teen ja sanon kaiken aina väärin.
|
||||
>
|
||||
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti
|
||||
> jossakin tapetaan trans-henkilö, etenkin trans woman of colour
|
||||
> (en uskalla kääntää tätä suomeksi) ja joka puolella säädetään erilaisia
|
||||
> LGBTIQ+ vastaisia lakeja ja nyt on ollut noista vessoista paljon puhetta.
|
||||
> Tästä asiasta vain ei ole mahdollista saada lepoa.
|
||||
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti jossakin
|
||||
> tapetaan trans-henkilö, etenkin trans woman of colour (en uskalla kääntää tätä
|
||||
> suomeksi) ja joka puolella säädetään erilaisia LGBTIQ+ vastaisia lakeja ja nyt
|
||||
> on ollut noista vessoista paljon puhetta. Tästä asiasta vain ei ole
|
||||
> mahdollista saada lepoa.
|
||||
>
|
||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
|
||||
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
|
||||
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||
|
||||
-- Facebook-kommentti
|
||||
|
@ -12,41 +12,39 @@ redirect_from: /english/2015/04/03/scum.html
|
||||
|
||||
> I should probably also say some kind of opinion.
|
||||
|
||||
> I don't like calling anyone names and I think it would be best to just
|
||||
> talk about things, but there are always people who don't listen or
|
||||
> want to understand and maybe this word has it's usage, I haven't used it
|
||||
> much, but I think that I might have used it sometime when upset, but
|
||||
> I don't remember more and my memory hasn't worked lately.
|
||||
> I don't like calling anyone names and I think it would be best to just talk
|
||||
> about things, but there are always people who don't listen or want to
|
||||
> understand and maybe this word has it's usage, I haven't used it much, but I
|
||||
> think that I might have used it sometime when upset, but I don't remember more
|
||||
> and my memory hasn't worked lately.
|
||||
>
|
||||
> Of course it can probably be thought that if I was more attacking,
|
||||
> I might still be at school unlike the people there whom this word
|
||||
> possibly describes... Shortly, first time they said "hi Name, you are
|
||||
> beautiful", next time "hi" and mocked my masculine voice and the third
|
||||
> time I couldn't even use bathroom in peace, my name was shouted and
|
||||
> when I ignored them and didn't look them at all, they shouted after me
|
||||
> if I have \<male genitalia\>. School naturally cannot do anything at
|
||||
> all, because I am not cis or neurotypical so I have just been at home
|
||||
> for month and talked about suicide possibly daily.
|
||||
> Of course it can probably be thought that if I was more attacking, I might
|
||||
> still be at school unlike the people there whom this word possibly
|
||||
> describes... Shortly, first time they said "hi Name, you are beautiful", next
|
||||
> time "hi" and mocked my masculine voice and the third time I couldn't even use
|
||||
> bathroom in peace, my name was shouted and when I ignored them and didn't look
|
||||
> them at all, they shouted after me if I have \<male genitalia\>. School
|
||||
> naturally cannot do anything at all, because I am not cis or neurotypical so I
|
||||
> have just been at home for month and talked about suicide possibly daily.
|
||||
>
|
||||
> I am probably bad human, because I am in disputes with everyone
|
||||
> everywhere and I am not good trans either, because I only wish that I
|
||||
> was cis girl and neurotypical and that someone could love me some day. I
|
||||
> don't know if being out is the best possible choise for me, but I don't
|
||||
> have a choice and maybe it will help someone even if I never heard about
|
||||
> the person and I try to do everything I can even if nothing ever succeeds
|
||||
> and I always do and say everything wrongly.
|
||||
> I am probably bad human, because I am in disputes with everyone everywhere and
|
||||
> I am not good trans either, because I only wish that I was cis girl and
|
||||
> neurotypical and that someone could love me some day. I don't know if being
|
||||
> out is the best possible choise for me, but I don't have a choice and maybe it
|
||||
> will help someone even if I never heard about the person and I try to do
|
||||
> everything I can even if nothing ever succeeds and I always do and say
|
||||
> everything wrongly.
|
||||
>
|
||||
> I am tired of this war which is always in these comments and continuosly
|
||||
> trans person is killed somewhere, especially trans woman of colour
|
||||
> and everywhere there are laws against LGBTIQ+ people and now there has
|
||||
> been aa lot talk about those bathrooms. It's just not possible to get
|
||||
> rest from this thing.
|
||||
> I am tired of this war which is always in these comments and continuosly trans
|
||||
> person is killed somewhere, especially trans woman of colour and everywhere
|
||||
> there are laws against LGBTIQ+ people and now there has been aa lot talk about
|
||||
> those bathrooms. It's just not possible to get rest from this thing.
|
||||
>
|
||||
> (and I once again managed to talk offtopic most of the time, but as I
|
||||
> wrote this, maybe I must also send this)
|
||||
> (and I once again managed to talk offtopic most of the time, but as I wrote
|
||||
> this, maybe I must also send this)
|
||||
>
|
||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
|
||||
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
|
||||
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||
|
||||
-- Facebook comment
|
||||
|
||||
|
@ -15,71 +15,78 @@ robots: noai
|
||||
_IRC over TLS is not pointless unless you only worry about things that you
|
||||
cannot affect at all. SSL is pointless, because of [POODLE]._
|
||||
|
||||
I use IRC over TLS on all networks that support it (=other than IRCnet)
|
||||
and I also [verify the certificates]. TLS is used
|
||||
I use IRC over TLS on all networks that support it (=other than IRCnet) and I
|
||||
also [verify the certificates]. TLS is used
|
||||
|
||||
_Update on 2015-06-18: I was told that IRCnet does have SSL on
|
||||
ssl.irc.atw-inter.net and ssl.rfc1459.ca, but server links are mostly
|
||||
unencrypted. I am not able to use those though as Finnish channels are
|
||||
mostly stupid and letting people only in from Finnish servers._
|
||||
unencrypted. I am not able to use those though as Finnish channels are mostly
|
||||
stupid and letting people only in from Finnish servers._
|
||||
|
||||
- between my client and bouncer
|
||||
- when they both are on localhost it's not used and my bouncer only
|
||||
listens for plain text connections only on `127.0.0.1` and `::1`.
|
||||
- when they both are on localhost it's not used and my bouncer only listens
|
||||
for plain text connections only on `127.0.0.1` and `::1`.
|
||||
- between my bouncer and IRCd
|
||||
|
||||
These are the points that I can affect. I cannot do anything to server
|
||||
links other than hope that the network operators know what they are doing
|
||||
and use TLS. I cannot affect whether other users use TLS or not or do they
|
||||
check the certificates or blindly accept whatever they are offered.
|
||||
These are the points that I can affect. I cannot do anything to server links
|
||||
other than hope that the network operators know what they are doing and use TLS.
|
||||
I cannot affect whether other users use TLS or not or do they check the
|
||||
certificates or blindly accept whatever they are offered.
|
||||
|
||||
As I use TLS everywhere where I can affect, I can be more sure that
|
||||
my discussions aren't so easily read on:
|
||||
As I use TLS everywhere where I can affect, I can be more sure that my
|
||||
discussions aren't so easily read on:
|
||||
|
||||
- open WLAN
|
||||
- any router between me and the bouncer
|
||||
- any router between bouncer and the IRC server
|
||||
|
||||
And like everyone else says, you cannot be sure on the server links
|
||||
or other people on the channels or queries. You can only make sure that
|
||||
**you** are using TLS.
|
||||
And like everyone else says, you cannot be sure on the server links or other
|
||||
people on the channels or queries. You can only make sure that **you** are using
|
||||
TLS.
|
||||
|
||||
One example where TLS is very helpful even if you have no idea whether
|
||||
the other people use SSL is passwords:
|
||||
One example where TLS is very helpful even if you have no idea whether the other
|
||||
people use SSL is passwords:
|
||||
|
||||
- your NickServ password isn't in plain text between you and the IRC
|
||||
server, but you again cannot know if the IRC server sends it to other
|
||||
IRC server(s) in plain text that are between the server where you are
|
||||
connected to and services server.
|
||||
- your /OPER password in case you are IRC operator. Imagine being on
|
||||
open WLAN or similar situation and transmitting your password in
|
||||
plain text and someone else taking that password. What kind of "fun"
|
||||
things they could do with it?
|
||||
- your NickServ password isn't in plain text between you and the IRC server, but
|
||||
you again cannot know if the IRC server sends it to other IRC server(s) in
|
||||
plain text that are between the server where you are connected to and services
|
||||
server.
|
||||
- your /OPER password in case you are IRC operator. Imagine being on open WLAN
|
||||
or similar situation and transmitting your password in plain text and someone
|
||||
else taking that password. What kind of "fun" things they could do with it?
|
||||
|
||||
_Now you can move into reading why [IRC over SSL is pointless], [web.archive.org]..._
|
||||
_Now you can move into reading why [IRC over SSL is pointless],
|
||||
[web.archive.org]..._
|
||||
|
||||
[poodle]: https://en.wikipedia.org/wiki/POODLE
|
||||
|
||||
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %}
|
||||
[IRC over SSL is pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
||||
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %} [IRC
|
||||
over SSL
|
||||
is
|
||||
pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
||||
[web.archive.org]:https://web.archive.org/web/20130425123002/http://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
||||
|
||||
## Addition: who is interested in my traffic?
|
||||
|
||||
- Finland - Security Police & Defence Forces
|
||||
- Currently law allowing Security Police and the Defence Forces to do
|
||||
network monitoring without limitations is going to pass in the
|
||||
parlament.
|
||||
- Currently law allowing Security Police and the Defence Forces to do network
|
||||
monitoring without limitations is going to pass in the parlament.
|
||||
- Sweden - National Defence Radio Establishment & Security Police & Police
|
||||
- Sweden has monitored all traffic going through them since 2008
|
||||
and most of Finnish traffic goes through them.
|
||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
|
||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
|
||||
- 2015-04-23 (in Finnish) https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html / https://archive.is/iYrsl
|
||||
- Sweden has monitored all traffic going through them since 2008 and most of
|
||||
Finnish traffic goes through them.
|
||||
- 2015-04-23
|
||||
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
|
||||
- 2015-04-23
|
||||
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
|
||||
- 2015-04-23 (in Finnish)
|
||||
https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html
|
||||
/ https://archive.is/iYrsl
|
||||
- UK - GCHQ
|
||||
- Cooperating with Sweden
|
||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
|
||||
- 2015-04-23
|
||||
https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
|
||||
- USA - NSA
|
||||
- Cooperating with Sweden
|
||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
|
||||
- 2015-04-23
|
||||
https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
|
||||
- Many others? :(
|
||||
|
@ -8,35 +8,36 @@ redirect_from: /english/2015/05/10/znc-ubuntu.html
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_Many people seem to be installing ZNC using some weird instructions and
|
||||
don't ever upgrade after that. This is yet another unofficial install
|
||||
guide, but with this you should be able to upgrade too._
|
||||
_Many people seem to be installing ZNC using some weird instructions and don't
|
||||
ever upgrade after that. This is yet another unofficial install guide, but with
|
||||
this you should be able to upgrade too._
|
||||
|
||||
**This is not the official install guide, if you are looking for that,
|
||||
[click here.](https://wiki.znc.in/Installation)** _You will find these
|
||||
same instructions there too though._
|
||||
[click here.](https://wiki.znc.in/Installation)** _You will find these same
|
||||
instructions there too though._
|
||||
|
||||
Step 0: If you had already installed ZNC from source, go to the source
|
||||
directory and run `make uninstall` or `sudo make uninstall` if needed.
|
||||
Step 0: If you had already installed ZNC from source, go to the source directory
|
||||
and run `make uninstall` or `sudo make uninstall` if needed.
|
||||
|
||||
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes
|
||||
the latest version of ZNC for [supported Ubuntu releases](https://wiki.ubuntu.com/Releases)
|
||||
and this guide uses it.
|
||||
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes the
|
||||
latest version of ZNC for
|
||||
[supported Ubuntu releases](https://wiki.ubuntu.com/Releases) and this guide
|
||||
uses it.
|
||||
|
||||
1. Install required package for adding PPAs: `sudo apt-get install python-software-properties`
|
||||
1. Install required package for adding PPAs:
|
||||
`sudo apt-get install python-software-properties`
|
||||
2. Add the PPA `sudo add-apt-repository ppa:teward/znc`
|
||||
3. Refresh list of packages in the repos `sudo apt-get update`
|
||||
4. If you had installed ZNC from Ubuntu repositories, now you could run
|
||||
`sudo apt-get upgrade`, otherwise finally install ZNC with
|
||||
`sudo apt-get install znc`.
|
||||
|
||||
ZNC is now installed. If you had it running before installing from PPA,
|
||||
you should restart it especially if it was different version than what the
|
||||
PPA has.
|
||||
ZNC is now installed. If you had it running before installing from PPA, you
|
||||
should restart it especially if it was different version than what the PPA has.
|
||||
|
||||
Now you can either (new ZNC user) run `znc --makeconf` to create config
|
||||
file and then (existing ZNC user) run `znc` and your ZNC starts listening
|
||||
on where you told it to listen.
|
||||
Now you can either (new ZNC user) run `znc --makeconf` to create config file and
|
||||
then (existing ZNC user) run `znc` and your ZNC starts listening on where you
|
||||
told it to listen.
|
||||
|
||||
You might also want to read:
|
||||
|
||||
|
@ -9,34 +9,33 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Yet another note-to-self post, but these links are confusing, how do you
|
||||
make proper irc:// or ircs:// link?_
|
||||
_Yet another note-to-self post, but these links are confusing, how do you make
|
||||
proper irc:// or ircs:// link?_
|
||||
|
||||
I started wondering about the proper way to make irc/ircs links today and
|
||||
based on the following addresses
|
||||
I started wondering about the proper way to make irc/ircs links today and based
|
||||
on the following addresses
|
||||
|
||||
- https://www.iana.org/assignments/uri-schemes/prov/ircs
|
||||
- https://tools.ietf.org/html/draft-butcher-irc-url-04
|
||||
|
||||
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of
|
||||
what was said above :frown: and the proper way how you make links without
|
||||
getting eaten by HTML5 validator is
|
||||
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address
|
||||
would become
|
||||
`ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
|
||||
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of what
|
||||
was said above :frown: and the proper way how you make links without getting
|
||||
eaten by HTML5 validator is
|
||||
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address would
|
||||
become `ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
|
||||
See [Percent-encoding at Wikipedia]. Thanks Mardeg at irc.mozilla.org.
|
||||
|
||||
[percent-encoding at wikipedia]: https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
|
||||
[percent-encoding at wikipedia]:
|
||||
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
|
||||
|
||||
- specifies that the link uses SSL with the _s_ (for plain text just remove
|
||||
it)
|
||||
- specifies that the link uses SSL with the _s_ (for plain text just remove it)
|
||||
- specifies the port so client doesn't have to guess it
|
||||
- clearly specifies the channels without leaving prefixes for the client
|
||||
to guess
|
||||
- clearly specifies the channels without leaving prefixes for the client to
|
||||
guess
|
||||
|
||||
The previously linked pages also contain other forms, but this seems the
|
||||
best to me and I am against using channel keys as there are better ways
|
||||
to keep channel private (such as restricted or +i and +I to authorized
|
||||
people) and server passwords aren't used anywhere where I would encounter
|
||||
them, other than forwarding the password to NickServ, but that is depracted
|
||||
by [SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).
|
||||
The previously linked pages also contain other forms, but this seems the best to
|
||||
me and I am against using channel keys as there are better ways to keep channel
|
||||
private (such as restricted or +i and +I to authorized people) and server
|
||||
passwords aren't used anywhere where I would encounter them, other than
|
||||
forwarding the password to NickServ, but that is depracted by
|
||||
[SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).
|
||||
|
@ -8,42 +8,41 @@ redirect_from: /english/2015/05/18/life-bot-background.html
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_More on my life and a little background on bots; also trigger warning
|
||||
about probably everything..._
|
||||
_More on my life and a little background on bots; also trigger warning about
|
||||
probably everything..._
|
||||
|
||||
Start with the [previous post on the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
|
||||
Start with the [previous post on
|
||||
the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
|
||||
|
||||
_Update:
|
||||
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||
|
||||
So I have been away from school for months now and the fact that I won't
|
||||
graduate seems very sure. I haven't left home unless I have had too either
|
||||
and after today I might leave home even then.
|
||||
graduate seems very sure. I haven't left home unless I have had too either and
|
||||
after today I might leave home even then.
|
||||
|
||||
I don't remember last week so well, so probably nothing happened, I was
|
||||
away from home for two events at Helsinki which is tiring as the bus
|
||||
trip from Kotka-Helsinki is two hours, rest of the week I was at home
|
||||
with the exception of visiting cottage and replacing elorn (Banana Pi which
|
||||
didn't like upgrade from Bananian Wheezy to Bananian Jessie) with rbtpzn
|
||||
(a little better system, Raspberry Pi B+ running Arch Linux ARM), I don't
|
||||
remember what else happened.
|
||||
I don't remember last week so well, so probably nothing happened, I was away
|
||||
from home for two events at Helsinki which is tiring as the bus trip from
|
||||
Kotka-Helsinki is two hours, rest of the week I was at home with the exception
|
||||
of visiting cottage and replacing elorn (Banana Pi which didn't like upgrade
|
||||
from Bananian Wheezy to Bananian Jessie) with rbtpzn (a little better system,
|
||||
Raspberry Pi B+ running Arch Linux ARM), I don't remember what else happened.
|
||||
|
||||
I have also been anxious too much for being healthy and I have talked about
|
||||
suicide probably daily. Last night Doctor [Google] also suggested
|
||||
[Avoidant personality disorder] and I am waiting for seeing "mental
|
||||
health professional" again and asking if that is possible.
|
||||
suicide probably daily. Last night Doctor [Google] also suggested [Avoidant
|
||||
personality disorder] and I am waiting for seeing "mental health professional"
|
||||
again and asking if that is possible.
|
||||
|
||||
[google]: https://encrypted.google.com/
|
||||
[avoidant personality disorder]: https://en.wikipedia.org/wiki/Avoidant_personality_disorder
|
||||
[avoidant personality disorder]:
|
||||
https://en.wikipedia.org/wiki/Avoidant_personality_disorder
|
||||
|
||||
And back to today, I had possibly my worst bus trip between Kotka and
|
||||
Helsinki. First there was bully from previous school and even if they
|
||||
didn't do anything, just seeing is enough to trigger heavy anxiety to me.
|
||||
<br/>Then there were two people sitting in front of me at the bus, small
|
||||
child and one adult. The child kept making loud noice for most of the trip
|
||||
and at some point dropped whatever the thing is on bus seats behind your
|
||||
head to me and only stared.<br/>
|
||||
I was too anxious even without them, so I didn't tell the adult anything
|
||||
and there wouldn't have been any use in that as they didn't care about
|
||||
their behaviour anyway and it would have been my fault anyway for sitting
|
||||
there or annoying them just for existing.
|
||||
And back to today, I had possibly my worst bus trip between Kotka and Helsinki.
|
||||
First there was bully from previous school and even if they didn't do anything,
|
||||
just seeing is enough to trigger heavy anxiety to me. <br/>Then there were two
|
||||
people sitting in front of me at the bus, small child and one adult. The child
|
||||
kept making loud noice for most of the trip and at some point dropped whatever
|
||||
the thing is on bus seats behind your head to me and only stared.<br/> I was too
|
||||
anxious even without them, so I didn't tell the adult anything and there
|
||||
wouldn't have been any use in that as they didn't care about their behaviour
|
||||
anyway and it would have been my fault anyway for sitting there or annoying them
|
||||
just for existing.
|
||||
|
@ -9,25 +9,23 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
As my blog is so full of suicidality and depression and how I won't
|
||||
graduate, I probably must inform here that I have graduated according to
|
||||
YLE News.
|
||||
As my blog is so full of suicidality and depression and how I won't graduate, I
|
||||
probably must inform here that I have graduated according to YLE News.
|
||||
|
||||
- [web.archive.org: Etelä-Kymenlaakson ammattiopisto 2015-05-29](https://web.archive.org/web/20150602001658/http://yle.fi/uutiset/etela-kymenlaakson_ammattiopisto/8023952)
|
||||
- YLE had apparently changed their URL breaking the old link and when
|
||||
I was informed of this, I tried to search the current live version,
|
||||
but was only able to find it from Waybackmachine.
|
||||
- YLE had apparently changed their URL breaking the old link and when I was
|
||||
informed of this, I tried to search the current live version, but was only
|
||||
able to find it from Waybackmachine.
|
||||
- [Google Translated link](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fweb.archive.org%2Fweb%2F20150602001658%2Fhttp%3A%2F%2Fyle.fi%2Fuutiset%2Fetela-kymenlaakson_ammattiopisto%2F8023952&edit-text=)
|
||||
- Note that Google Translate changes my name to "Finnish Mikaela" as
|
||||
Suomalainen means a Finn or Finnish or similar.
|
||||
|
||||
What happens next? Nothing until I am legally recognized as a woman which
|
||||
currently seems to happen in winter at soonest. As I have told everyone,
|
||||
I won't be applying anywhere with my current person identification number
|
||||
as all databases mark me as a man and I don't want to have weird situations
|
||||
like I currently have e.g. student information system separates by gender
|
||||
and puts Mikaela Suomalainen in the middle of men which raises questions…
|
||||
currently seems to happen in winter at soonest. As I have told everyone, I won't
|
||||
be applying anywhere with my current person identification number as all
|
||||
databases mark me as a man and I don't want to have weird situations like I
|
||||
currently have e.g. student information system separates by gender and puts
|
||||
Mikaela Suomalainen in the middle of men which raises questions…
|
||||
|
||||
What is said in previous posts still applies, I am not moving outdoors
|
||||
unless I have to which means visit to Helsinki where I am able to move more
|
||||
freely.
|
||||
What is said in previous posts still applies, I am not moving outdoors unless I
|
||||
have to which means visit to Helsinki where I am able to move more freely.
|
||||
|
@ -11,43 +11,41 @@ redirect_from:
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Everyone knows the `/ignore` command, but there is also `/filter` which
|
||||
I feel is superiour._
|
||||
_Everyone knows the `/ignore` command, but there is also `/filter` which I feel
|
||||
is superiour._
|
||||
|
||||
First, how do they differ?
|
||||
|
||||
- Ignore removes all lines from the person you are ignoring permanently and
|
||||
they aren't logged or anything.
|
||||
- Filter only hides the messages from the person and is very customizable,
|
||||
but I am only describing my ignoring here. They are still logged and
|
||||
by toggling filters they become visible.
|
||||
- Ignore removes all lines from the person you are ignoring permanently and they
|
||||
aren't logged or anything.
|
||||
- Filter only hides the messages from the person and is very customizable, but I
|
||||
am only describing my ignoring here. They are still logged and by toggling
|
||||
filters they become visible.
|
||||
|
||||
And how do you use it?
|
||||
|
||||
- `/filter add FILTERNAME * nick_*NICKHERE* *`
|
||||
- FILTERNAME is the name how you recognize the filter, I usually put
|
||||
the nick there.
|
||||
- The first `*` is buffer where the filter is used in and means simply
|
||||
"all buffers".
|
||||
- `nick_*NICKHERE*` means that you want to filter lines from
|
||||
`*NICKHERE*`, the asterisks are important as it makes sure that the
|
||||
user doesn't change their nick to `NICKHERE_` who again wouldn't be
|
||||
filtered.
|
||||
- And the last `*`, what do you want to filter from that nick?
|
||||
Everything.
|
||||
- FILTERNAME is the name how you recognize the filter, I usually put the nick
|
||||
there.
|
||||
- The first `*` is buffer where the filter is used in and means simply "all
|
||||
buffers".
|
||||
- `nick_*NICKHERE*` means that you want to filter lines from `*NICKHERE*`, the
|
||||
asterisks are important as it makes sure that the user doesn't change their
|
||||
nick to `NICKHERE_` who again wouldn't be filtered.
|
||||
- And the last `*`, what do you want to filter from that nick? Everything.
|
||||
|
||||
But doesn't this defeat the whole point of ignoring? That depends on you
|
||||
and do you think you will ever need the ignored content.
|
||||
But doesn't this defeat the whole point of ignoring? That depends on you and do
|
||||
you think you will ever need the ignored content.
|
||||
|
||||
One good example where you might want to have the content is when you are
|
||||
channel op and someone on your ignore list joins the channel and someone
|
||||
else alerts ops.
|
||||
channel op and someone on your ignore list joins the channel and someone else
|
||||
alerts ops.
|
||||
|
||||
With ignore you see nothing, with filter you just toggle your filters and
|
||||
see that someone who you had filtered joined on the channel and did
|
||||
something against the channel rules and you can easily take action.
|
||||
With ignore you see nothing, with filter you just toggle your filters and see
|
||||
that someone who you had filtered joined on the channel and did something
|
||||
against the channel rules and you can easily take action.
|
||||
|
||||
Further reading, check `/help filter`, you will enjoy at least
|
||||
the smart filter, `/filter add irc_smart * irc_smart_filter *` (hides
|
||||
joins/quits/parts/etc. unless the person has talked in X minutes configured
|
||||
in `/help irc.look.smart_filter_delay`).
|
||||
Further reading, check `/help filter`, you will enjoy at least the smart filter,
|
||||
`/filter add irc_smart * irc_smart_filter *` (hides joins/quits/parts/etc.
|
||||
unless the person has talked in X minutes configured in
|
||||
`/help irc.look.smart_filter_delay`).
|
||||
|
@ -9,20 +9,18 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_As I have written more about umodes than I thought, I am breaking the
|
||||
posts setting/unsetting is documented here and I will link here from other
|
||||
posts._
|
||||
_As I have written more about umodes than I thought, I am breaking the posts
|
||||
setting/unsetting is documented here and I will link here from other posts._
|
||||
|
||||
Simply use `/umode +mo-des` or if that is unknown command (as it's alias
|
||||
in most of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo"
|
||||
and unset "des". _These might not be real umodes and they are here just as
|
||||
an example._
|
||||
Simply use `/umode +mo-des` or if that is unknown command (as it's alias in most
|
||||
of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo" and unset
|
||||
"des". _These might not be real umodes and they are here just as an example._
|
||||
|
||||
## Automatic umodes
|
||||
|
||||
Umodes aren't remembered across connections so you must configure your
|
||||
client to (un)set them automatically. **Your umodes won't be change this
|
||||
way until you reconnect!**
|
||||
Umodes aren't remembered across connections so you must configure your client to
|
||||
(un)set them automatically. **Your umodes won't be change this way until you
|
||||
reconnect!**
|
||||
|
||||
_These examples use the umodes that I am using at the time of writing._
|
||||
|
||||
@ -31,36 +29,37 @@ _These examples use the umodes that I am using at the time of writing._
|
||||
- WeeChat
|
||||
- Old way: `/set irc.server_default.command /mode $nick -iI+wRQxg`
|
||||
- Modern way (1.7+): `/set irc.server_default.usermode -iI+wRQxg`
|
||||
- _For setting umodes only for one network instead of them all
|
||||
replace server_default with server.name, e.g._
|
||||
- _For setting umodes only for one network instead of them all replace
|
||||
server_default with server.name, e.g._
|
||||
- `/set irc.server.liberachat.usermode -iI+wRQxg`
|
||||
- ZNC:
|
||||
- Traditional way: `/msg *status loadmod perform` and
|
||||
`/msg *perform add mode %nick% -iI+wRQxg`
|
||||
- The same can also be done in webadmin and if you load perform for
|
||||
user level, adding the command `mode %nick% -iI+wRQxg` will set
|
||||
umode -iI+wrqXG on all networks.
|
||||
- The modes will apply to all networks if you load it on user
|
||||
level or only the invidual network on network level.
|
||||
- The same can also be done in webadmin and if you load perform for user
|
||||
level, adding the command `mode %nick% -iI+wRQxg` will set umode -iI+wrqXG
|
||||
on all networks.
|
||||
- The modes will apply to all networks if you load it on user level or only
|
||||
the invidual network on network level.
|
||||
- Modern way: [ZNC issue #1221](https://github.com/znc/znc/issues/1221)
|
||||
|
||||
### And what these umodes mean
|
||||
|
||||
This list is what I want the umodes to mean when I set them automatically.
|
||||
For what the actual umodes are on your network, try `/quote help umode` or
|
||||
This list is what I want the umodes to mean when I set them automatically. For
|
||||
what the actual umodes are on your network, try `/quote help umode` or
|
||||
`/quote help umodes`.
|
||||
|
||||
- i — invisible, hides your channel list from whois with ircd-seven and
|
||||
possibly some other ircds. Also hides you from /who of people who don't
|
||||
share channels with you. [See also why I unset it here.]({% post_url blog/2015-03-26-umode--i %})
|
||||
- I — On InspIRCd with [hidechans] module hides your channel list from
|
||||
whois.
|
||||
- w — receive wallops, less-important announcements from network operators
|
||||
that are only received by those who are curious and have umode +w. More
|
||||
important announcements are usually global notices.
|
||||
- R — block PMs from unidentified users (who tend to be spambots and if
|
||||
they aren't, they can identify to services).
|
||||
- i — invisible, hides your channel list from whois with ircd-seven and possibly
|
||||
some other ircds. Also hides you from /who of people who don't share channels
|
||||
with you. [See also why I unset
|
||||
it here.]({% post_url blog/2015-03-26-umode--i %})
|
||||
- I — On InspIRCd with [hidechans] module hides your channel list from whois.
|
||||
- w — receive wallops, less-important announcements from network operators that
|
||||
are only received by those who are curious and have umode +w. More important
|
||||
announcements are usually global notices.
|
||||
- R — block PMs from unidentified users (who tend to be spambots and if they
|
||||
aren't, they can identify to services).
|
||||
- Q — block channel redirects on Charybdis (mode +f or banforward).
|
||||
- x — activates IRCd based uncloaking even if it's [not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
|
||||
- x — activates IRCd based uncloaking even if it's
|
||||
[not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
|
||||
- g — caller-id, people must be `/accepted` or PMed before they can PM you.
|
||||
- t — only users using SSL can PM.
|
||||
|
@ -9,27 +9,27 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_People often wonder about this and I thought that I could probably write
|
||||
about this, how do you make IRC channel secret/private, either hiding it
|
||||
from other people or not letting others in._
|
||||
_People often wonder about this and I thought that I could probably write about
|
||||
this, how do you make IRC channel secret/private, either hiding it from other
|
||||
people or not letting others in._
|
||||
|
||||
_Modes spbiI are standard and should be the same on all IRCds. I am also
|
||||
assuming that your network uses Atheme IRC Services or fork of it._
|
||||
|
||||
To make channel secret, there are two useful modes. You might also want to
|
||||
mlock them with `/msg chanserv help set mlock`.
|
||||
To make channel secret, there are two useful modes. You might also want to mlock
|
||||
them with `/msg chanserv help set mlock`.
|
||||
|
||||
- +s — hides the channel from all channel lists (for non-opers)
|
||||
-i). Keep in mind that you always see channels that you are on or share
|
||||
with other people in whois. +p also prevents `/knock` (which is command
|
||||
to request invite to the channel) on some IRCds.
|
||||
- +s — hides the channel from all channel lists (for non-opers) -i). Keep in
|
||||
mind that you always see channels that you are on or share with other people
|
||||
in whois. +p also prevents `/knock` (which is command to request invite to the
|
||||
channel) on some IRCds.
|
||||
|
||||
Other nice modes that you may be interested in are:
|
||||
|
||||
- +b — (ban) depnding on does your network support extbans, try
|
||||
`/quote help extban`.
|
||||
- +r — on Charybdis prevents unidentified users from joining the channel,
|
||||
you will want this with RESTRICTED.
|
||||
- +r — on Charybdis prevents unidentified users from joining the channel, you
|
||||
will want this with RESTRICTED.
|
||||
- InspIRCd uses +R
|
||||
- - S — on Charybdis prevents users not using SSL/TLS from joining.
|
||||
- InspIRCd uses +z
|
||||
@ -37,43 +37,43 @@ Other nice modes that you may be interested in are:
|
||||
And to make channel private, there are two ways, mode +i/+I and ChanServ
|
||||
RESTRICTED (auto-kban unauthorized users).
|
||||
|
||||
With RESTRICTED you will want to prevent unidentified users from joining
|
||||
or you will get people attempting to join while unidentified and then
|
||||
banned immediately and unable to join after identifying.
|
||||
With RESTRICTED you will want to prevent unidentified users from joining or you
|
||||
will get people attempting to join while unidentified and then banned
|
||||
immediately and unable to join after identifying.
|
||||
|
||||
To use it,
|
||||
|
||||
1. Give people who are supposed to be on the channel flags, I use +ViA
|
||||
which means auto-**Voice**, **i**nvite oneself and can see **A**ccess
|
||||
lists, you don't have to use these, but these are probably the most
|
||||
safe flags and the users must have at least one account to not be
|
||||
kbanned. `/msg ChanServ flags #channel account +ViA`
|
||||
1. Give people who are supposed to be on the channel flags, I use +ViA which
|
||||
means auto-**Voice**, **i**nvite oneself and can see **A**ccess lists, you
|
||||
don't have to use these, but these are probably the most safe flags and the
|
||||
users must have at least one account to not be kbanned.
|
||||
`/msg ChanServ flags #channel account +ViA`
|
||||
2. `/msg ChanServ set #channel restricted on`
|
||||
3. You are ready, but you might also want to
|
||||
`/msg ChanServ set #channel private on`, so people cannot use
|
||||
`/msg chanserv access #channel list` to see who are the secret people
|
||||
you let in (and who aren't on the channel between auto-kban).
|
||||
`/msg chanserv access #channel list` to see who are the secret people you let
|
||||
in (and who aren't on the channel between auto-kban).
|
||||
|
||||
And last, mode +i and +I which are the oldest way to do this, but also the
|
||||
most difficult.
|
||||
And last, mode +i and +I which are the oldest way to do this, but also the most
|
||||
difficult.
|
||||
|
||||
First you set the mode +i and now everyone must be `/invite`d to the
|
||||
channel or they cannot join. Then you set +I like you would set a ban
|
||||
(read the `/quote help extban), here I assume you use Charybdis.
|
||||
First you set the mode +i and now everyone must be `/invite`d to the channel or
|
||||
they cannot join. Then you set +I like you would set a ban (read the `/quote
|
||||
help extban), here I assume you use Charybdis.
|
||||
|
||||
To allow user with account `friend` you would `/mode +I $a:friend` and
|
||||
they are able to join freely without needing to be `/invite`d every time.
|
||||
To allow user with account `friend` you would `/mode +I $a:friend` and they are
|
||||
able to join freely without needing to be `/invite`d every time.
|
||||
|
||||
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful
|
||||
as they allow everyone to use the `/invite` command.
|
||||
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful as
|
||||
they allow everyone to use the `/invite` command.
|
||||
|
||||
I said that +iI is difficult and I must probably explain why it's so.
|
||||
|
||||
- It doesn't use services and the lists get emptied always when the channel
|
||||
gets empty.
|
||||
- It's tied to whatever you give it, if you give it hostmask and that
|
||||
changes, the person cannot get in anymore. Also if you gave it extban
|
||||
matching to accountname and the person changes accountname, they are
|
||||
again unable to join until the +I is updated.
|
||||
- _These were the reasons that came to mind at first, if you have others,
|
||||
feel free to suggest them._
|
||||
- It doesn't use services and the lists get emptied always when the channel gets
|
||||
empty.
|
||||
- It's tied to whatever you give it, if you give it hostmask and that changes,
|
||||
the person cannot get in anymore. Also if you gave it extban matching to
|
||||
accountname and the person changes accountname, they are again unable to join
|
||||
until the +I is updated.
|
||||
- _These were the reasons that came to mind at first, if you have others, feel
|
||||
free to suggest them._
|
||||
|
@ -10,28 +10,26 @@ redirect_from:
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_This post describes my UFW config and is here so I find it from somewhere
|
||||
and with hope that I am told if someone notices something terriby insecure
|
||||
here and is able to offer suggestions. This probably will never be
|
||||
perfect._
|
||||
_This post describes my UFW config and is here so I find it from somewhere and
|
||||
with hope that I am told if someone notices something terriby insecure here and
|
||||
is able to offer suggestions. This probably will never be perfect._
|
||||
|
||||
Having firewall is important as you aren't always in your trusted home
|
||||
network (that can also be broken into especially if you have WLAN) and
|
||||
with IPv6 your devices have public IPv6 addresses. Theoretically your
|
||||
router should include a firewall, but at least the Huawei mobile broadband
|
||||
routers or MiFis don't include one (and I might be annoyed by it enough
|
||||
to disable it anyway and configure everything on host level if it was
|
||||
my network).
|
||||
Having firewall is important as you aren't always in your trusted home network
|
||||
(that can also be broken into especially if you have WLAN) and with IPv6 your
|
||||
devices have public IPv6 addresses. Theoretically your router should include a
|
||||
firewall, but at least the Huawei mobile broadband routers or MiFis don't
|
||||
include one (and I might be annoyed by it enough to disable it anyway and
|
||||
configure everything on host level if it was my network).
|
||||
|
||||
_Threat model: service I am not aware of or that I accidentally make
|
||||
listen wider than intended, with UFW I am aware of what ports are
|
||||
allowed. I assume any mobile host is going to move randomly and while
|
||||
some whitelists (especially link-local and IPv4 LANs) will overlap and
|
||||
possibly allow access, it's still better than being open to the internet
|
||||
and overlay networks that I have interacted with recently._
|
||||
_Threat model: service I am not aware of or that I accidentally make listen
|
||||
wider than intended, with UFW I am aware of what ports are allowed. I assume any
|
||||
mobile host is going to move randomly and while some whitelists (especially
|
||||
link-local and IPv4 LANs) will overlap and possibly allow access, it's still
|
||||
better than being open to the internet and overlay networks that I have
|
||||
interacted with recently._
|
||||
|
||||
This post first has list of commands, then explanations that won't be
|
||||
repeated with IPvX ranges.
|
||||
This post first has list of commands, then explanations that won't be repeated
|
||||
with IPvX ranges.
|
||||
|
||||
Fedora/firewalld? [n/firewalld](/n/firewalld)
|
||||
|
||||
@ -55,19 +53,20 @@ ufw allow 60000:61000/udp
|
||||
```
|
||||
|
||||
- 22 TCP/ssh — Allow acces to SSHd you don't want to lock yourself out.
|
||||
- previously I used `ufw limit` but it seems to be too oversensitive,
|
||||
just use SSHGuard.
|
||||
- previously I used `ufw limit` but it seems to be too oversensitive, just use
|
||||
SSHGuard.
|
||||
- Deny incoming connections unless the port has been whitelisted.
|
||||
- Allow all outgoing connections, keeping list of authorized ports would
|
||||
be too much for me.
|
||||
- Start ufw on boot and now (I am not sure if this step is required, but
|
||||
better safe than sorry).
|
||||
- Allow all outgoing connections, keeping list of authorized ports would be too
|
||||
much for me.
|
||||
- Start ufw on boot and now (I am not sure if this step is required, but better
|
||||
safe than sorry).
|
||||
- Put the firewall in force.
|
||||
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113. This makes ident checking IRC servers connect faster as they don't
|
||||
have to timeout. If you run shell server (for IRC purpouses) you should
|
||||
allow this instead. And if you don't use IRC or don't care about having
|
||||
to wait for the check to timeout, don't do this as you may leave
|
||||
yourself visible to random port scanners.
|
||||
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113.
|
||||
This makes ident checking IRC servers connect faster as they don't have to
|
||||
timeout. If you run shell server (for IRC purpouses) you should allow this
|
||||
instead. And if you don't use IRC or don't care about having to wait for the
|
||||
check to timeout, don't do this as you may leave yourself visible to random
|
||||
port scanners.
|
||||
- 123 UDP/NTP - syncing time between local hosts
|
||||
- 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx
|
||||
- fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled,
|
||||
@ -75,18 +74,19 @@ ufw allow 60000:61000/udp
|
||||
- 5353 UDP/mdns/Avahi — used for `.local` addresses.
|
||||
- 5900 — VNC port at least for `krfb kdrc` (KDE Remote Desktop server & client).
|
||||
I tend to only allow it from specific Yggdrasil address(es).
|
||||
- 6771/udp — [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic
|
||||
peering port only on link-local.
|
||||
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this
|
||||
setup and there should be something bettter instead of this. As
|
||||
something evil could run and listen on these ports.
|
||||
- 6771/udp —
|
||||
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic peering
|
||||
port only on link-local.
|
||||
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this setup and
|
||||
there should be something bettter instead of this. As something evil could run
|
||||
and listen on these ports.
|
||||
|
||||
_If some host doesn't run some of the mentioned service, it's not open in
|
||||
the firewall._
|
||||
_If some host doesn't run some of the mentioned service, it's not open in the
|
||||
firewall._
|
||||
|
||||
KDE Connect which seems painful enough to list separately and doesn't seem
|
||||
to work IPv6-only or I am too impatient.
|
||||
KDE Connect which seems painful enough to list separately and doesn't seem to
|
||||
work IPv6-only or I am too impatient.
|
||||
|
||||
```bash
|
||||
#ufw allow from 192.168.8.0/24 to any port 1714:1764 proto tcp
|
||||
@ -104,11 +104,13 @@ ufw route allow in on enp3s0 out on wlp2s0
|
||||
ufw route allow in on wlp2s0 out on enp3s0
|
||||
```
|
||||
|
||||
I am not sure if both rules are required, enp3s0 is the ethernet interface
|
||||
and wlp2s0 the wireless one. I think it would make sense for only the first
|
||||
to be required.
|
||||
I am not sure if both rules are required, enp3s0 is the ethernet interface and
|
||||
wlp2s0 the wireless one. I think it would make sense for only the first to be
|
||||
required.
|
||||
|
||||
---
|
||||
|
||||
Last updated: 2020-10-26 | [GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md) |
|
||||
Last updated: 2020-10-26 |
|
||||
[GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md)
|
||||
|
|
||||
[Blesmrt Gitea changelog](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/_posts/2015-06-12-ufw.md)
|
||||
|
@ -9,88 +9,82 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_If you wanted to know about my current life situation, read something else
|
||||
as I have no life and this posts talks only about the haunting past._
|
||||
_If you wanted to know about my current life situation, read something else as I
|
||||
have no life and this posts talks only about the haunting past._
|
||||
|
||||
Everyone probably knows that I haven't had very positive experience with
|
||||
any school, but now I try to bring some events to light from maybe
|
||||
seven years ago.
|
||||
Everyone probably knows that I haven't had very positive experience with any
|
||||
school, but now I try to bring some events to light from maybe seven years ago.
|
||||
|
||||
There are three event that haunt me the most:
|
||||
|
||||
- _I am just being at break like I am always, alone and without friends
|
||||
and I hear one of the bullies talking about me, "that jack pisses me off
|
||||
so much, always walking around in kuoma boots and his face is like ass
|
||||
of prey bird." After that I remember being in physics or chemitry lesson
|
||||
and crying and trying to get attention of teacher by writing everything
|
||||
very slowly, but failing and the only thing that happened was my
|
||||
handwriting looking better._
|
||||
- _I don't remember the situation, I think it was a break, but someone from
|
||||
the same class said "I know why … is so weird, his grandfathers have had
|
||||
sex with monkeys._
|
||||
- _I don't remember where it began, but one group of bullies took the habit
|
||||
of calling me as "ubitch". I don't know where they took that word as
|
||||
even I didn't know about being trans (Asperger's diagnose would also
|
||||
come later), but they had issue when I smiled, so I learned to not smile
|
||||
and that is still causing me issues to this day includin difficulties in
|
||||
voice training and potential [AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder).
|
||||
The same group also did worse things that I don't want to talk about._
|
||||
- _I am just being at break like I am always, alone and without friends and I
|
||||
hear one of the bullies talking about me, "that jack pisses me off so much,
|
||||
always walking around in kuoma boots and his face is like ass of prey bird."
|
||||
After that I remember being in physics or chemitry lesson and crying and
|
||||
trying to get attention of teacher by writing everything very slowly, but
|
||||
failing and the only thing that happened was my handwriting looking better._
|
||||
- _I don't remember the situation, I think it was a break, but someone from the
|
||||
same class said "I know why … is so weird, his grandfathers have had sex with
|
||||
monkeys._
|
||||
- _I don't remember where it began, but one group of bullies took the habit of
|
||||
calling me as "ubitch". I don't know where they took that word as even I
|
||||
didn't know about being trans (Asperger's diagnose would also come later), but
|
||||
they had issue when I smiled, so I learned to not smile and that is still
|
||||
causing me issues to this day includin difficulties in voice training and
|
||||
potential
|
||||
[AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder). The
|
||||
same group also did worse things that I don't want to talk about._
|
||||
|
||||
What was done? Different appointments with different people, including
|
||||
school social worker who quite directly said "there is no bullying in our
|
||||
school, you are scizhophrenic" (don't mind that school social workers
|
||||
aren't able to write dignosis) and psychologist who surprised me and my
|
||||
mother by knowing everything about my childhood and "just had to start from
|
||||
something (Asperger's syndrome).
|
||||
What was done? Different appointments with different people, including school
|
||||
social worker who quite directly said "there is no bullying in our school, you
|
||||
are scizhophrenic" (don't mind that school social workers aren't able to write
|
||||
dignosis) and psychologist who surprised me and my mother by knowing everything
|
||||
about my childhood and "just had to start from something (Asperger's syndrome).
|
||||
|
||||
I ended up ending that school half year before it would have been over and
|
||||
at some point starting my long visits to psychiatrical hospital (which is
|
||||
horrible if you happen to be neuroatypial and part of
|
||||
Gender/Romantic/Sexual Minority or multiple of those, but that is for
|
||||
another post).
|
||||
I ended up ending that school half year before it would have been over and at
|
||||
some point starting my long visits to psychiatrical hospital (which is horrible
|
||||
if you happen to be neuroatypial and part of Gender/Romantic/Sexual Minority or
|
||||
multiple of those, but that is for another post).
|
||||
|
||||
There were also other issues that I remember, but I don't feel the same
|
||||
level of pain.
|
||||
There were also other issues that I remember, but I don't feel the same level of
|
||||
pain.
|
||||
|
||||
- _One person never talked to me and had some issue with me and always got
|
||||
what they wanted ("I don't want to work with that"). Not that I wanted
|
||||
to work with them, but it would have been nice if anyone thought about
|
||||
asking my opinion._
|
||||
- _On home economics lesson, I don't remember what was talked about, but
|
||||
I said for some reason that I like tuna over rye crisps and got response
|
||||
that it's "so poor" and it's unclear to this day what does price of food
|
||||
have to do with how does it taste._
|
||||
- _One person never talked to me and had some issue with me and always got what
|
||||
they wanted ("I don't want to work with that"). Not that I wanted to work with
|
||||
them, but it would have been nice if anyone thought about asking my opinion._
|
||||
- _On home economics lesson, I don't remember what was talked about, but I said
|
||||
for some reason that I like tuna over rye crisps and got response that it's
|
||||
"so poor" and it's unclear to this day what does price of food have to do with
|
||||
how does it taste._
|
||||
- _There was … Suomalainen fanclub at Facebook and it was also reported to
|
||||
police, but no action was took as there was nothing offensive there. In
|
||||
the end offensive content got there, but it was removed in agreement
|
||||
when anti-bullying FB page with name "bully name bunny club" was
|
||||
removed._
|
||||
- _I was also friends at some point with the person depending on how
|
||||
much friendship it is to perform Windows repair install and as
|
||||
reward get told that we couldn't be friends at school as their
|
||||
reputation would suffer. More bullying came..._
|
||||
- There was also a lot more that happened there, but I would probably write
|
||||
this forever if I wrote about everything and the things that are always
|
||||
on surface are already written.
|
||||
police, but no action was took as there was nothing offensive there. In the
|
||||
end offensive content got there, but it was removed in agreement when
|
||||
anti-bullying FB page with name "bully name bunny club" was removed._
|
||||
- _I was also friends at some point with the person depending on how much
|
||||
friendship it is to perform Windows repair install and as reward get told
|
||||
that we couldn't be friends at school as their reputation would suffer. More
|
||||
bullying came..._
|
||||
- There was also a lot more that happened there, but I would probably write this
|
||||
forever if I wrote about everything and the things that are always on surface
|
||||
are already written.
|
||||
|
||||
and as this is titled feelings, I should probably write about those too,
|
||||
not that there was anything new.
|
||||
and as this is titled feelings, I should probably write about those too, not
|
||||
that there was anything new.
|
||||
|
||||
- I seem to be always anxious, especially if anyone wants me to go outdoors
|
||||
alone and I am afraid of seeing someone from any school even if they
|
||||
didn't recognize me or did nothing, I have already seen people from there
|
||||
twice with both times mentally locking me down.
|
||||
- I am just horrible person, everyone hates me and no one is honest in any
|
||||
good thing they say to/about me.
|
||||
- I am just bothering everyone by being present in same space whether
|
||||
physical or online.
|
||||
- Most of time I feel I have no friends anywhere even if there are
|
||||
otherwise some IRC or IRL, it's just difficult for me to make/maintain
|
||||
friendships, but me being horrible person is nothing new anyway.
|
||||
- I wish that I had a partner, but it's impossible as I am just horrible
|
||||
person and autist (in bad way) and asexual (while most of rest of the
|
||||
world wants only sex) and trans (which is probably the worse as that
|
||||
translates to "has or has had a penis" and makes everyone misinterpred me
|
||||
as being male or being unable to think me as a girl). I don't sleep
|
||||
propery at nights thinking these things and I just cannot get out and
|
||||
as said Kymenlaakso is unable to help.
|
||||
alone and I am afraid of seeing someone from any school even if they didn't
|
||||
recognize me or did nothing, I have already seen people from there twice with
|
||||
both times mentally locking me down.
|
||||
- I am just horrible person, everyone hates me and no one is honest in any good
|
||||
thing they say to/about me.
|
||||
- I am just bothering everyone by being present in same space whether physical
|
||||
or online.
|
||||
- Most of time I feel I have no friends anywhere even if there are otherwise
|
||||
some IRC or IRL, it's just difficult for me to make/maintain friendships, but
|
||||
me being horrible person is nothing new anyway.
|
||||
- I wish that I had a partner, but it's impossible as I am just horrible person
|
||||
and autist (in bad way) and asexual (while most of rest of the world wants
|
||||
only sex) and trans (which is probably the worse as that translates to "has or
|
||||
has had a penis" and makes everyone misinterpred me as being male or being
|
||||
unable to think me as a girl). I don't sleep propery at nights thinking these
|
||||
things and I just cannot get out and as said Kymenlaakso is unable to help.
|
||||
|
@ -12,10 +12,11 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_There appears to be a lot of confusion on IPv6 and in this post I try to
|
||||
clear it a little._
|
||||
_There appears to be a lot of confusion on IPv6 and in this post I try to clear
|
||||
it a little._
|
||||
|
||||
I am writing this post, because [TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
|
||||
I am writing this post, because
|
||||
[TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
|
||||
The comments of that post are also totally lost.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
@ -41,17 +42,16 @@ The comments of that post are also totally lost.
|
||||
## IPv4
|
||||
|
||||
It's probably best to start with what is wrong with IPv4 and note that all
|
||||
modern operating systems (including Windows Vista and newer) are designed
|
||||
to work with IPv6 and disabling it may break some features.
|
||||
modern operating systems (including Windows Vista and newer) are designed to
|
||||
work with IPv6 and disabling it may break some features.
|
||||
|
||||
There are no IPv4 addresses for everyone and that is why we have NATs in
|
||||
routers so we only have one IPv4 address facing the internet. That isn't
|
||||
enough either so ISPs started having their own NATs too known as CGN
|
||||
(Carrier Grade NAT) putting _a lot_ of customers behind single IPv4
|
||||
address.
|
||||
There are no IPv4 addresses for everyone and that is why we have NATs in routers
|
||||
so we only have one IPv4 address facing the internet. That isn't enough either
|
||||
so ISPs started having their own NATs too known as CGN (Carrier Grade NAT)
|
||||
putting _a lot_ of customers behind single IPv4 address.
|
||||
|
||||
This means that if someone on the same ISP abused your favourite service
|
||||
X\*, all users behind that IPv4 address get banned.
|
||||
This means that if someone on the same ISP abused your favourite service X\*,
|
||||
all users behind that IPv4 address get banned.
|
||||
|
||||
<em>\*X = Wikipedia, your favourite forum or IRC network or whatever</em>.
|
||||
|
||||
@ -60,59 +60,57 @@ connecting from single address and it can also increase latencies).
|
||||
|
||||
## IPv6
|
||||
|
||||
IPv6, again, is next version of the Internet Protocol and has enough
|
||||
addresses for all your devices and you don't need NAT anymore so you don't
|
||||
have to do port forwards (which didn't help you behind CGN anyway) anymore.
|
||||
IPv6, again, is next version of the Internet Protocol and has enough addresses
|
||||
for all your devices and you don't need NAT anymore so you don't have to do port
|
||||
forwards (which didn't help you behind CGN anyway) anymore.
|
||||
|
||||
People have weird worries with it and many misunderstandings on privacy
|
||||
concerns.
|
||||
|
||||
### EUI-64-addresses
|
||||
|
||||
EUI-64-addresses are based on your MAC-address and a lot of people seem to
|
||||
be worried about how they can be used for spying on you as you go through
|
||||
different networks (phone, laptop).
|
||||
EUI-64-addresses are based on your MAC-address and a lot of people seem to be
|
||||
worried about how they can be used for spying on you as you go through different
|
||||
networks (phone, laptop).
|
||||
|
||||
This is an unrequired concern though as IPv6 privacy extensions should
|
||||
exist with all IPv6 capable systems (again including Windows which seems
|
||||
to be what people worry about the most). The privacy extensions generate
|
||||
a random IPv6 address which has no MAC-address and is changed over time.
|
||||
This is an unrequired concern though as IPv6 privacy extensions should exist
|
||||
with all IPv6 capable systems (again including Windows which seems to be what
|
||||
people worry about the most). The privacy extensions generate a random IPv6
|
||||
address which has no MAC-address and is changed over time.
|
||||
|
||||
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change
|
||||
it every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`)
|
||||
and I believe it also gets changed by reconnecting to network or rebooting
|
||||
the system.
|
||||
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change it
|
||||
every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`) and I
|
||||
believe it also gets changed by reconnecting to network or rebooting the system.
|
||||
|
||||
On your IPv6-enabled system you should see three addresses:
|
||||
|
||||
- EUI-64-address where you see your MAC-address clearly, it just exists and
|
||||
isn't used in outgoing connections so no one knows it unless you decide
|
||||
to tell them.
|
||||
isn't used in outgoing connections so no one knows it unless you decide to
|
||||
tell them.
|
||||
- Privacy (extensions) address which is random and used for all outgoing
|
||||
connections and it changes every few hours. You might see multiple of
|
||||
these as the old privacy addresses are still kept for some time, but no
|
||||
outgoing connections is made with them.
|
||||
connections and it changes every few hours. You might see multiple of these as
|
||||
the old privacy addresses are still kept for some time, but no outgoing
|
||||
connections is made with them.
|
||||
- Link-local address you see even without global IPv6 connectivity as every
|
||||
IPv6-supporting system generates them automatically. They start with
|
||||
`fe80` and only work in your LAN. It also has your MAC-address visible.
|
||||
IPv6-supporting system generates them automatically. They start with `fe80`
|
||||
and only work in your LAN. It also has your MAC-address visible.
|
||||
|
||||
If you are still worried about the MAC-address being visible, you can
|
||||
easily confirm that no one sees it by going to
|
||||
[ipv6-test.com](https://ipv6-test.com), looking at "IPv6 connectivity" and
|
||||
check the test that says "SLAAC". If it says "No" your EUI-64-address
|
||||
is not used, if it says "Yes" they are used and it should never say "Yes".
|
||||
You will probably understand that it's not supposed to say "Yes" as getting
|
||||
"Yes" in that test decreases your score.
|
||||
If you are still worried about the MAC-address being visible, you can easily
|
||||
confirm that no one sees it by going to [ipv6-test.com](https://ipv6-test.com),
|
||||
looking at "IPv6 connectivity" and check the test that says "SLAAC". If it says
|
||||
"No" your EUI-64-address is not used, if it says "Yes" they are used and it
|
||||
should never say "Yes". You will probably understand that it's not supposed to
|
||||
say "Yes" as getting "Yes" in that test decreases your score.
|
||||
|
||||
#### Windows IPv6 address randomization
|
||||
|
||||
Windows which you shouldn't worry about makes you worry even less by being
|
||||
annoying and randomizing all addresses (even if there is no need because
|
||||
you have IPv6 privacy extensions) and this probably causes you a headache
|
||||
if you are running Windows Server or dual-booting with some other OS.
|
||||
annoying and randomizing all addresses (even if there is no need because you
|
||||
have IPv6 privacy extensions) and this probably causes you a headache if you are
|
||||
running Windows Server or dual-booting with some other OS.
|
||||
|
||||
When you dual-boot, you might wonder why even the EUI-64-address is
|
||||
different on Windows and Linux/OS X/whatever.
|
||||
When you dual-boot, you might wonder why even the EUI-64-address is different on
|
||||
Windows and Linux/OS X/whatever.
|
||||
|
||||
This is easy to fix though, open cmd.exe or PowerShell as admin and run:
|
||||
|
||||
@ -123,14 +121,13 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
|
||||
|
||||
##### Disabling privacy extensions
|
||||
|
||||
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE
|
||||
MOVED ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE
|
||||
DOES SEE YOUR MAC-ADDRESS.**
|
||||
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE MOVED
|
||||
ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE DOES SEE YOUR
|
||||
MAC-ADDRESS.**
|
||||
|
||||
As I am talking so much about privacy extensions, I must probably tell
|
||||
that you can disable them if you want. I have no idea if that is possible
|
||||
with OS X so I don't say anything about it, I only know that it uses them
|
||||
by default.
|
||||
As I am talking so much about privacy extensions, I must probably tell that you
|
||||
can disable them if you want. I have no idea if that is possible with OS X so I
|
||||
don't say anything about it, I only know that it uses them by default.
|
||||
|
||||
Windows: start by disabling the randomization and then
|
||||
|
||||
@ -139,18 +136,16 @@ netsh interface ipv6 set privacy state=disabled store=active
|
||||
netsh interface ipv6 set privacy state=disabled store=persistent
|
||||
```
|
||||
|
||||
Linux: check NetworkManager connection editor (or config files of whatever
|
||||
you use) or use the kernel option directly in `/etc/sysctl.conf` or
|
||||
preferably `/etc/sysctl.d/<whatever>.conf`:
|
||||
`net.ipv6.conf.default.use_tempaddr=0`.
|
||||
Linux: check NetworkManager connection editor (or config files of whatever you
|
||||
use) or use the kernel option directly in `/etc/sysctl.conf` or preferably
|
||||
`/etc/sysctl.d/<whatever>.conf`: `net.ipv6.conf.default.use_tempaddr=0`.
|
||||
|
||||
The numbers you can use here are:
|
||||
|
||||
- 0 — IPv6 Privacy Extensions are disabled.
|
||||
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is
|
||||
preferred.**
|
||||
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually
|
||||
the default and what you should use.
|
||||
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is preferred.**
|
||||
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually the
|
||||
default and what you should use.
|
||||
|
||||
### Getting IPv6
|
||||
|
||||
@ -158,22 +153,22 @@ For native connectivity I only know about Finland (links in the list in
|
||||
Finnish)…
|
||||
|
||||
- [IPv6 in Finnish consumer connections](https://ape3000.com/ipv6/)
|
||||
- At the time of writing Elisa and DNA which are two of three biggest
|
||||
carriers (Sonera is missing) have IPv6 in all mobile connections, DNA
|
||||
has IPv6 also in broadband connections and Elisa is working on it
|
||||
and Sonera has 6rd.
|
||||
- At the time of writing Elisa and DNA which are two of three biggest carriers
|
||||
(Sonera is missing) have IPv6 in all mobile connections, DNA has IPv6 also
|
||||
in broadband connections and Elisa is working on it and Sonera has 6rd.
|
||||
- [Elisa's page on enabling IPv6](https://asiakastuki.elisa.fi/ohje/541)
|
||||
- [DNA's page on IPv6](https://www.dna.fi/ipv6)
|
||||
- [DNA's instructions for enabling IPv6 on different devices](https://www.dna.fi/ipv6-laitteet)
|
||||
- [Sonera's page on IPv6 that is worse than earlier ones](https://www.sonera.fi/etsi+apua+ja+tukea/ohjeet/Soneran-palvelut-IPv6-valmiita?id=c4779f91-dd1c-4e43-b026-b2e6338d0db1)
|
||||
|
||||
…but I can suggest searching the web for `yourISP IPv6` and contacting
|
||||
their customer support asking when they are going to enable IPv6.
|
||||
…but I can suggest searching the web for `yourISP IPv6` and contacting their
|
||||
customer support asking when they are going to enable IPv6.
|
||||
|
||||
For tunneling there are multiple services for tunneling and the best are
|
||||
[SixXS] and [Tunnelbroker], but I am going to talk more about Teredo which
|
||||
the protocol of last resort for accessing IPv6 sites and Windows comeswith it by default. The easiest way to enable it is probably saving the
|
||||
following as `something.reg` and running it:
|
||||
For tunneling there are multiple services for tunneling and the best are [SixXS]
|
||||
and [Tunnelbroker], but I am going to talk more about Teredo which the protocol
|
||||
of last resort for accessing IPv6 sites and Windows comeswith it by default. The
|
||||
easiest way to enable it is probably saving the following as `something.reg` and
|
||||
running it:
|
||||
|
||||
[sixxs]: https://www.sixxs.net/
|
||||
[tunnelbroker]: https://tunnelbroker.net/
|
||||
@ -195,25 +190,25 @@ Short explanation:
|
||||
- Enable looking up IPv6 records even with Teredo
|
||||
- Enable Teredo…
|
||||
- …even if we are in domain
|
||||
- use teredo.trex.fi as Teredo server, you might want to use some server
|
||||
that is [closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
|
||||
- use teredo.trex.fi as Teredo server, you might want to use some server that is
|
||||
[closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
|
||||
|
||||
Linux: install package `miredo` and edit the server in `/etc/miredo.conf`
|
||||
if needed.
|
||||
Linux: install package `miredo` and edit the server in `/etc/miredo.conf` if
|
||||
needed.
|
||||
|
||||
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect
|
||||
your Teredo connectivity. Some browsers don't even attempt to use it, at
|
||||
least I think Google Chrome did so.
|
||||
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect your
|
||||
Teredo connectivity. Some browsers don't even attempt to use it, at least I
|
||||
think Google Chrome did so.
|
||||
|
||||
## Further reading
|
||||
|
||||
- [Wikipedia's page on IPv6](https://en.wikipedia.org/wiki/IPv6)
|
||||
- [Wikipedia's page on Teredo](https://en.wikipedia.org/wiki/Teredo_tunneling)
|
||||
- [Microsoft Technet: A 5 Second Boot Optimization If You’ve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF](https://blogs.technet.com/b/askpfeplat/archive/2014/09/15/a-5-second-boot-optimization-if-you-ve-disabled-ipv6-on-windows-client-and-server-by-setting-disabledcomponents-to-0xffffffff.aspx)
|
||||
- TL;DR: depending on how you disabled IPv6 your boot might be 5
|
||||
seconds less and Microsoft discourages disabling it and they don't
|
||||
test working without IPv6. Disabling IPv6 breaks e.g. HomeGroup.
|
||||
- TL;DR: depending on how you disabled IPv6 your boot might be 5 seconds less
|
||||
and Microsoft discourages disabling it and they don't test working without
|
||||
IPv6. Disabling IPv6 breaks e.g. HomeGroup.
|
||||
|
||||
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking that I
|
||||
don't write total nonsense here and all the fixes made and also @e-ali for
|
||||
checking for spelling mistakes._
|
||||
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking
|
||||
that I don't write total nonsense here and all the fixes made and also @e-ali
|
||||
for checking for spelling mistakes._
|
||||
|
@ -8,9 +8,9 @@ redirect_from: /finnish/2015/06/29/minusta.html
|
||||
published: false
|
||||
---
|
||||
|
||||
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä
|
||||
ja olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista
|
||||
tulen nyt taas kertoman._
|
||||
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä ja
|
||||
olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista tulen nyt
|
||||
taas kertoman._
|
||||
|
||||
Yritetäämpä kirjoittaa suomeksikin välillä, mutta tuskin tämäkään vaikuttaa
|
||||
mihinkään, tunnen vain kirjoittavani huonommin ja huonovointisuuteni vuoksi
|
||||
@ -20,83 +20,81 @@ Asun Kotkassa ja olen aina asunut täällä. Olin koulukiusattu tarhasta asti
|
||||
johtuen erilaisuudestani ja "terveydenhuollon ammattilaiset" tutkivat
|
||||
poikkeavuuttani.
|
||||
|
||||
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja
|
||||
useiden muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko
|
||||
sanaa silloin) kuulin vihdoinkin Aspergerin oireyhtymästä ja olevani
|
||||
ilmiselvä tapaus ja että tämä olisi pitänyt selvittää ajat sitten ja nämä
|
||||
kaikki piirteet olivat tiedossa jo pikkulapsena, mutta asiantuntijat
|
||||
eivät osanneet yhdistää niitä toisiinsa.
|
||||
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt
|
||||
_koulukuraattorin_ diagnoosi "skitsofrenia", vaikkei koulukuraattori
|
||||
pysty diagnooseja kirjoittamaan, mutta oppilasta on paljon helpompi sanoa
|
||||
mielisairaaksi, kuin hyväksyä koulussa olevaa kiusaamista.
|
||||
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja useiden
|
||||
muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko sanaa silloin) kuulin
|
||||
vihdoinkin Aspergerin oireyhtymästä ja olevani ilmiselvä tapaus ja että tämä
|
||||
olisi pitänyt selvittää ajat sitten ja nämä kaikki piirteet olivat tiedossa jo
|
||||
pikkulapsena, mutta asiantuntijat eivät osanneet yhdistää niitä toisiinsa.
|
||||
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt _koulukuraattorin_
|
||||
diagnoosi "skitsofrenia", vaikkei koulukuraattori pysty diagnooseja
|
||||
kirjoittamaan, mutta oppilasta on paljon helpompi sanoa mielisairaaksi, kuin
|
||||
hyväksyä koulussa olevaa kiusaamista.
|
||||
|
||||
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena
|
||||
lukuisien itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin
|
||||
sukupuoli-identiteetin tutkimuspoliklinikalle.
|
||||
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena lukuisien
|
||||
itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin sukupuoli-identiteetin
|
||||
tutkimuspoliklinikalle.
|
||||
|
||||
Ensin tapaan sairaanhoitajaa kahden viikon välein muutaman kerran, odotan
|
||||
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten
|
||||
seuraavaa. Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman
|
||||
lääkärin valvontaa _vuoden_ ennen virallista diagnoosia ja reseptiä.
|
||||
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten seuraavaa.
|
||||
Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman lääkärin valvontaa
|
||||
_vuoden_ ennen virallista diagnoosia ja reseptiä.
|
||||
|
||||
Pelkään kehittäneeni [estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
|
||||
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen
|
||||
itsetuhoinen. Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa
|
||||
ellen sitten joudu menemään jollekin sovitulle ajalle tai
|
||||
vertaistukiryhmään, koska pelkään näkeväni entisiä koulukiusaajia, jotka
|
||||
laukaisevat minulle kovan ahdistuksen.
|
||||
Pelkään kehittäneeni
|
||||
[estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
|
||||
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen itsetuhoinen.
|
||||
Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa ellen sitten joudu
|
||||
menemään jollekin sovitulle ajalle tai vertaistukiryhmään, koska pelkään
|
||||
näkeväni entisiä koulukiusaajia, jotka laukaisevat minulle kovan ahdistuksen.
|
||||
|
||||
Terveydenhuollosta puhuin jo aiemmin, nyt tarkennan sitä lisää. Olen ollut
|
||||
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään,
|
||||
olen aina vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla
|
||||
kesäloman ja vähän enemmän, koska psykologi oli lomalla eikä voinut
|
||||
antaa palautettaan tutkimuksestaan ja (perustelemattoman) käytännön vuoksi
|
||||
kukaan muu ei sitä voinut tehdä.
|
||||
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään, olen aina
|
||||
vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla kesäloman ja
|
||||
vähän enemmän, koska psykologi oli lomalla eikä voinut antaa palautettaan
|
||||
tutkimuksestaan ja (perustelemattoman) käytännön vuoksi kukaan muu ei sitä
|
||||
voinut tehdä.
|
||||
|
||||
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle
|
||||
melko suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
|
||||
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle melko
|
||||
suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
|
||||
|
||||
Tämä ei tosin ole mitään harvinaislaatuista Kotkassa, olen myös ollut
|
||||
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin
|
||||
selväksi, että valmentaja on _oikea nainen_, minä en, jatkuvasti.
|
||||
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin selväksi,
|
||||
että valmentaja on _oikea nainen_, minä en, jatkuvasti.
|
||||
|
||||
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle
|
||||
jokin lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani.
|
||||
Olin pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen
|
||||
kuukauteen ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi
|
||||
selittämään puhelimeen miten "tänne tuli tälläinen 1X-vuotias poika"...
|
||||
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle jokin
|
||||
lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani. Olin
|
||||
pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen kuukauteen
|
||||
ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi selittämään puhelimeen
|
||||
miten "tänne tuli tälläinen 1X-vuotias poika"...
|
||||
|
||||
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan
|
||||
pidä paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella
|
||||
poliklinikalla. Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä
|
||||
höpöttää jotakin omiaan, eikä kiinnitä mitään huomiota minuun tai
|
||||
ongelmiini eikä ole yhtään kiinnostunutkaan niistä. Asiantuntemus puuttuu
|
||||
täysin. Edellisellä kerralla yritin kysyä onko mahdollista, että minulla
|
||||
olisi aiemmin mainittu AvPD, mutta siihenkään ei voinut saada minkäänlaista
|
||||
vastausta, työntekijä vain luki lausuntoja "kuvittelee olevansa tyttö,
|
||||
psykoottinen"-lääkäriltä ja lähti kesälomalle.
|
||||
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan pidä
|
||||
paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella poliklinikalla.
|
||||
Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä höpöttää jotakin omiaan,
|
||||
eikä kiinnitä mitään huomiota minuun tai ongelmiini eikä ole yhtään
|
||||
kiinnostunutkaan niistä. Asiantuntemus puuttuu täysin. Edellisellä kerralla
|
||||
yritin kysyä onko mahdollista, että minulla olisi aiemmin mainittu AvPD, mutta
|
||||
siihenkään ei voinut saada minkäänlaista vastausta, työntekijä vain luki
|
||||
lausuntoja "kuvittelee olevansa tyttö, psykoottinen"-lääkäriltä ja lähti
|
||||
kesälomalle.
|
||||
|
||||
Entä nyt?
|
||||
|
||||
Olen valmistunut eli minua ei sitoisi mikään Kotkaan ellen olisi
|
||||
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta
|
||||
minulla on miehen henkilötunnus, joten minut merkittäisiin jokaiseen
|
||||
tietokantaan miehenä ja koulun nimilistat laittaisivat minut miesten
|
||||
keskelle.
|
||||
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta minulla on
|
||||
miehen henkilötunnus, joten minut merkittäisiin jokaiseen tietokantaan miehenä
|
||||
ja koulun nimilistat laittaisivat minut miesten keskelle.
|
||||
|
||||
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus
|
||||
vanhalla henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
|
||||
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus vanhalla
|
||||
henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
|
||||
henkilötunnuksesta, hän alkaisi ihmettelemään henkilötunnuksen vaihtumista.
|
||||
|
||||
No miksen minä korjaa henkilötunnusta?
|
||||
|
||||
- Lyhyt vastaus: minulla ei ole ihmisoikeuksia siihen.
|
||||
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa,
|
||||
jonne tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden
|
||||
vastakkaisen sukupuolin roolissa</s>vuoden diagnoosista jälkeen.
|
||||
Tämän lähetteen käsittelyyn ja ajan saamiseen *second opinion*iin taas
|
||||
kestää vähintään puolivuotta.
|
||||
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa, jonne
|
||||
tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden vastakkaisen
|
||||
sukupuolin roolissa</s>vuoden diagnoosista jälkeen. Tämän lähetteen
|
||||
käsittelyyn ja ajan saamiseen *second opinion*iin taas kestää vähintään
|
||||
puolivuotta.
|
||||
|
||||
Pientä aikajanaa:
|
||||
|
||||
@ -105,19 +103,17 @@ Pientä aikajanaa:
|
||||
Facebookissa.
|
||||
- 2013-12-30 aloitin hormonikorvaushoidon itse
|
||||
- 2014-03-20 vaihdoin nimeni virallisesti
|
||||
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain
|
||||
todistusta sukupuolen tutkimuksessa olemisesta, yleensä tähän
|
||||
vaaditaan diagnoosi. Lainasin myös Amnestyn raporttia transihmisten
|
||||
ihmisoikeuksista.
|
||||
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain todistusta
|
||||
sukupuolen tutkimuksessa olemisesta, yleensä tähän vaaditaan diagnoosi.
|
||||
Lainasin myös Amnestyn raporttia transihmisten ihmisoikeuksista.
|
||||
- 2014-12-XX sain diagnoosin ja aloitin hormonit virallisesti
|
||||
|
||||
TL;DR: en pysty liikkuman ulkona Kotkassa, minulle ei tarjota ammattimaista
|
||||
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni
|
||||
virallista vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden
|
||||
2016 aikana.
|
||||
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni virallista
|
||||
vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden 2016 aikana.
|
||||
|
||||
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI
|
||||
KOVIN TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ
|
||||
LAILLISESTA KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
|
||||
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI KOVIN
|
||||
TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ LAILLISESTA
|
||||
KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
|
||||
|
||||
_[Katso myös muut kirjoitukseni elämästäni englanniksi]({{ site.url }}/about#life)_
|
||||
|
@ -8,13 +8,13 @@ redirect_from: /finnish/2015/07/28/stagefright.html
|
||||
published: false
|
||||
---
|
||||
|
||||
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa
|
||||
etänä. Lue lisää [Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
|
||||
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa etänä.
|
||||
Lue lisää
|
||||
[Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
|
||||
|
||||
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa,
|
||||
kuinka rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi
|
||||
asia tarkemmin ja se olisi mahdollisesti ollut järkevämpää kirjoittaa
|
||||
tänne suoraan.
|
||||
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa, kuinka
|
||||
rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi asia tarkemmin
|
||||
ja se olisi mahdollisesti ollut järkevämpää kirjoittaa tänne suoraan.
|
||||
|
||||
Tähän on kaksi minun tuntemaani tapaa
|
||||
|
||||
@ -22,16 +22,15 @@ Tähän on kaksi minun tuntemaani tapaa
|
||||
|
||||
1. Avaa `Viestitys`
|
||||
2. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Asetukset.
|
||||
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta
|
||||
"Automaattinouto".
|
||||
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta "Automaattinouto".
|
||||
|
||||
## MMS APN-osoitteen poistaminen
|
||||
|
||||
Freenodessa (nykyisin Libera.Chat:issa) kanavalla `#vapaakoodi` mentiin
|
||||
pidemmälle ja poistettiin koko multimediaviestien APN-osoite.
|
||||
|
||||
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet
|
||||
määritä APN-osoitetta uudelleen.**
|
||||
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet määritä
|
||||
APN-osoitetta uudelleen.**
|
||||
|
||||
1. Avaa Asetukset.
|
||||
2. Verkot välilehdellä valitse "Jakaminen & Verkkoyhteydet".
|
||||
@ -41,9 +40,9 @@ määritä APN-osoitetta uudelleen.**
|
||||
6. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Poista APN.
|
||||
|
||||
Samasta paikasta löytyy myös toinen kiinnostava asetus internet-yhteyden
|
||||
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6
|
||||
käyttöön. Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen
|
||||
mobiilidata tulee katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
|
||||
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6 käyttöön.
|
||||
Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen mobiilidata tulee
|
||||
katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
|
||||
|
||||
- [Elisan IPv6-ohjeet](https://elisa.fi/ipv6)
|
||||
- [DNA:n IPv6-laiteohjeet](https://dna.fi/ipv6-laitteet)
|
||||
@ -60,11 +59,13 @@ Nämä valikot on tarkistettu pikkuveljeni puhelimella.
|
||||
- MMS APN: "Sonera MMS"
|
||||
- APN-osoite `wap.sonera.fi`
|
||||
|
||||
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta
|
||||
käyttöön ja ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii
|
||||
kuitenkin normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi,
|
||||
IPv4/IPv6:ksi, koska jos se ei ole tuettu, puhelin yrittää APN-protokollaa
|
||||
IPv4._
|
||||
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta käyttöön ja
|
||||
ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii kuitenkin
|
||||
normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi, IPv4/IPv6:ksi, koska
|
||||
jos se ei ole tuettu, puhelin yrittää APN-protokollaa IPv4._
|
||||
|
||||
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
|
||||
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta toimintaan ja sama pätee kai Soneraan.
|
||||
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin
|
||||
APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
|
||||
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele
|
||||
Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta
|
||||
toimintaan ja sama pätee kai Soneraan.
|
||||
|
@ -14,71 +14,72 @@ redirect_from:
|
||||
- /english/2015/09/19/atheme-quickstart.html
|
||||
---
|
||||
|
||||
Atheme IRC Services is the most used IRC service package. However many
|
||||
people have difficulties with registering a channel and then managing
|
||||
it, which I attempt to help with here. I start by explaining NickServ
|
||||
registration (and as a bonus HostServ) and then move to channel
|
||||
management and you just cannot talk about that without mentioning
|
||||
GroupServ too...
|
||||
Atheme IRC Services is the most used IRC service package. However many people
|
||||
have difficulties with registering a channel and then managing it, which I
|
||||
attempt to help with here. I start by explaining NickServ registration (and as a
|
||||
bonus HostServ) and then move to channel management and you just cannot talk
|
||||
about that without mentioning GroupServ too...
|
||||
|
||||
## NickServ
|
||||
|
||||
You won't be able to do anything unless you register your nick. This is
|
||||
as easy as `/msg nickserv register PASSWORD someone@example.net`.
|
||||
You won't be able to do anything unless you register your nick. This is as easy
|
||||
as `/msg nickserv register PASSWORD someone@example.net`.
|
||||
|
||||
Depending on Atheme configuration on the IRC network you are using, you
|
||||
must verify your email by checking it and copy-pasting the command which
|
||||
starts with `/msg NickServ verify register` to NickServ.
|
||||
Depending on Atheme configuration on the IRC network you are using, you must
|
||||
verify your email by checking it and copy-pasting the command which starts with
|
||||
`/msg NickServ verify register` to NickServ.
|
||||
|
||||
In case you wish to have multiple nicks in the same account, that is also
|
||||
easy, just `/nick AltNick` and `/msg nickserv group`. You can see nicks
|
||||
you have by using `/msg nickserv info yournick` (other people (except IRC
|
||||
operators) cannot see that part).
|
||||
In case you wish to have multiple nicks in the same account, that is also easy,
|
||||
just `/nick AltNick` and `/msg nickserv group`. You can see nicks you have by
|
||||
using `/msg nickserv info yournick` (other people (except IRC operators) cannot
|
||||
see that part).
|
||||
|
||||
Now you should be successfully identified and should configure automatic
|
||||
identification, I cannot help with it so much, but I can point you to
|
||||
beginning:
|
||||
identification, I cannot help with it so much, but I can point you to beginning:
|
||||
|
||||
- [liberachat's SASL instructions](https://libera.chat/guides/sasl)
|
||||
- [My instructions for SASL with WeeChat]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
||||
- [Searx YOURCLIENTHERE SASL](https://search.disroot.org/?q=YOURCLIENTHERE+SASL)
|
||||
- IRCCloud: edit network and go to advanced settings and you will see box
|
||||
for NickServ password.
|
||||
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure
|
||||
that you specified a nick that is grouped to your account.
|
||||
- IRCCloud: edit network and go to advanced settings and you will see box for
|
||||
NickServ password.
|
||||
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure that
|
||||
you specified a nick that is grouped to your account.
|
||||
- Matrix: in the admin room (direct chat with the appservice-irc), say
|
||||
`!storepass password` to have the password send with PASS on connect.
|
||||
In case of liberachat use `!storepass nick:password` and/or see more
|
||||
information at [matrix-appservice-irc wiki].
|
||||
`!storepass password` to have the password send with PASS on connect. In case
|
||||
of liberachat use `!storepass nick:password` and/or see more information at
|
||||
[matrix-appservice-irc wiki].
|
||||
- [IRC networks with Matrix bridge]
|
||||
- [Matrix bridge end-user FAQ register/identify section]
|
||||
|
||||
[matrix-appservice-irc wiki]: https://github.com/matrix-org/matrix-appservice-irc/wiki/
|
||||
[irc networks with matrix bridge]: https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
|
||||
[matrix bridge end-user faq register/identify section]: https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
|
||||
[matrix-appservice-irc wiki]:
|
||||
https://github.com/matrix-org/matrix-appservice-irc/wiki/
|
||||
[irc networks with matrix bridge]:
|
||||
https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
|
||||
[matrix bridge end-user faq register/identify section]:
|
||||
https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
|
||||
|
||||
## HostServ
|
||||
|
||||
In case the network you are on has HostServ, you can get vhosts with it.
|
||||
Vhosts appear in place of your real host/cloaked host, but
|
||||
In case the network you are on has HostServ, you can get vhosts with it. Vhosts
|
||||
appear in place of your real host/cloaked host, but
|
||||
[won't hide your IP](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c).
|
||||
|
||||
There are two ways to get a vhost, take one that is offered to everyone or
|
||||
request something.
|
||||
|
||||
- Check `/msg hostserv offerlist` and if you see something you like, you
|
||||
can enable it with e.g. `/msg hostserv take $user.irc.example.net` and
|
||||
running `/msg hostserv on`.
|
||||
- Use `/msg nickserv request blah` and when you receive message telling you
|
||||
that your requested vhost has been approved use `/msg hostserv on`.
|
||||
- Check `/msg hostserv offerlist` and if you see something you like, you can
|
||||
enable it with e.g. `/msg hostserv take $user.irc.example.net` and running
|
||||
`/msg hostserv on`.
|
||||
- Use `/msg nickserv request blah` and when you receive message telling you that
|
||||
your requested vhost has been approved use `/msg hostserv on`.
|
||||
|
||||
## ChanServ
|
||||
|
||||
And finally to the topic which seems to be the most difficult, channel
|
||||
(access) management.
|
||||
And finally to the topic which seems to be the most difficult, channel (access)
|
||||
management.
|
||||
|
||||
First register the channel with `/msg ChanServ register #channel` while
|
||||
you are opped. Now you are free to setup the channel as you wish.
|
||||
First register the channel with `/msg ChanServ register #channel` while you are
|
||||
opped. Now you are free to setup the channel as you wish.
|
||||
|
||||
I use the following templates, so I can e.g.
|
||||
`/msg chanserv flags #channel someone op` instead of
|
||||
@ -86,60 +87,60 @@ I use the following templates, so I can e.g.
|
||||
network defaults that you can see with `/msg chanserv template`.
|
||||
|
||||
_This is a bash scripts which is ran like `./cstemplate #channel` and
|
||||
copy-pasted to ChanServ. It basically allows ops to do everything they
|
||||
could do anyway by being opped using services and "trusted users" have
|
||||
became regulars on channels I am on. If a flag doesn't exist on the network
|
||||
you are on, Atheme will just silently ignore it._
|
||||
copy-pasted to ChanServ. It basically allows ops to do everything they could do
|
||||
anyway by being opped using services and "trusted users" have became regulars on
|
||||
channels I am on. If a flag doesn't exist on the network you are on, Atheme will
|
||||
just silently ignore it._
|
||||
|
||||
**You should see my cstemplate script here, but the embedding isn't
|
||||
working, to see it [please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
|
||||
**You should see my cstemplate script here, but the embedding isn't working, to
|
||||
see it
|
||||
[please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
|
||||
|
||||
Another example using my templates would be `/msg ChanServ flags #channel !channel-ops op` which would give op permissions above to users in the
|
||||
!channel-ops group.
|
||||
Another example using my templates would be
|
||||
`/msg ChanServ flags #channel !channel-ops op` which would give op permissions
|
||||
above to users in the !channel-ops group.
|
||||
|
||||
## GroupServ
|
||||
|
||||
I mentioned groups a little earlier and now I am returning to them. They
|
||||
are a way to manage flags of group of users very easily by having
|
||||
all users in the group and just setting flags to the group instead of
|
||||
invidual users.
|
||||
I mentioned groups a little earlier and now I am returning to them. They are a
|
||||
way to manage flags of group of users very easily by having all users in the
|
||||
group and just setting flags to the group instead of invidual users.
|
||||
|
||||
_GroupServ is undervalued service and it might not be surprising if it's
|
||||
missing from your network :(_
|
||||
_GroupServ is undervalued service and it might not be surprising if it's missing
|
||||
from your network :(_
|
||||
|
||||
Start by creating your group `/msg groupserv register !blah` (you might
|
||||
want to register a more descriptive name).
|
||||
Start by creating your group `/msg groupserv register !blah` (you might want to
|
||||
register a more descriptive name).
|
||||
|
||||
Next, as in this example this group is going to be op #somewhere we close
|
||||
the group: `/msg groupserv set !group open off`.
|
||||
Next, as in this example this group is going to be op #somewhere we close the
|
||||
group: `/msg groupserv set !group open off`.
|
||||
|
||||
Now there are only two tasks left, making the group op and adding ops
|
||||
there:
|
||||
Now there are only two tasks left, making the group op and adding ops there:
|
||||
|
||||
- `/msg chanserv flags #channel !blah op`
|
||||
- where `op` can still be replaced with `aop` if you are following
|
||||
Atheme defaults or some other template you created or your own
|
||||
set of flags.
|
||||
- where `op` can still be replaced with `aop` if you are following Atheme
|
||||
defaults or some other template you created or your own set of flags.
|
||||
- `/msg groupserv flags !blah user +c`
|
||||
- Repeat as many times as you have ops, to remove ops you simply remove
|
||||
their `-c` flag or all flags (`-*`). You will also want to read
|
||||
- Repeat as many times as you have ops, to remove ops you simply remove their
|
||||
`-c` flag or all flags (`-*`). You will also want to read
|
||||
`/msg groupserv help flags` as there is more than I said here.
|
||||
|
||||
## Futher reading
|
||||
|
||||
- [Always add opers to access list (this is the $oper in my templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||
- [Always add opers to access list (this is the $oper in
|
||||
my
|
||||
templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||
- oops, did I just repeat previous post
|
||||
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||
- especially read this if you are at liberachat or wondering why you
|
||||
don't get automatically opped after registering the channel and
|
||||
cycling while being identified!
|
||||
- especially read this if you are at liberachat or wondering why you don't get
|
||||
automatically opped after registering the channel and cycling while being
|
||||
identified!
|
||||
- `/msg NickServ help`
|
||||
- `/msg NickServ help set`
|
||||
- especially worth taking a look at: `emailmemos` & `enforce`
|
||||
- `/msg ChanServ help`
|
||||
- `/msg ChanServ help set`
|
||||
- especially worth taking a look at: `guard`, `keeptopic`,
|
||||
`verbose`
|
||||
- especially worth taking a look at: `guard`, `keeptopic`, `verbose`
|
||||
- `/msg ChanServ help flags`
|
||||
- what flags are available, what they do and managing them.
|
||||
- `/msg ChanServ help template`
|
||||
|
@ -12,14 +12,16 @@ redirect_from:
|
||||
- /english/2015/10/09/arch-reflector.html
|
||||
---
|
||||
|
||||
_Reflector is a tool that checks the most recently upgraded Arch Linux
|
||||
mirrors and ranks them by speed and saves them to your mirrorlist._
|
||||
_Reflector is a tool that checks the most recently upgraded Arch Linux mirrors
|
||||
and ranks them by speed and saves them to your mirrorlist._
|
||||
|
||||
**This is largely based on [ArchWiki page on reflector] which is licensed
|
||||
in [GNU Free Documentation License 1.3 or later].**
|
||||
**This is largely based on [ArchWiki page on reflector] which is licensed in [GNU
|
||||
Free
|
||||
Documentation License 1.3 or later].**
|
||||
|
||||
[archwiki page on reflector]: https://wiki.archlinux.org/index.php/Reflector
|
||||
[gnu free documentation license 1.3 or later]: https://www.gnu.org/copyleft/fdl.html
|
||||
[gnu free documentation license 1.3 or later]:
|
||||
https://www.gnu.org/copyleft/fdl.html
|
||||
|
||||
TL;DR commands:
|
||||
|
||||
@ -34,18 +36,19 @@ sudo pacman -Syu
|
||||
|
||||
(end of TL;DR and what you actually do)
|
||||
|
||||
1. Install reflector itself, additional depedency of rsync to rank the
|
||||
mirrors by speed, and curl which you use in the second command
|
||||
1. Install reflector itself, additional depedency of rsync to rank the mirrors
|
||||
by speed, and curl which you use in the second command
|
||||
2. to download my reflector.service
|
||||
- differences to Arch Wiki version: requires network-online.target
|
||||
so you don't have to enable any wait-online services and uses only
|
||||
https mirrors.
|
||||
- differences to Arch Wiki version: requires network-online.target so you
|
||||
don't have to enable any wait-online services and uses only https mirrors.
|
||||
3. enable the service so it's ran on boot
|
||||
4. start it now so it checks the most recently updated mirrors and
|
||||
saves them to mirrorlist.
|
||||
4. start it now so it checks the most recently updated mirrors and saves them to
|
||||
mirrorlist.
|
||||
5. Check for updates & install them.
|
||||
|
||||
Do check the service itself at https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service !
|
||||
Do check the service itself at
|
||||
https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service
|
||||
!
|
||||
|
||||
Bonus: edit `/etc/pacman.conf` and add the line:
|
||||
|
||||
@ -53,6 +56,6 @@ Bonus: edit `/etc/pacman.conf` and add the line:
|
||||
NoExtract = etc/pacman.d/mirrorlist
|
||||
```
|
||||
|
||||
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:**
|
||||
it's intented to be `etc/pacman.d/mirrorlist` without the initial `/`,
|
||||
because it's _relative_, not _absolute_, path.
|
||||
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:** it's
|
||||
intented to be `etc/pacman.d/mirrorlist` without the initial `/`, because it's
|
||||
_relative_, not _absolute_, path.
|
||||
|
@ -11,32 +11,32 @@ redirect_from:
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_Also applies to other distributions based on it, how do you change
|
||||
the display manager, aka login screen._
|
||||
_Also applies to other distributions based on it, how do you change the display
|
||||
manager, aka login screen._
|
||||
|
||||
- `--needed` makes pacman not install packages that are already installed.
|
||||
- uncommented line = line that doesn't begin with `#`.
|
||||
- to change DM you don't need to reboot, you can also
|
||||
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this
|
||||
logs you out.
|
||||
- my personal recommendation is using LightDM if it works for you,
|
||||
otherwise sddm. I personally use LightDM, because sddm is missing
|
||||
support for `sudo passwd -de user` [sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
|
||||
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this logs
|
||||
you out.
|
||||
- my personal recommendation is using LightDM if it works for you, otherwise
|
||||
sddm. I personally use LightDM, because sddm is missing support for
|
||||
`sudo passwd -de user`
|
||||
[sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
|
||||
|
||||
## LightDM gtk greeter
|
||||
|
||||
- `sudo pacman --needed -S lightdm lightdm-gtk-greeter accountsservice numlockx`
|
||||
|
||||
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line
|
||||
that starts with `greeter-session=` and change it to
|
||||
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line that
|
||||
starts with `greeter-session=` and change it to
|
||||
`greeter-session=lightdm-gtk-greeter`.
|
||||
|
||||
If you have keyboard with [numpad] you might want to enable Num Lock by
|
||||
default by finding the uncommented line starting with
|
||||
`greeter-setup-script=` and changing it to
|
||||
`greeter-setup-script=/usr/bin/numlockx on`. If there isn't uncommented
|
||||
line anywhere in the file, just uncomment one or add it under the commented
|
||||
line.
|
||||
If you have keyboard with [numpad] you might want to enable Num Lock by default
|
||||
by finding the uncommented line starting with `greeter-setup-script=` and
|
||||
changing it to `greeter-setup-script=/usr/bin/numlockx on`. If there isn't
|
||||
uncommented line anywhere in the file, just uncomment one or add it under the
|
||||
commented line.
|
||||
|
||||
Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
|
||||
|
||||
@ -44,8 +44,8 @@ Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
|
||||
|
||||
- `sudo pacman --needed -S sddm`
|
||||
|
||||
SDDM is simple display manager for all desktop environments and is
|
||||
successor of KDM which is the KDE Display Manager.
|
||||
SDDM is simple display manager for all desktop environments and is successor of
|
||||
KDM which is the KDE Display Manager.
|
||||
|
||||
To create a config file and enable it for next reboot:
|
||||
|
||||
@ -54,20 +54,20 @@ sddm --example-config | sudo tee /etc/sddm.conf
|
||||
sudo systemctl enable -f sddm
|
||||
```
|
||||
|
||||
The lines you might want to change are the one starting with `Nucmlock=`
|
||||
and I recommend changing it to `Numlock=on` if you have the [numpad]. The
|
||||
other line starts with `Current=` and is used to select the current theme.
|
||||
Available themes can be seen with `ls /usr/share/sddm/themes`.
|
||||
The lines you might want to change are the one starting with `Nucmlock=` and I
|
||||
recommend changing it to `Numlock=on` if you have the [numpad]. The other line
|
||||
starts with `Current=` and is used to select the current theme. Available themes
|
||||
can be seen with `ls /usr/share/sddm/themes`.
|
||||
|
||||
KDE users might also want to install `sddm-kcm` which gives GUI
|
||||
for controlling sddm.
|
||||
KDE users might also want to install `sddm-kcm` which gives GUI for controlling
|
||||
sddm.
|
||||
|
||||
## gdm
|
||||
|
||||
- `sudo pacman --needed -S gdm`
|
||||
|
||||
The last display manager I am mentioning is the Gnome Display Manager and
|
||||
is only for Gnome users and I am not so familiar with it and I believe
|
||||
using it is just `sudo systemctl enable -f gdm`.
|
||||
The last display manager I am mentioning is the Gnome Display Manager and is
|
||||
only for Gnome users and I am not so familiar with it and I believe using it is
|
||||
just `sudo systemctl enable -f gdm`.
|
||||
|
||||
[numpad]: https://en.wikipedia.org/wiki/numpad
|
||||
|
@ -8,21 +8,19 @@ redirect_from: /english/2015/11/03/moving.html
|
||||
published: false
|
||||
---
|
||||
|
||||
_As this blog is so depressing and full of Kotka, I should mention that I
|
||||
moved to Lauttasaari (~5km from Helsinki centre) a few days ago._
|
||||
_As this blog is so depressing and full of Kotka, I should mention that I moved
|
||||
to Lauttasaari (~5km from Helsinki centre) a few days ago._
|
||||
|
||||
I think my biggest problems are now over. I can move outside without
|
||||
issues and there are groups I can visit like HeSeta's gaymer's night where
|
||||
I went on the first day here to play board games as I got friend with me.
|
||||
I think my biggest problems are now over. I can move outside without issues and
|
||||
there are groups I can visit like HeSeta's gaymer's night where I went on the
|
||||
first day here to play board games as I got friend with me.
|
||||
|
||||
Getting to places is just 2€ per hour or using season from travel card and
|
||||
works for all public transport. From Lauttasaari it's hopping to bus and
|
||||
then changing to another bus or metro/train/tram. Metro is also coming
|
||||
nearby in August when [West Metro](https://lansimetro.fi/en/home.html)
|
||||
opens.
|
||||
Getting to places is just 2€ per hour or using season from travel card and works
|
||||
for all public transport. From Lauttasaari it's hopping to bus and then changing
|
||||
to another bus or metro/train/tram. Metro is also coming nearby in August when
|
||||
[West Metro](https://lansimetro.fi/en/home.html) opens.
|
||||
|
||||
I don't know about psychiatrical health care yet other than there will be
|
||||
appointment on coming weeks about arranging it.
|
||||
|
||||
_This post is too short for my taste, but so was the previous one about
|
||||
hau._
|
||||
_This post is too short for my taste, but so was the previous one about hau._
|
||||
|
@ -10,61 +10,129 @@ locale: fi_FI
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut
|
||||
vaikea kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian
|
||||
myöhäistä muuttaa._
|
||||
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut vaikea
|
||||
kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian myöhäistä
|
||||
muuttaa._
|
||||
|
||||
---
|
||||
|
||||
Hyvä VASTAANOTTAJA,
|
||||
|
||||
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa ainoastaan naimattomuusvaatimuksen.
|
||||
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain
|
||||
liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa
|
||||
ainoastaan naimattomuusvaatimuksen.
|
||||
|
||||
Se ei riitä, translain täytyy perustua itsemääräämisoikeuteen.
|
||||
|
||||
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se ei ollut virallinen nimeni.
|
||||
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani
|
||||
ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita
|
||||
käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se
|
||||
ei ollut virallinen nimeni.
|
||||
|
||||
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
|
||||
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin
|
||||
korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen
|
||||
henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
|
||||
|
||||
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina "Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies. Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
|
||||
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina
|
||||
"Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies.
|
||||
Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun
|
||||
täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani
|
||||
kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien
|
||||
tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
|
||||
|
||||
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta (jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä kaikki vain tapahtuisi alusta asti uudelleen.
|
||||
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta
|
||||
(jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei
|
||||
kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin
|
||||
päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla
|
||||
hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä
|
||||
kaikki vain tapahtuisi alusta asti uudelleen.
|
||||
|
||||
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden kärsiä näin.
|
||||
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia
|
||||
itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden
|
||||
kärsiä näin.
|
||||
|
||||
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista ilman äänestystä.
|
||||
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa
|
||||
pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista
|
||||
ilman äänestystä.
|
||||
|
||||
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen itsemääräämisoikeudesta uuden translain perusteeksi.
|
||||
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen
|
||||
itsemääräämisoikeudesta uuden translain perusteeksi.
|
||||
|
||||
16.10.2015
|
||||
|
||||
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen lähtökohdaksi
|
||||
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen
|
||||
lähtökohdaksi
|
||||
|
||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen vahvistamiseen riittää henkilön oma ilmoitus.
|
||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan
|
||||
avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt
|
||||
vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen
|
||||
vahvistamiseen riittää henkilön oma ilmoitus.
|
||||
|
||||
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus, lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan ihmisoikeuslähtöiseksi.
|
||||
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus,
|
||||
lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa
|
||||
yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös
|
||||
sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja
|
||||
ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan
|
||||
ihmisoikeuslähtöiseksi.
|
||||
|
||||
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin riittämätön.
|
||||
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain
|
||||
naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon
|
||||
poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin
|
||||
riittämätön.
|
||||
|
||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
|
||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime
|
||||
vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty
|
||||
muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista
|
||||
Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa
|
||||
vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
|
||||
|
||||
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen. Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
|
||||
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty
|
||||
hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin
|
||||
esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön
|
||||
valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut
|
||||
tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan
|
||||
sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve
|
||||
on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset
|
||||
ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen.
|
||||
Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston
|
||||
ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta
|
||||
valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on
|
||||
vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
|
||||
|
||||
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla, transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen osaston asiantuntija Pia Puu Oksanen kysyy.
|
||||
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen
|
||||
syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla,
|
||||
transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä
|
||||
ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen
|
||||
oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen
|
||||
osaston asiantuntija Pia Puu Oksanen kysyy.
|
||||
|
||||
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
|
||||
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset
|
||||
yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta
|
||||
keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen
|
||||
lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava
|
||||
toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja
|
||||
läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
|
||||
|
||||
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle. Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi vähentää halua hakea koulutukseen.
|
||||
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle.
|
||||
Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta
|
||||
jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa
|
||||
kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi
|
||||
vähentää halua hakea koulutukseen.
|
||||
|
||||
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu Mäenpää kertoo.
|
||||
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen
|
||||
juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu
|
||||
Mäenpää kertoo.
|
||||
|
||||
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää, aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle vahvistamiselle.
|
||||
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää,
|
||||
aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle
|
||||
vahvistamiselle.
|
||||
|
||||
Allekirjoittajat:
|
||||
|
||||
Amnesty International, Suomen osasto ry
|
||||
|
||||
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän asiantuntija
|
||||
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän
|
||||
asiantuntija
|
||||
|
||||
Dreamwear Club ry
|
||||
|
||||
@ -86,8 +154,6 @@ Trasek ry
|
||||
|
||||
Antti Karanki, puheenjohtaja
|
||||
|
||||
Ystävällisin terveisin,
|
||||
Mikaela Suomalainen
|
||||
https://mikaela.info
|
||||
Ystävällisin terveisin, Mikaela Suomalainen https://mikaela.info
|
||||
|
||||
---
|
||||
|
@ -9,8 +9,8 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_I am typing this, because there is a lot of misinformation on this,
|
||||
especially about the dynamic DNS part._
|
||||
_I am typing this, because there is a lot of misinformation on this, especially
|
||||
about the dynamic DNS part._
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -48,14 +48,14 @@ Go to the router web panel and IPv6 under advanced settings.
|
||||
|
||||
### IPv6 LAN Setting
|
||||
|
||||
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from
|
||||
tunnelbroker.net tunnel details_
|
||||
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from tunnelbroker.net
|
||||
tunnel details_
|
||||
- LAN Prefix Length: 64
|
||||
|
||||
### IPv6 DNS Setting
|
||||
|
||||
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net
|
||||
says for me)_
|
||||
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net says for
|
||||
me)_
|
||||
- IPv6 DNS Server 2: 2001:4860:4860::8888 _Google DNS 1_
|
||||
- IPv6 DNS Server 3: 2001:4860:4860::8844 _Google DNS 2_
|
||||
|
||||
@ -71,25 +71,24 @@ Go to Advanced Settings, WAN, DDNS
|
||||
- Server: WWW.TUNNELBROKER.NET
|
||||
- Host Name: _tunnel ID from tunnelbroker.net tunnel details_
|
||||
- User Name or E-mail address: \*username of tunnelbroker.net
|
||||
- Password or DDNS Key: _Update Key from tunnel details under the Advanced
|
||||
tab_
|
||||
- Password or DDNS Key: _Update Key from tunnel details under the Advanced tab_
|
||||
|
||||
All guides I have seen say that username is user ID from index of
|
||||
tunnelbroker.net and password is account password, but that doesn't work
|
||||
for me. This is how I got it working guessing the details based on
|
||||
_Example Update URL_ at the same place you got the Update Key.
|
||||
tunnelbroker.net and password is account password, but that doesn't work for me.
|
||||
This is how I got it working guessing the details based on _Example Update URL_
|
||||
at the same place you got the Update Key.
|
||||
|
||||
Now it should either work or not.
|
||||
|
||||
- If it gives error saying something about trying again later, you are
|
||||
doing something wrong.
|
||||
- If it gives error about endpoint IP not changed since the last update,
|
||||
it works.
|
||||
- If it gives error saying something about trying again later, you are doing
|
||||
something wrong.
|
||||
- If it gives error about endpoint IP not changed since the last update, it
|
||||
works.
|
||||
- If you don't get error, it doesn't work.
|
||||
|
||||
Now I would suggest you to go to Administration and from there
|
||||
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button
|
||||
so in case something bad happens you can easily restore the working state.
|
||||
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button so in
|
||||
case something bad happens you can easily restore the working state.
|
||||
|
||||
And I probably shouldn't need to say this, but I will say it
|
||||
anyway: **don't use admin/admin as username/password combination!**
|
||||
And I probably shouldn't need to say this, but I will say it anyway: **don't use
|
||||
admin/admin as username/password combination!**
|
||||
|
@ -18,10 +18,9 @@ It's very simple.
|
||||
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
|
||||
```
|
||||
|
||||
And this is the farthest I have gotten before. But today at IRC there
|
||||
was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq
|
||||
and Fedora unbound. That made me _read the fine manual_ of
|
||||
NetworkManager.conf...
|
||||
And this is the farthest I have gotten before. But today at IRC there was talk
|
||||
on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq and Fedora
|
||||
unbound. That made me _read the fine manual_ of NetworkManager.conf...
|
||||
|
||||
```man
|
||||
dns
|
||||
@ -43,12 +42,14 @@ NetworkManager.conf...
|
||||
none: NetworkManager will not modify resolv.conf.
|
||||
```
|
||||
|
||||
And there is the solution, unbound. The third line of NetworkManager.conf
|
||||
is usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line
|
||||
if it doesn't exist and restart networkmanager with `sudo systemctl restart NetworkManager.service` and your dnssec-trigger should now work.
|
||||
And there is the solution, unbound. The third line of NetworkManager.conf is
|
||||
usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line if it
|
||||
doesn't exist and restart networkmanager with
|
||||
`sudo systemctl restart NetworkManager.service` and your dnssec-trigger should
|
||||
now work.
|
||||
|
||||
And when you `sudo reboot` you should see new dnssec-trigger tray icon in
|
||||
your tray bar or whatever it was called as.
|
||||
And when you `sudo reboot` you should see new dnssec-trigger tray icon in your
|
||||
tray bar or whatever it was called as.
|
||||
|
||||
_Edit_: Arch users do remember do `systemctl enable dnssec-triggerd` and
|
||||
`systemctl enable unbound`.
|
||||
|
@ -10,8 +10,8 @@ sitemap: true
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Sometimes you don't have GUI when you need remote support, luckily you
|
||||
don't need it even if you have only one device._
|
||||
_Sometimes you don't have GUI when you need remote support, luckily you don't
|
||||
need it even if you have only one device._
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -34,17 +34,16 @@ don't need it even if you have only one device._
|
||||
|
||||
## What is what?
|
||||
|
||||
- Tmux is terminal multiplexer which allows you to have "multiple
|
||||
terminals" in one terminal. You can also detach it which means returning
|
||||
to the terminal where you ran tmux leaving tmux and everything there
|
||||
running and later return to it.
|
||||
- Tmux is terminal multiplexer which allows you to have "multiple terminals" in
|
||||
one terminal. You can also detach it which means returning to the terminal
|
||||
where you ran tmux leaving tmux and everything there running and later return
|
||||
to it.
|
||||
- WeeChat is popular text based IRC client.
|
||||
|
||||
## Installing things
|
||||
|
||||
_Note: WeeChat has multiple optional depedencies, but I am only listing
|
||||
the most important ones (I will return to it later) unless they are all
|
||||
in one package._
|
||||
_Note: WeeChat has multiple optional depedencies, but I am only listing the most
|
||||
important ones (I will return to it later) unless they are all in one package._
|
||||
|
||||
- Arch & deriatives:
|
||||
- `sudo pacman --needed -S tmux weechat perl gpm pastebinit`
|
||||
@ -53,14 +52,14 @@ in one package._
|
||||
|
||||
## tmux
|
||||
|
||||
Just run `tmux` and you will find yourself in a new shell, but with tmux
|
||||
bar on the bottom where you see open "windows".
|
||||
Just run `tmux` and you will find yourself in a new shell, but with tmux bar on
|
||||
the bottom where you see open "windows".
|
||||
|
||||
Basic navigation:
|
||||
|
||||
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was
|
||||
developed in screen. That can be changed with tmux.conf (check further
|
||||
reading after WeeChat).
|
||||
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was developed
|
||||
in screen. That can be changed with tmux.conf (check further reading after
|
||||
WeeChat).
|
||||
|
||||
- Ctrl + b + c = new "window"
|
||||
- Ctrl + b + number = move to "window" number
|
||||
@ -70,14 +69,13 @@ reading after WeeChat).
|
||||
|
||||
## WeeChat
|
||||
|
||||
Time to finally go to IRC. Go to tmux first and there run `weechat` (or
|
||||
if your distribution has ancient version of WeeChat, `weechat-curses`, but
|
||||
in that case you should upgrade (if your distribution is
|
||||
Time to finally go to IRC. Go to tmux first and there run `weechat` (or if your
|
||||
distribution has ancient version of WeeChat, `weechat-curses`, but in that case
|
||||
you should upgrade (if your distribution is
|
||||
[Debian/Ubuntu/Raspbian, use this repository](https://weechat.org/download/debian/))).
|
||||
|
||||
WeeChat welcomes you and suggests you to read at least the quickstart
|
||||
guide and recommends reading user's guide too, but in this case we
|
||||
can skip those.
|
||||
WeeChat welcomes you and suggests you to read at least the quickstart guide and
|
||||
recommends reading user's guide too, but in this case we can skip those.
|
||||
|
||||
First we must connect to the network where the support channel of our
|
||||
distribution is.
|
||||
@ -88,42 +86,43 @@ distribution is.
|
||||
- `/connect liberachat`
|
||||
3. Join the channel of your distribution.
|
||||
- `/join #distribution`
|
||||
- you can also join multiple channels at once by separating them by
|
||||
commas e.g. `/join #channel,#channel2`.
|
||||
- you can also join multiple channels at once by separating them by commas
|
||||
e.g. `/join #channel,#channel2`.
|
||||
|
||||
You might want to have friendly channel listing and be able to click the
|
||||
channels with mouse? That is why you installed perl and gpm (you might
|
||||
need to `sudo systemctl start gpm` or whatever init system you use).
|
||||
channels with mouse? That is why you installed perl and gpm (you might need to
|
||||
`sudo systemctl start gpm` or whatever init system you use).
|
||||
|
||||
1. `/script install buffers.pl`
|
||||
2. `/mouse enable`
|
||||
|
||||
Now you should see bar with the core buffer (`weechat`), server buffers
|
||||
merged to it (`liberachat`) and `#distribution`. If mouse doesn't work, you
|
||||
can `/buffer X` where X is the number to move. For moving between merged
|
||||
buffers move to the buffer and press Ctrl + x.
|
||||
Now you should see bar with the core buffer (`weechat`), server buffers merged
|
||||
to it (`liberachat`) and `#distribution`. If mouse doesn't work, you can
|
||||
`/buffer X` where X is the number to move. For moving between merged buffers
|
||||
move to the buffer and press Ctrl + x.
|
||||
|
||||
And the last thing, if you need to see just plain lines without
|
||||
sidebars or anything, press `alt + l` (`alt` can be replaced with `esc`).
|
||||
And the last thing, if you need to see just plain lines without sidebars or
|
||||
anything, press `alt + l` (`alt` can be replaced with `esc`).
|
||||
|
||||
## pastebinit
|
||||
|
||||
You are often wanted to pastebin something which can be difficult without
|
||||
GUI. Luckily there is pastebinit which you can use instead of typing
|
||||
everyting by hand.
|
||||
You are often wanted to pastebin something which can be difficult without GUI.
|
||||
Luckily there is pastebinit which you can use instead of typing everyting by
|
||||
hand.
|
||||
|
||||
Usage:
|
||||
|
||||
- `pastebinit file.txt` to pastebin the content of `file.txt`
|
||||
- `dmesg | pastebinit` to pastebin output of `dmesg`
|
||||
|
||||
Pastebinit replies by givig you address to the paste which you can then
|
||||
give to IRC.
|
||||
Pastebinit replies by givig you address to the paste which you can then give to
|
||||
IRC.
|
||||
|
||||
Alternatives to pastebinit with some pastebins:
|
||||
|
||||
- [ix.io](http://ix.io/): `command | curl -F 'f:1=<-' ix.io`
|
||||
- [sprunge.us](http://sprunge.us/): `command | curl -F 'sprunge=<-' http://sprunge.us`
|
||||
- [sprunge.us](http://sprunge.us/):
|
||||
`command | curl -F 'sprunge=<-' http://sprunge.us`
|
||||
|
||||
These also answer by giving you link to the paste.
|
||||
|
||||
|
@ -8,11 +8,11 @@ redirect_from: /english/2016/03/14/autostart-tmux-weechat.html
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_This is another note-to-self post, but I think other people might also
|
||||
be wondering this._
|
||||
_This is another note-to-self post, but I think other people might also be
|
||||
wondering this._
|
||||
|
||||
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS
|
||||
THE NEXT TIME!**
|
||||
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS THE
|
||||
NEXT TIME!**
|
||||
|
||||
```cron
|
||||
## Environment
|
||||
@ -28,11 +28,10 @@ TZ=Europe/Helsinki
|
||||
```
|
||||
|
||||
- `@reboot` = tell cron to do this on reboot
|
||||
- `sleep 500` = the shell where I intent to use this primarily is using NFS
|
||||
and I think it's reasonable to expect everything to be mounted in five
|
||||
minutes.
|
||||
- `sleep 500` = the shell where I intent to use this primarily is using NFS and
|
||||
I think it's reasonable to expect everything to be mounted in five minutes.
|
||||
- `tmux -2u" = force enable 256 colors & UTF-8
|
||||
- `new-session -s auto -d` = start a new session with name `auto` (as in
|
||||
automatically started) and detach it
|
||||
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named
|
||||
auto and press ENTER to execute it.
|
||||
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named auto
|
||||
and press ENTER to execute it.
|
||||
|
@ -25,36 +25,33 @@ pysyvästi, mutta kirjoittelen siitä nyt kuitenkin._
|
||||
Kaikki luultavasti tietävät, että puhelimet siirtelevät kelloja
|
||||
aikavyöhyketietokannan mukaan, kuten myös tietokoneet.
|
||||
|
||||
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi
|
||||
päivittää puhelimista tai ne jatkaisivat kellojen siirtelyä samoina
|
||||
päivinä, kuin nytkin.
|
||||
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi päivittää
|
||||
puhelimista tai ne jatkaisivat kellojen siirtelyä samoina päivinä, kuin nytkin.
|
||||
|
||||
Ideaalitapauksessa kaikki laitevalmistajat päivittäisivät
|
||||
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta
|
||||
puhelimista.
|
||||
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta puhelimista.
|
||||
|
||||
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme
|
||||
pysyvästi Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi
|
||||
niinkin helppoa kuin poistaa asetuksista automaattinen kellojen siirto
|
||||
käytöstä ja asettaa aika itse.
|
||||
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme pysyvästi
|
||||
Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi niinkin helppoa
|
||||
kuin poistaa asetuksista automaattinen kellojen siirto käytöstä ja asettaa aika
|
||||
itse.
|
||||
|
||||
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös
|
||||
kaksi muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse
|
||||
(_TimeZone Fixer (ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
|
||||
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös kaksi
|
||||
muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse (_TimeZone Fixer
|
||||
(ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
|
||||
|
||||
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla
|
||||
pääkäyttäjäoikeudet, ja sen on sanottu joissakin tapauksessa sekoittavan
|
||||
puhelimen käyttöjärjestelmän niin että se on täytynyt asentaa uudelleen.
|
||||
Tällä tavalla puhelin kuitenkin jatkaa normaalisti toimintaa ulkomailla
|
||||
mukaanlukien maat, jotka ovat vaihtaneet aikavyöhykettä pysyvästi
|
||||
puhelimen aikavyöhyketietokannan tietämättä.
|
||||
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla pääkäyttäjäoikeudet,
|
||||
ja sen on sanottu joissakin tapauksessa sekoittavan puhelimen käyttöjärjestelmän
|
||||
niin että se on täytynyt asentaa uudelleen. Tällä tavalla puhelin kuitenkin
|
||||
jatkaa normaalisti toimintaa ulkomailla mukaanlukien maat, jotka ovat vaihtaneet
|
||||
aikavyöhykettä pysyvästi puhelimen aikavyöhyketietokannan tietämättä.
|
||||
|
||||
Ulkoisella aikavyöhyketietokannalla taas tarkoitan esimerkiksi
|
||||
_ClockSync_-sovellusta, joka päivittää laitteen ajan käyttäen internetin
|
||||
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa,
|
||||
jota käytettäessä laitteen omasta aikavyöhyketietokannasta ei
|
||||
välitetä. Haittapuolena tosin aikavyöhyke täytyy asettaa ClockSyncin
|
||||
asetuksista käsin ja vaihtaa aina esimerkiksi ulkomaille mennessä.
|
||||
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa, jota
|
||||
käytettäessä laitteen omasta aikavyöhyketietokannasta ei välitetä. Haittapuolena
|
||||
tosin aikavyöhyke täytyy asettaa ClockSyncin asetuksista käsin ja vaihtaa aina
|
||||
esimerkiksi ulkomaille mennessä.
|
||||
|
||||
Linkkejä:
|
||||
|
||||
|
@ -8,29 +8,28 @@ redirect_from: /english/2016/09/24/on-facebook.html
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_My wellbeing is more imporant than whatever you do at SOME and I reserve
|
||||
the right to ignore you._
|
||||
_My wellbeing is more imporant than whatever you do at SOME and I reserve the
|
||||
right to ignore you._
|
||||
|
||||
I have had my Facebook deactivated for 24 days. However I have started
|
||||
missing events (as you must be at Facebook to know what is happening)
|
||||
and Nearby friends (good luck getting people to other solutions).
|
||||
I have had my Facebook deactivated for 24 days. However I have started missing
|
||||
events (as you must be at Facebook to know what is happening) and Nearby friends
|
||||
(good luck getting people to other solutions).
|
||||
|
||||
During this time I have been mainly at Twitter and Google+ and in the later
|
||||
I especially like the collections feature which allows me to specify which
|
||||
larger subject my message is related to. I think I will continue using them
|
||||
primarily (even if I should use Diaspora\*).
|
||||
During this time I have been mainly at Twitter and Google+ and in the later I
|
||||
especially like the collections feature which allows me to specify which larger
|
||||
subject my message is related to. I think I will continue using them primarily
|
||||
(even if I should use Diaspora\*).
|
||||
|
||||
I originally left Facebook as it was taking too much of my time in form of
|
||||
idle newsfeed reading and notifications (which I gathered too much from
|
||||
all kinds of groups and people I know IRL (_in real life_) and I just
|
||||
don't like them.
|
||||
I originally left Facebook as it was taking too much of my time in form of idle
|
||||
newsfeed reading and notifications (which I gathered too much from all kinds of
|
||||
groups and people I know IRL (_in real life_) and I just don't like them.
|
||||
|
||||
Now I am returning after I have writing this and as I said on top, I am
|
||||
going to clear notifications aggressively and I will be ignoring you
|
||||
unless there is an emergency in which case you should send me a message
|
||||
and I might take a look at whatever it is. It might mean not reading
|
||||
your posts or newsfeed or replying or even liking your comments, as
|
||||
I care more about my wellbeing than whatever noise you cause burneding me.
|
||||
Now I am returning after I have writing this and as I said on top, I am going to
|
||||
clear notifications aggressively and I will be ignoring you unless there is an
|
||||
emergency in which case you should send me a message and I might take a look at
|
||||
whatever it is. It might mean not reading your posts or newsfeed or replying or
|
||||
even liking your comments, as I care more about my wellbeing than whatever noise
|
||||
you cause burneding me.
|
||||
|
||||
Am I selfish? Note that I am not even obligated to write this post, I
|
||||
just felt like writing this.
|
||||
Am I selfish? Note that I am not even obligated to write this post, I just felt
|
||||
like writing this.
|
||||
|
@ -8,42 +8,40 @@ redirect_from: /finnish/2017/04/18/tanssitunti.html
|
||||
published: false
|
||||
---
|
||||
|
||||
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei
|
||||
ole tässä ja nyt, vuodatuskanava kelpaa._
|
||||
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei ole
|
||||
tässä ja nyt, vuodatuskanava kelpaa._
|
||||
|
||||
_Lisätty blogiin muokkaamattomana alkuperäisellä kirjoituspäivämäärällä
|
||||
2017-04-30._
|
||||
|
||||
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti,
|
||||
mahdollisesti senhetkiseen opetussuunnitelmaan perustuen.
|
||||
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti, mahdollisesti
|
||||
senhetkiseen opetussuunnitelmaan perustuen.
|
||||
|
||||
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit
|
||||
olisivat mahdollisesti voineet olla siedettäviä ellei niistä tulisi
|
||||
traumaattinen kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän
|
||||
unohduttua.
|
||||
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit olisivat
|
||||
mahdollisesti voineet olla siedettäviä ellei niistä tulisi traumaattinen
|
||||
kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän unohduttua.
|
||||
|
||||
Mitälie tanssia varten täytyy aloittaa ottamalla toista, olisikohan ollut
|
||||
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun.
|
||||
Tätä jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja
|
||||
minut siirretään sivuun liikuntavälineiden taakse nurkkaan.
|
||||
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun. Tätä
|
||||
jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja minut
|
||||
siirretään sivuun liikuntavälineiden taakse nurkkaan.
|
||||
|
||||
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta
|
||||
ajatellen miten kaikki olisi paremmin jos vain tappaisin itseni.
|
||||
Näidenkään ajatusten kanssa en saa olla rauhassa vaan kaksi tyttöä tulee
|
||||
kyselemään "ootko autisti" ja yritän olla reagoimatta mitenkään olon
|
||||
pahentuessa lisää.
|
||||
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta ajatellen
|
||||
miten kaikki olisi paremmin jos vain tappaisin itseni. Näidenkään ajatusten
|
||||
kanssa en saa olla rauhassa vaan kaksi tyttöä tulee kyselemään "ootko autisti"
|
||||
ja yritän olla reagoimatta mitenkään olon pahentuessa lisää.
|
||||
|
||||
Opettajat taas eivät tätä koulua käydessäni koskaan kommentoi tapausta.
|
||||
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset
|
||||
ja kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli
|
||||
tutkittu jokaista autismin piirrettä erikseen suunnilleen lapsesta
|
||||
asti ajattelematta niitä yhdessä.
|
||||
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset ja
|
||||
kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli tutkittu
|
||||
jokaista autismin piirrettä erikseen suunnilleen lapsesta asti ajattelematta
|
||||
niitä yhdessä.
|
||||
|
||||
Lisää aiheesta:
|
||||
|
||||
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja
|
||||
riippumattoman muunmoassa domainista ja polusta, mutta nyt en jaksa vaan
|
||||
siirryn ajankohtaisempaan blogaukseen._
|
||||
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja riippumattoman
|
||||
muunmoassa domainista ja polusta, mutta nyt en jaksa vaan siirryn
|
||||
ajankohtaisempaan blogaukseen._
|
||||
|
||||
- https://mikaela.info/blog/english/2015/06/16/feelings.html
|
||||
- https://mikaela.info/about#life
|
||||
|
@ -8,181 +8,177 @@ redirect_from: /english/2017/04/30/post-trans.html
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_A little confusing flood of what my fingers brought up on the last past
|
||||
year and a little more._
|
||||
_A little confusing flood of what my fingers brought up on the last past year
|
||||
and a little more._
|
||||
|
||||
---
|
||||
|
||||
**_CONTENT WARNINGs: NSFW, genitalia, surgery descriptions_**
|
||||
|
||||
I don't have any well-laid plan how to type this post, but lets see what
|
||||
comes out of my fingers. By the way, orchiectomy is surgical removal of
|
||||
testicles, even if it's fun to talk about it without explaining it and have
|
||||
people searxing what it is...
|
||||
I don't have any well-laid plan how to type this post, but lets see what comes
|
||||
out of my fingers. By the way, orchiectomy is surgical removal of testicles,
|
||||
even if it's fun to talk about it without explaining it and have people searxing
|
||||
what it is...
|
||||
|
||||
I don't usually discuss my genitalia, but I feel like I have to make an
|
||||
exception for this post as the majority of trans people only talk about
|
||||
the full genital surgery ("gender-reassignment surgery", but I tend to take
|
||||
the Finnish word and translate it into English, many people don't know
|
||||
that orchiectomy is an option.
|
||||
exception for this post as the majority of trans people only talk about the full
|
||||
genital surgery ("gender-reassignment surgery", but I tend to take the Finnish
|
||||
word and translate it into English, many people don't know that orchiectomy is
|
||||
an option.
|
||||
|
||||
_Dear reader, for this part of this post I am assuming that you are trans
|
||||
as I am typing this for you in hope that it will help you, not for anyone
|
||||
reading this only, because they are curious on what I have between my
|
||||
legs or what trans people have between their legs._
|
||||
_Dear reader, for this part of this post I am assuming that you are trans as I
|
||||
am typing this for you in hope that it will help you, not for anyone reading
|
||||
this only, because they are curious on what I have between my legs or what trans
|
||||
people have between their legs._
|
||||
|
||||
First question would probably be how did I end up to orchiectomy instead of
|
||||
the full genital surgery.
|
||||
First question would probably be how did I end up to orchiectomy instead of the
|
||||
full genital surgery.
|
||||
|
||||
If you have been reading this blog, you know that I was having very bad
|
||||
time mentally suffering from depression, AvPD (it was confirmed and I
|
||||
healed, but that later in this post), anxiety and everything. Thus everyone
|
||||
thought that I wouldn't have mental resources for the full genital surgery.
|
||||
If you have been reading this blog, you know that I was having very bad time
|
||||
mentally suffering from depression, AvPD (it was confirmed and I healed, but
|
||||
that later in this post), anxiety and everything. Thus everyone thought that I
|
||||
wouldn't have mental resources for the full genital surgery.
|
||||
|
||||
If I recall correctly, I was complaining about this at [Transtukipiste](https://transtukipiste.fi/in-english/)
|
||||
(Trans support point, runs peer support groups and supports trans people
|
||||
otherwise) coffee evening and somehow I ended up wondering if I should
|
||||
try getting orchiectomy and someone encouraged me to ask. Could this have
|
||||
even been the last day of 2015...
|
||||
If I recall correctly, I was complaining about this at
|
||||
[Transtukipiste](https://transtukipiste.fi/in-english/) (Trans support point,
|
||||
runs peer support groups and supports trans people otherwise) coffee evening and
|
||||
somehow I ended up wondering if I should try getting orchiectomy and someone
|
||||
encouraged me to ask. Could this have even been the last day of 2015...
|
||||
|
||||
Knowing that orchiectomy doesn't prevent having full genital surgery later
|
||||
(confirm from your doctor though, I only know this is the case in Finland
|
||||
as long as you repeat to your doctor that you want to keep the option
|
||||
open), I asked about the doctor who asked my therapist and (as this post is
|
||||
not about the process) skipping things a little, I finally got permission
|
||||
for it.
|
||||
(confirm from your doctor though, I only know this is the case in Finland as
|
||||
long as you repeat to your doctor that you want to keep the option open), I
|
||||
asked about the doctor who asked my therapist and (as this post is not about the
|
||||
process) skipping things a little, I finally got permission for it.
|
||||
|
||||
At some point before the surgery I started sleeping naked and started becoming very
|
||||
comfortable with my body and I started feeling that I might be happy with
|
||||
just orchiectomy, but I decided that I would think about it after the
|
||||
surgery if I started feeling like it.
|
||||
At some point before the surgery I started sleeping naked and started becoming
|
||||
very comfortable with my body and I started feeling that I might be happy with
|
||||
just orchiectomy, but I decided that I would think about it after the surgery if
|
||||
I started feeling like it.
|
||||
|
||||
---
|
||||
|
||||
**_Same content warnings, except that only now is actually the surgery._**
|
||||
|
||||
On evening of October 17th I took the last Androcur. It's the
|
||||
male-hormone blocker that all trans people are prescribed in Finland by
|
||||
default and the medicine that appears to make almost everyone depressed
|
||||
and I was using half-dosage as it's strong and if you have read my old
|
||||
posts, you have some kind of image on how much I suffered it.
|
||||
On evening of October 17th I took the last Androcur. It's the male-hormone
|
||||
blocker that all trans people are prescribed in Finland by default and the
|
||||
medicine that appears to make almost everyone depressed and I was using
|
||||
half-dosage as it's strong and if you have read my old posts, you have some kind
|
||||
of image on how much I suffered it.
|
||||
|
||||
On the next morning I was at Peijas hospital and had the orchiectomy. I
|
||||
remember being there long time before the appointment and getting a little
|
||||
lost inside the hospital, but when I found there, everything happened
|
||||
easily and I spend there only a few hours. And there was no depression
|
||||
anymore.
|
||||
On the next morning I was at Peijas hospital and had the orchiectomy. I remember
|
||||
being there long time before the appointment and getting a little lost inside
|
||||
the hospital, but when I found there, everything happened easily and I spend
|
||||
there only a few hours. And there was no depression anymore.
|
||||
|
||||
The recovery period should have been two weeks, but the wound opened so
|
||||
it took a little longer, but that isn't what this post is about either.
|
||||
The recovery period should have been two weeks, but the wound opened so it took
|
||||
a little longer, but that isn't what this post is about either.
|
||||
|
||||
---
|
||||
|
||||
What this post is about is how I feel.
|
||||
|
||||
I have finished the trans process. I have a penis and empty testicle sack
|
||||
that has decided to rise up so I don't even see it in the mirror.
|
||||
I have finished the trans process. I have a penis and empty testicle sack that
|
||||
has decided to rise up so I don't even see it in the mirror.
|
||||
|
||||
I don't feel dysphoria or have any issues looking at my own body, no
|
||||
discomfort or anything, I am me. I transitioned for me, not other
|
||||
people and if my genitalia is something people don't expect, that isn't
|
||||
my problem.
|
||||
I don't feel dysphoria or have any issues looking at my own body, no discomfort
|
||||
or anything, I am me. I transitioned for me, not other people and if my
|
||||
genitalia is something people don't expect, that isn't my problem.
|
||||
|
||||
I can use dirtier toilets easily as I don't have to sit down, it doesn't
|
||||
necessary even have to be a toilet and in case there is a long queue, I
|
||||
can also use urinal if I need to.
|
||||
necessary even have to be a toilet and in case there is a long queue, I can also
|
||||
use urinal if I need to.
|
||||
|
||||
Public saunas and changing areas etc.? I am a woman regardless of what
|
||||
people may think about my body parts which aren't their business. I haven't
|
||||
yet visited any of those, but as I said whatever people think isn't my
|
||||
problem. I actually even have a temptation to visit such areas, just
|
||||
because my body is "sinful" and everything, according to whatever you wish
|
||||
to call cis beauty standards. <!-- This is possibly a little kinky. -->
|
||||
Public saunas and changing areas etc.? I am a woman regardless of what people
|
||||
may think about my body parts which aren't their business. I haven't yet visited
|
||||
any of those, but as I said whatever people think isn't my problem. I actually
|
||||
even have a temptation to visit such areas, just because my body is "sinful" and
|
||||
everything, according to whatever you wish to call cis beauty standards.
|
||||
<!-- This is possibly a little kinky. -->
|
||||
|
||||
How do I know that I don't need the full genital surgery? I haven't even
|
||||
thought about it recently and I have no feelings of wrongness or thoughts
|
||||
or anything pointing that I would need it. I even sometimes forget that
|
||||
I am not cis or that my body isn't "normal". _Normal doesn't exist by
|
||||
the way._
|
||||
How do I know that I don't need the full genital surgery? I haven't even thought
|
||||
about it recently and I have no feelings of wrongness or thoughts or anything
|
||||
pointing that I would need it. I even sometimes forget that I am not cis or that
|
||||
my body isn't "normal". _Normal doesn't exist by the way._
|
||||
|
||||
Trans people are also often worried about erections, based on my
|
||||
experience and what I have heard, I think it depends entirely on your
|
||||
relationship with your body. I have them sometimes as I am a human
|
||||
and asexuality doesn't close them out.
|
||||
Trans people are also often worried about erections, based on my experience and
|
||||
what I have heard, I think it depends entirely on your relationship with your
|
||||
body. I have them sometimes as I am a human and asexuality doesn't close them
|
||||
out.
|
||||
|
||||
I feel indifferent about them, but that might be connected to me
|
||||
being asexual or also being sex-repulsed which to me means that
|
||||
I feel repulsed seeing erections or bodily fluids.
|
||||
I feel indifferent about them, but that might be connected to me being asexual
|
||||
or also being sex-repulsed which to me means that I feel repulsed seeing
|
||||
erections or bodily fluids.
|
||||
|
||||
---
|
||||
|
||||
_Should I content warning about Esperanto?_
|
||||
|
||||
After the surgery I have heard that people often have crisis on what to do
|
||||
after transition. I solved that by becoming insane :D
|
||||
After the surgery I have heard that people often have crisis on what to do after
|
||||
transition. I solved that by becoming insane :D
|
||||
|
||||
I read about Esperanto, which is the most spoken artificial language in
|
||||
the world and then I just had to learn it. I did Duolingo and associated
|
||||
Memrise course for three months ... <em lang="eo">kaj mi parolas
|
||||
Esperanton!</em>
|
||||
I read about Esperanto, which is the most spoken artificial language in the
|
||||
world and then I just had to learn it. I did Duolingo and associated Memrise
|
||||
course for three months ... <em lang="eo">kaj mi parolas Esperanton!</em>
|
||||
|
||||
Thanks to online-friend I also happened to read about Buddhism and it made
|
||||
a lot more sense than Christianity that was forced on me ever did. It's
|
||||
more on experiencing things than believing blindly and even Buddha said
|
||||
_don't believe me, experience it by yourself_ and I started trying to
|
||||
use their methods (you may have heard _Mindfulness_) or maybe it would be
|
||||
more accurate to say that I started practicing it.
|
||||
Thanks to online-friend I also happened to read about Buddhism and it made a lot
|
||||
more sense than Christianity that was forced on me ever did. It's more on
|
||||
experiencing things than believing blindly and even Buddha said _don't believe
|
||||
me, experience it by yourself_ and I started trying to use their methods (you
|
||||
may have heard _Mindfulness_) or maybe it would be more accurate to say that I
|
||||
started practicing it.
|
||||
|
||||
If individuality is an illusion, how could I be worse than everyone else?
|
||||
If past and future aren't here _now_ and I am finally "given" the
|
||||
permission to let go of them, why should I be stuck in the past? And the
|
||||
future won't be like I think so why be stuck in imaginary future on my
|
||||
worseness?
|
||||
If individuality is an illusion, how could I be worse than everyone else? If
|
||||
past and future aren't here _now_ and I am finally "given" the permission to let
|
||||
go of them, why should I be stuck in the past? And the future won't be like I
|
||||
think so why be stuck in imaginary future on my worseness?
|
||||
|
||||
The books I read are _How To Be An Adult in Relationships_ by
|
||||
_David Richo_ (thanks to [attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
|
||||
The books I read are _How To Be An Adult in Relationships_ by _David Richo_
|
||||
(thanks to
|
||||
[attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
|
||||
which recommends a different book with similar name, so happy accident
|
||||
happened), _The Way Things Are_ by _Lama Ole Nydahl_ and _Living Dharma_ by
|
||||
_Lama Yeshe Losaf_. I am also reading more books about the subject, those
|
||||
were about Diamond Way Buddhism and now I am reading about Zen
|
||||
(_Everyday Zen_ by _Charlotte Joko Beck_ (this seems to be for Zen what
|
||||
_Living Dharma_ is for Diamond Way.)
|
||||
_Lama Yeshe Losaf_. I am also reading more books about the subject, those were
|
||||
about Diamond Way Buddhism and now I am reading about Zen (_Everyday Zen_ by
|
||||
_Charlotte Joko Beck_ (this seems to be for Zen what _Living Dharma_ is for
|
||||
Diamond Way.)
|
||||
|
||||
_No one is perfect, including you, everyone makes mistake._
|
||||
|
||||
_Everyone is as capable to hurting you as making you good._
|
||||
|
||||
So I have learned Esperanto and according to my mother <em lang="eo">mi diras Esperanto
|
||||
duono de tempo</em> and came to religion, can I be more crazy?
|
||||
So I have learned Esperanto and according to my mother <em lang="eo">mi diras
|
||||
Esperanto duono de tempo</em> and came to religion, can I be more crazy?
|
||||
|
||||
Esperanto gave me self-esteem with my capability of learning languages so
|
||||
I started learning
|
||||
Esperanto gave me self-esteem with my capability of learning languages so I
|
||||
started learning
|
||||
|
||||
- Swedish, which I regret not learning at junior high school, but I had
|
||||
dysphoria, bullying, suicidality, depression and everything and I think
|
||||
I hear it in Helsinki daily and it's also official language in Finland.
|
||||
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like Esperanto so
|
||||
I feel I almost understand everything written in it and it's the second
|
||||
most spoken language in the world, so I have to learn it.
|
||||
dysphoria, bullying, suicidality, depression and everything and I think I hear
|
||||
it in Helsinki daily and it's also official language in Finland.
|
||||
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like
|
||||
Esperanto so I feel I almost understand everything written in it and it's the
|
||||
second most spoken language in the world, so I have to learn it.
|
||||
- Lojban thanks to the friend mentioned earlier.
|
||||
|
||||
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas hispanan,
|
||||
la svennan kaj la lojbanon.</em> Entirely sane.
|
||||
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas
|
||||
hispanan, la svennan kaj la lojbanon.</em> Entirely sane.
|
||||
|
||||
---
|
||||
|
||||
And life otherwise, I haven't gotten to continue studying yet, which I
|
||||
think was mentioned as a goal in the other posts, but I just wasn't able
|
||||
to. I have applied to four places and I think I failed one entrance
|
||||
examination, but that is three left.
|
||||
And life otherwise, I haven't gotten to continue studying yet, which I think was
|
||||
mentioned as a goal in the other posts, but I just wasn't able to. I have
|
||||
applied to four places and I think I failed one entrance examination, but that
|
||||
is three left.
|
||||
|
||||
I was also local election candidate for Helsinki Pirates (part of Pirate
|
||||
Party Finland) and I got surprisingly many votes (20 IIRC) and collective
|
||||
votes helped us get one candidate through to the Helsinki municipal
|
||||
council and we also got some other seats and backup seats.
|
||||
I was also local election candidate for Helsinki Pirates (part of Pirate Party
|
||||
Finland) and I got surprisingly many votes (20 IIRC) and collective votes helped
|
||||
us get one candidate through to the Helsinki municipal council and we also got
|
||||
some other seats and backup seats.
|
||||
|
||||
I think I have finished typing this blog post now. However I was supposed
|
||||
to start this with an apology about some of my old blog posts (which I am not censoring as I don't feel like that would be the right thing either),
|
||||
so I apologise about them now. I don't know if the text says it, but I
|
||||
feel like I have improved as a person a lot in addition to getting over
|
||||
mental health issues and finishing the trans process.
|
||||
I think I have finished typing this blog post now. However I was supposed to
|
||||
start this with an apology about some of my old blog posts (which I am not
|
||||
censoring as I don't feel like that would be the right thing either), so I
|
||||
apologise about them now. I don't know if the text says it, but I feel like I
|
||||
have improved as a person a lot in addition to getting over mental health issues
|
||||
and finishing the trans process.
|
||||
|
@ -13,31 +13,30 @@ published: false
|
||||
|
||||
_FAQ at SailfishOS Fan Club: why everything was made worse for Matrix users?_
|
||||
|
||||
I am not sure which order should I put the issues with TeleMatrix in and
|
||||
the first issue is actually multiple interlinked issues and I am just
|
||||
trying to open it somehow.
|
||||
I am not sure which order should I put the issues with TeleMatrix in and the
|
||||
first issue is actually multiple interlinked issues and I am just trying to open
|
||||
it somehow.
|
||||
|
||||
---
|
||||
|
||||
Issue 1: Matrix display names are based on Telegram real name and not
|
||||
username. In practive this means that Matrix (and IRC) users won't know
|
||||
what is the username to use in order to ping a Telegram user.
|
||||
Issue 1: Matrix display names are based on Telegram real name and not username.
|
||||
In practive this means that Matrix (and IRC) users won't know what is the
|
||||
username to use in order to ping a Telegram user.
|
||||
|
||||
This was workaroundable by setting Telegram real name into `@username`, but
|
||||
the new Riot Web mentions broke this.
|
||||
This was workaroundable by setting Telegram real name into `@username`, but the
|
||||
new Riot Web mentions broke this.
|
||||
|
||||
And as display names at Telegram don't have any limitations (unlike
|
||||
usernames), everyone who had only UTF-8 characters as their "real name" at
|
||||
Telegram became "Telegram" at IRC and as there were 5 users named Telegram,
|
||||
the IRC bridge got easily confused on who is who and lost the connection
|
||||
between Matrix and IRC users resulting into the IRC bridge repeating
|
||||
everything the Matrix user said resulting into duplicated messages at
|
||||
Matrix and Telegram.
|
||||
And as display names at Telegram don't have any limitations (unlike usernames),
|
||||
everyone who had only UTF-8 characters as their "real name" at Telegram became
|
||||
"Telegram" at IRC and as there were 5 users named Telegram, the IRC bridge got
|
||||
easily confused on who is who and lost the connection between Matrix and IRC
|
||||
users resulting into the IRC bridge repeating everything the Matrix user said
|
||||
resulting into duplicated messages at Matrix and Telegram.
|
||||
|
||||
As requested, I workarounded this by setting quiet on `#jollafanclub` for
|
||||
`*Telegram*!*@*` preventing anyone whose username nickname included the
|
||||
word Telegram from saying anything. Thus IRC users were unable to see
|
||||
parts of discussion with at least 5 users missing.
|
||||
`*Telegram*!*@*` preventing anyone whose username nickname included the word
|
||||
Telegram from saying anything. Thus IRC users were unable to see parts of
|
||||
discussion with at least 5 users missing.
|
||||
|
||||
- [Telematrix#28: Replying from Matrix to Telegram doesn't ping the user](https://github.com/SijmenSchoon/telematrix/issues/28)
|
||||
- [Telematrix#33: Allow configuring bridged user display name format](https://github.com/SijmenSchoon/telematrix/issues/33)
|
||||
@ -51,83 +50,85 @@ parts of discussion with at least 5 users missing.
|
||||
Issue 2: When Telegram users replied to messages, Telematrix sent the whole
|
||||
original message to Matrix/IRC.
|
||||
|
||||
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins
|
||||
every message that goes over three lines in order to avoid angering IRC ops
|
||||
and serverside antispam measures.
|
||||
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins every
|
||||
message that goes over three lines in order to avoid angering IRC ops and
|
||||
serverside antispam measures.
|
||||
|
||||
For example normal message from Telegram user would become this at IRC.
|
||||
|
||||
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message: Mikaela-\_2017-09-19_13:30:08.txt <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
|
||||
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message:
|
||||
> Mikaela-\_2017-09-19_13:30:08.txt
|
||||
> <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
|
||||
|
||||
_Where I said Telegram, I meant TeleMatrix, and only noticed this later._
|
||||
|
||||
Telegram users often reply to each other and when half of the discussion
|
||||
is like this and requires clicking all the time, IRC users simply cannot
|
||||
follow the discussion. For some reason I got the impression that Matrix
|
||||
users don't mind if their messages get unreadable for IRC and Telegram
|
||||
users.
|
||||
Telegram users often reply to each other and when half of the discussion is like
|
||||
this and requires clicking all the time, IRC users simply cannot follow the
|
||||
discussion. For some reason I got the impression that Matrix users don't mind if
|
||||
their messages get unreadable for IRC and Telegram users.
|
||||
|
||||
For comparsion, here is how TeleIRC with the current configuration looks
|
||||
like, a little ugly, but no need to switch apps or click dozens of links.
|
||||
For comparsion, here is how TeleIRC with the current configuration looks like, a
|
||||
little ugly, but no need to switch apps or click dozens of links.
|
||||
|
||||
```
|
||||
2017-09-19 16:28:03+0300 <#@M1kaela> Typing an example message for my blog post. This is the first line. … This is the second line. … This is the third line.
|
||||
2017-09-19 16:28:56+0300 <#@oldandwise> @@M1kaela [Typing an example message …], typing an example of reply for your blog, … you haven't asked but i assumed it may be helpful. … would it be?
|
||||
```
|
||||
|
||||
_I am using WeeChat script parse_relayed_msg.pl, normal users would see
|
||||
the message in the following format:_
|
||||
_I am using WeeChat script parse_relayed_msg.pl, normal users would see the
|
||||
message in the following format:_
|
||||
|
||||
- `<T4> <@TelegramUserName> @@OriginalAuthor [Snippet of original message]`
|
||||
|
||||
_The double @ is caused by setting username format in TeleIRC config.js to
|
||||
start with @ in order to remind users that the @ is necessary to ping
|
||||
Telegram users._
|
||||
_The double @ is caused by setting username format in TeleIRC config.js to start
|
||||
with @ in order to remind users that the @ is necessary to ping Telegram users._
|
||||
|
||||
_This is technically not an issue in either associated project, so I cannot
|
||||
add issue links._
|
||||
_This is technically not an issue in either associated project, so I cannot add
|
||||
issue links._
|
||||
|
||||
---
|
||||
|
||||
Minor(?) technical(?) issues:
|
||||
|
||||
- Telegram users appear as separate IRC connections draining resources
|
||||
on both matrix.org (running the bridge) and IRC server and freenode
|
||||
has expressed being unhappy about idle connections. In case of SailfishOS
|
||||
Fan Club this meant 300 additional connections.
|
||||
- The Telegram users also cannot be sent private messages and all
|
||||
Matrix/IRC users appear as single bot at Telegram, so I don't think
|
||||
it's worth it.
|
||||
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot
|
||||
more maintained, but it doesn't have this many/serious issues).
|
||||
- Telegram users appear as separate IRC connections draining resources on both
|
||||
matrix.org (running the bridge) and IRC server and freenode has expressed
|
||||
being unhappy about idle connections. In case of SailfishOS Fan Club this
|
||||
meant 300 additional connections.
|
||||
- The Telegram users also cannot be sent private messages and all Matrix/IRC
|
||||
users appear as single bot at Telegram, so I don't think it's worth it.
|
||||
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot more
|
||||
maintained, but it doesn't have this many/serious issues).
|
||||
|
||||
Links:
|
||||
|
||||
- Freenode's unhappiness:
|
||||
- [matrix-appservice-irc#388: Please can we regularly and automatically reap idle-presence connections on all networks](https://github.com/matrix-org/matrix-appservice-irc/issues/388)
|
||||
- [matrix-appservice-irc#450: Channels on IRC that contain only matrix users should not be bridged to IRC](https://github.com/matrix-org/matrix-appservice-irc/issues/450)
|
||||
- BONUS: [TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
|
||||
- tchncs.de instance is running modified code with this behaviour
|
||||
disabled, I had originally forgotten it from this post.
|
||||
- BONUS:
|
||||
[TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
|
||||
- tchncs.de instance is running modified code with this behaviour disabled, I
|
||||
had originally forgotten it from this post.
|
||||
|
||||
---
|
||||
|
||||
Proposed solution: Changing the middle protocol from IRC to Telegram as
|
||||
Matrix didn't work as can be read from this article, so everyone is happy.
|
||||
Proposed solution: Changing the middle protocol from IRC to Telegram as Matrix
|
||||
didn't work as can be read from this article, so everyone is happy.
|
||||
|
||||
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users
|
||||
wouldn't suffer any worse experience than before and I wouldn't need to
|
||||
type this article.
|
||||
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users wouldn't
|
||||
suffer any worse experience than before and I wouldn't need to type this
|
||||
article.
|
||||
|
||||
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram
|
||||
would see everyone and IRC and Matrix wouldn't see each other.
|
||||
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram would
|
||||
see everyone and IRC and Matrix wouldn't see each other.
|
||||
|
||||
> 2. Bot admins and bots with privacy mode disabled will receive all
|
||||
> messages except messages sent by other bots.
|
||||
> 2. Bot admins and bots with privacy mode disabled will receive all messages
|
||||
> except messages sent by other bots.
|
||||
|
||||
> Bots talking to each other could potentially get stuck in unwelcome
|
||||
> loops. To avoid this, we decided that bots will not be able to see
|
||||
> messages from other bots regardless of mode.
|
||||
> Bots talking to each other could potentially get stuck in unwelcome loops. To
|
||||
> avoid this, we decided that bots will not be able to see messages from other
|
||||
> bots regardless of mode.
|
||||
|
||||
via [Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get) "What messages will my bot get?" and "Why doesn't my bot see
|
||||
messages from other bots?" on 2017-09-19.
|
||||
via
|
||||
[Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get)
|
||||
"What messages will my bot get?" and "Why doesn't my bot see messages from other
|
||||
bots?" on 2017-09-19.
|
||||
|
@ -8,22 +8,22 @@ redirect_from: /english/2017/09/29/as-hsp-sensory-stimulus-stress.html
|
||||
sitemap: false
|
||||
---
|
||||
|
||||
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from
|
||||
me often if we are any closer. I have been planning typing this for some
|
||||
time now, so people would hopefully understand me better._
|
||||
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from me
|
||||
often if we are any closer. I have been planning typing this for some time now,
|
||||
so people would hopefully understand me better._
|
||||
|
||||
I have no idea how I should type this post, so I will just go to how I feel
|
||||
like typing this, so I will start from my events of 19th, continue to 20th
|
||||
and jump to today before trying to explain what is sensory stimulus stress
|
||||
without examples.
|
||||
I have no idea how I should type this post, so I will just go to how I feel like
|
||||
typing this, so I will start from my events of 19th, continue to 20th and jump
|
||||
to today before trying to explain what is sensory stimulus stress without
|
||||
examples.
|
||||
|
||||
I guess that before I do that, I should explain the beginning of the title.
|
||||
|
||||
I am an autist (I have diagnosed Asperger's syndrome) and a highly
|
||||
sensitive person (HSP) and while over (and under) sensitive senses are
|
||||
associated mainly with autism, they are also part of high sensitivity
|
||||
and I cannot separate what causes which trait for me. They have some
|
||||
overlap and some conflicts that are interesting to me.
|
||||
I am an autist (I have diagnosed Asperger's syndrome) and a highly sensitive
|
||||
person (HSP) and while over (and under) sensitive senses are associated mainly
|
||||
with autism, they are also part of high sensitivity and I cannot separate what
|
||||
causes which trait for me. They have some overlap and some conflicts that are
|
||||
interesting to me.
|
||||
|
||||
_UPDATE: Asperger's Syndrome is being removed from the diagnostics manuals
|
||||
leaving only Autism Spectrum Disorder._
|
||||
@ -33,209 +33,200 @@ leaving only Autism Spectrum Disorder._
|
||||
2017-09-19
|
||||
|
||||
There isn't much to say of that day, I had a dental operation under local
|
||||
anesthesia. In the evening I was somewhat ill and had to disable some
|
||||
lights and even then fridge light hurt my eyes. Interestingly after
|
||||
vomiting my senses were like they usually are.
|
||||
anesthesia. In the evening I was somewhat ill and had to disable some lights and
|
||||
even then fridge light hurt my eyes. Interestingly after vomiting my senses were
|
||||
like they usually are.
|
||||
|
||||
2017-09-20
|
||||
|
||||
Regardless of being ill on the previous night, I found myself from my
|
||||
politics hobby and agreed to be someone from Young Pirates at Metropolia
|
||||
University of Applied Sciences term starting sports party MetroSport.
|
||||
Regardless of being ill on the previous night, I found myself from my politics
|
||||
hobby and agreed to be someone from Young Pirates at Metropolia University of
|
||||
Applied Sciences term starting sports party MetroSport.
|
||||
|
||||
I started by quickly visiting our office to fetch Pirate vests by taking a
|
||||
bus and hopping onto metro. From there I continued unfamiliar route using
|
||||
[Moovit] to reach tram and then to bus stop where I would reach the bus
|
||||
taking me to Vantaa and the event.
|
||||
I started by quickly visiting our office to fetch Pirate vests by taking a bus
|
||||
and hopping onto metro. From there I continued unfamiliar route using [Moovit]
|
||||
to reach tram and then to bus stop where I would reach the bus taking me to
|
||||
Vantaa and the event.
|
||||
|
||||
[moovit]: https://moovitapp.com/
|
||||
|
||||
Being a sports event it naturally happened at sports hall where I had to
|
||||
start by wearing ear fillers and sun glasses as it was so loud, because
|
||||
of the amount of people and different music from multiple sources and there
|
||||
were bright lights.
|
||||
Being a sports event it naturally happened at sports hall where I had to start
|
||||
by wearing ear fillers and sun glasses as it was so loud, because of the amount
|
||||
of people and different music from multiple sources and there were bright
|
||||
lights.
|
||||
|
||||
I spent a few hours there with another Pirate activist before leaving for
|
||||
open doors of Helsinki Pirates which later turned out to be a mistake.
|
||||
I spent a few hours there with another Pirate activist before leaving for open
|
||||
doors of Helsinki Pirates which later turned out to be a mistake.
|
||||
|
||||
We walked to train station from where I took a train and later a metro to
|
||||
the office again. At first there were only a few of us activists before
|
||||
other people started appearing and then we possibly had a record on the
|
||||
amount of new people who were interested about the party.
|
||||
We walked to train station from where I took a train and later a metro to the
|
||||
office again. At first there were only a few of us activists before other people
|
||||
started appearing and then we possibly had a record on the amount of new people
|
||||
who were interested about the party.
|
||||
|
||||
I had had too much of draining events, so at some point I left quietly
|
||||
explaining to activist outside how I was leaving as I had had too much
|
||||
of sensory stimuluss stress and I possibly started crying at that point, I
|
||||
am not sure.
|
||||
explaining to activist outside how I was leaving as I had had too much of
|
||||
sensory stimuluss stress and I possibly started crying at that point, I am not
|
||||
sure.
|
||||
|
||||
I am sure that I was crying when I encountered another activist going to
|
||||
the open doors at metro station where I said the same things.
|
||||
I am sure that I was crying when I encountered another activist going to the
|
||||
open doors at metro station where I said the same things.
|
||||
|
||||
_I don't know how much it would be OK for me to say, so I am saying barely
|
||||
anything about the people involved. I don't know if anyone of them
|
||||
understood what I meant, but at home I thought more about finally typing
|
||||
this and wrote it down onto a piece of paper._
|
||||
anything about the people involved. I don't know if anyone of them understood
|
||||
what I meant, but at home I thought more about finally typing this and wrote it
|
||||
down onto a piece of paper._
|
||||
|
||||
2017-09-29 (today)
|
||||
|
||||
Last night I slept a little worse than usually and I have been tired and
|
||||
my senses more sensitive than usually, but not as sensitive as if I was
|
||||
ill.
|
||||
Last night I slept a little worse than usually and I have been tired and my
|
||||
senses more sensitive than usually, but not as sensitive as if I was ill.
|
||||
|
||||
My mother was visiting me and that made me be affected by the world more
|
||||
than usually.
|
||||
My mother was visiting me and that made me be affected by the world more than
|
||||
usually.
|
||||
|
||||
First I took a bus to the nearest _open_ metro station and went to
|
||||
Central Railway Station to fetch her, we visited library and returned to
|
||||
my apartment. Later we ate at nearby salad bar and I escorted her to
|
||||
tram stop where she continued elsewhere with my grandmother.
|
||||
First I took a bus to the nearest _open_ metro station and went to Central
|
||||
Railway Station to fetch her, we visited library and returned to my apartment.
|
||||
Later we ate at nearby salad bar and I escorted her to tram stop where she
|
||||
continued elsewhere with my grandmother.
|
||||
|
||||
Returning home I had again had too much, this time I didn't cry, but I
|
||||
think panic attack was close as I was using a full bus which I reached
|
||||
through full shopping centre that was having some sort of a shopping party.
|
||||
Returning home I had again had too much, this time I didn't cry, but I think
|
||||
panic attack was close as I was using a full bus which I reached through full
|
||||
shopping centre that was having some sort of a shopping party.
|
||||
|
||||
I survived by focusing on my breathing and listening to music with
|
||||
wireless earbud/microphone as it wasn't so long bus trip. And then it's
|
||||
typing this blog with some distractions.
|
||||
I survived by focusing on my breathing and listening to music with wireless
|
||||
earbud/microphone as it wasn't so long bus trip. And then it's typing this blog
|
||||
with some distractions.
|
||||
|
||||
---
|
||||
|
||||
Now I have typed some sort of a introduction to this post and some events
|
||||
on three days, I think it's the time to say why, which I think might
|
||||
be the most difficult part of this post.
|
||||
Now I have typed some sort of a introduction to this post and some events on
|
||||
three days, I think it's the time to say why, which I think might be the most
|
||||
difficult part of this post.
|
||||
|
||||
_I think I should disclaim that I am not a mental health professional or
|
||||
researcher or neurologist or anything (I do have vocational qualification
|
||||
on business information technology though) and this is based on my lived
|
||||
experience (even if I only heard of highly sensitive people this year and
|
||||
was told that I am one by my therapist) and what I have understood from
|
||||
talking with professionals, reading books, watching documentaries etc._
|
||||
researcher or neurologist or anything (I do have vocational qualification on
|
||||
business information technology though) and this is based on my lived experience
|
||||
(even if I only heard of highly sensitive people this year and was told that I
|
||||
am one by my therapist) and what I have understood from talking with
|
||||
professionals, reading books, watching documentaries etc._
|
||||
|
||||
When I previously talked with my therapist on the subject, I explained that
|
||||
it's like there is a battery that is drained by sensory stimulus stress
|
||||
and breaking down crying is one sign of it being critically low and
|
||||
requiring recharge. Typing this I guess that panic attack might be
|
||||
short-circuiting the battery?
|
||||
When I previously talked with my therapist on the subject, I explained that it's
|
||||
like there is a battery that is drained by sensory stimulus stress and breaking
|
||||
down crying is one sign of it being critically low and requiring recharge.
|
||||
Typing this I guess that panic attack might be short-circuiting the battery?
|
||||
|
||||
And now I finally get to the point (if I wasn't in the point all the
|
||||
time?), what is that _sensory stimulus stress_? It's everything that is
|
||||
sensed, regardless of whether it's positive, neutral or negative. I think
|
||||
positive might drain the battery slower than negative would, but it will
|
||||
drain regardless.
|
||||
And now I finally get to the point (if I wasn't in the point all the time?),
|
||||
what is that _sensory stimulus stress_? It's everything that is sensed,
|
||||
regardless of whether it's positive, neutral or negative. I think positive might
|
||||
drain the battery slower than negative would, but it will drain regardless.
|
||||
|
||||
If you have any knowledge about autism, you probably know that people on
|
||||
the spectrum need time to recover from social interactions. Do you know
|
||||
why? Yes, sensory stimulus stress is behind it too, hearing other people,
|
||||
hearing own talking, background noise, looking anywhere, colours.
|
||||
Especially maintaining eye contact is a good way of draining.
|
||||
If you have any knowledge about autism, you probably know that people on the
|
||||
spectrum need time to recover from social interactions. Do you know why? Yes,
|
||||
sensory stimulus stress is behind it too, hearing other people, hearing own
|
||||
talking, background noise, looking anywhere, colours. Especially maintaining eye
|
||||
contact is a good way of draining.
|
||||
|
||||
If I return to the first day/night that I talked about, I was ill, so my
|
||||
senses were a lot more sensitive than usually so even the fridge light
|
||||
hurt my eyes while often I might not be mindful about it being there.
|
||||
If I return to the first day/night that I talked about, I was ill, so my senses
|
||||
were a lot more sensitive than usually so even the fridge light hurt my eyes
|
||||
while often I might not be mindful about it being there.
|
||||
|
||||
On the second day, there were the people, the buses, the trams, PA systems,
|
||||
escalators, metros, music (that I listened during transport to drain more
|
||||
slowly), lights and everything. As with illness, stress also causes faster
|
||||
draining and stress is easy to get by going into a new situation at new
|
||||
place with new people and being hungry makes highly sensitive people
|
||||
horrible.
|
||||
draining and stress is easy to get by going into a new situation at new place
|
||||
with new people and being hungry makes highly sensitive people horrible.
|
||||
|
||||
On the third day, today, there were other people (naturally, I live in the
|
||||
capital of Finland), bus, escalators, metro, musician between central
|
||||
railway station and the metro station, PA systems, talking with mother,
|
||||
grocery store noises, being at my apartment with mother having tea and
|
||||
talking, during lunch there was also some machine keeping noise etc.
|
||||
capital of Finland), bus, escalators, metro, musician between central railway
|
||||
station and the metro station, PA systems, talking with mother, grocery store
|
||||
noises, being at my apartment with mother having tea and talking, during lunch
|
||||
there was also some machine keeping noise etc.
|
||||
|
||||
I think this is the place for the _do you hear sounds that other people
|
||||
don't hear_ joke. _Yes, I do, as my family is half-deaf and we have family
|
||||
joke on how I should share some of my hearing_ even if how good and how
|
||||
sensitive hearing is are two separate things.
|
||||
I think this is the place for the _do you hear sounds that other people don't
|
||||
hear_ joke. _Yes, I do, as my family is half-deaf and we have family joke on how
|
||||
I should share some of my hearing_ even if how good and how sensitive hearing is
|
||||
are two separate things.
|
||||
|
||||
I think this post is finished with the exception of one thing which I am
|
||||
not sure if I wish to type. However I feel that my typing finally started
|
||||
flowing well after hours of trying to get this into words and I think
|
||||
it would be unfair from me to say that everything is draining, so I think
|
||||
I should type some of the methods that I discussed with my previous
|
||||
therapist to ease the situation.
|
||||
I think this post is finished with the exception of one thing which I am not
|
||||
sure if I wish to type. However I feel that my typing finally started flowing
|
||||
well after hours of trying to get this into words and I think it would be unfair
|
||||
from me to say that everything is draining, so I think I should type some of the
|
||||
methods that I discussed with my previous therapist to ease the situation.
|
||||
|
||||
_I must again disclaim that this might only apply to me and not to you
|
||||
(when did I make the reader another aspie or HSP?), and I should
|
||||
probably say that my senses are mostly oversensitive except that my
|
||||
sense of touch defies logic and can either make me feel "hug deprived" and
|
||||
wishing that someone would touch me or send me into panic attack from
|
||||
someone accidentally touching me from behind..._
|
||||
_I must again disclaim that this might only apply to me and not to you (when did
|
||||
I make the reader another aspie or HSP?), and I should probably say that my
|
||||
senses are mostly oversensitive except that my sense of touch defies logic and
|
||||
can either make me feel "hug deprived" and wishing that someone would touch me
|
||||
or send me into panic attack from someone accidentally touching me from
|
||||
behind..._
|
||||
|
||||
- General: Pushing the wall with strength for around 15 to 30 seconds.
|
||||
- Hearing: Music that you like from earbuds or similar, preferably
|
||||
something that reminds you of some very good experience.
|
||||
- Hearing: Music that you like from earbuds or similar, preferably something
|
||||
that reminds you of some very good experience.
|
||||
- Seeing: pastel/pale colours.
|
||||
- I would like to add that bright colours are especially bad and I hate
|
||||
stripes and balls and dots and prefer my clothing to be single colour
|
||||
while I might wear clothes that I would dislike seeing.
|
||||
- I think we talked something about black being a neutral colour that
|
||||
isn't draining while it might not help easing sensory stimulus stress
|
||||
either. I recommend using dark themes on phones and everything that
|
||||
has the option for it.
|
||||
- Smell: leaving the situation or avoiding, but it might also help to
|
||||
get a pleasant smelling lip balm that could be stealthily smelled
|
||||
while applying it.
|
||||
stripes and balls and dots and prefer my clothing to be single colour while
|
||||
I might wear clothes that I would dislike seeing.
|
||||
- I think we talked something about black being a neutral colour that isn't
|
||||
draining while it might not help easing sensory stimulus stress either. I
|
||||
recommend using dark themes on phones and everything that has the option for
|
||||
it.
|
||||
- Smell: leaving the situation or avoiding, but it might also help to get a
|
||||
pleasant smelling lip balm that could be stealthily smelled while applying
|
||||
it.
|
||||
- Sense: massaging with a (stress) ball.
|
||||
- I would very often like a hug or to be touched, but when I am
|
||||
asked if anyone can do anything to help me, I will lie and say
|
||||
nothing as I am often ashamed of having undersensitive sense of
|
||||
touch (if I can say that, as I said before, it defies logic and
|
||||
all rules that I try to put on it to explain how it works). I
|
||||
think it's this Finnish culture.
|
||||
- I think sense of touch might be some kind of a inbuild
|
||||
recovery method andchoring me to this moment or giving me
|
||||
strength to continue from overwhelming.
|
||||
- And I naturally forgot something important, overwhelming
|
||||
is how _The Highly Sensitive Person_ calls the situation
|
||||
with too much sensory stimulus stress ane need for
|
||||
recharging. Before encountering _high sensitivity_, I
|
||||
used words "soft limit" where warning signals started
|
||||
appearing about coming panic attack or having had too
|
||||
much sensory stimulus stress and needing rest and if I
|
||||
borrow the term from ICT, why I wouldn't call panic
|
||||
attacks as hard limit?
|
||||
- Finns, this overwhelming is the same thing as
|
||||
_ylivirittyneisyys_.
|
||||
- and now I probably said more than I wondered if
|
||||
I wanted to say above. I wonder how horrible will
|
||||
this post look at on the blog while this looks
|
||||
this funny in Vim which I am using to type
|
||||
- I would very often like a hug or to be touched, but when I am asked if
|
||||
anyone can do anything to help me, I will lie and say nothing as I am
|
||||
often ashamed of having undersensitive sense of touch (if I can say that,
|
||||
as I said before, it defies logic and all rules that I try to put on it to
|
||||
explain how it works). I think it's this Finnish culture.
|
||||
- I think sense of touch might be some kind of a inbuild recovery method
|
||||
andchoring me to this moment or giving me strength to continue from
|
||||
overwhelming.
|
||||
- And I naturally forgot something important, overwhelming is how _The
|
||||
Highly Sensitive Person_ calls the situation with too much sensory
|
||||
stimulus stress ane need for recharging. Before encountering _high
|
||||
sensitivity_, I used words "soft limit" where warning signals started
|
||||
appearing about coming panic attack or having had too much sensory
|
||||
stimulus stress and needing rest and if I borrow the term from ICT,
|
||||
why I wouldn't call panic attacks as hard limit?
|
||||
- Finns, this overwhelming is the same thing as _ylivirittyneisyys_.
|
||||
- and now I probably said more than I wondered if I wanted to say
|
||||
above. I wonder how horrible will this post look at on the blog
|
||||
while this looks this funny in Vim which I am using to type
|
||||
this...
|
||||
- Motion: calm/slow moves
|
||||
- If I recall correctly, there was some reason why the previous
|
||||
therapist wanted to put motion as a sense, but I cannot remember
|
||||
what the actual reason was. I think I haven't ever had an issue
|
||||
with motion other than having the motorical clumsiness that I think
|
||||
is part of diagnostic criteria from autism.
|
||||
- If I recall correctly, there was some reason why the previous therapist
|
||||
wanted to put motion as a sense, but I cannot remember what the actual
|
||||
reason was. I think I haven't ever had an issue with motion other than
|
||||
having the motorical clumsiness that I think is part of diagnostic criteria
|
||||
from autism.
|
||||
|
||||
_Addition: the TL;DR of the above list could probably be put into one word.
|
||||
Stim!_
|
||||
|
||||
And now I think I am actually finished with a few hours spend typing this
|
||||
and just moving onto the 209th line in Vim. In the end I only want to say
|
||||
that remember that you aren't alone, 20% of the population are estimated
|
||||
to be highly sensitive people and while I don't know the percent for
|
||||
people on autism spectrum, there is at least one of us in mostly every
|
||||
IRC channel that you can find.
|
||||
And now I think I am actually finished with a few hours spend typing this and
|
||||
just moving onto the 209th line in Vim. In the end I only want to say that
|
||||
remember that you aren't alone, 20% of the population are estimated to be highly
|
||||
sensitive people and while I don't know the percent for people on autism
|
||||
spectrum, there is at least one of us in mostly every IRC channel that you can
|
||||
find.
|
||||
|
||||
I think I should also link to
|
||||
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity) and [HSPerson.com](https://hsperson.com/) and
|
||||
why not to [their self/tests](https://www.hsperson.com/test/highly-sensitive-test/)
|
||||
in case you are like me and haven't encountered it before or haven't
|
||||
thought that it has anything to do with you.
|
||||
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity)
|
||||
and [HSPerson.com](https://hsperson.com/) and why not to
|
||||
[their self/tests](https://www.hsperson.com/test/highly-sensitive-test/) in case
|
||||
you are like me and haven't encountered it before or haven't thought that it has
|
||||
anything to do with you.
|
||||
|
||||
I trust that you have heard something of autism or that you are able to
|
||||
find information about it easily while High Sensitivity is very unknown.
|
||||
I trust that you have heard something of autism or that you are able to find
|
||||
information about it easily while High Sensitivity is very unknown.
|
||||
|
||||
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism
|
||||
or that one person might be both, so I want to link you to their blog
|
||||
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism or that
|
||||
one person might be both, so I want to link you to their blog
|
||||
[About High Sensitivity, Autism, and Neurodiversity](https://hsperson.com/about-high-sensitivity-autism-and-neurodiversity/).
|
||||
|
||||
And now I am finally going to end typing this at 230 lines, I hope that
|
||||
this post was any help or at least not negative or including misinformation
|
||||
or anything, but if that would happen to be the case, please do tell
|
||||
me [by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)
|
||||
And now I am finally going to end typing this at 230 lines, I hope that this
|
||||
post was any help or at least not negative or including misinformation or
|
||||
anything, but if that would happen to be the case, please do tell me
|
||||
[by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)
|
||||
|
@ -12,64 +12,61 @@ sitemap: false
|
||||
---
|
||||
|
||||
_DNSCrypt-proxy encrypts DNS queries that would otherwise go in plaintext
|
||||
ensuring that they won't be seen or modified by anyone in the middle. It
|
||||
works as a localhost DNS server sending queries to configured DNS
|
||||
resolvers._
|
||||
ensuring that they won't be seen or modified by anyone in the middle. It works
|
||||
as a localhost DNS server sending queries to configured DNS resolvers._
|
||||
|
||||
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which
|
||||
is in most of repos currently uses broken resolver by default and only
|
||||
supports one resolver at a time, while v2 can use multiple of them while
|
||||
comparing them for the best ones.
|
||||
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which is in
|
||||
most of repos currently uses broken resolver by default and only supports one
|
||||
resolver at a time, while v2 can use multiple of them while comparing them for
|
||||
the best ones.
|
||||
|
||||
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which
|
||||
contain v1 and I (sadly) don't know a better way to do this.
|
||||
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which contain
|
||||
v1 and I (sadly) don't know a better way to do this.
|
||||
|
||||
In order to check which version your distro has available, check the
|
||||
dnscrypt-proxy search page for your distribution:
|
||||
|
||||
- [Debian](https://packages.debian.org/dnscrypt-proxy)
|
||||
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has
|
||||
the issues why I wrote this post.
|
||||
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has the
|
||||
issues why I wrote this post.
|
||||
- [Ubuntu](https://packages.ubuntu.com/dnscrypt-proxy)
|
||||
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I
|
||||
am sure it previously had the Debian version 1.
|
||||
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I am sure
|
||||
it previously had the Debian version 1.
|
||||
|
||||
---
|
||||
|
||||
1. Update your local apt cache `sudo apt update` and install curl that will
|
||||
be used for downloading the package from Debian `sudo apt-get install curl`
|
||||
1. Update your local apt cache `sudo apt update` and install curl that will be
|
||||
used for downloading the package from Debian `sudo apt-get install curl`
|
||||
|
||||
Check the version number at [Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download) and fix it
|
||||
below:
|
||||
Check the version number at
|
||||
[Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download)
|
||||
and fix it below:
|
||||
|
||||
2: download the package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
|
||||
2: download the
|
||||
package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
|
||||
|
||||
**WARNING: This part is not supported by either Debian or Ubuntu, you are
|
||||
taking a package from another distribution and attempting to install it
|
||||
on another.**
|
||||
**WARNING: This part is not supported by either Debian or Ubuntu, you are taking
|
||||
a package from another distribution and attempting to install it on another.**
|
||||
|
||||
**WARNING: Usually when you use apt, it will verify package signatures and
|
||||
ensure that the package hasn't been tampered with. I have no idea how to
|
||||
do that with direct downloads (if it's even possible) so you will be
|
||||
trusting the Debian repository mirror or CDN blindly.**
|
||||
ensure that the package hasn't been tampered with. I have no idea how to do that
|
||||
with direct downloads (if it's even possible) so you will be trusting the Debian
|
||||
repository mirror or CDN blindly.**
|
||||
|
||||
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>`
|
||||
(TAB (above capslock) automatically completes rest of the filename for
|
||||
you).
|
||||
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>` (TAB
|
||||
(above capslock) automatically completes rest of the filename for you).
|
||||
1. In case there was a problem, attmept `sudo apt-get install -f` to fix
|
||||
broken package depedencies. **Remember to check that what it suggests
|
||||
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out
|
||||
of luck and should do that instead of attempting to replace important
|
||||
system components from another distribution (creating
|
||||
"Frankendebian").
|
||||
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out of
|
||||
luck and should do that instead of attempting to replace important system
|
||||
components from another distribution (creating "Frankendebian").
|
||||
|
||||
Hopefully dnscrypt-proxy is now running, check
|
||||
`journalctl -u dnscrypt-proxy`, there should be a line saying
|
||||
Hopefully dnscrypt-proxy is now running, check `journalctl -u dnscrypt-proxy`,
|
||||
there should be a line saying
|
||||
`[NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53`
|
||||
|
||||
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping
|
||||
resolvers breaking each other, it should say say `dns=none`
|
||||
e.g.:
|
||||
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping resolvers
|
||||
breaking each other, it should say say `dns=none` e.g.:
|
||||
|
||||
```
|
||||
[main]
|
||||
@ -100,15 +97,15 @@ options edns0 single-request-reopen
|
||||
|
||||
Nameserver is the host where dnscrypt-proxy said to be listening on in
|
||||
journalctl, options are from dnscrypt-proxy documentation and search means
|
||||
domains that are automatically searched for if you don't use fully
|
||||
qualified domain names, e.g. `ssh machine` in my (uncommented) config
|
||||
would turn into `ssh machine.mikaela.info`. Update: I find this a privacy
|
||||
leakage (whenever NXDOMAIN happens), which is why I nowadays have it commented.
|
||||
domains that are automatically searched for if you don't use fully qualified
|
||||
domain names, e.g. `ssh machine` in my (uncommented) config would turn into
|
||||
`ssh machine.mikaela.info`. Update: I find this a privacy leakage (whenever
|
||||
NXDOMAIN happens), which is why I nowadays have it commented.
|
||||
|
||||
You should also tell dhclient to not touch resolv.conf or you may get many
|
||||
files into `/etc` beginning with names `resolv.conf.dhclient-new.`
|
||||
according to
|
||||
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf) which gives the following two commands and
|
||||
You should also tell dhclient to not touch resolv.conf or you may get many files
|
||||
into `/etc` beginning with names `resolv.conf.dhclient-new.` according to
|
||||
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf)
|
||||
which gives the following two commands and
|
||||
[Debian bug 860928](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860928):
|
||||
|
||||
```bash
|
||||
@ -118,9 +115,9 @@ chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
|
||||
|
||||
---
|
||||
|
||||
**WARNING from 2018-10-21!** It appears that the cache and log directories
|
||||
of dnscrypt-proxy don't sometimes get created automatically (at least on
|
||||
Debian GNU/Linux 9.6 (stretch).
|
||||
**WARNING from 2018-10-21!** It appears that the cache and log directories of
|
||||
dnscrypt-proxy don't sometimes get created automatically (at least on Debian
|
||||
GNU/Linux 9.6 (stretch).
|
||||
|
||||
If this happens to you or you would like to be sure to get them:
|
||||
|
||||
@ -131,14 +128,16 @@ sudo chown -R _dnscrypt-proxy:nogroup /var/cache/dnscrypt-proxy /var/log/dnscryp
|
||||
|
||||
---
|
||||
|
||||
For the curious my dnscrypt-proxy config [is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy) [mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
|
||||
For the curious my dnscrypt-proxy config
|
||||
[is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy)
|
||||
[mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
|
||||
|
||||
---
|
||||
|
||||
## 2019-07-22 update
|
||||
|
||||
I have also started performing local DNSSEC validation by running Unbound
|
||||
in front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
|
||||
I have also started performing local DNSSEC validation by running Unbound in
|
||||
front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
|
||||
dnscrypt-proxy -> configured resolvers. This has the advantage that if the
|
||||
resolver didn't perform DNSSEC validation or lied about performing it, the
|
||||
protection by DNSSEC would still be received.
|
||||
@ -146,11 +145,12 @@ protection by DNSSEC would still be received.
|
||||
The steps are simple:
|
||||
|
||||
1. `sudo apt install unbound`
|
||||
- You should see a file `/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf`
|
||||
which simply says `server:` and on another line after intending
|
||||
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies
|
||||
by distribution) which means it's performing DNSSEC validation with
|
||||
those trust anchors.
|
||||
- You should see a file
|
||||
`/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf` which simply
|
||||
says `server:` and on another line after intending
|
||||
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies by
|
||||
distribution) which means it's performing DNSSEC validation with those
|
||||
trust anchors.
|
||||
2. `sudo nano /etc/unbound/unbound.conf.d/dnscrypt-proxy.conf`
|
||||
|
||||
```
|
||||
@ -161,6 +161,6 @@ forward-zone:
|
||||
```
|
||||
|
||||
3. `sudo systemctl restart unbound`
|
||||
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1`
|
||||
instead of `127.0.2.1` where dnscrypt-proxy runs by default. For more
|
||||
details, CTRL + F for resolv.conf or chattr.
|
||||
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1` instead
|
||||
of `127.0.2.1` where dnscrypt-proxy runs by default. For more details, CTRL +
|
||||
F for resolv.conf or chattr.
|
||||
|
@ -1,7 +1,8 @@
|
||||
---
|
||||
layout: post
|
||||
comments: true
|
||||
title: "Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
|
||||
title:
|
||||
"Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
|
||||
category: [english]
|
||||
tags: [english, Android, DNS-over-TLS, DNS, security, privacy]
|
||||
redirect_from:
|
||||
@ -11,10 +12,10 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_Since I first heard of Android 9 Private DNS I wondered how it will work
|
||||
when the port is blocked or there is a captive portal. I didn't find this
|
||||
information anywhere and now that I have gotten the Android 9 Go update on
|
||||
my Nokia 1, I am able to type my own blog post about it._
|
||||
_Since I first heard of Android 9 Private DNS I wondered how it will work when
|
||||
the port is blocked or there is a captive portal. I didn't find this information
|
||||
anywhere and now that I have gotten the Android 9 Go update on my Nokia 1, I am
|
||||
able to type my own blog post about it._
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -36,78 +37,94 @@ my Nokia 1, I am able to type my own blog post about it._
|
||||
|
||||
- Phone: Nokia 1 (TA-1047) running Android 9 (Go Edition)
|
||||
- I think I got the update on 9th of July
|
||||
- Language: Finnish (and as I am typing in English I may accidentally
|
||||
invent my own words)
|
||||
- Language: Finnish (and as I am typing in English I may accidentally invent
|
||||
my own words)
|
||||
- In all tests mobile data was disabled to not cause confusing results.
|
||||
- As Private DNS is technically DNS over TLS, I am calling it as DoT.
|
||||
- In Android 9 it's enabled from Settings, Network & Internet, Advanced settings, Private DNS
|
||||
- In Android 9 it's enabled from Settings, Network & Internet, Advanced
|
||||
settings, Private DNS
|
||||
- I am using [dns.quad9.net](https://quad9.net/) as hostname.
|
||||
- Automatic mode connects to the DNS server port 853 without validating
|
||||
certificate, "Hostname of private DNS provider" (which I call as the
|
||||
manual mode) also validates the certificate and disallows downgrading.
|
||||
certificate, "Hostname of private DNS provider" (which I call as the manual
|
||||
mode) also validates the certificate and disallows downgrading.
|
||||
- [Google's documentation](https://support.google.com/android/answer/9089903?hl=en).
|
||||
- [Intra](https://getintra.org/) detects when private DNS is enabled and
|
||||
says that it doesn't have to be enabled at those times. However it gets
|
||||
confused easily as between the metro and DHCP offering Quad9 it claimed
|
||||
secure DNS was disabled. Later before the captive portal test Intra again
|
||||
claimed DoT was disabled when there was no connectivity to DoT server, so
|
||||
I guess it's only able to detect when Android is actually connected to the
|
||||
DoT server.
|
||||
- [Intra](https://getintra.org/) detects when private DNS is enabled and says
|
||||
that it doesn't have to be enabled at those times. However it gets confused
|
||||
easily as between the metro and DHCP offering Quad9 it claimed secure DNS was
|
||||
disabled. Later before the captive portal test Intra again claimed DoT was
|
||||
disabled when there was no connectivity to DoT server, so I guess it's only
|
||||
able to detect when Android is actually connected to the DoT server.
|
||||
- [My messy notes for making this post](https://github.com/Mikaela/mikaela.github.io/issues/149)
|
||||
|
||||
## The tests
|
||||
|
||||
---
|
||||
|
||||
Test: _automatic mode without DoT capable server from DHCP_; the setting
|
||||
says "automatic".
|
||||
Test: _automatic mode without DoT capable server from DHCP_; the setting says
|
||||
"automatic".
|
||||
|
||||
---
|
||||
|
||||
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has
|
||||
no internet connectivity until I disable private DNS and toggle WLAN. I
|
||||
tested this in Helsinki metro.
|
||||
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has no
|
||||
internet connectivity until I disable private DNS and toggle WLAN. I tested this
|
||||
in Helsinki metro.
|
||||
|
||||
---
|
||||
|
||||
Test: _automatic mode with DoT capable server from DHCP_; Android says that
|
||||
DoT is "enabled". For this test I configured a WLAN AP to use [Quad9](https://quad9.net/)
|
||||
DNS servers `149.112.112.112` and `9.9.9.9`.
|
||||
Test: _automatic mode with DoT capable server from DHCP_; Android says that DoT
|
||||
is "enabled". For this test I configured a WLAN AP to use
|
||||
[Quad9](https://quad9.net/) DNS servers `149.112.112.112` and `9.9.9.9`.
|
||||
|
||||
I would also have configured
|
||||
the IPv6 addresses `2620:fe::9` and `2620:fe::fe` as the network was dualstack,
|
||||
but naturally the router was missing ability to configure IPv6 DNS servers
|
||||
and forced using the ISP ones. At least the Android 9 was happy with the IPv4
|
||||
servers.
|
||||
I would also have configured the IPv6 addresses `2620:fe::9` and `2620:fe::fe`
|
||||
as the network was dualstack, but naturally the router was missing ability to
|
||||
configure IPv6 DNS servers and forced using the ISP ones. At least the Android 9
|
||||
was happy with the IPv4 servers.
|
||||
|
||||
I didn't do this at home as my main network connectivity is a MiFi
|
||||
"box" that doesn't allow me to specify a DNS server and I tend to avoid it anyway
|
||||
by using [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with [this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml) and Intra. Sadly I have some
|
||||
little used devices that have no way to encrypt DNS and they either use the
|
||||
ISP DNS or in case of Chromecasts I am under impression that they are
|
||||
hardcoded to use Google DNS. I don't use them much though.
|
||||
I didn't do this at home as my main network connectivity is a MiFi "box" that
|
||||
doesn't allow me to specify a DNS server and I tend to avoid it anyway by using
|
||||
[dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with
|
||||
[this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml)
|
||||
and Intra. Sadly I have some little used devices that have no way to encrypt DNS
|
||||
and they either use the ISP DNS or in case of Chromecasts I am under impression
|
||||
that they are hardcoded to use Google DNS. I don't use them much though.
|
||||
|
||||
Why do I care about encrypted DNS so much? Encrypt everything! And to quote
|
||||
my index:
|
||||
Why do I care about encrypted DNS so much? Encrypt everything! And to quote my
|
||||
index:
|
||||
|
||||
> The only traffic I am not encrypting is probably my WLAN. For some reason my router requires a reboot once per hour with WPA2 encryption while on open network I only have to reboot it once per day (I have asked about this confusing behaviour from wiser people on IRC and they weren't able to explain it either). I support the <a href="https://openwireless.org/">Open Wireless Movement</a> and think that if someone really wanted to cause me harm, they could break into the network anyway and that would be more difficult to prove on consumer grade device than the network being open. There are firewalls on all networks and while a passerby would be able to observe unencrypted SNIs, isn't that also <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by international security agencies already</a> while even <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland has given permission to monitor traffic crossing our borders</a> ((TODO: better link in English as the situation develops)and how much of traffic doesn't do that?). I also don't like being somewhere where the only available WLANs are printers and smart thermostats :)
|
||||
> The only traffic I am not encrypting is probably my WLAN. For some reason my
|
||||
> router requires a reboot once per hour with WPA2 encryption while on open
|
||||
> network I only have to reboot it once per day (I have asked about this
|
||||
> confusing behaviour from wiser people on IRC and they weren't able to explain
|
||||
> it either). I support the <a href="https://openwireless.org/">Open Wireless
|
||||
> Movement</a> and think that if someone really wanted to cause me harm, they
|
||||
> could break into the network anyway and that would be more difficult to prove
|
||||
> on consumer grade device than the network being open. There are firewalls on
|
||||
> all networks and while a passerby would be able to observe unencrypted SNIs,
|
||||
> isn't that also
|
||||
> <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by
|
||||
> international security agencies already</a> while even
|
||||
> <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland
|
||||
> has given permission to monitor traffic crossing our borders</a> ((TODO:
|
||||
> better link in English as the situation develops)and how much of traffic
|
||||
> doesn't do that?). I also don't like being somewhere where the only available
|
||||
> WLANs are printers and smart thermostats :)
|
||||
|
||||
---
|
||||
|
||||
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_
|
||||
configured to use server `https://149.112.112.112/dns-query` in Helsinki
|
||||
metro; Android claims that the network has no connectivity and shows the x
|
||||
on the WLAN symbol in the statusbar, but everything works regardless.
|
||||
My hypothesis that I am not enough interested in confirming is that if I was
|
||||
using `https://dns.quad9.net/dns-query` nothing would work as the Intra app
|
||||
would have been unable to resolve that name due to DoT being blocked.
|
||||
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_ configured to
|
||||
use server `https://149.112.112.112/dns-query` in Helsinki metro; Android claims
|
||||
that the network has no connectivity and shows the x on the WLAN symbol in the
|
||||
statusbar, but everything works regardless. My hypothesis that I am not enough
|
||||
interested in confirming is that if I was using
|
||||
`https://dns.quad9.net/dns-query` nothing would work as the Intra app would have
|
||||
been unable to resolve that name due to DoT being blocked.
|
||||
|
||||
---
|
||||
|
||||
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to
|
||||
login to the network as usual, so I guess Android handles captive portal
|
||||
separately from DoT which is a good thing in my opinion as otherwise that
|
||||
feature would likely be too confusing or difficult for many people to use.
|
||||
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to login
|
||||
to the network as usual, so I guess Android handles captive portal separately
|
||||
from DoT which is a good thing in my opinion as otherwise that feature would
|
||||
likely be too confusing or difficult for many people to use.
|
||||
|
||||
I performed this test next to a closed Espresso House, which luckily hadn't
|
||||
turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
|
||||
@ -116,36 +133,37 @@ turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
|
||||
|
||||
## Why I use Quad9?
|
||||
|
||||
I had an idea of blogging about this separately long before I got Android 9
|
||||
and was able to perform this testing, but as I mention it so much I guess
|
||||
it's better to merge the posts.
|
||||
I had an idea of blogging about this separately long before I got Android 9 and
|
||||
was able to perform this testing, but as I mention it so much I guess it's
|
||||
better to merge the posts.
|
||||
|
||||
What I wish from a DNS server is privacy/security (including DoT), [DNSSEC],
|
||||
being stable (or unlikely to go
|
||||
away without warning in near future) and thus being able to recommend it to
|
||||
my family members (read as: configure it on their routers while being tech
|
||||
support).
|
||||
being stable (or unlikely to go away without warning in near future) and thus
|
||||
being able to recommend it to my family members (read as: configure it on their
|
||||
routers while being tech support).
|
||||
|
||||
[dnssec]: https://www.dnssec.net/
|
||||
|
||||
The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>) are the following:
|
||||
The options
|
||||
[judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>)
|
||||
are the following:
|
||||
|
||||
- Quad9 (I am only talking about the secure variant as the insecure disables
|
||||
DNSSEC)
|
||||
- non-profit
|
||||
- [privacy policy](https://quad9.net/privacy/) (I seem to have too much
|
||||
problems with the others to even look at their policies)
|
||||
- same malicious domain filtering for everyone (I was going to compare it
|
||||
to Cisco/OpenDNS without realizing that the DoT requirement dropped them out
|
||||
- same malicious domain filtering for everyone (I was going to compare it to
|
||||
Cisco/OpenDNS without realizing that the DoT requirement dropped them out
|
||||
already) that I haven't yet encountered
|
||||
- [FAQ](https://quad9.net/faq/)
|
||||
- supports DNS over HTTPS (I need it for Firefox which at the time of typing requires
|
||||
DoH for ESNI support)
|
||||
- supports DNS over HTTPS (I need it for Firefox which at the time of typing
|
||||
requires DoH for ESNI support)
|
||||
- has a node in Finland (see TREX under regional providers)
|
||||
- I have heard that they plan a network map (Adguard on the bottom has it)
|
||||
and I hope to see it soon, because I would have no idea they have a node
|
||||
in Finland without knowing about TREX and having performed DNS leak test
|
||||
(see TREX under regional providers for more details on both).
|
||||
- I have heard that they plan a network map (Adguard on the bottom has it) and
|
||||
I hope to see it soon, because I would have no idea they have a node in
|
||||
Finland without knowing about TREX and having performed DNS leak test (see
|
||||
TREX under regional providers for more details on both).
|
||||
- Cloudflare
|
||||
- for-profit company
|
||||
- too big for my taste and possibly getting even bigger if Firefox starts
|
||||
@ -156,19 +174,18 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
|
||||
queries too.
|
||||
- CleanBrowsing
|
||||
- I never looked it before, but it appears to be for-profit
|
||||
- allows custom filters? What prevents filters from another user from
|
||||
being applied to me? This was a problem with Cisco OpenDNS.
|
||||
- allows custom filters? What prevents filters from another user from being
|
||||
applied to me? This was a problem with Cisco OpenDNS.
|
||||
- Adguard
|
||||
- I never looked at them before either, but they look surprisingly good
|
||||
and I could consider using them with the short reading I did for this
|
||||
post.
|
||||
- I never looked at them before either, but they look surprisingly good and I
|
||||
could consider using them with the short reading I did for this post.
|
||||
- for-profit (even though they claim to make money by their other products
|
||||
than DNS, but so do Cloudflare and Google?)
|
||||
- I worry they could block something more than ads/malware by accident
|
||||
- and I think they are more likely to do that than Quad9 due to blocking
|
||||
so much more.
|
||||
- and this could be painful to start troubleshooting over the phone
|
||||
with family members.
|
||||
- and I think they are more likely to do that than Quad9 due to blocking so
|
||||
much more.
|
||||
- and this could be painful to start troubleshooting over the phone with
|
||||
family members.
|
||||
- [privacy policy](https://adguard.com/en/privacy.html)
|
||||
- based in Cyprus (EU)
|
||||
- [Adguard DNS page including FAQ](https://adguard.com/en/adguard-dns/overview.html)
|
||||
@ -177,38 +194,41 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
|
||||
|
||||
Then there are regional providers like:
|
||||
|
||||
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for Finnish users
|
||||
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But TREX hosts a Quad9 node, which offers a secure service with those features."
|
||||
- this can be confirmed by running a [DNS leak test](https://dnsleaktest.com/)
|
||||
which in Finland replies "TREX Regional Exchanges Oy" and being hosted
|
||||
by TREX is a plus for Quad9 in my eyes as it's
|
||||
- often recommended for Finnish users instead of Google DNS by people in
|
||||
my circles
|
||||
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech users
|
||||
(English readers: enable cookies and click "English")
|
||||
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for
|
||||
Finnish users
|
||||
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But
|
||||
TREX hosts a Quad9 node, which offers a secure service with those features."
|
||||
- this can be confirmed by running a
|
||||
[DNS leak test](https://dnsleaktest.com/) which in Finland replies "TREX
|
||||
Regional Exchanges Oy" and being hosted by TREX is a plus for Quad9 in my
|
||||
eyes as it's
|
||||
- often recommended for Finnish users instead of Google DNS by people in my
|
||||
circles
|
||||
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech
|
||||
users (English readers: enable cookies and click "English")
|
||||
- has DNSSEC, DoT & DoH
|
||||
- probably wouldn't make much sense to use from Finland (or anywhere
|
||||
else far from Czech Republic, I imagine all the neighbouring countries would also have their
|
||||
own equivalent regardless of CZ.NIC being so big name (you have heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
|
||||
- (thus I promote centralization, but) a regional not-anycasted DNS server
|
||||
may be impractical while traveling as your DNS would always go through
|
||||
home and possibly be slower than it could be. As a counter argument it
|
||||
wouldn't hurt that much or be difficult to change, but would you
|
||||
remember to do it while traveling (I guess I would) and would your
|
||||
family members remember that?
|
||||
- probably wouldn't make much sense to use from Finland (or anywhere else far
|
||||
from Czech Republic, I imagine all the neighbouring countries would also
|
||||
have their own equivalent regardless of CZ.NIC being so big name (you have
|
||||
heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
|
||||
- (thus I promote centralization, but) a regional not-anycasted DNS server may
|
||||
be impractical while traveling as your DNS would always go through home and
|
||||
possibly be slower than it could be. As a counter argument it wouldn't hurt
|
||||
that much or be difficult to change, but would you remember to do it while
|
||||
traveling (I guess I would) and would your family members remember that?
|
||||
|
||||
And the golden option of hosting your own DNS. (It's actually easy with
|
||||
Unbound, I haven't tried DoH/DoT hosting though!)
|
||||
And the golden option of hosting your own DNS. (It's actually easy with Unbound,
|
||||
I haven't tried DoH/DoT hosting though!)
|
||||
|
||||
- Hosting where?
|
||||
- Hosting with what money?
|
||||
- On my laptop? What about when it goes down?
|
||||
- On three of my active devices separately? I don't think the root
|
||||
nameserver admins would be very happy if everyone did that.
|
||||
- On my VPS? What if it went down due to being so cheap? What to say when
|
||||
my family called that "the internet is broken"? How to provide the additional
|
||||
line of defence against malware and phishing as well as Quad9 does it with
|
||||
all their information sources and partners?
|
||||
- On three of my active devices separately? I don't think the root nameserver
|
||||
admins would be very happy if everyone did that.
|
||||
- On my VPS? What if it went down due to being so cheap? What to say when my
|
||||
family called that "the internet is broken"? How to provide the additional
|
||||
line of defence against malware and phishing as well as Quad9 does it with all
|
||||
their information sources and partners?
|
||||
|
||||
To me Quad9 seems the least bad (or the least scary?) option with all these
|
||||
things considered, but some other provider may seem better to you.
|
||||
|
@ -32,172 +32,217 @@ administrating experience due to not having any with Matrix personally._
|
||||
|
||||
## Element, what Element?
|
||||
|
||||
Element is the defacto Matrix client. If you wish to get into Matrix, you
|
||||
will likely hear the advice to install Element or use it on the web.
|
||||
Element is the defacto Matrix client. If you wish to get into Matrix, you will
|
||||
likely hear the advice to install Element or use it on the web.
|
||||
|
||||
It comes with two problems:
|
||||
|
||||
- you will likely register your account on the `matrix.org` homeserver and
|
||||
later hear that you made a mistake in using it as it's overloaded and you
|
||||
should instead use some other homeserver which would also be good for
|
||||
healthy federation, but the interface doesn't suggest or offer you any
|
||||
other servers.
|
||||
- maybe in the future [your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
|
||||
- if you happen to be like me and use both Element Web and Element iOS, you
|
||||
will notice they are wildly inconsistent. I cannot comment on Element
|
||||
Android as my phone (Nokia 1 / TA-1047) is too weak powered for pleasant
|
||||
Matrix experience and I don't use it much.
|
||||
- you will likely register your account on the `matrix.org` homeserver and later
|
||||
hear that you made a mistake in using it as it's overloaded and you should
|
||||
instead use some other homeserver which would also be good for healthy
|
||||
federation, but the interface doesn't suggest or offer you any other servers.
|
||||
- maybe in the future
|
||||
[your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
|
||||
- if you happen to be like me and use both Element Web and Element iOS, you will
|
||||
notice they are wildly inconsistent. I cannot comment on Element Android as my
|
||||
phone (Nokia 1 / TA-1047) is too weak powered for pleasant Matrix experience
|
||||
and I don't use it much.
|
||||
|
||||
Comparing the later two platforms, I imagine you will hit some of these
|
||||
problems sooner or later:
|
||||
Comparing the later two platforms, I imagine you will hit some of these problems
|
||||
sooner or later:
|
||||
|
||||
- <s>You see a link in the channel. If you were using Element Web or
|
||||
possibly even Element Android you would immediately know what it was
|
||||
about. However you use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS that never got URL preview support!</a></s>
|
||||
- <s>You see a link in the channel. If you were using Element Web or possibly
|
||||
even Element Android you would immediately know what it was about. However you
|
||||
use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS
|
||||
that never got URL preview support!</a></s>
|
||||
- You hear of interesting room on another room and you wish to join it. You
|
||||
touch the name wishing to get into there? What happens instead? You will get
|
||||
an error message [cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
|
||||
- I hope that doesn't annoy you and you wish to hear the workaround of
|
||||
running `/join #room:example.net` by hand instead.
|
||||
an error message
|
||||
[cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
|
||||
- I hope that doesn't annoy you and you wish to hear the workaround of running
|
||||
`/join #room:example.net` by hand instead.
|
||||
- This may be a bit more rare one, but if you share rooms with bots, you may
|
||||
notice that on Element Web they are more gray than people. [Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
|
||||
- I may again be a bit weird, but I wish to have [timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
|
||||
but Element says no. They exist on Web, not on iOS. Same if you [wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
|
||||
- <s>I almost forgot, but the <a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
|
||||
just <a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't exist on iOS</a>,
|
||||
should you attempt to join or be invited to one, you will get a banner
|
||||
saying that they aren't implemented yet and you cannot accept or reject
|
||||
the invite unless you open Element Web to do that.</s>
|
||||
notice that on Element Web they are more gray than people.
|
||||
[Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
|
||||
- I may again be a bit weird, but I wish to have
|
||||
[timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
|
||||
but Element says no. They exist on Web, not on iOS. Same if you
|
||||
[wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
|
||||
- <s>I almost forgot, but the
|
||||
<a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
|
||||
just
|
||||
<a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't
|
||||
exist on iOS</a>, should you attempt to join or be invited to one, you will
|
||||
get a banner saying that they aren't implemented yet and you cannot accept or
|
||||
reject the invite unless you open Element Web to do that.</s>
|
||||
- <s>Another issue I am editing in hours later is pills, when you mention
|
||||
someone on Element (Web), or someone else mentions someone, there is a clear
|
||||
pill shape around their name and it can be clicked to get to their profile,
|
||||
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on Element (iOS)</a></s>
|
||||
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on
|
||||
Element (iOS)</a></s>
|
||||
|
||||
And that is probably enough of annoyances with Element iOS, I hope the
|
||||
situation will improve in foreseeable future there due to
|
||||
And that is probably enough of annoyances with Element iOS, I hope the situation
|
||||
will improve in foreseeable future there due to
|
||||
[Matrix exploding with Element securing $30M funding to revolutionise the app’s usability, build out major new features, expand in the enterprise market and take Matrix fully mainstream!](https://element.io/blog/element-raises-30m-as-matrix-explodes/)
|
||||
|
||||
2022-01-29: As seen from the strikethrough, two of six points on my list have
|
||||
been resolved, however today [FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
|
||||
At the time of writing [stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
|
||||
been resolved, however today
|
||||
[FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
|
||||
At the time of writing
|
||||
[stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
|
||||
that in incompatible clients (such as Element Web and Element Android) appear as
|
||||
read-only rooms, however [Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
|
||||
read-only rooms, however
|
||||
[Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
|
||||
|
||||
## You mentioned privacy?
|
||||
|
||||
Yes, privacy is a big reason why Matrix is advertised and the lack of it is
|
||||
a fact you agree to by using Matrix or getting bridged to Matrix (which is
|
||||
out of scope for this blog post as it involves other protocols too much,
|
||||
whether you know Matrix or not).
|
||||
Yes, privacy is a big reason why Matrix is advertised and the lack of it is a
|
||||
fact you agree to by using Matrix or getting bridged to Matrix (which is out of
|
||||
scope for this blog post as it involves other protocols too much, whether you
|
||||
know Matrix or not).
|
||||
|
||||
As with the internet in general, the most safe assumption is that once you
|
||||
post something it's there forever. It may be encrypted in a private Matrix
|
||||
room or it may be public in a public room, but it will most likely be there
|
||||
forever.
|
||||
As with the internet in general, the most safe assumption is that once you post
|
||||
something it's there forever. It may be encrypted in a private Matrix room or it
|
||||
may be public in a public room, but it will most likely be there forever.
|
||||
|
||||
Matrix does support [history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
|
||||
this assumes [your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
|
||||
and as your room is hosted on every homeserver that has users in your room,
|
||||
have a single homeserver that hasn't explicitly enabled it, or doesn't otherwise support it, and the room
|
||||
history never goes away. Executing `/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version [will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
|
||||
Matrix does support
|
||||
[history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
|
||||
this assumes
|
||||
[your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
|
||||
and as your room is hosted on every homeserver that has users in your room, have
|
||||
a single homeserver that hasn't explicitly enabled it, or doesn't otherwise
|
||||
support it, and the room history never goes away. Executing
|
||||
`/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version
|
||||
[will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
|
||||
|
||||
**_WARNING!_** [Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
|
||||
and [will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
|
||||
Upgrading the room will fix that, but it's just a fancy
|
||||
way of saying "discontinue the old room and add a note saying where the new
|
||||
room is".
|
||||
**_WARNING!_**
|
||||
[Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
|
||||
and
|
||||
[will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
|
||||
Upgrading the room will fix that, but it's just a fancy way of saying
|
||||
"discontinue the old room and add a note saying where the new room is".
|
||||
|
||||
**_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
|
||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||
**_WARNING! Always before executing `/upgraderoom` check that everyone in your
|
||||
room has a recent Matrix server that supports your target room version,
|
||||
otherwise you may lock some of your users out._** For example
|
||||
`/invite @version:maunium.net` and once it joins, say
|
||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
|
||||
that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||
|
||||
In case there isn't enough confusion, retention shouldn't be confused with actual [self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
||||
In case there isn't enough confusion, retention shouldn't be confused with
|
||||
actual
|
||||
[self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
||||
|
||||
_Technical note: sorry about calling <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd issue
|
||||
as a Matrix protocol issue._
|
||||
_Technical note: sorry about calling <s>reference</s> homeserver implementation
|
||||
by the <s>matrix.org team</s> New Vector Ltd issue as a Matrix protocol issue._
|
||||
|
||||
You may say that this requires you to trust the homeserver admin anyway and
|
||||
that is true, I wish people could trust each other and even if someone
|
||||
modified their Synapse to never remove anything or had a client logging
|
||||
everything, they wouldn't throw that history to people who don't want to see it.
|
||||
You may say that this requires you to trust the homeserver admin anyway and that
|
||||
is true, I wish people could trust each other and even if someone modified their
|
||||
Synapse to never remove anything or had a client logging everything, they
|
||||
wouldn't throw that history to people who don't want to see it.
|
||||
|
||||
Speaking of removals, once you remove a message [it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461) which is fine for me, but if [this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263) and should you have copied link to the media, it would keep on working
|
||||
and if you changed the homeserver address in your copied link, it would still
|
||||
keep on working. Is this something you expect from a private protocol? I don't, or I didn't before getting familiar with Matrix. There is also an [alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
|
||||
Speaking of removals, once you remove a message
|
||||
[it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461)
|
||||
which is fine for me, but if
|
||||
[this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263)
|
||||
and should you have copied link to the media, it would keep on working and if
|
||||
you changed the homeserver address in your copied link, it would still keep on
|
||||
working. Is this something you expect from a private protocol? I don't, or I
|
||||
didn't before getting familiar with Matrix. There is also an
|
||||
[alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
|
||||
|
||||
_By the way Synapse is still a <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd and not
|
||||
Matrix protocol itself, so sorry about that for anyone technical reading this._
|
||||
_By the way Synapse is still a <s>reference</s> homeserver implementation by the
|
||||
<s>matrix.org team</s> New Vector Ltd and not Matrix protocol itself, so sorry
|
||||
about that for anyone technical reading this._
|
||||
|
||||
Do you use different names in different contexts? Like your Full Name in
|
||||
professional context, a nickname somewhere else and maybe what will be your
|
||||
real name after gender transitioning or even have a diffferent name in direct
|
||||
chat with your partner? [Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
|
||||
professional context, a nickname somewhere else and maybe what will be your real
|
||||
name after gender transitioning or even have a diffferent name in direct chat
|
||||
with your partner?
|
||||
[Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
|
||||
|
||||
_Synapse didn't become Matrix protocol itself by the way, there are still other implementations!_
|
||||
_Synapse didn't become Matrix protocol itself by the way, there are still other
|
||||
implementations!_
|
||||
|
||||
This issue does have a potential solution [an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
|
||||
and what I am hopeful about in the future <a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open pull request specification for space specific profiles</a>,
|
||||
unless it just moves the issue to a different level. Which is [cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
|
||||
This issue does have a potential solution
|
||||
[an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
|
||||
and what I am hopeful about in the future
|
||||
<a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open
|
||||
pull request specification for space specific profiles</a>, unless it just moves
|
||||
the issue to a different level. Which is
|
||||
[cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
|
||||
["until extensible profiles and sync v3 become more concrete"](https://github.com/matrix-org/matrix-spec-proposals/pull/1769)
|
||||
|
||||
2021-08-27: I don't know how serious issue this may be for you, but any emoji/
|
||||
[reactions made on end-to-end-encrypted messages aren't encrypted](https://github.com/matrix-org/matrix-spec/issues/660).
|
||||
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you cannot read the other party, but
|
||||
regardless see their reactions on your messages.
|
||||
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you
|
||||
cannot read the other party, but regardless see their reactions on your
|
||||
messages.
|
||||
|
||||
2022-01-10: In E2EE features, when you are invited to E2EE rooms, you generally
|
||||
cannot see the previously encrypted messages. However when those are encrypted,
|
||||
viewing [message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
|
||||
which [have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
|
||||
viewing
|
||||
[message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
|
||||
which
|
||||
[have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
|
||||
|
||||
I think that was my biggest complaints on Matrix (or Synapse itself), that
|
||||
don't involve other protocols and I have personally experienced. My notes
|
||||
for this blog post include [Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
|
||||
or in other words [Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
|
||||
I think that was my biggest complaints on Matrix (or Synapse itself), that don't
|
||||
involve other protocols and I have personally experienced. My notes for this
|
||||
blog post include
|
||||
[Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
|
||||
or in other words
|
||||
[Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
|
||||
but they didn't occur to me and I guess it has been doing fine enough without
|
||||
implementing those.
|
||||
|
||||
If any of these issues is a dealbreaker for you or you don't want to hear
|
||||
a bad word about Matrix, you may be wondering what is the perfect flawless
|
||||
solution? I don't know, personally I don't think it may not exist and I don't
|
||||
want to enter discussing compromise solutions or other protocols in this post
|
||||
at all. This list also wasn't complete on what issues I have with Matrix
|
||||
(and so close to the end I don't want to dig for references) and I have
|
||||
specific wishes that no protocol offers (at least not consistently,
|
||||
such as using multiple names and knowing which name I am using where or managing
|
||||
50 different rooms with same operators everywhere, but [that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
|
||||
If any of these issues is a dealbreaker for you or you don't want to hear a bad
|
||||
word about Matrix, you may be wondering what is the perfect flawless solution? I
|
||||
don't know, personally I don't think it may not exist and I don't want to enter
|
||||
discussing compromise solutions or other protocols in this post at all. This
|
||||
list also wasn't complete on what issues I have with Matrix (and so close to the
|
||||
end I don't want to dig for references) and I have specific wishes that no
|
||||
protocol offers (at least not consistently, such as using multiple names and
|
||||
knowing which name I am using where or managing 50 different rooms with same
|
||||
operators everywhere, but
|
||||
[that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
|
||||
|
||||
You may wonder was it nice of me to write so negative blog post. I find it
|
||||
therapeutic as [I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
|
||||
and now I have finally done it, a bit over half an year late,
|
||||
spending a bit over an hour to it and I feel better after getting these problems
|
||||
out of my head and maybe they weren't so big after all. Up to you.
|
||||
therapeutic as
|
||||
[I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
|
||||
and now I have finally done it, a bit over half an year late, spending a bit
|
||||
over an hour to it and I feel better after getting these problems out of my head
|
||||
and maybe they weren't so big after all. Up to you.
|
||||
|
||||
Lastly I apologise to you-know-who-you-are for not titling this post "undefined",
|
||||
or even M.UNKNOWN (which I would have imagined to be one of the issues for me to write about, but
|
||||
I don't remember seeing it in a long time, so maybe the situation is improving.
|
||||
Lastly I apologise to you-know-who-you-are for not titling this post
|
||||
"undefined", or even M.UNKNOWN (which I would have imagined to be one of the
|
||||
issues for me to write about, but I don't remember seeing it in a long time, so
|
||||
maybe the situation is improving.
|
||||
|
||||
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss),
|
||||
or you can find me from a lot of the linked issues and there is also [issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
|
||||
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss), or
|
||||
you can find me from a lot of the linked issues and there is also
|
||||
[issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
|
||||
|
||||
- [Changelog, also known as git commit history](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md)
|
||||
- Clicksaver for edits done on day of publishing: I have fixed a typo resulting one
|
||||
link being a 404 error, added mention on Element (iOS) not doing URL previews
|
||||
and later added pills not being supported by it either. I didn't consider
|
||||
- Clicksaver for edits done on day of publishing: I have fixed a typo
|
||||
resulting one link being a 404 error, added mention on Element (iOS) not
|
||||
doing URL previews and later added pills not being supported by it either. I
|
||||
didn't consider
|
||||
[outdated emoji picker](https://github.com/vector-im/element-ios/issues/4654)
|
||||
worth mentioning here, but it came up in the same context as URL previews
|
||||
and wasn't reported to upstream, so I might as well mention it in this part.
|
||||
- 2021-08-27: Noted cancellation/delay of space-specific profiles,
|
||||
mention emoji/reactions not being encrypted at all, added link to E2EE
|
||||
test room and this list item.
|
||||
- 2021-08-27: Noted cancellation/delay of space-specific profiles, mention
|
||||
emoji/reactions not being encrypted at all, added link to E2EE test room and
|
||||
this list item.
|
||||
- 2021-09-09: It's brought to my attention that URL previews exist on Element
|
||||
iOS! It's 23.15 in Finland so I only strikethrough this issue.
|
||||
- 2022-01-10: I am told that [Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
|
||||
- 2022-01-10: I am told that
|
||||
[Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
|
||||
so I have strikethrouged that and changed it to "by the matrix.org team".
|
||||
- Typing this it looks like this blogpost predates the demote of Synapse, but
|
||||
I wish to stay up-to-date with this post.
|
||||
- I am also noting that `m.room.retention` doesn't persist across room upgrades
|
||||
and linking to the Element-meta issue on self-destructing/disappearing messages
|
||||
to not be confused with retention.
|
||||
- Typing this it looks like this blogpost predates the demote of Synapse,
|
||||
but I wish to stay up-to-date with this post.
|
||||
- I am also noting that `m.room.retention` doesn't persist across room
|
||||
upgrades and linking to the Element-meta issue on
|
||||
self-destructing/disappearing messages to not be confused with retention.
|
||||
- Oh and reply fallbacks leaking previously encrypted messages too.
|
||||
- 2022-05-31: I noticed that Element iOS has gotten pills. Strikethrough time.
|
||||
- 2023-07-05: I added warning that room retention may cause database
|
||||
|
@ -7,36 +7,35 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io
|
||||
based on transparency/openess, actually reviewing recommendations and having
|
||||
at least two reviews by team members before un/recommending anything. That
|
||||
is no longer the case._
|
||||
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io based
|
||||
on transparency/openess, actually reviewing recommendations and having at least
|
||||
two reviews by team members before un/recommending anything. That is no longer
|
||||
the case._
|
||||
|
||||
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so
|
||||
I was less available online. During that time, on 2021-11-18 9.30 UTC+2
|
||||
a pull request was force-merged by a team member listing three new projects
|
||||
and removing two.
|
||||
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so I was
|
||||
less available online. During that time, on 2021-11-18 9.30 UTC+2 a pull request
|
||||
was force-merged by a team member listing three new projects and removing two.
|
||||
|
||||
- [privacyguides/privacyguides.org#274](https://github.com/privacyguides/privacyguides.org/pull/274)
|
||||
|
||||
This was mentioned in the team room and reviews were asked during one hour
|
||||
period before the force-merge, but no one was online to review before it was
|
||||
already merged. I didn't realize what had happened, until another PR came in
|
||||
on 2021-11-21.
|
||||
already merged. I didn't realize what had happened, until another PR came in on
|
||||
2021-11-21.
|
||||
|
||||
I believe this change violates what Privacy Guides stands for and as no one
|
||||
has any interest making an announcement (this may be the first one) or
|
||||
reverting the pull request until proper process, I consider that the team
|
||||
has no purpose and isn't needed for reviewing anything as opinions of an
|
||||
individual can be force-pushed through like that.
|
||||
I believe this change violates what Privacy Guides stands for and as no one has
|
||||
any interest making an announcement (this may be the first one) or reverting the
|
||||
pull request until proper process, I consider that the team has no purpose and
|
||||
isn't needed for reviewing anything as opinions of an individual can be
|
||||
force-pushed through like that.
|
||||
|
||||
This has brought me enough anxiety and stress to distract me from other
|
||||
aspects of my life and I consider my departure to be healthy in general.
|
||||
This has brought me enough anxiety and stress to distract me from other aspects
|
||||
of my life and I consider my departure to be healthy in general.
|
||||
|
||||
The way things appear to be going is that there will be a change of criteria
|
||||
that will then justify the change. To me this is just the other side of the
|
||||
coin from changing a law to ban something and then punishing people for it
|
||||
and not the way a transparent project should work.
|
||||
that will then justify the change. To me this is just the other side of the coin
|
||||
from changing a law to ban something and then punishing people for it and not
|
||||
the way a transparent project should work.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -60,49 +59,50 @@ and not the way a transparent project should work.
|
||||
|
||||
## Previous leaving
|
||||
|
||||
I previously left Privacy Guides team, then known as Privacy Tools due to
|
||||
there having been an issue I viewed as conflict of interest, someone in the
|
||||
then-team being offered work or gig by a software/service that was willing to
|
||||
be listed, which the rest of the team didn't consider as one or worth mentioning,
|
||||
but you can find more information about that online.
|
||||
I previously left Privacy Guides team, then known as Privacy Tools due to there
|
||||
having been an issue I viewed as conflict of interest, someone in the then-team
|
||||
being offered work or gig by a software/service that was willing to be listed,
|
||||
which the rest of the team didn't consider as one or worth mentioning, but you
|
||||
can find more information about that online.
|
||||
|
||||
Maybe I am just incapable of working in teams that claim to be something
|
||||
they are not, while I personally aspire to stand for my values and be openly
|
||||
and honestly myself.
|
||||
Maybe I am just incapable of working in teams that claim to be something they
|
||||
are not, while I personally aspire to stand for my values and be openly and
|
||||
honestly myself.
|
||||
|
||||
## Other issues
|
||||
|
||||
### Cleanup older solutions now, instruct on new ones later
|
||||
|
||||
Like everything else in tech, privacy field changes fast and it can be hard
|
||||
to keep up. Privacy Guides appear to have adapted a policy to get rid of old
|
||||
Like everything else in tech, privacy field changes fast and it can be hard to
|
||||
keep up. Privacy Guides appear to have adapted a policy to get rid of old
|
||||
recommendations such as HTTPS Everywhere as soon as possible.
|
||||
|
||||
HTTPS Everywhere is deprecated and going away as web browsers are rapidly
|
||||
gaining an option for enforcing HTTPS connections everywhere. However it is
|
||||
not enabled by default in most of web browsers and Privacy Guides has delisted
|
||||
the extension without instructions on how to enable the HTTPS-only mode.
|
||||
gaining an option for enforcing HTTPS connections everywhere. However it is not
|
||||
enabled by default in most of web browsers and Privacy Guides has delisted the
|
||||
extension without instructions on how to enable the HTTPS-only mode.
|
||||
|
||||
In my opinion the issue is even worse when considering that the option doesn't
|
||||
even sync in some web browsers such as Microsoft Edge.
|
||||
|
||||
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy Guides recommends\>.
|
||||
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy
|
||||
Guides recommends\>.
|
||||
|
||||
I hope that helps tech/privacy support people using Privacy Guides as material,
|
||||
less techy people may have difficulties even installing extensions.
|
||||
|
||||
### Community communication
|
||||
|
||||
I haven't been in the Matrix rooms of Privacy Guides in a long time outside
|
||||
of the team, as I find them very draining. I think I have an issue with how
|
||||
I haven't been in the Matrix rooms of Privacy Guides in a long time outside of
|
||||
the team, as I find them very draining. I think I have an issue with how
|
||||
multiple people communicate and there are ongoing discussions on improving the
|
||||
Code of Conduct.
|
||||
|
||||
### Privacy, is it one size fits all, what can be sacrificed for it?
|
||||
|
||||
As may be clear from this writing, I have multiple values and while privacy
|
||||
is one of them, I don't consider privacy to be above everything else. For
|
||||
example I care about climate change and diversity of the internet.
|
||||
As may be clear from this writing, I have multiple values and while privacy is
|
||||
one of them, I don't consider privacy to be above everything else. For example I
|
||||
care about climate change and diversity of the internet.
|
||||
|
||||
I get the impression that Privacy Guides is going towards a direction where, to
|
||||
exaggregate a bit, only VPN providers and internet giants alongside big enough
|
||||
@ -110,109 +110,127 @@ organizations exist. And by VPN, I don't mean a service that connects two
|
||||
networks together letting you access private network resources, I mean a service
|
||||
that everyone in ICT field appears to tell you to get to be private and secure
|
||||
online, commonly without explaining why you need one, or which one, which
|
||||
results into a risk of getting one that may be a bit shady or paying it's
|
||||
way into rankings (Privacy Guides doesn't take money to my knowledge, but who
|
||||
can know if force-merges will make that the norm in the future).
|
||||
results into a risk of getting one that may be a bit shady or paying it's way
|
||||
into rankings (Privacy Guides doesn't take money to my knowledge, but who can
|
||||
know if force-merges will make that the norm in the future).
|
||||
|
||||
I disagree and wish to see a connected world where anyone can host a server
|
||||
even at their home or even host on P2P networks without caring about NAT or
|
||||
port-forwarding, while that goes to firewalls versus NAT territory and brings
|
||||
in the dark side of Internet of Things which likely call home, don't interoperate
|
||||
I disagree and wish to see a connected world where anyone can host a server even
|
||||
at their home or even host on P2P networks without caring about NAT or
|
||||
port-forwarding, while that goes to firewalls versus NAT territory and brings in
|
||||
the dark side of Internet of Things which likely call home, don't interoperate
|
||||
with each other, and never get updates or may just stop working should the
|
||||
manufacturer go out of business, but that would be something for another blog post.
|
||||
manufacturer go out of business, but that would be something for another blog
|
||||
post.
|
||||
|
||||
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough
|
||||
for majority of people and in case of family tech-administrators can go
|
||||
a long way in upkeeping security in form of malicious domain filtering without
|
||||
drawbacks of VPNs (increased latencies, captchas, connectivity problems in
|
||||
poor network connections).
|
||||
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough for
|
||||
majority of people and in case of family tech-administrators can go a long way
|
||||
in upkeeping security in form of malicious domain filtering without drawbacks of
|
||||
VPNs (increased latencies, captchas, connectivity problems in poor network
|
||||
connections).
|
||||
|
||||
- _Before following any of this, please see [Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether it suits for you_
|
||||
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about diverse internet, has less bloat on it
|
||||
and due to separate port is likely choice of your network admin. However **_DoH actually works everywhere_**
|
||||
due to using the same port, so as someone who just wants to use the internet, it should be preferred.
|
||||
If you are implementing encrypted DNS somewhere, I would request support
|
||||
for both for the [DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
|
||||
- _Before following any of this, please see
|
||||
[Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether
|
||||
it suits for you_
|
||||
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about
|
||||
diverse internet, has less bloat on it and due to separate port is likely
|
||||
choice of your network admin. However **_DoH actually works everywhere_**
|
||||
due to using the same port, so as someone who just wants to use the
|
||||
internet, it should be preferred. If you are implementing encrypted DNS
|
||||
somewhere, I would request support for both for the
|
||||
[DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
|
||||
- Android9+: Settings -> Advanced -> Private DNS: `dns.quad9.net`
|
||||
- Apple: [encrypted-dns.party](https://encrypted-dns.party/)
|
||||
- SailfishOS: [feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
|
||||
- Linux: [systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS) [Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
|
||||
- Windows 11: [proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support) or (read first: [Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users)) [improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg) and in any case network settings
|
||||
- SailfishOS:
|
||||
[feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
|
||||
- Linux:
|
||||
[systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS)
|
||||
[Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
|
||||
- Windows 11:
|
||||
[proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support)
|
||||
or (read first:
|
||||
[Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users))
|
||||
[improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg)
|
||||
and in any case network settings
|
||||
|
||||
Counter-argument: encrypted DNS doesn't encrypt the IP address you are connecting
|
||||
to which often maps back to the plaintext domain, and SNI is still visible so
|
||||
the sites you visit are still visible.
|
||||
Counter-argument: encrypted DNS doesn't encrypt the IP address you are
|
||||
connecting to which often maps back to the plaintext domain, and SNI is still
|
||||
visible so the sites you visit are still visible.
|
||||
|
||||
Counter-counter-argument: do people around you really care if the ISP and
|
||||
encrypted DNS provider know they are visiting sites like `facebook.com` and
|
||||
`youtube.com` as they still cannot see what you are doing there?
|
||||
|
||||
In case encrypting what is being done on sites (https) and encrypting DNS
|
||||
(to protect from DNS hijacking) is not enough, I would advice using [Tor](https://torproject.org/) instead
|
||||
and becoming familiar with their website.
|
||||
In case encrypting what is being done on sites (https) and encrypting DNS (to
|
||||
protect from DNS hijacking) is not enough, I would advice using
|
||||
[Tor](https://torproject.org/) instead and becoming familiar with their website.
|
||||
|
||||
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally or not? DNSSEC
|
||||
and certificate authorities. Also out of scope for this post, but if your
|
||||
interest is piqued, please do use your favourite search engine to learn more,
|
||||
I already wrote too much about encrypted DNS...
|
||||
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally
|
||||
or not? DNSSEC and certificate authorities. Also out of scope for this post, but
|
||||
if your interest is piqued, please do use your favourite search engine to learn
|
||||
more, I already wrote too much about encrypted DNS...
|
||||
|
||||
### Real time communication platforms
|
||||
|
||||
If you look into Privacy Guides instant messaging platforms, at the time
|
||||
of writing it will suggest you to use Element. That means nothing,
|
||||
[there are three different apps called as Element on three different platforms, the only thing in common is the name and if you are looking for privacy, you should look into it deeper or look entirely elsewhere, but that is my previous blog post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at the time of writing)
|
||||
your room specific display names may leak and media files are never actually
|
||||
removed. If that is fine for you, great. If your issue is just with
|
||||
room specific display names, I would suggest a Matrix client that allows
|
||||
using multiple different accounts such as [FluffyChat](https://fluffychat.im/) (note:
|
||||
I am a contributor).
|
||||
If you look into Privacy Guides instant messaging platforms, at the time of
|
||||
writing it will suggest you to use Element. That means nothing, [there are three
|
||||
different apps called as Element on three different platforms, the only thing
|
||||
in common is the name and if you are looking for privacy, you should look into
|
||||
it deeper or look entirely elsewhere, but that is my previous blog
|
||||
post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at
|
||||
the time of writing) your room specific display names may leak and media files are
|
||||
never actually removed. If that is fine for you, great. If your issue is just with
|
||||
room specific display names, I would suggest a Matrix client that allows using multiple
|
||||
different accounts such as [FluffyChat](https://fluffychat.im/) (note: I am a contributor).
|
||||
|
||||
Privacy Guides not warning about Matrix may be partially my fault
|
||||
as [I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50) though.
|
||||
Privacy Guides not warning about Matrix may be partially my fault as
|
||||
[I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50)
|
||||
though.
|
||||
|
||||
XMPP? Privacy Guides doesn't mention it, because there is no single app
|
||||
to recommend across all platforms (and I am grateful about that
|
||||
as opposed to Element not being Element not being Element) and the protocol
|
||||
doesn't enforce end-to-end encryption. I am not sure if being under control
|
||||
of the server admin counts as Matrix also allows server admin to perform takeover
|
||||
and other hostilities. [Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
|
||||
XMPP? Privacy Guides doesn't mention it, because there is no single app to
|
||||
recommend across all platforms (and I am grateful about that as opposed to
|
||||
Element not being Element not being Element) and the protocol doesn't enforce
|
||||
end-to-end encryption. I am not sure if being under control of the server admin
|
||||
counts as Matrix also allows server admin to perform takeover and other
|
||||
hostilities.
|
||||
[Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
|
||||
they don't care.
|
||||
|
||||
Speaking of end-to-end encryption, another rejected solution especially for
|
||||
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going
|
||||
to blog in the future about) as end-to-end encryption
|
||||
isn't useful in public channels, it can easily be used in internal network
|
||||
(maybe accessed by not-misnomer-VPN I wrote about above) or ran in public
|
||||
allowing Tor access without requiring registration, at the time neither Slack
|
||||
or Discord provides end-to-end encryption and neither Slack or Element provides
|
||||
guest access to my knowledge. (The toggle in room settings? It was removed
|
||||
accidentally without never getting reimplemented).
|
||||
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going to blog in
|
||||
the future about) as end-to-end encryption isn't useful in public channels, it
|
||||
can easily be used in internal network (maybe accessed by not-misnomer-VPN I
|
||||
wrote about above) or ran in public allowing Tor access without requiring
|
||||
registration, at the time neither Slack or Discord provides end-to-end
|
||||
encryption and neither Slack or Element provides guest access to my knowledge.
|
||||
(The toggle in room settings? It was removed accidentally without never getting
|
||||
reimplemented).
|
||||
|
||||
Anyway, there may be a time and place for every communication platform,
|
||||
personally I perform a lot of mix-and-matching as that is what people I
|
||||
actually do want to communicate with do, I haven't been able to talk my
|
||||
family from WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave
|
||||
it pre-pandemic and thus lost access to many people and peer support groups),
|
||||
I have several Signal contacts, Matrix and IRC are in my daily use and I
|
||||
don't see XMPP going away any time soon either.
|
||||
personally I perform a lot of mix-and-matching as that is what people I actually
|
||||
do want to communicate with do, I haven't been able to talk my family from
|
||||
WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave it pre-pandemic and
|
||||
thus lost access to many people and peer support groups), I have several Signal
|
||||
contacts, Matrix and IRC are in my daily use and I don't see XMPP going away any
|
||||
time soon either.
|
||||
|
||||
## What now
|
||||
|
||||
I hope leaving Privacy Guides will leave me more time to do things that matter
|
||||
to me and my hobbies and other things taking time. For example, I am at work
|
||||
try-out practice, seeking for employment and I have recently agreed to contribute
|
||||
into [FluffyChat's](https://fluffychat.im/) Finnish translations (while I feel
|
||||
a bit guilty about the state of Finnish translations in KISS Launcher and Onion Share
|
||||
that I haven't looked into in ages). Language learning also takes a lot of time
|
||||
and stubborness to not give up. And then there is this website where I currently
|
||||
have 49 issues/ideas open (26 of them labeled as blog)
|
||||
try-out practice, seeking for employment and I have recently agreed to
|
||||
contribute into [FluffyChat's](https://fluffychat.im/) Finnish translations
|
||||
(while I feel a bit guilty about the state of Finnish translations in KISS
|
||||
Launcher and Onion Share that I haven't looked into in ages). Language learning
|
||||
also takes a lot of time and stubborness to not give up. And then there is this
|
||||
website where I currently have 49 issues/ideas open (26 of them labeled as blog)
|
||||
|
||||
Obligatory: should I be believed on this over Privacy Guides? Neither
|
||||
should be believed in, take everything with a grain of salt, use your
|
||||
favourite search engine and reach your own answers. Do also check whether
|
||||
there is money involved, does the service/app have affiliate programme? I think
|
||||
a lot of what I am saying is my opinions and privacy sites reflect opinions
|
||||
of their writers, so I wish you good luck trying to find any absolute fact
|
||||
that works in every situation should you attempt that venture.
|
||||
Obligatory: should I be believed on this over Privacy Guides? Neither should be
|
||||
believed in, take everything with a grain of salt, use your favourite search
|
||||
engine and reach your own answers. Do also check whether there is money
|
||||
involved, does the service/app have affiliate programme? I think a lot of what I
|
||||
am saying is my opinions and privacy sites reflect opinions of their writers, so
|
||||
I wish you good luck trying to find any absolute fact that works in every
|
||||
situation should you attempt that venture.
|
||||
|
||||
See also [Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).
|
||||
See also
|
||||
[Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).
|
||||
|
@ -1,22 +1,25 @@
|
||||
---
|
||||
layout: post
|
||||
title: "Matrix abuse protection model for community maintainers: security by obscurity"
|
||||
title:
|
||||
"Matrix abuse protection model for community maintainers: security by
|
||||
obscurity"
|
||||
category: [english]
|
||||
tags: [matrix]
|
||||
lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_I am administrator or moderator in multiple communities in Matrix, the most sizable
|
||||
being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir. And I am tired._
|
||||
_I am administrator or moderator in multiple communities in Matrix, the most
|
||||
sizable being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir.
|
||||
And I am tired._
|
||||
|
||||
If I was using Discord, I would make a guild, make roles within it and then
|
||||
right click people and assign them roles and they would be able to manage all
|
||||
channels those roles let them. Time estimate less than 15 minutes.
|
||||
|
||||
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
|
||||
it feels like no one has thought of the case where a community with more than
|
||||
a couple of rooms wants to use Matrix.
|
||||
it feels like no one has thought of the case where a community with more than a
|
||||
couple of rooms wants to use Matrix.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -46,93 +49,107 @@ smaller steps:
|
||||
1. Use https://develop.element.io/ (or have a config.json allowing you to use
|
||||
labs)
|
||||
2. Create a space.
|
||||
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2. **_WARNING_** You should check [the Matrix spec](https://spec.matrix.org/latest/rooms/)
|
||||
for the latest stable room version. Or maybe the [unstable spec](https://spec.matrix.org/unstable/rooms/)?
|
||||
Or maybe you should just [search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3. **_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
|
||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2.
|
||||
**_WARNING_** You should check
|
||||
[the Matrix spec](https://spec.matrix.org/latest/rooms/) for the latest
|
||||
stable room version. Or maybe the
|
||||
[unstable spec](https://spec.matrix.org/unstable/rooms/)? Or maybe you should
|
||||
just
|
||||
[search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3.
|
||||
**_WARNING! Always before executing `/upgraderoom` check that everyone in
|
||||
your room has a recent Matrix server that supports your target room version,
|
||||
otherwise you may lock some of your users out._** For example
|
||||
`/invite @version:maunium.net` and once it joins, say
|
||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
|
||||
that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||
4. Clear cache and reload so the old space maybe disappears.
|
||||
5. See also [Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
|
||||
5. See also
|
||||
[Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
|
||||
6. Now that there is a space, right click it to create a new room under it and
|
||||
select that it can only be joined by space members. You will hopefully end up
|
||||
with room version 9 (the default at time of writing is 6 and has even worse
|
||||
situation with abuse pretention).
|
||||
7. Go to room settings and set the room to public join assuming it's supposed
|
||||
to be public (14 of this worst case scenario are)
|
||||
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how
|
||||
to handle a private space (9 rooms in this case).
|
||||
7. Go to room settings and set the room to public join assuming it's supposed to
|
||||
be public (14 of this worst case scenario are)
|
||||
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how to
|
||||
handle a private space (9 rooms in this case).
|
||||
|
||||
### Bus factor
|
||||
|
||||
As we are a serious organisation using Matrix here, even if we have no money
|
||||
or people or homeserver or Mjolnir, what happens if you somehow become unable
|
||||
to access your account or are asleep or something when you are needed? You add
|
||||
more people with power and also register yourself on multiple homeservers, so
|
||||
if your main account goes down, you have power somewhere else.
|
||||
As we are a serious organisation using Matrix here, even if we have no money or
|
||||
people or homeserver or Mjolnir, what happens if you somehow become unable to
|
||||
access your account or are asleep or something when you are needed? You add more
|
||||
people with power and also register yourself on multiple homeservers, so if your
|
||||
main account goes down, you have power somewhere else.
|
||||
|
||||
Let's say you have 20 rooms (you get it a bit more easy than I do), I think
|
||||
you have three methods to promote your other accounts:
|
||||
Let's say you have 20 rooms (you get it a bit more easy than I do), I think you
|
||||
have three methods to promote your other accounts:
|
||||
|
||||
**_WARNING: administrator status cannot be removed by others._**
|
||||
|
||||
- A. Using the graphical user interface, invite the other administrators to
|
||||
the room and click the buttons to make them administrators. I am too tired
|
||||
to check how to do this, but it's a graphical user interface, good luck!
|
||||
Remember you will do this twenty times, once for every room/administrator.
|
||||
- B. You can type `/invite @user:example.org` and then `/op @user:example.org 100`
|
||||
and copy-paste it all the time!
|
||||
- C. My favourite, you can have a pre-formatted power-level event in json in
|
||||
a git repository from which you can copy-paste it to all rooms, first `/devtools`,
|
||||
then "room state", "m.room.power_levels", "edit" and you can paste your new
|
||||
administrators there and press "send"! This is the only mass option you have,
|
||||
and you will have to do this in each twenty rooms.
|
||||
- A. Using the graphical user interface, invite the other administrators to the
|
||||
room and click the buttons to make them administrators. I am too tired to
|
||||
check how to do this, but it's a graphical user interface, good luck! Remember
|
||||
you will do this twenty times, once for every room/administrator.
|
||||
- B. You can type `/invite @user:example.org` and then
|
||||
`/op @user:example.org 100` and copy-paste it all the time!
|
||||
- C. My favourite, you can have a pre-formatted power-level event in json in a
|
||||
git repository from which you can copy-paste it to all rooms, first
|
||||
`/devtools`, then "room state", "m.room.power_levels", "edit" and you can
|
||||
paste your new administrators there and press "send"! This is the only mass
|
||||
option you have, and you will have to do this in each twenty rooms.
|
||||
|
||||
Remember you will have to do this every time you add a new moderator (or they
|
||||
will be unable to act in the room when they are needed)!
|
||||
|
||||
We also have a matterbridge (which has it's own configuration for every room, but
|
||||
offtopic here) which has administrator / power level 100 in every room, so if
|
||||
I am not available the administrator team can login as it and take care of
|
||||
We also have a matterbridge (which has it's own configuration for every room,
|
||||
but offtopic here) which has administrator / power level 100 in every room, so
|
||||
if I am not available the administrator team can login as it and take care of
|
||||
the situation.
|
||||
|
||||
## Abuse finds you!
|
||||
|
||||
Congratulations, if abuse has found you, the security through obscurity model
|
||||
has failed and now you get to deal with it! That is very simple, you just check
|
||||
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all twenty
|
||||
rooms.
|
||||
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all
|
||||
twenty rooms.
|
||||
|
||||
Did you find out that you have a lot of abuse from a single server and Matrix
|
||||
doesn't support wildcards in bans? No problem, [Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
|
||||
you simply use `/devtools` and ban the entire server by sending a completely new event
|
||||
`m.room.server_acl`, luckily you are a professional `/devtools` user at this point
|
||||
so having to do this 20 times is nothing to you.
|
||||
doesn't support wildcards in bans? No problem,
|
||||
[Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
|
||||
you simply use `/devtools` and ban the entire server by sending a completely new
|
||||
event `m.room.server_acl`, luckily you are a professional `/devtools` user at
|
||||
this point so having to do this 20 times is nothing to you.
|
||||
|
||||
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside [the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
|
||||
so as per the guide, you will have to acl those servers too (or the ACL might as well not exist).
|
||||
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside
|
||||
[the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
|
||||
so as per the guide, you will have to acl those servers too (or the ACL might as
|
||||
well not exist).
|
||||
|
||||
### Icing on the cake
|
||||
|
||||
Could this get any better? Yes, the abuse could happen when you are sleeping
|
||||
or otherwise out of the picture, so your fellow ICT team member (who has no interest
|
||||
in touching this mess with a long stick) has to step in for you and resolve the issue.
|
||||
Could this get any better? Yes, the abuse could happen when you are sleeping or
|
||||
otherwise out of the picture, so your fellow ICT team member (who has no
|
||||
interest in touching this mess with a long stick) has to step in for you and
|
||||
resolve the issue.
|
||||
|
||||
It's a stress situation for them, will the ICT team be able to find the shared
|
||||
password for the Matrix administrator account you hopefully have and speedlearn
|
||||
to be a `/devtools` professional or able to handle even easier forms of spamming
|
||||
or flooding without you present? My money is on the spammer. Good luck, high-five
|
||||
for the next team meeting where you wonder what happened, how to prevent it from
|
||||
happening again and will you even support Matrix in the future?
|
||||
or flooding without you present? My money is on the spammer. Good luck,
|
||||
high-five for the next team meeting where you wonder what happened, how to
|
||||
prevent it from happening again and will you even support Matrix in the future?
|
||||
|
||||
I hope someone thanked you for ever having your organization there, I know
|
||||
that I have only gotten complaints about matterbridge looking ugly and not
|
||||
using matrix-appservice-irc, \<redacted-for-similar-trouble\>, matrix-whatever-discord,
|
||||
etc.
|
||||
I hope someone thanked you for ever having your organization there, I know that
|
||||
I have only gotten complaints about matterbridge looking ugly and not using
|
||||
matrix-appservice-irc, \<redacted-for-similar-trouble\>,
|
||||
matrix-whatever-discord, etc.
|
||||
|
||||
## Aminda, are you ok, has this happened to you?
|
||||
|
||||
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
|
||||
in general, and this whole issue is ridiculous, someone could have thought of
|
||||
it since 2014, everything I am saying is public knowledge, but no one cares.
|
||||
in general, and this whole issue is ridiculous, someone could have thought of it
|
||||
since 2014, everything I am saying is public knowledge, but no one cares.
|
||||
|
||||
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
|
||||
(which brings all reasonable management for organizations) who is at fault (me).
|
||||
@ -143,13 +160,14 @@ it off the internet before beginning.
|
||||
|
||||
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
|
||||
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
|
||||
painted in this blog post, but as I am the only administrator at Matrix, I
|
||||
have locked it down so the rest of the ICT team can continue not touching Matrix
|
||||
or practicing `/devtools` first without a stressful situation.
|
||||
painted in this blog post, but as I am the only administrator at Matrix, I have
|
||||
locked it down so the rest of the ICT team can continue not touching Matrix or
|
||||
practicing `/devtools` first without a stressful situation.
|
||||
|
||||
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
|
||||
knocking before it can be joined. Don't ask me what Matrix clients support
|
||||
knocking, it's part of [Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
|
||||
knocking, it's part of
|
||||
[Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
|
||||
don't even ask me what Matrix servers support it.
|
||||
|
||||
Our public rooms within that space require being a member of that space.
|
||||
@ -157,19 +175,20 @@ Our public rooms within that space require being a member of that space.
|
||||
Our more sensitive rooms that desire working peace from spammers are in a
|
||||
subspace, which again require belonging to it, and which requires knocking too.
|
||||
We have similar system in place at Discord where we just grant people a role
|
||||
once they have talked a bit and shown themselves to not be malicious and this
|
||||
is the best <s>we</s> I can do at Matrix.
|
||||
once they have talked a bit and shown themselves to not be malicious and this is
|
||||
the best <s>we</s> I can do at Matrix.
|
||||
|
||||
The above looks a bit weird as I was going to put the actual json events
|
||||
there, but I am too tired to bother with that.
|
||||
The above looks a bit weird as I was going to put the actual json events there,
|
||||
but I am too tired to bother with that.
|
||||
|
||||
## Afterword
|
||||
|
||||
If I am wrong at anything I said, please contact me instantly either in [my discussion channels](/discuss),
|
||||
If I am wrong at anything I said, please contact me instantly either in
|
||||
[my discussion channels](/discuss),
|
||||
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
|
||||
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my email actively though)
|
||||
as if I am wrong and there is a reasonable Discord-style interface for this
|
||||
without additional money, you are improving my life greatly as I am not just
|
||||
going to stop using Matrix.
|
||||
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my
|
||||
email actively though) as if I am wrong and there is a reasonable Discord-style
|
||||
interface for this without additional money, you are improving my life greatly
|
||||
as I am not just going to stop using Matrix.
|
||||
|
||||
- [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md)
|
||||
|
@ -6,26 +6,33 @@ tags: [ssh]
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_I have been using SSH signed git commits from 8 months and started signing things with my SSH key instead of PGP keys and thought to share how to do that more easily_
|
||||
_I have been using SSH signed git commits from 8 months and started signing
|
||||
things with my SSH key instead of PGP keys and thought to share how to do that
|
||||
more easily_
|
||||
|
||||
If you didn't know that SSH can be used for this, I suggest reading
|
||||
|
||||
- [Andrew Ayer: It's Now Possible To Sign Arbitrary Data With Your SSH Keys](https://www.agwa.name/blog/post/ssh_signatures)
|
||||
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh) ([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
|
||||
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh)
|
||||
([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
|
||||
|
||||
## Signing
|
||||
|
||||
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is a bit of effort, why not make an alias for it? In my shellrc's I have:
|
||||
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is
|
||||
a bit of effort, why not make an alias for it? In my shellrc's I have:
|
||||
|
||||
```bash
|
||||
alias ssh-sign-file="ssh-keygen -Y sign -f ~/.ssh/signingkey.pub -n file"
|
||||
```
|
||||
|
||||
As I don't change which key I use so often, I can export my public key to `~/.ssh/signingkey.pub`
|
||||
or symlink it to the right place and now when I need to sign something, I can just `ssh-sign-file file.txt`
|
||||
to generate a `file.txt.sig`. Of course this assumes that I always sign files, but I don't remember signing other things as git handles the commits for me.
|
||||
As I don't change which key I use so often, I can export my public key to
|
||||
`~/.ssh/signingkey.pub` or symlink it to the right place and now when I need to
|
||||
sign something, I can just `ssh-sign-file file.txt` to generate a
|
||||
`file.txt.sig`. Of course this assumes that I always sign files, but I don't
|
||||
remember signing other things as git handles the commits for me.
|
||||
|
||||
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive `hello.txt.sig` containing my signature.
|
||||
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive
|
||||
`hello.txt.sig` containing my signature.
|
||||
|
||||
```
|
||||
Signing file hello.txt
|
||||
@ -34,7 +41,11 @@ Write signature to hello.txt.sig
|
||||
|
||||
## Verifying
|
||||
|
||||
There isn't much point in signing things, unless you are able to verify them. The command for this is `ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`, isn't that a bit much to keep in mind? In my opinion it is and thus the function gets a bit more complicated:
|
||||
There isn't much point in signing things, unless you are able to verify them.
|
||||
The command for this is
|
||||
`ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`,
|
||||
isn't that a bit much to keep in mind? In my opinion it is and thus the function
|
||||
gets a bit more complicated:
|
||||
|
||||
```bash
|
||||
sshAllowedSigners=$HOME/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers/allowed_signers
|
||||
@ -44,16 +55,19 @@ ssh-verify-file() {
|
||||
}
|
||||
```
|
||||
|
||||
First I specify where is my `allowed_signers` file so I don't have to repeat it and in case I misuse the function, it reminds me how to use it:
|
||||
First I specify where is my `allowed_signers` file so I don't have to repeat it
|
||||
and in case I misuse the function, it reminds me how to use it:
|
||||
|
||||
```bash
|
||||
% ssh-verify-file hello.txt
|
||||
ssh-verify-file:1: 2: Usage: ssh-verify-file <email> <file-to-verify>
|
||||
```
|
||||
|
||||
I again don't remember verifying other types of files as git handles it for me and I think it's a safe assumption that the signature ends to `.sig`.
|
||||
I again don't remember verifying other types of files as git handles it for me
|
||||
and I think it's a safe assumption that the signature ends to `.sig`.
|
||||
|
||||
So to use it properly and verify the previously signed file `ssh-verify-file noreply@aminda.eu hello.txt`
|
||||
So to use it properly and verify the previously signed file
|
||||
`ssh-verify-file noreply@aminda.eu hello.txt`
|
||||
|
||||
```
|
||||
Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3Fqn8XFrP0X4mWfCVKf4rWkxERzqPY81U
|
||||
@ -61,11 +75,13 @@ Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3F
|
||||
|
||||
## Extra: having git handle it for me
|
||||
|
||||
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git verification commands work with SSH as well:
|
||||
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git
|
||||
verification commands work with SSH as well:
|
||||
|
||||
- `git log --show-signature` for the usual git log with signatures visbile
|
||||
- `git verify-tag 1.0` for verifying a specific tag signature.
|
||||
- `git verify-commit HEAD` to verify the latest commit signature or just to see that git signing is working.
|
||||
- `git verify-commit HEAD` to verify the latest commit signature or just to see
|
||||
that git signing is working.
|
||||
|
||||
Isn't the last command again effort? What if I could just say `git verify`?
|
||||
|
||||
|
@ -11,16 +11,23 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since the setting often didn't sync and it only applied to me as opposed to everyone using a shared computer. However since I have dived into browser policies, this is no longer an issue for me._
|
||||
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since
|
||||
the setting often didn't sync and it only applied to me as opposed to everyone
|
||||
using a shared computer. However since I have dived into browser policies, this
|
||||
is no longer an issue for me._
|
||||
|
||||
I will be referring to my [shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a lot, particularly
|
||||
`etc/`, in case the link rots in the future, chances are my git forges still
|
||||
have that available. I also have [a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash) that creates the directories, symlinks for Chromium-based browsers and sets the permissions properly (if something won't work for you, check the permissions!),
|
||||
so I only need to manage Chromium to also manage Brave, Google Chrome,
|
||||
Microsoft Edge, Vivaldi etc.
|
||||
I will be referring to my
|
||||
[shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a
|
||||
lot, particularly `etc/`, in case the link rots in the future, chances are my
|
||||
git forges still have that available. I also have
|
||||
[a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash)
|
||||
that creates the directories, symlinks for Chromium-based browsers and sets the
|
||||
permissions properly (if something won't work for you, check the permissions!),
|
||||
so I only need to manage Chromium to also manage Brave, Google Chrome, Microsoft
|
||||
Edge, Vivaldi etc.
|
||||
|
||||
Please note that I don't have a Windows or macOS at paw and my only advice
|
||||
for those is the official documentation (bottom of the page).
|
||||
Please note that I don't have a Windows or macOS at paw and my only advice for
|
||||
those is the official documentation (bottom of the page).
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -44,11 +51,11 @@ for those is the official documentation (bottom of the page).
|
||||
|
||||
I love Chromium policies as I can just throw them in the directories
|
||||
`/etc/opt/chromium/policies/{managed,recommended}/` in different `.json` files
|
||||
and then just copy what I need instead of... Now I am going ahead of myself
|
||||
with Firefox. Managed means that the setting will be locked for the user
|
||||
and that is what I am using here, recommended will change the default and
|
||||
show an indicator for the user about it being recommended while still allowing
|
||||
it to be changed by the way.
|
||||
and then just copy what I need instead of... Now I am going ahead of myself with
|
||||
Firefox. Managed means that the setting will be locked for the user and that is
|
||||
what I am using here, recommended will change the default and show an indicator
|
||||
for the user about it being recommended while still allowing it to be changed by
|
||||
the way.
|
||||
|
||||
The case of HTTPS Everywhere is simple. I will copy a bit of my script:
|
||||
|
||||
@ -63,8 +70,8 @@ sudo chmod -v a+rx /etc/opt/chromium/policies/{managed,recommended}/
|
||||
|
||||
If you don't speak \*nix, `mkdir -vp` creates the directories verbosely
|
||||
including their parent directories if those don't exist already and
|
||||
`chmod -v a+rx` verbosely allows everyone to read and execute, which is
|
||||
required for listing directory contents.
|
||||
`chmod -v a+rx` verbosely allows everyone to read and execute, which is required
|
||||
for listing directory contents.
|
||||
|
||||
```bash
|
||||
# An example, without the -p there would be error about the parent directory
|
||||
@ -78,8 +85,8 @@ mode of '/tmp/meow' retained as 0755 (rwxr-xr-x)
|
||||
|
||||
---
|
||||
|
||||
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just
|
||||
a matter of creating a json file there, e.g.
|
||||
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just a
|
||||
matter of creating a json file there, e.g.
|
||||
`/etc/opt/chromium/policies/managed/https-everywhere.json`:
|
||||
|
||||
```json
|
||||
@ -94,28 +101,28 @@ Now visit `about:policy` and see the policy appear (or if Chromium was already
|
||||
running, click `Update policies`) and you are done. Try visiting
|
||||
[http.badssl.com](https://http.badssl.com) to see it in action.
|
||||
|
||||
Of course the user can still navigate there, but HTTPS Everywhere the
|
||||
extension had that behaviour too and there is likely a separate policy for
|
||||
that.
|
||||
Of course the user can still navigate there, but HTTPS Everywhere the extension
|
||||
had that behaviour too and there is likely a separate policy for that.
|
||||
|
||||
_EncryptedClientHello was added here some hours after publishing the article
|
||||
alongside with Firefox DNS-over-HTTPS. See the bottom of page for changelog
|
||||
link._
|
||||
|
||||
To put `EncryptedClientHello` simply, it will hide which domain you are
|
||||
requesting from https capable web server, which may be serving multiple
|
||||
domains when DNS-Over-HTTPS is used ([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
|
||||
requesting from https capable web server, which may be serving multiple domains
|
||||
when DNS-Over-HTTPS is used
|
||||
([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
|
||||
generally the query for `example.net` would go in plaintext alongside _Server
|
||||
Name Indication_.
|
||||
|
||||
It's good for your privacy, bad for enterprise network admin or those willing
|
||||
to perform censorship.
|
||||
It's good for your privacy, bad for enterprise network admin or those willing to
|
||||
perform censorship.
|
||||
|
||||
### DNS-over-HTTPS
|
||||
|
||||
You might have noticed that Chromium no longer allows you to use DNS over
|
||||
HTTPS since the browser is now "managed by an organization". This will require
|
||||
another policy that either unlocks it or forces everyone to use it.
|
||||
You might have noticed that Chromium no longer allows you to use DNS over HTTPS
|
||||
since the browser is now "managed by an organization". This will require another
|
||||
policy that either unlocks it or forces everyone to use it.
|
||||
|
||||
`/etc/opt/chromium/policies/managed/doh-unlocked-unset.json`:
|
||||
|
||||
@ -136,27 +143,28 @@ and the user is once again free to use their preferred DoH provider.
|
||||
}
|
||||
```
|
||||
|
||||
And the user is using DNS-over-HTTPS from Quad9 with fallback to system
|
||||
resolver allowed (which for me is encrypted anyway). The `automatic` could be
|
||||
replaced with `secure` to not allow downgrade, but I had issues with Chromium
|
||||
losing connectivity entirely.
|
||||
And the user is using DNS-over-HTTPS from Quad9 with fallback to system resolver
|
||||
allowed (which for me is encrypted anyway). The `automatic` could be replaced
|
||||
with `secure` to not allow downgrade, but I had issues with Chromium losing
|
||||
connectivity entirely.
|
||||
|
||||
You may notice that multiple DoH providers are allowed, however I don't know
|
||||
what logic is used for choosing between them. Oh and the weird https port
|
||||
5053? It comes from
|
||||
what logic is used for choosing between them. Oh and the weird https port 5053?
|
||||
It comes from
|
||||
[docs.quad9.net/services](https://docs.quad9.net/services/#alternate-ports).
|
||||
|
||||
## Firefox
|
||||
|
||||
Firefox is a bit more complicated in the sense that everything belongs to one
|
||||
`policies.json` file, so there is no separating different policies to
|
||||
different files _and_ there is no direct policy for HTTPS-only mode.
|
||||
`policies.json` file, so there is no separating different policies to different
|
||||
files _and_ there is no direct policy for HTTPS-only mode.
|
||||
|
||||
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_! [This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
|
||||
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_!
|
||||
[This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
|
||||
(`/usr/share/librewolf/distribution/policies.json`,
|
||||
[codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)),
|
||||
so make sure to copy the parts you wish to use before applying this (although
|
||||
I think it might have this out of the box).
|
||||
so make sure to copy the parts you wish to use before applying this (although I
|
||||
think it might have this out of the box).
|
||||
|
||||
Hoping you read the Chromium section above, you may know the drill with the
|
||||
commands and flags:
|
||||
@ -198,20 +206,20 @@ editor and have contents similar to:
|
||||
}
|
||||
```
|
||||
|
||||
After saving and restarting Firefox, `about:policies` should display the
|
||||
change, `about:config` should display the two preferences as grayed out and
|
||||
within settings HTTPS-Only mode is used in all windows and grayed out.
|
||||
After saving and restarting Firefox, `about:policies` should display the change,
|
||||
`about:config` should display the two preferences as grayed out and within
|
||||
settings HTTPS-Only mode is used in all windows and grayed out.
|
||||
|
||||
An easy test is again [http.badssl.com](http://http.badssl.com).
|
||||
|
||||
### DNS-over-HTTPS
|
||||
|
||||
_This section was edited in afterwards some hours after the publishing. Refer
|
||||
to the log link on the bottom for more information._
|
||||
_This section was edited in afterwards some hours after the publishing. Refer to
|
||||
the log link on the bottom for more information._
|
||||
|
||||
Like Chromium, Firefox also supports DoH, although here it must be in the
|
||||
same `/etc/firefox/policies/policies.json` file as before. It's simply appended
|
||||
(or prepended) a bit:
|
||||
Like Chromium, Firefox also supports DoH, although here it must be in the same
|
||||
`/etc/firefox/policies/policies.json` file as before. It's simply appended (or
|
||||
prepended) a bit:
|
||||
|
||||
```json
|
||||
{
|
||||
@ -243,24 +251,25 @@ The new sections are also quite self-explanatory with boolean `true` or `false`
|
||||
values.
|
||||
|
||||
- Is DoH enabled by default?
|
||||
- Is it OK to automatically use system resolver if the DoH server doesn't
|
||||
work? (There is a similar warning as with HTTPS only mode even if this was
|
||||
`false` like in the example.)
|
||||
- Is it OK to automatically use system resolver if the DoH server doesn't work?
|
||||
(There is a similar warning as with HTTPS only mode even if this was `false`
|
||||
like in the example.)
|
||||
- Is the user allowed to change these options (including which DoH server (if
|
||||
any) they want to use) or are they grayed out? I like locking it so I don't
|
||||
have to worry where else I may have configured it.
|
||||
- Which URL is used for queries? I am under impression that unlike with
|
||||
Chromium, multiple addresses aren't allowed here.
|
||||
|
||||
_Have you seen a note about temptation to write about IPv6 here? Perhaps you
|
||||
are looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
|
||||
_Have you seen a note about temptation to write about IPv6 here? Perhaps you are
|
||||
looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
|
||||
|
||||
**Updated note on Firefox ECH:** DNS-Over-HTTPS is no longer required for ECH,
|
||||
since `network.dns.native_https_query` exists (if you aren't using ESR
|
||||
branch on version 115). You should already know how to enable it if you have
|
||||
read this far 😼
|
||||
since `network.dns.native_https_query` exists (if you aren't using ESR branch on
|
||||
version 115). You should already know how to enable it if you have read this far
|
||||
😼
|
||||
|
||||
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
|
||||
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger
|
||||
and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
|
||||
|
||||
## Documentation and other policies
|
||||
|
||||
@ -277,14 +286,18 @@ complaining about all the nice settings being hidden in browser policy.
|
||||
- The official documentation:
|
||||
- [mozilla.github.io/policy-templates](https://mozilla.github.io/policy-templates/)
|
||||
- [LibreAwoo policies.json could be mentioned here as well](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)
|
||||
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/) mostly also applies to Chromium based browsers, who may have their own additions:
|
||||
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/)
|
||||
mostly also applies to Chromium based browsers, who may have their own
|
||||
additions:
|
||||
- [Brave group policy](https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy)
|
||||
- [Microsoft Edge policy documentation](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies)
|
||||
- Other documentation that may be interesting:
|
||||
- [Ecosia as default search engine through Group Policy](https://ecosia.helpscoutdocs.com/article/487-windows-group-policy-guides)
|
||||
- [Privacy Badger enterprise deployment and configuration](https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md)
|
||||
- [I maybe got involved there too a bit](https://github.com/EFForg/privacybadger/discussions/2947)
|
||||
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin) and [deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
|
||||
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin)
|
||||
and
|
||||
[deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
|
||||
- These also apply to [AdNauseam](https://adnauseam.io/), just change the
|
||||
extension ID in your policy.
|
||||
- Possibly helpful Wikipedia articles:
|
||||
|
@ -11,9 +11,15 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
_I previously wrote about enforcing HTTPS for all users/profiles through browser policy receiving some positive feedback and I felt like continuing on the subject by instructing with extension installation. This barely scratches the surface of what browser policy can do for you either though._
|
||||
_I previously wrote about enforcing HTTPS for all users/profiles through browser
|
||||
policy receiving some positive feedback and I felt like continuing on the
|
||||
subject by instructing with extension installation. This barely scratches the
|
||||
surface of what browser policy can do for you either though._
|
||||
|
||||
I recommend reading the [browser policy part Ⅰ on enforcing HTTPS only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the Firefox part will continue building on it and I will try to not repeat myself, although that is unavoidable.
|
||||
I recommend reading the [browser policy part Ⅰ on enforcing HTTPS
|
||||
only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the
|
||||
Firefox part will continue building on it and I will try to not repeat myself,
|
||||
although that is unavoidable.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -42,48 +48,105 @@ I recommend reading the [browser policy part Ⅰ on enforcing HTTPS only mode]({
|
||||
|
||||
## Chromium
|
||||
|
||||
[I previously instructed with the directory creation and permissions in the part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I also mentioned loving how I can create separate files
|
||||
there as opposed to messing everything together. I tend to use the filename
|
||||
`aminda-extensions.json` for all extension related as Chromium isn't perfect
|
||||
either and only lets the options appear once.
|
||||
[I previously instructed with the directory creation and permissions in the
|
||||
part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I
|
||||
also mentioned loving how I can create separate files there as opposed to
|
||||
messing everything together. I tend to use the filename `aminda-extensions.json`
|
||||
for all extension related as Chromium isn't perfect either and only lets the
|
||||
options appear once.
|
||||
|
||||
So the file may look a bit scary, but it's actually quite simple (and the difficulty comes from getting json formatted correctly, which I am leaving for `pretty-format-json` pre-commit hook), so I am going to explain everything before the actual json:
|
||||
So the file may look a bit scary, but it's actually quite simple (and the
|
||||
difficulty comes from getting json formatted correctly, which I am leaving for
|
||||
`pretty-format-json` pre-commit hook), so I am going to explain everything
|
||||
before the actual json:
|
||||
|
||||
The `3rdparty` and `extensions` let us configure extensions in advance.
|
||||
|
||||
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web store which can be seen from its URL: `https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm` and everything specified here will become a part of it's configuration.`trustedSiteDirective` means the sites it will be disabld on, the extension pages are recommended in the documentation and I don't mind Ecosia displaying ads since they go to planting trees. Note that the user can add their own sites or remove these from the extension settings.
|
||||
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web
|
||||
store which can be seen from its URL:
|
||||
`https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm`
|
||||
and everything specified here will become a part of it's
|
||||
configuration.`trustedSiteDirective` means the sites it will be disabld on, the
|
||||
extension pages are recommended in the documentation and I don't mind Ecosia
|
||||
displaying ads since they go to planting trees. Note that the user can add their
|
||||
own sites or remove these from the extension settings.
|
||||
|
||||
`toOverwrite` says clearly it will overwrite user settings, so the lists everyone on your system wishes to use should be specified here. In this case, this contains the default lists, the Finnish adblocking list and the quick fixes list, which updates more rapidly in cases such as the cat-and-mouse with YouTube and adblockers.
|
||||
`toOverwrite` says clearly it will overwrite user settings, so the lists
|
||||
everyone on your system wishes to use should be specified here. In this case,
|
||||
this contains the default lists, the Finnish adblocking list and the quick fixes
|
||||
list, which updates more rapidly in cases such as the cat-and-mouse with YouTube
|
||||
and adblockers.
|
||||
|
||||
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam]. You have most likely heard of how ads let content to be free and supports content creators and all that, I don't want to take away their revenue, but I don't want to risk targeted malvertising or manipulation either, so this is my compromise. Respect my privacy, and I will see your ads, or be blocked.
|
||||
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam].
|
||||
You have most likely heard of how ads let content to be free and supports
|
||||
content creators and all that, I don't want to take away their revenue, but I
|
||||
don't want to risk targeted malvertising or manipulation either, so this is my
|
||||
compromise. Respect my privacy, and I will see your ads, or be blocked.
|
||||
|
||||
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL `https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp` and the settings are clear on what they do. If they are removed, it's up to the default value or user configuration what will happen.
|
||||
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL
|
||||
`https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
|
||||
and the settings are clear on what they do. If they are removed, it's up to the
|
||||
default value or user configuration what will happen.
|
||||
|
||||
This [PrivacyBadger] configuration will simply always set these options on browser start:
|
||||
This [PrivacyBadger] configuration will simply always set these options on
|
||||
browser start:
|
||||
|
||||
- `"checkForDNTPolicy": true` check if the domain has a [`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so, won't block it.
|
||||
- `"disabledSites": []` configures the domains that are allowed to perform tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my actual policies I allowlist domains more freely in uBlock Origin than [PrivacyBadger].
|
||||
- `"learnInIncognito": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) Same as below, but in incognito mode.
|
||||
- `"learnLocally": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) [PrivacyBadger] has rare ability to learn who tracks you without having to ask anywhere else, so with this enabled, it may block something before it gets added to either the premade list or something uBlock Origin has.
|
||||
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do Not Track and Global Privacy Control signals.
|
||||
- `"showCounter": true` Whether to display the number of blocked trackers in the [PrivacyBadger] icon.
|
||||
- `"showIntroPage": false` Whether or not to display the welcome to PrivacyBadger screen on start. In general having less displayed automatically on browser start is a good thing, and if you set this to `true`, [PrivacyBadger] would greet you every browser start and I bet you would get annoyed quickly.
|
||||
- `"socialWidgetReplacementEnabled": true` Whether to display social media embeds directly or replace them with a notice on how [PrivacyBadger] has blocked them from tracking you with the menu options on what to do.
|
||||
- `"checkForDNTPolicy": true` check if the domain has a
|
||||
[`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so,
|
||||
won't block it.
|
||||
- `"disabledSites": []` configures the domains that are allowed to perform
|
||||
tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my
|
||||
actual policies I allowlist domains more freely in uBlock Origin than
|
||||
[PrivacyBadger].
|
||||
- `"learnInIncognito": true`
|
||||
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
|
||||
Same as below, but in incognito mode.
|
||||
- `"learnLocally": true`
|
||||
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
|
||||
[PrivacyBadger] has rare ability to learn who tracks you without having to ask
|
||||
anywhere else, so with this enabled, it may block something before it gets
|
||||
added to either the premade list or something uBlock Origin has.
|
||||
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do
|
||||
Not Track and Global Privacy Control signals.
|
||||
- `"showCounter": true` Whether to display the number of blocked trackers in the
|
||||
[PrivacyBadger] icon.
|
||||
- `"showIntroPage": false` Whether or not to display the welcome to
|
||||
PrivacyBadger screen on start. In general having less displayed automatically
|
||||
on browser start is a good thing, and if you set this to `true`,
|
||||
[PrivacyBadger] would greet you every browser start and I bet you would get
|
||||
annoyed quickly.
|
||||
- `"socialWidgetReplacementEnabled": true` Whether to display social media
|
||||
embeds directly or replace them with a notice on how [PrivacyBadger] has
|
||||
blocked them from tracking you with the menu options on what to do.
|
||||
|
||||
Now the only thing to do remains actually installing the extension.
|
||||
|
||||
**_BONUS!_** [`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability) will extend the time how long until ManifestV3 gets forced (and Google kills content filters).
|
||||
**_BONUS!_**
|
||||
[`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability)
|
||||
will extend the time how long until ManifestV3 gets forced (and Google kills
|
||||
content filters).
|
||||
|
||||
Anyway there is the same extension ID as before and four new options:
|
||||
|
||||
- `installation_mode` has options `normal_installed`, `force_installed` and `blocked`. The first means it's installed by default, but the user can choose to unload it, the second used here will prevent unloading the extension and the third prevents installing and loading it entirely.
|
||||
- `installation_mode` has options `normal_installed`, `force_installed` and
|
||||
`blocked`. The first means it's installed by default, but the user can choose
|
||||
to unload it, the second used here will prevent unloading the extension and
|
||||
the third prevents installing and loading it entirely.
|
||||
- Typing this I am not sure if `override_update_url` is actually required.
|
||||
- `force_pinned` will pin the extension to Chromium toolbar by default and not allow unpinning and moving it to the extension menu. I strongly recommend it with content blockers, especially when there is site breakage as it makes it so much easier to see at a glance when something is blocked. The other option would be `default_unpinned`.
|
||||
- `update_url` is required for automatically installed extensions and while here it's the Chrome Web Store, it could as well be `https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs are different there, they are again visible in the URL bar.
|
||||
- `force_pinned` will pin the extension to Chromium toolbar by default and not
|
||||
allow unpinning and moving it to the extension menu. I strongly recommend it
|
||||
with content blockers, especially when there is site breakage as it makes it
|
||||
so much easier to see at a glance when something is blocked. The other option
|
||||
would be `default_unpinned`.
|
||||
- `update_url` is required for automatically installed extensions and while here
|
||||
it's the Chrome Web Store, it could as well be
|
||||
`https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs
|
||||
are different there, they are again visible in the URL bar.
|
||||
|
||||
### `/etc/opt/chromium/policies/managed/aminda-extensions.json`
|
||||
|
||||
I hope I didn't scare you too badly by saying this isn't scary, but it's all explained above.
|
||||
I hope I didn't scare you too badly by saying this isn't scary, but it's all
|
||||
explained above.
|
||||
|
||||
```json
|
||||
{
|
||||
@ -160,14 +223,22 @@ _2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
|
||||
|
||||
## Firefox
|
||||
|
||||
If you haven't read the previous blog post yet, please do that now as Firefox forces everything to be in `/etc/firefox/policies.json` and thus this file will begin by expanding the end result from there. And to not repeat myself, please also read the Chromium section above as due to everything being webextensions, the new part within extension configuration is the same.
|
||||
If you haven't read the previous blog post yet, please do that now as Firefox
|
||||
forces everything to be in `/etc/firefox/policies.json` and thus this file will
|
||||
begin by expanding the end result from there. And to not repeat myself, please
|
||||
also read the Chromium section above as due to everything being webextensions,
|
||||
the new part within extension configuration is the same.
|
||||
|
||||
Let's begin by what differs from Chromium:
|
||||
|
||||
- The extension ID is most easily readable from `about:support` instead of addon URL.
|
||||
- The extension ID is most easily readable from `about:support` instead of addon
|
||||
URL.
|
||||
- We can sideload the extension, although that won't affect Firefox sync.
|
||||
- It's a lot easier to figure out what extension a block belongs to as the names appear here.
|
||||
- While there is no `ExtensionManifestV2Availability`, there are domains protected by default (`extensions.webextensions.restrictedDomains`) that we could unset.
|
||||
- It's a lot easier to figure out what extension a block belongs to as the names
|
||||
appear here.
|
||||
- While there is no `ExtensionManifestV2Availability`, there are domains
|
||||
protected by default (`extensions.webextensions.restrictedDomains`) that we
|
||||
could unset.
|
||||
|
||||
_Oh meow, no more json!_ I am sorry.
|
||||
|
||||
@ -267,52 +338,97 @@ _Oh meow, no more json!_ I am sorry.
|
||||
}
|
||||
```
|
||||
|
||||
Doesn't that look familiar? Yes, it's practically the same file [from part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and the extensions took the exact same values as Chromium, only the IDs and download locations changed and some Chromium extras disappeared.
|
||||
Doesn't that look familiar? Yes, it's practically the same file [from
|
||||
part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and
|
||||
the extensions took the exact same values as Chromium, only the IDs and download
|
||||
locations changed and some Chromium extras disappeared.
|
||||
|
||||
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage and in the end I removed the extra protection those sites would have from extensions which would permit tracking by Mozilla. However, [PrivacyBadger] would still protect from that while being less likely to break.
|
||||
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage
|
||||
and in the end I removed the extra protection those sites would have from
|
||||
extensions which would permit tracking by Mozilla. However, [PrivacyBadger]
|
||||
would still protect from that while being less likely to break.
|
||||
|
||||
_Would you like to restore the protection for Mozilla pages? Replace the `user` in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so it will be restored to default value while `user` persists even if the lines are removed as they appear as if the user had changed them in `about:config`._
|
||||
_Would you like to restore the protection for Mozilla pages? Replace the `user`
|
||||
in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so
|
||||
it will be restored to default value while `user` persists even if the lines are
|
||||
removed as they appear as if the user had changed them in `about:config`._
|
||||
|
||||
_2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
|
||||
|
||||
## Answers to potential questions
|
||||
|
||||
As I sometimes tend to be a bit controversial when balancing security,
|
||||
privacy, digital carbon footprint and all, there are going to be questions
|
||||
and I keep answering them otherwise too.
|
||||
As I sometimes tend to be a bit controversial when balancing security, privacy,
|
||||
digital carbon footprint and all, there are going to be questions and I keep
|
||||
answering them otherwise too.
|
||||
|
||||
## Where can I see what policies extensions can take?
|
||||
|
||||
In Chromium `about:policies` has a checkbox "show unset policies" which will bring a long list including the extensions. It also has a lovely search box.
|
||||
In Chromium `about:policies` has a checkbox "show unset policies" which will
|
||||
bring a long list including the extensions. It also has a lovely search box.
|
||||
|
||||
### Why both PrivacyBadger and uBlock Origin?
|
||||
|
||||
I admit they have some overlap, but uBlock Origin relies on human made lists instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't even try to block ads, it happens by accident).
|
||||
I admit they have some overlap, but uBlock Origin relies on human made lists
|
||||
instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't
|
||||
even try to block ads, it happens by accident).
|
||||
|
||||
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I could block JavaScript (which I do), but sometimes I will allow it to a website anyway and then the widget learns I am there even if I had no interest in seeing comments in that case. And if I wanted to allow them somewhere, I could click "always allow this widget on this site".
|
||||
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I
|
||||
could block JavaScript (which I do), but sometimes I will allow it to a website
|
||||
anyway and then the widget learns I am there even if I had no interest in seeing
|
||||
comments in that case. And if I wanted to allow them somewhere, I could click
|
||||
"always allow this widget on this site".
|
||||
|
||||
I also love its ability to self-learn trackers, even if that may make me more trackable. I think there are easier methods to track me (like my HTTP user-agent saying I am on Windows, while my `navigator.useragent or `navigator.platform` say something different) and Firefox Nightly is newer than most people use and there are a countless of small things in browser fingerprinting, which could be it's own blog post.
|
||||
I also love its ability to self-learn trackers, even if that may make me more
|
||||
trackable. I think there are easier methods to track me (like my HTTP user-agent
|
||||
saying I am on Windows, while my `navigator.useragent or `navigator.platform`
|
||||
say something different) and Firefox Nightly is newer than most people use and
|
||||
there are a countless of small things in browser fingerprinting, which could be
|
||||
it's own blog post.
|
||||
|
||||
### Why EFF DNT allowlist?
|
||||
|
||||
I think I already answered this in the Chromium section, but I don't hate ads. They may be important source of money to creators and I wouldn't mind some financial support as well (if that wasn't practically illegal in Finland).
|
||||
I think I already answered this in the Chromium section, but I don't hate ads.
|
||||
They may be important source of money to creators and I wouldn't mind some
|
||||
financial support as well (if that wasn't practically illegal in Finland).
|
||||
|
||||
What I mind is targeted advertising, tracking, the potential for targeted malvertising without it affecting anyone else and how they are used for manipulation especially politically and with elections on discouraging some people from voting.
|
||||
What I mind is targeted advertising, tracking, the potential for targeted
|
||||
malvertising without it affecting anyone else and how they are used for
|
||||
manipulation especially politically and with elections on discouraging some
|
||||
people from voting.
|
||||
|
||||
### Where did uBlock Origin Lite come from?
|
||||
|
||||
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed` instead of `force_installed`, because I am worried about ManifestV2 extensions not syncing as the majority probably won't have the policy to allow it configured.
|
||||
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed`
|
||||
instead of `force_installed`, because I am worried about ManifestV2 extensions
|
||||
not syncing as the majority probably won't have the policy to allow it
|
||||
configured.
|
||||
|
||||
This gives the users the choice to use either of the two, both (which may be discouraged) or neither, while PrivacyBadger is forced on and I think it may perform better with ManifestV3 anyway considering the local learning feature, which I consider essential for non-English content anyway.
|
||||
This gives the users the choice to use either of the two, both (which may be
|
||||
discouraged) or neither, while PrivacyBadger is forced on and I think it may
|
||||
perform better with ManifestV3 anyway considering the local learning feature,
|
||||
which I consider essential for non-English content anyway.
|
||||
|
||||
Speaking of PrivacyBadger, other concerns I have with uBlock Origin Lite are:
|
||||
|
||||
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I would need to convince the developer to add it, which I am not even going to try, as it would go against the principle of the extension.
|
||||
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working, so I cannot pre-emptively handle broken captchas or allow Ecosia to show me tracking ads in exchange of them planting trees.</del>. A day later I got `"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock Origin, so any edits outside of the policy will reset upon restart. Then again that may also be a feature, please do send your best regards to Google...
|
||||
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I
|
||||
would need to convince the developer to add it, which I am not even going to
|
||||
try, as it would go against the principle of the extension.
|
||||
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working,
|
||||
so I cannot pre-emptively handle broken captchas or allow Ecosia to show me
|
||||
tracking ads in exchange of them planting trees.</del>. A day later I got
|
||||
`"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock
|
||||
Origin, so any edits outside of the policy will reset upon restart. Then
|
||||
again that may also be a feature, please do send your best regards to
|
||||
Google...
|
||||
|
||||
Google only has themselves to blame for not thinking of the scenario where their users might be ok with non-tracking ads and now have no option to allow them due to being more concerned about malvertising than how advertising businesses are doing, since they they ruined the compromise solution that tried to account both.
|
||||
Google only has themselves to blame for not thinking of the scenario where their
|
||||
users might be ok with non-tracking ads and now have no option to allow them due
|
||||
to being more concerned about malvertising than how advertising businesses are
|
||||
doing, since they they ruined the compromise solution that tried to account
|
||||
both.
|
||||
|
||||
I may trust myself to avoid malicious content online or that DNS filtering will catch it, but I don't have such trust on my less technical family members.
|
||||
I may trust myself to avoid malicious content online or that DNS filtering will
|
||||
catch it, but I don't have such trust on my less technical family members.
|
||||
|
||||
I should also say that ManifestV3 and uBlock Origin Lite have good sides as
|
||||
well, considering it not needing or requesting access to all pages visited out
|
||||
@ -321,23 +437,39 @@ actually get installed through policy.
|
||||
|
||||
### How do I enable more default lists in uBlock Origin?
|
||||
|
||||
As you saw, external blocklists are just matter of entering the URL into the policy, but integrated ones are a bit more challenging. See the eye icon in uBlock Origin dashboard? I have been pointing it and looking at the URL which ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be the list name.
|
||||
As you saw, external blocklists are just matter of entering the URL into the
|
||||
policy, but integrated ones are a bit more challenging. See the eye icon in
|
||||
uBlock Origin dashboard? I have been pointing it and looking at the URL which
|
||||
ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be
|
||||
the list name.
|
||||
|
||||
More technical solution would be looking into the [`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json) where the same names appear.
|
||||
More technical solution would be looking into the
|
||||
[`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json)
|
||||
where the same names appear.
|
||||
|
||||
Remember that [more filter lists make you more identifiable](https://browserleaks.com/proxy) and _do as I say, not as I do_.
|
||||
Remember that
|
||||
[more filter lists make you more identifiable](https://browserleaks.com/proxy)
|
||||
and _do as I say, not as I do_.
|
||||
|
||||
## What do you think about this blog post?
|
||||
|
||||
I feel a bit disappointed with it, I felt the previous one was more meaningful and did everything better, but I hope this will be some benefit to someone regardless or be something I can link to when I inevitably get asked these questions again.
|
||||
I feel a bit disappointed with it, I felt the previous one was more meaningful
|
||||
and did everything better, but I hope this will be some benefit to someone
|
||||
regardless or be something I can link to when I inevitably get asked these
|
||||
questions again.
|
||||
|
||||
## Will there be browser policies part Ⅲ?
|
||||
|
||||
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also just scratching the tip of the iceberg and there is really a lot you can do with browser policies.
|
||||
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also
|
||||
just scratching the tip of the iceberg and there is really a lot you can do with
|
||||
browser policies.
|
||||
|
||||
### Where is all the futher reading?
|
||||
|
||||
If you have read both blog posts carefully, this one didn't actually say anything new, it's all linked [from part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
|
||||
If you have read both blog posts carefully, this one didn't actually say
|
||||
anything new, it's all linked [from
|
||||
part
|
||||
Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
|
||||
|
||||
_[Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2024-05-22-policy-contentblocker.md)_
|
||||
|
||||
|
@ -3,14 +3,26 @@ layout: page
|
||||
title: Blog
|
||||
navigation: true
|
||||
permalink: /blog/
|
||||
excerpt: "Blog index, posts in English and posts in Finnish — Blogin etusivu, postaukset englanniksi ja postaukset suomeksi."
|
||||
excerpt:
|
||||
"Blog index, posts in English and posts in Finnish — Blogin etusivu,
|
||||
postaukset englanniksi ja postaukset suomeksi."
|
||||
lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
<p>
|
||||
Posts <a lang="en" href="#in-english">in English here</a> &
|
||||
<a lang="fi" href="#suomeksi">suomeksi täällä</a>.
|
||||
Posts
|
||||
<a
|
||||
lang="en"
|
||||
href="#in-english"
|
||||
>in English here</a
|
||||
>
|
||||
&
|
||||
<a
|
||||
lang="fi"
|
||||
href="#suomeksi"
|
||||
>suomeksi täällä</a
|
||||
>.
|
||||
</p>
|
||||
<hr />
|
||||
<div lang="en">
|
||||
|
61
index.html
61
index.html
@ -1,16 +1,26 @@
|
||||
---
|
||||
layout: index
|
||||
title: Index
|
||||
excerpt: "I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment."
|
||||
excerpt:
|
||||
"I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I
|
||||
am familiar with git and looking for employment."
|
||||
robots: noai, nofollow
|
||||
---
|
||||
|
||||
<p id="avatar">
|
||||
<a class="h-card" href="https://aminda.eu/">
|
||||
<img src="{{site.avatar}}" alt="Photo of me" /><br />Aminda Suomalainen</a
|
||||
<a
|
||||
class="h-card"
|
||||
href="https://aminda.eu/"
|
||||
>
|
||||
<img
|
||||
src="{{site.avatar}}"
|
||||
alt="Photo of me"
|
||||
/><br />Aminda Suomalainen</a
|
||||
><br />
|
||||
<small
|
||||
><a rel="prefetch me" href="https://cv.aminda.eu/"
|
||||
><a
|
||||
rel="prefetch me"
|
||||
href="https://cv.aminda.eu/"
|
||||
>Curriculum Vitae</a
|
||||
></small
|
||||
>
|
||||
@ -96,20 +106,34 @@ robots: noai, nofollow
|
||||
<li id="some">
|
||||
<span class="monospaced">SOME:</span>
|
||||
<em
|
||||
><a href="https://gitea.blesmrt.net/mikaela" rel="me"
|
||||
><a
|
||||
href="https://gitea.blesmrt.net/mikaela"
|
||||
rel="me"
|
||||
>gitea.blesmrt.net</a
|
||||
></em
|
||||
>
|
||||
<a href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2" rel="me"
|
||||
<a
|
||||
href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2"
|
||||
rel="me"
|
||||
>bsky</a
|
||||
>
|
||||
<em
|
||||
><a href="https://github.com/{{ site.github_username }}" rel="me"
|
||||
><a
|
||||
href="https://github.com/{{ site.github_username }}"
|
||||
rel="me"
|
||||
>GitHub.com</a
|
||||
></em
|
||||
>
|
||||
<a href="https://gitlab.com/Mikaela" rel="me">GitLab.com</a>
|
||||
<a href="https://git.com.de/mikaela" rel="me">git.com.de</a> (<a
|
||||
<a
|
||||
href="https://gitlab.com/Mikaela"
|
||||
rel="me"
|
||||
>GitLab.com</a
|
||||
>
|
||||
<a
|
||||
href="https://git.com.de/mikaela"
|
||||
rel="me"
|
||||
>git.com.de</a
|
||||
> (<a
|
||||
href="http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela"
|
||||
rel="me"
|
||||
>🧅︎</a
|
||||
@ -119,11 +143,19 @@ robots: noai, nofollow
|
||||
href="{{site.keyoxide}}/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY"
|
||||
>Keyoxide</a
|
||||
>
|
||||
<a rel="me" href="https://liberapay.com/Mikaela">LiberaPay.com</a>
|
||||
<a rel="me" href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
|
||||
<a
|
||||
rel="me"
|
||||
href="https://liberapay.com/Mikaela"
|
||||
>LiberaPay.com</a
|
||||
>
|
||||
<a
|
||||
rel="me"
|
||||
href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
|
||||
>LinkedIn.com</a
|
||||
>
|
||||
<a href="https://git.piraattipuolue.fi/mikaela.suomalainen" rel="me"
|
||||
<a
|
||||
href="https://git.piraattipuolue.fi/mikaela.suomalainen"
|
||||
rel="me"
|
||||
>git.piraattipuolue.fi</a
|
||||
>
|
||||
<a
|
||||
@ -139,7 +171,10 @@ robots: noai, nofollow
|
||||
>sauna.social</a
|
||||
>
|
||||
</li>
|
||||
<li class="monospaced" id="ssh">
|
||||
<li
|
||||
class="monospaced"
|
||||
id="ssh"
|
||||
>
|
||||
SSH:
|
||||
<a
|
||||
href="https://gitea.blesmrt.net/mikaela/ssh-allowed_signers/src/branch/cxefa/aminda/aminda.pub"
|
||||
|
@ -4,5 +4,5 @@ published: false
|
||||
|
||||
[IPFS](https://ipfs.io) related files
|
||||
|
||||
The directory isn't called IPFS in case it would cause confusion to IPFS
|
||||
capable software.
|
||||
The directory isn't called IPFS in case it would cause confusion to IPFS capable
|
||||
software.
|
||||
|
4
n/3g.md
4
n/3g.md
@ -7,8 +7,8 @@ sitemap: false
|
||||
lang: en
|
||||
---
|
||||
|
||||
Finland will mostly discontinue 3G networks by end of 2023. Suomen
|
||||
yhteisverkko will begins 3G shutdown early 2024.
|
||||
Finland will mostly discontinue 3G networks by end of 2023. Suomen yhteisverkko
|
||||
will begins 3G shutdown early 2024.
|
||||
|
||||
- [DNA.fi/3g]
|
||||
- [Elisa.fi/3g]
|
||||
|
4
n/5g.md
4
n/5g.md
@ -6,7 +6,9 @@ redirect_from:
|
||||
- /r/5G.html
|
||||
sitemap: false
|
||||
lang: en
|
||||
excerpt: List of carrier/WISP maps in Finland for quickly finding whether a place has 5G or not. Carriers eagerly sell it to people who don't have signal.
|
||||
excerpt:
|
||||
List of carrier/WISP maps in Finland for quickly finding whether a place has
|
||||
5G or not. Carriers eagerly sell it to people who don't have signal.
|
||||
---
|
||||
|
||||
_{{ page.excerpt }}_
|
||||
|
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Co-authoring and private emails with Git Forges
|
||||
excerpt: This note tells how to mark me as a git commit coauthor and my privatized email addresses.
|
||||
excerpt:
|
||||
This note tells how to mark me as a git commit coauthor and my privatized
|
||||
email addresses.
|
||||
layout: mini
|
||||
permalink: /n/coauthor.html
|
||||
sitemap: true
|
||||
@ -10,11 +12,11 @@ robots: noai
|
||||
|
||||
# Git forge private emails
|
||||
|
||||
**_WARNING! These are vendor lock-in and contribution activity will not
|
||||
pass on to other platrforms._** It may not matter much with sign-offs though.
|
||||
**_WARNING! These are vendor lock-in and contribution activity will not pass on
|
||||
to other platrforms._** It may not matter much with sign-offs though.
|
||||
|
||||
Forges generally have a feature for private email addresses and it can be
|
||||
used at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
|
||||
Forges generally have a feature for private email addresses and it can be used
|
||||
at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
|
||||
|
||||
> `Co-authored-by: NAME <NAME@EXAMPLE.COM>`
|
||||
|
||||
|
@ -9,7 +9,8 @@ lang: en
|
||||
|
||||
# Do copyright years need yearly updates?
|
||||
|
||||
Apparently it depends on whether you care about when the project enters public domain.
|
||||
Apparently it depends on whether you care about when the project enters public
|
||||
domain.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -35,7 +36,8 @@ Apparently it depends on whether you care about when the project enters public d
|
||||
## Yes
|
||||
|
||||
- [Information for maintainers of GNU software, 6.5: copyright notices](https://www.gnu.org/prep/maintain/maintain.html#Copyright-Notices)
|
||||
- At the time of writing they practically say to update every file that has more than 10 lines.
|
||||
- At the time of writing they practically say to update every file that has
|
||||
more than 10 lines.
|
||||
|
||||
## Other links
|
||||
|
||||
|
265
n/dns.md
265
n/dns.md
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Philosophical pondering on DNS and its features and usage
|
||||
excerpt: What DNS server is used, does it support ECS, is that threat or possibility, and everything that doesn't have a better place?
|
||||
excerpt:
|
||||
What DNS server is used, does it support ECS, is that threat or possibility,
|
||||
and everything that doesn't have a better place?
|
||||
layout: mini
|
||||
permalink: /n/dns.html
|
||||
redirect_from:
|
||||
@ -49,7 +51,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
|
||||
|
||||
## Identifying DNS resolver
|
||||
|
||||
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under "Network".
|
||||
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under
|
||||
"Network".
|
||||
- [dnsleaktest](https://dnsleaktest.com)
|
||||
- [whatsmydnsserver](https://www.whatsmydnsserver.com)
|
||||
- [ipleak.net](https://ipleak.net)
|
||||
@ -57,7 +60,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
|
||||
- [browserleaks.net/dns](https://browserleaks.net/dns)
|
||||
- [dnscheck.tools](https://www.dnscheck.tools)
|
||||
|
||||
The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
|
||||
The above list is based on
|
||||
[redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
|
||||
|
||||
---
|
||||
|
||||
@ -65,8 +69,8 @@ The above list is based on [redirect2me/which-dns README alternatives section](h
|
||||
|
||||
At it's current state of implementation, Encrypted Client-Hello requires
|
||||
DNS-over-HTTPS in the browser level or it won't be used. If downgrade from
|
||||
application level DoH to OS resolver is allowed, ECH will get disabled at
|
||||
least temporary. Thus I think this list belongs here close enough.
|
||||
application level DoH to OS resolver is allowed, ECH will get disabled at least
|
||||
temporary. Thus I think this list belongs here close enough.
|
||||
|
||||
- [Cloudflare Browser Check](https://www.cloudflare.com/ssl/encrypted-sni/)
|
||||
which still speaks of ESNI, while ECH replaced Encrypted Server Name
|
||||
@ -80,32 +84,37 @@ least temporary. Thus I think this list belongs here close enough.
|
||||
|
||||
## What is ECS?
|
||||
|
||||
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS) [Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS extension letting the authoritative nameserver
|
||||
know your subnet, generally a `/24` (IPv4) or a `/56` (IPv6), but the revealed
|
||||
subnet size is up to your DNS resolver configuration.
|
||||
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS)
|
||||
[Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS
|
||||
extension letting the authoritative nameserver know your subnet, generally a
|
||||
`/24` (IPv4) or a `/56` (IPv6), but the revealed subnet size is up to your DNS
|
||||
resolver configuration.
|
||||
|
||||
_See also simpler explanation at [PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
|
||||
_See also simpler explanation at
|
||||
[PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
|
||||
|
||||
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx.
|
||||
The last part of your IP address (the xxx) again is a number between 1
|
||||
to 254 (since 0 is reserved for the network itself and 255 is the
|
||||
broadcast address).
|
||||
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider)
|
||||
follows [RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177),
|
||||
it's assigned solely to you meaning the authoritative nameserver will know
|
||||
the request originated from your network.
|
||||
- However many ISPs, especially wireless ones,
|
||||
will just assign you a `64` which is required for
|
||||
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx. The last
|
||||
part of your IP address (the xxx) again is a number between 1 to 254 (since 0
|
||||
is reserved for the network itself and 255 is the broadcast address).
|
||||
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider) follows
|
||||
[RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177), it's assigned
|
||||
solely to you meaning the authoritative nameserver will know the request
|
||||
originated from your network.
|
||||
- However many ISPs, especially wireless ones, will just assign you a `64`
|
||||
which is required for
|
||||
[stateless address autoconfiguration](<https://en.m.wikipedia.org/wiki/SLAAC#Stateless_address_autoconfiguration_(SLAAC)>)
|
||||
which is the most common way of getting IPv6 address in your local area
|
||||
network as opposed to IPv4 where you would have
|
||||
[Dynamic Host Configuration Protocol (DHCP)](https://en.m.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
|
||||
- Your router does get the IPv6 subnet assignment for LAN distribution by means of [DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation) which is also common on mobile networks.
|
||||
- Your router does get the IPv6 subnet assignment for LAN distribution by
|
||||
means of
|
||||
[DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation)
|
||||
which is also common on mobile networks.
|
||||
|
||||
If you are reading my personal notes (that being useful for you would bring me
|
||||
a bit of happiness), please note that **_I am somewhat indecisive and change
|
||||
the DNS resolver a lot (at least daily judging by my feelings), but do check
|
||||
the git log._**
|
||||
If you are reading my personal notes (that being useful for you would bring me a
|
||||
bit of happiness), please note that **_I am somewhat indecisive and change the
|
||||
DNS resolver a lot (at least daily judging by my feelings), but do check the git
|
||||
log._**
|
||||
|
||||
- [History of this page at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/n/dns.md)
|
||||
|
||||
@ -113,78 +122,120 @@ the git log._**
|
||||
|
||||
_Android DoH3 option:_ `dns.google`
|
||||
|
||||
> [...] The longer the distance the data must travel from the data centre to
|
||||
> the end-user device, the more energy the transmission consumes –
|
||||
> regardless of the transmission path used. Intercontinental transmission
|
||||
> networks are fundamentally very efficient. Transferring data from the
|
||||
> United States to Europe may consume a fraction of the energy compared to
|
||||
> the last kilometre from the base station to the mobile phone.
|
||||
> [...] The longer the distance the data must travel from the data centre to the
|
||||
> end-user device, the more energy the transmission consumes – regardless of the
|
||||
> transmission path used. Intercontinental transmission networks are
|
||||
> fundamentally very efficient. Transferring data from the United States to
|
||||
> Europe may consume a fraction of the energy compared to the last kilometre
|
||||
> from the base station to the mobile phone.
|
||||
|
||||
- [Green Code](https://www.exove.com/green-code/) ([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf) [txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
|
||||
- [Green Code](https://www.exove.com/green-code/)
|
||||
([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf)
|
||||
[txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
|
||||
|
||||
If you utilize services of internet giants or content delivery networks, ECS will likely give you [the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing) and may help with decreasing your _digital carbon footprint_.
|
||||
If you utilize services of internet giants or content delivery networks, ECS
|
||||
will likely give you
|
||||
[the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing)
|
||||
and may help with decreasing your _digital carbon footprint_.
|
||||
|
||||
_The above means GAFAM, if you don't use them in any form, there may not be a
|
||||
need for ECS._
|
||||
|
||||
If those matter to you, you may also like to consider [increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
|
||||
If those matter to you, you may also like to consider
|
||||
[increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
|
||||
|
||||
### Why to not use ECS?
|
||||
|
||||
_Android DoH3 option:_ `cloudflare-dns.com`
|
||||
|
||||
> [...] we [Cloudflare] don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. **_We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals,_** which was part of the motivation for the privacy and security policies of 1.1.1.1.
|
||||
> [...] we [Cloudflare] don’t pass along the EDNS subnet information. This
|
||||
> information leaks information about a requester’s IP and, in turn, sacrifices
|
||||
> the privacy of users. This is especially problematic as we work to encrypt
|
||||
> more DNS traffic since the request from Resolver to Authoritative DNS is
|
||||
> typically unencrypted. **_We’re aware of real world examples where nationstate
|
||||
> actors have monitored EDNS subnet information to track individuals,_** which
|
||||
> was part of the motivation for the privacy and security policies of 1.1.1.1.
|
||||
>
|
||||
> [...]
|
||||
>
|
||||
> We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. [...]
|
||||
> We are working with the small number of networks with a higher network/ISP
|
||||
> density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up
|
||||
> with an EDNS IP Subnet alternative that gets them the information they need
|
||||
> for geolocation targeting without risking user privacy and security. Those
|
||||
> conversations have been productive and are ongoing. [...]
|
||||
|
||||
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702), emphasis mine.
|
||||
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702),
|
||||
emphasis mine.
|
||||
|
||||
ECS will decrease the cost of mass surveillance as instead of having to surveill everything happening on the network, anyone between your DNS server and the authoritative nameserver can see which IP addresses access the site with a reasonable accuracy.
|
||||
ECS will decrease the cost of mass surveillance as instead of having to surveill
|
||||
everything happening on the network, anyone between your DNS server and the
|
||||
authoritative nameserver can see which IP addresses access the site with a
|
||||
reasonable accuracy.
|
||||
|
||||
Then there are those with commercial interests, particularly outside of
|
||||
Europe, advertisers may be interested in making money out of the additional
|
||||
metadata. There may also be adblockers which don't block the DNS request,
|
||||
causing the advertising company to receive your IP address (or close enough to
|
||||
it) even if you didn't see the advertisement itself.
|
||||
Then there are those with commercial interests, particularly outside of Europe,
|
||||
advertisers may be interested in making money out of the additional metadata.
|
||||
There may also be adblockers which don't block the DNS request, causing the
|
||||
advertising company to receive your IP address (or close enough to it) even if
|
||||
you didn't see the advertisement itself.
|
||||
|
||||
Some say _the less metadata is produced, the smaller incentive there is for
|
||||
starting collecting and monetizing it._
|
||||
|
||||
This isn't even mentioning that the internet isn't a nice place or foreign
|
||||
advanced persistent threats or threat actors, who may not need a reason to
|
||||
attack you. [_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
|
||||
attack you.
|
||||
[_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
|
||||
|
||||
Additionally researchers (below) have used it to perform cache poisoning against an individual target directing them to a wrong location and with low TTL making it near impossible to audit later.
|
||||
Additionally researchers (below) have used it to perform cache poisoning against
|
||||
an individual target directing them to a wrong location and with low TTL making
|
||||
it near impossible to audit later.
|
||||
|
||||
What domains do you use? What if someone far above you knew regardless of Encrypted Client-Hello?
|
||||
What domains do you use? What if someone far above you knew regardless of
|
||||
Encrypted Client-Hello?
|
||||
|
||||
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use HTTPS everywhere? Do you know to not accept warnings about certificate issues? Do the other (less technical) users of your network? Would you or them be a delicious target? Do you even use GAFAM services?
|
||||
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use
|
||||
HTTPS everywhere? Do you know to not accept warnings about certificate issues?
|
||||
Do the other (less technical) users of your network? Would you or them be a
|
||||
delicious target? Do you even use GAFAM services?
|
||||
|
||||
See also:
|
||||
|
||||
- [_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf)
|
||||
|
||||
<del>_Later I have been torn on whether the quote above is correct and helps
|
||||
decrease my digital climate footprint more or less than adblocking on DNS
|
||||
level, but what really put the scales towards ECS for me was late night GApple
|
||||
update that was keeping me from sleeping. So ECS is for busy people who want
|
||||
to sleep?_</del> _The CISA link above makes me question this the very next day
|
||||
decrease my digital climate footprint more or less than adblocking on DNS level,
|
||||
but what really put the scales towards ECS for me was late night GApple update
|
||||
that was keeping me from sleeping. So ECS is for busy people who want to
|
||||
sleep?_</del> _The CISA link above makes me question this the very next day
|
||||
considering I belong to gender and sexual minorities, Pirate Party of Finland,
|
||||
and everything..._
|
||||
|
||||
### Why to use private ECS?
|
||||
|
||||
_Android DoH3 option:_ [?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
||||
_Android DoH3 option:_
|
||||
[?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
||||
|
||||
Do you want the benefits of ECS with the privacy and security of not having ECS? Private ECS is a compromise solution in the middle, although not without its own issues.
|
||||
Do you want the benefits of ECS with the privacy and security of not having ECS?
|
||||
Private ECS is a compromise solution in the middle, although not without its own
|
||||
issues.
|
||||
|
||||
Your private DNS provider will lie for you and say that your IP address is somewhere else where it will also place many others from your ISP. However what if it says you are a customer of another ISP, possibly even located in another country? It tends to have greater accuracy with IPv4 than IPv6, [see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html). What if no one else uses the same DNS server as you, especially from your ISP? I guess you can always advocate your DNS provider so it could be someone else too (I couldn't)? If it works most of time, does that outweight the times it won't work? Is perfect the enemy of good enough?
|
||||
Your private DNS provider will lie for you and say that your IP address is
|
||||
somewhere else where it will also place many others from your ISP. However what
|
||||
if it says you are a customer of another ISP, possibly even located in another
|
||||
country? It tends to have greater accuracy with IPv4 than IPv6,
|
||||
[see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html).
|
||||
What if no one else uses the same DNS server as you, especially from your ISP? I
|
||||
guess you can always advocate your DNS provider so it could be someone else too
|
||||
(I couldn't)? If it works most of time, does that outweight the times it won't
|
||||
work? Is perfect the enemy of good enough?
|
||||
|
||||
In that case you may <del>get even worse performance</del> be in even worse situation than without ECS. Then again if everything works properly, you will get the benefit of ECS without the privacy impact and lessened security impact.
|
||||
In that case you may <del>get even worse performance</del> be in even worse
|
||||
situation than without ECS. Then again if everything works properly, you will
|
||||
get the benefit of ECS without the privacy impact and lessened security impact.
|
||||
|
||||
See the next section for testing "where you are." Consider also what is important for you if you had to pick one or two from privacy, performance and climate.
|
||||
See the next section for testing "where you are." Consider also what is
|
||||
important for you if you had to pick one or two from privacy, performance and
|
||||
climate.
|
||||
|
||||
See also:
|
||||
|
||||
@ -197,8 +248,8 @@ See also:
|
||||
It's likely greener to just use adblocking DNS no matter where it is located,
|
||||
preferably on router level. I don't trust router/DHCP provided DNS and encrypt
|
||||
it on the end device anyway. And if something needs unfiltered access
|
||||
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the
|
||||
ability nowadays.
|
||||
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the ability
|
||||
nowadays.
|
||||
|
||||
Are you someone whom someone might want bad things to just for existing?
|
||||
|
||||
@ -219,26 +270,38 @@ dig +short TXT whoami-ecs.v6.powerdns.org.
|
||||
dig +short TXT whoami-ecs.v4.powerdns.org.
|
||||
```
|
||||
|
||||
- Note: [Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
|
||||
- Note:
|
||||
[Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
|
||||
|
||||
---
|
||||
|
||||
## [DNS0.eu] or [Quad9]?
|
||||
|
||||
In my experience [DNS0.eu] tends to have better filtering and
|
||||
[reporting options](https://www.dns0.eu/report) than [Quad9], while [servers being located only in](https://www.dns0.eu/network) the
|
||||
[European Union](https://european-union.europa.eu) is mildly problematic when your users start traveling
|
||||
outside it either for work or leisure, which across continents tends to bring
|
||||
round-trips overseas. Additionally private ECS (see above) tends to be bad
|
||||
poor for IPv6 and for very small AS like a school, it directs to another side
|
||||
of the country, but that is a very minor issue.
|
||||
[reporting options](https://www.dns0.eu/report) than [Quad9], while
|
||||
[servers being located only in](https://www.dns0.eu/network) the
|
||||
[European Union](https://european-union.europa.eu) is mildly problematic when
|
||||
your users start traveling outside it either for work or leisure, which across
|
||||
continents tends to bring round-trips overseas. Additionally private ECS (see
|
||||
above) tends to be bad poor for IPv6 and for very small AS like a school, it
|
||||
directs to another side of the country, but that is a very minor issue.
|
||||
|
||||
Meanwhile [Quad9] blocking seems almost as good in [tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/) and they give me impression [of more transparency](https://quad9.net/about/transparency-report) (as opposed to [DNS0.eu only
|
||||
having a <del>Twitter</del> X account](https://twitter.com/dns0eu)). [Quad9] also has more options on whether to ECS or not (see above).
|
||||
Meanwhile [Quad9] blocking seems almost as good in
|
||||
[tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/)
|
||||
and they give me impression
|
||||
[of more transparency](https://quad9.net/about/transparency-report) (as opposed
|
||||
to
|
||||
[DNS0.eu only having a <del>Twitter</del> X account](https://twitter.com/dns0eu)).
|
||||
[Quad9] also has more options on whether to ECS or not (see above).
|
||||
|
||||
The end-users traveling outside of the EU is also solved as they [have servers all around the world](https://quad9.net/service/locations/).
|
||||
The end-users traveling outside of the EU is also solved as they
|
||||
[have servers all around the world](https://quad9.net/service/locations/).
|
||||
|
||||
Back to [DNS0.eu], while disabling private ECS is not an option, they do have other options; [default filters](https://www.dns0.eu), [no filters](https://www.dns0.eu/open), [heavier filtering (zero)](https://www.dns0.eu/zero) and [kids](https://www.dns0.eu/kids).
|
||||
Back to [DNS0.eu], while disabling private ECS is not an option, they do have
|
||||
other options; [default filters](https://www.dns0.eu),
|
||||
[no filters](https://www.dns0.eu/open),
|
||||
[heavier filtering (zero)](https://www.dns0.eu/zero) and
|
||||
[kids](https://www.dns0.eu/kids).
|
||||
|
||||
[DNS0.eu]: https://www.dns0.eu
|
||||
[Quad9]: https://quad9.net
|
||||
@ -284,18 +347,19 @@ with desktop versions etc._
|
||||
|
||||
### Android
|
||||
|
||||
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google`
|
||||
(which has ECS) as the (Settings → Network & Internet → Advanced →)
|
||||
_Private DNS_ server as [they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h) and are thus DNS over
|
||||
HTTPS3 instead of the usual DNS over TLS. This can be confirmed with
|
||||
[`https://1.1.1.1/help`](https://one.one.one.one/help) (when using
|
||||
`cloudflare-dns.com`). **_However is connectivity in limited networks and
|
||||
maybe a bit faster speed in bad network more important than a level of
|
||||
security reached by a filtering resolver?_**
|
||||
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google` (which
|
||||
has ECS) as the (Settings → Network & Internet → Advanced →) _Private DNS_
|
||||
server as
|
||||
[they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
||||
and are thus DNS over HTTPS3 instead of the usual DNS over TLS. This can be
|
||||
confirmed with [`https://1.1.1.1/help`](https://one.one.one.one/help) (when
|
||||
using `cloudflare-dns.com`). **_However is connectivity in limited networks and
|
||||
maybe a bit faster speed in bad network more important than a level of security
|
||||
reached by a filtering resolver?_**
|
||||
|
||||
Then setup your web browser (including Firefox (other than stable which
|
||||
disables `about:config`) and Chrome) to use DNS over HTTPS with your preferred
|
||||
server and while at it enabling HTTPS only mode.
|
||||
Then setup your web browser (including Firefox (other than stable which disables
|
||||
`about:config`) and Chrome) to use DNS over HTTPS with your preferred server and
|
||||
while at it enabling HTTPS only mode.
|
||||
|
||||
At least `https://security.cloudflare-dns.com/dns-query` won't downgrade to
|
||||
system DNS resolver so
|
||||
@ -317,7 +381,8 @@ If testing Cloudflare, see also:
|
||||
Do other Android based OSes contain the special handling of specific _Private
|
||||
DNS_ domains turning into DNS-over-HTTP/3?
|
||||
|
||||
- GrapheneOS: [yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
|
||||
- GrapheneOS:
|
||||
[yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
|
||||
- LineageOS:
|
||||
[yes](https://github.com/LineageOS/android_packages_modules_DnsResolver/blob/lineage-20.0/PrivateDnsConfiguration.h)
|
||||
- /e/OS:
|
||||
@ -325,14 +390,13 @@ DNS_ domains turning into DNS-over-HTTP/3?
|
||||
|
||||
### [Rethink](https://github.com/celzero/rethink-app)
|
||||
|
||||
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on
|
||||
seeing the IP directly such as wireless debugging LAN IP, Briar LAN
|
||||
connections, cause warnings in Ooni Probe and disable automatic testing,
|
||||
Syncthing Fork will not autostart due to detecting the network as metered,
|
||||
unless it's given permission to run in metered networks.
|
||||
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on seeing
|
||||
the IP directly such as wireless debugging LAN IP, Briar LAN connections, cause
|
||||
warnings in Ooni Probe and disable automatic testing, Syncthing Fork will not
|
||||
autostart due to detecting the network as metered, unless it's given permission
|
||||
to run in metered networks.
|
||||
|
||||
1. Use either GitHub or F-Droid release as Google Play doesn't have
|
||||
blocklists.
|
||||
1. Use either GitHub or F-Droid release as Google Play doesn't have blocklists.
|
||||
1. Enable it.
|
||||
1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it
|
||||
always-on and block connections not using it.
|
||||
@ -350,19 +414,17 @@ unless it's given permission to run in metered networks.
|
||||
- Network: _Perform connectivity checks_
|
||||
|
||||
1. Remember to also visit Android app details for Rethink, in battery menu
|
||||
select unrestricted and in network allow unlimited data even with data
|
||||
saver.
|
||||
1. I also have a suspicion that Android _Developer_ Setting `Always keep
|
||||
mobile data active` is interfering with Rethink as always-on VPN causing
|
||||
connectivity issues or it not being sure whether "metered" or unmetered
|
||||
network is being used.
|
||||
select unrestricted and in network allow unlimited data even with data saver.
|
||||
1. I also have a suspicion that Android _Developer_ Setting
|
||||
`Always keep mobile data active` is interfering with Rethink as always-on VPN
|
||||
causing connectivity issues or it not being sure whether "metered" or
|
||||
unmetered network is being used.
|
||||
1. The setting is enabled by default nowadays, to access it, go to about
|
||||
phone and rapidly tap `Software build number`
|
||||
(backtranslated to English from Finnish (like everything else (TODO:
|
||||
check in English)).
|
||||
phone and rapidly tap `Software build number` (backtranslated to English
|
||||
from Finnish (like everything else (TODO: check in English)).
|
||||
1. Once you are a developer, `System Settings` (within `Settings`) should
|
||||
have a new `Developer Settings` menu `Mobile data always active` is
|
||||
under `Connection properties` section (which is above `Input`)
|
||||
have a new `Developer Settings` menu `Mobile data always active` is under
|
||||
`Connection properties` section (which is above `Input`)
|
||||
|
||||
Hopefully there is no situation where Rethink stops working and thinks it's
|
||||
still working. As can be deduced from this section, sometimes Rethink and I
|
||||
@ -374,10 +436,9 @@ I think a few of the blocklists in Rethink are blocking apkpure's domain
|
||||
breaking Obtainium and their official app and the steps to fix that are:
|
||||
|
||||
1. Use a DNS server that doesn't have the block (`https://open.dns0.eu/` or
|
||||
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is
|
||||
desirable?)
|
||||
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy`
|
||||
and `Logs`.
|
||||
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is desirable?)
|
||||
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy` and
|
||||
`Logs`.
|
||||
1. Search for `Obtainium` or `APKPure` and select it.
|
||||
1. Select `Domain Rules`.
|
||||
1. Select the floating `+` from bottom right.
|
||||
|
27
n/emoji.md
27
n/emoji.md
@ -11,10 +11,8 @@ lang: en
|
||||
|
||||
# Unemojied emojis
|
||||
|
||||
[John D. Cook shares a nice trick to prevent emojis from being displayed as
|
||||
emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/) and I
|
||||
want to store it here alongside the more personally
|
||||
relevant symbols.
|
||||
[John D. Cook shares a nice trick to prevent emojis from being displayed as emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/)
|
||||
and I want to store it here alongside the more personally relevant symbols.
|
||||
|
||||
So to make something not an emoji, `U+FE0E` or `︎` and to use emoji,
|
||||
`FE0F` or (`️`).
|
||||
@ -49,7 +47,8 @@ _My shellrc has some reminders for me and these are the sequences there._
|
||||
## aminda.eu
|
||||
|
||||
- 🧅︎ Onion: `\u1f9c5` `🧅︎`
|
||||
- I guess it just doesn't have a non-emoji variant at least on my system at the time of writing?
|
||||
- I guess it just doesn't have a non-emoji variant at least on my system at
|
||||
the time of writing?
|
||||
|
||||
### friends
|
||||
|
||||
@ -58,20 +57,26 @@ _My shellrc has some reminders for me and these are the sequences there._
|
||||
|
||||
## Flags
|
||||
|
||||
- 🏴‍☠︎ Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e` or `🏴‍☠︎`
|
||||
- 🏳️‍🌈︎ Pride Flag: `🏳️‍🌈`
|
||||
- 🏳️‍⚧️‍︎ Trans Pride Flag: `🏳️‍⚧️‍︎`
|
||||
- 🏴‍☠︎ Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e`
|
||||
or `🏴‍☠︎`
|
||||
- 🏳️‍🌈︎ Pride Flag:
|
||||
`🏳️‍🌈`
|
||||
- 🏳️‍⚧️‍︎ Trans Pride Flag:
|
||||
`🏳️‍⚧️‍︎`
|
||||
|
||||
## Kingdom Hearts
|
||||
|
||||
Well, one must be prepared to discuss the clash between Light and Darkness and the χ-blade, in case someone resurrects it?
|
||||
Well, one must be prepared to discuss the clash between Light and Darkness and
|
||||
the χ-blade, in case someone resurrects it?
|
||||
|
||||
- χ can be expressed as `\U03C7`, `χ` or neatly `χ`.
|
||||
- In case of `&Chi` making it a capital letter turns it into Χ, but can you even distinguish that from X?
|
||||
- In case of `&Chi` making it a capital letter turns it into Χ, but can
|
||||
you even distinguish that from X?
|
||||
|
||||
### Roman Numerals
|
||||
|
||||
_You have no idea how often I miss these. And I don't even mean to discuss the_ Organization ⅫⅠ.
|
||||
_You have no idea how often I miss these. And I don't even mean to discuss the_
|
||||
Organization ⅫⅠ.
|
||||
|
||||
**_WARNING: The first syntax may be incorrect._**
|
||||
|
||||
|
@ -32,27 +32,39 @@ _{{ page.excerpt }}_
|
||||
|
||||
## Security
|
||||
|
||||
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open. Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
|
||||
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open.
|
||||
Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
|
||||
- Debian calls this as `amd64-microcode` or `intel-microcode`
|
||||
- `ufw` for Deb-based or `firewalld` on Fedora
|
||||
- `sshguard` for mitigating shared systems where others refuse to use keys
|
||||
- `needrestart` for knowing when updates actually require services to be restarted or a kernel upgrade happens and requires reboot
|
||||
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production rather than local machine.
|
||||
- `needrestart` for knowing when updates actually require services to be
|
||||
restarted or a kernel upgrade happens and requires reboot
|
||||
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production
|
||||
rather than local machine.
|
||||
- `apt-listchanges` changelogs are worth knowing when updating.
|
||||
- `apt-listbugs` known bugs are especially nice when performing bigger updates.
|
||||
- `chrony` - security demands the time to be correct, Chrony supports NTS and is proper NTP server instead of just SNTP like systemd-timesyncd.
|
||||
- `chrony` - security demands the time to be correct, Chrony supports NTS and is
|
||||
proper NTP server instead of just SNTP like systemd-timesyncd.
|
||||
- alternatively configure `systemd-timesyncd`
|
||||
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I had it connect to upstream dns\[crypt\]proxy
|
||||
- alternatively configure `systemd-resolved`. Simultaneously `systemd-networkd` may be a good idea.
|
||||
- `unattended-upgrades` or `dnf-automatic` so security updates are at least downloaded if not even directly installed (see configuration and systemd units!)
|
||||
- if `dnf-automatic`, consider `sudo systemctl enable dnf-automatic-install.{timer,service}`
|
||||
or at least `sudo systemctl enable dnf-automatic-download.{timer,service}`
|
||||
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I
|
||||
had it connect to upstream dns\[crypt\]proxy
|
||||
- alternatively configure `systemd-resolved`. Simultaneously
|
||||
`systemd-networkd` may be a good idea.
|
||||
- `unattended-upgrades` or `dnf-automatic` so security updates are at least
|
||||
downloaded if not even directly installed (see configuration and systemd
|
||||
units!)
|
||||
- if `dnf-automatic`, consider
|
||||
`sudo systemctl enable dnf-automatic-install.{timer,service}` or at least
|
||||
`sudo systemctl enable dnf-automatic-download.{timer,service}`
|
||||
|
||||
## Usability
|
||||
|
||||
- `nvim git tmux zsh` - good luck without these
|
||||
- if cryptographic operations are taking ages, consider something like `haveged`. It's controversial, so if there are no issues, don't install a random number generator.
|
||||
- userspace oom killer, may avoid frozen systems, much more pleasant than actually having to deal with a frozen system.
|
||||
- if cryptographic operations are taking ages, consider something like
|
||||
`haveged`. It's controversial, so if there are no issues, don't install a
|
||||
random number generator.
|
||||
- userspace oom killer, may avoid frozen systems, much more pleasant than
|
||||
actually having to deal with a frozen system.
|
||||
- `earlyoom`
|
||||
- remember to `sudo systemctl enable --now earlyoom`
|
||||
- `systemd-oomd`
|
||||
@ -63,14 +75,16 @@ _{{ page.excerpt }}_
|
||||
- `thermald` for additional help keeping system cool, especially intel
|
||||
- `sudo systemctl enable --now thermald`
|
||||
- `vnstat` - help for observing bandwidth usage
|
||||
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
|
||||
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is
|
||||
IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
|
||||
- `tlp` - for laptop power management, especially ThinkPad.
|
||||
- `sudo tlp-stat | less`
|
||||
- `sudo systemctl enable --now tlp`
|
||||
|
||||
## Offtopic system configuration
|
||||
|
||||
This is just too close to not mention here (and was besides in my planning issue):
|
||||
This is just too close to not mention here (and was besides in my planning
|
||||
issue):
|
||||
|
||||
### Debian-based
|
||||
|
||||
@ -82,4 +96,5 @@ This is just too close to not mention here (and was besides in my planning issue
|
||||
### SSD
|
||||
|
||||
- `sudo systemctl enable --now fstrim.timer`
|
||||
- check that `/etc/fstab` has `noatime` so every file access isn't written to the disk. BTRFS filesystems should also have `ssd` flag.
|
||||
- check that `/etc/fstab` has `noatime` so every file access isn't written to
|
||||
the disk. BTRFS filesystems should also have `ssd` flag.
|
||||
|
51
n/f-droid.md
51
n/f-droid.md
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: F-Droid repository list
|
||||
excerpt: F-Droid is kind of apt for Android with multiple repositories available. This is my note to self on which repositories I tend to have configured.
|
||||
excerpt:
|
||||
F-Droid is kind of apt for Android with multiple repositories available. This
|
||||
is my note to self on which repositories I tend to have configured.
|
||||
layout: mini
|
||||
permalink: /n/f-droid.html
|
||||
redirect_from: /n/fdroid.html
|
||||
@ -11,7 +13,8 @@ robots: noai
|
||||
|
||||
_{{ page.excerpt }}_
|
||||
|
||||
Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
|
||||
Remember to prefer the
|
||||
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -31,32 +34,46 @@ Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.b
|
||||
|
||||
## Official F-Droid repositories
|
||||
|
||||
F-Droid and GuardianProject are configured by default, however cloudflare
|
||||
isn't enabled by default. And for some reason my Yeul decided that it
|
||||
needs 0 repositories out of the box, so time to add them too.
|
||||
F-Droid and GuardianProject are configured by default, however cloudflare isn't
|
||||
enabled by default. And for some reason my Yeul decided that it needs 0
|
||||
repositories out of the box, so time to add them too.
|
||||
|
||||
- [cloudflare.f-droid.org/repo](fdroidrepos://cloudflare.f-droid.org/repo?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)
|
||||
- <s>[cloudflare.f-droid.org/archive](fdroidrepos://cloudflare.f-droid.org/archive?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)</s>
|
||||
|
||||
## Additional F-Droid repositories
|
||||
|
||||
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a) is a less strictly foss repository by an F-Droid maintainer.
|
||||
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26) contains Frostnerd's apps, mainly Nebulo.
|
||||
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a)
|
||||
is a less strictly foss repository by an F-Droid maintainer.
|
||||
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26)
|
||||
contains Frostnerd's apps, mainly Nebulo.
|
||||
- [guardianproject.info/fdroid/repo](fdroidrepos://guardianproject.info/fdroid/repo?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)
|
||||
- <s>[guardianproject.info/fdroid/archive](fdroidrepos://guardianproject.info/fdroid/archive?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)</s>
|
||||
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242) contains SpiritCroc's apps, mainly SchildiChat.
|
||||
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225) contains testing versions of SpiritCroc's apps, mainly SchildiChat.
|
||||
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) contains the DivestOS apps such as Hypatia and Mull Browser (not to be confused with Mullvad Browser).
|
||||
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242)
|
||||
contains SpiritCroc's apps, mainly SchildiChat.
|
||||
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225)
|
||||
contains testing versions of SpiritCroc's apps, mainly SchildiChat.
|
||||
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467)
|
||||
contains the DivestOS apps such as Hypatia and Mull Browser (not to be
|
||||
confused with Mullvad Browser).
|
||||
|
||||
## Official repositories for a single project
|
||||
|
||||
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c) is Bitwarden password manager.
|
||||
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6) is Briar local mesh/Tor messenger.
|
||||
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165) is an open implementation of Play Services and used just for devices without them.
|
||||
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D) is the Goguma IRC client nightly repository.
|
||||
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba) is the SimpleX messenger repository.
|
||||
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A) is Molly the Signal fork's repo.
|
||||
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74) is Molly FOSS the Signal fork's repo without propietary components.
|
||||
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c)
|
||||
is Bitwarden password manager.
|
||||
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6)
|
||||
is Briar local mesh/Tor messenger.
|
||||
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165)
|
||||
is an open implementation of Play Services and used just for devices without
|
||||
them.
|
||||
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D)
|
||||
is the Goguma IRC client nightly repository.
|
||||
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba)
|
||||
is the SimpleX messenger repository.
|
||||
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A)
|
||||
is Molly the Signal fork's repo.
|
||||
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74)
|
||||
is Molly FOSS the Signal fork's repo without propietary components.
|
||||
|
||||
---
|
||||
|
||||
|
@ -1,6 +1,9 @@
|
||||
---
|
||||
title: Fairbuds XL and the equalizer settings
|
||||
excerpt: I have the misnamed XL and while it's clear, even with factory reset by pushing the joystick to the right until it says "factory reset complete", but the studio eq may not be so clear.
|
||||
excerpt:
|
||||
I have the misnamed XL and while it's clear, even with factory reset by
|
||||
pushing the joystick to the right until it says "factory reset complete", but
|
||||
the studio eq may not be so clear.
|
||||
layout: mini
|
||||
permalink: /n/fairbuds.html
|
||||
redirect_from:
|
||||
@ -35,7 +38,15 @@ Shamelessly copied from Matrix.
|
||||
|
||||
### 2024-04-11
|
||||
|
||||
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db, 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and 10khz levels depending on their taste and "head related transfer function" (rabbit hole, not worth digging into). I could go for one more db on those myself since I tend to prefer that BUT that can also lead to some sharpness for my ears on some tracks. This is a better comfortable level for me. Also those settings don't assume the Fairbuds XL are flat because they're not, instead these settings aim to "correct" the issues I feel they have with the tools given in the app without being silly. :)
|
||||
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db,
|
||||
> 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and
|
||||
> 10khz levels depending on their taste and "head related transfer function"
|
||||
> (rabbit hole, not worth digging into). I could go for one more db on those
|
||||
> myself since I tend to prefer that BUT that can also lead to some sharpness
|
||||
> for my ears on some tracks. This is a better comfortable level for me. Also
|
||||
> those settings don't assume the Fairbuds XL are flat because they're not,
|
||||
> instead these settings aim to "correct" the issues I feel they have with the
|
||||
> tools given in the app without being silly. :)
|
||||
|
||||
In clearer words, in the app drag the four sliders to
|
||||
|
||||
|
@ -12,8 +12,8 @@ robots: noai
|
||||
|
||||
# Quick note on firewalld usage
|
||||
|
||||
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with.
|
||||
The blog post also predates me having a /n directory here.
|
||||
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with. The
|
||||
blog post also predates me having a /n directory here.
|
||||
|
||||
**_After done, run `sudo firewall-cmd --reload`_**
|
||||
|
||||
@ -36,12 +36,12 @@ The blog post also predates me having a /n directory here.
|
||||
|
||||
## Zones
|
||||
|
||||
firewalld zones are privilege of NetworkManager users, this tends to be
|
||||
a systemd-networkd household. Then again I don't believe in absolutely trusted
|
||||
firewalld zones are privilege of NetworkManager users, this tends to be a
|
||||
systemd-networkd household. Then again I don't believe in absolutely trusted
|
||||
zones.
|
||||
|
||||
Zone would be specified by `--zone=home` in the commands. The other zone I
|
||||
could imagine using is `public`.
|
||||
Zone would be specified by `--zone=home` in the commands. The other zone I could
|
||||
imagine using is `public`.
|
||||
|
||||
## Protocols
|
||||
|
||||
@ -49,8 +49,10 @@ could imagine using is `public`.
|
||||
sudo firewall-cmd --add-protocol=ipv6-icmp --permanent
|
||||
```
|
||||
|
||||
- Tells computers when things go wrong with IPv6 network. See also [Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
|
||||
- _Motivation for being here is [20/20 in IPv6-test.com](https://ipv6-test.com)._
|
||||
- Tells computers when things go wrong with IPv6 network. See also
|
||||
[Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
|
||||
- _Motivation for being here is
|
||||
[20/20 in IPv6-test.com](https://ipv6-test.com)._
|
||||
|
||||
## Services
|
||||
|
||||
@ -62,11 +64,10 @@ sudo firewall-cmd --add-service=syncthing --permanent
|
||||
sudo firewall-cmd --add-service=mdns --permanent
|
||||
```
|
||||
|
||||
- I trust Chrony (ntp) to not allow it to be used from outside of LAN
|
||||
as `firewalld` is apparently not designed with limiting source
|
||||
addresses in mind.
|
||||
- `syncthing` is the client, not to be confused with `syncthing-gui`
|
||||
or `syncthing-relay`.
|
||||
- I trust Chrony (ntp) to not allow it to be used from outside of LAN as
|
||||
`firewalld` is apparently not designed with limiting source addresses in mind.
|
||||
- `syncthing` is the client, not to be confused with `syncthing-gui` or
|
||||
`syncthing-relay`.
|
||||
|
||||
## Ports
|
||||
|
||||
@ -75,6 +76,7 @@ sudo firewall-cmd --permanent --add-port=9001/udp
|
||||
sudo firewall-cmd --permanent --add-port=6771/udp
|
||||
```
|
||||
|
||||
- `9001/udp` is Yggdrasil automatic peering, although link-local and
|
||||
unlikely to be recognised by predefined rules.
|
||||
- `6771/udp` is [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||
- `9001/udp` is Yggdrasil automatic peering, although link-local and unlikely to
|
||||
be recognised by predefined rules.
|
||||
- `6771/udp` is
|
||||
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||
|
50
n/gpg.md
50
n/gpg.md
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: GPG notes without a better place
|
||||
excerpt: Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on Keybase.
|
||||
excerpt:
|
||||
Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on
|
||||
Keybase.
|
||||
layout: mini
|
||||
permalink: /n/gpg.html
|
||||
redirect_from:
|
||||
@ -42,8 +44,8 @@ robots: noai
|
||||
|
||||
## Ed25519 (or future default) key creation
|
||||
|
||||
To create an Ed25519 key, or whatever will be the default version in the
|
||||
future as defined by your GPG version:
|
||||
To create an Ed25519 key, or whatever will be the default version in the future
|
||||
as defined by your GPG version:
|
||||
|
||||
```
|
||||
gpg2 --quick-gen-key address@domain.example future-default
|
||||
@ -59,26 +61,28 @@ deluid # to delete the uid which doesn't contain your name
|
||||
save
|
||||
```
|
||||
|
||||
\* [OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
|
||||
\*
|
||||
[OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
|
||||
|
||||
Then you are ready to publish the public key however you generally publish
|
||||
it, preferably in multiple places from where some recognise revokation
|
||||
certificates if the time ever comes.
|
||||
Then you are ready to publish the public key however you generally publish it,
|
||||
preferably in multiple places from where some recognise revokation certificates
|
||||
if the time ever comes.
|
||||
|
||||
NOTE: You can extend the expiry time of an expired gpg signature by issuing
|
||||
the `expire` command in `--edit-key` and the key is valid again when the
|
||||
update is reimported to gpg keyrings by other people.
|
||||
NOTE: You can extend the expiry time of an expired gpg signature by issuing the
|
||||
`expire` command in `--edit-key` and the key is valid again when the update is
|
||||
reimported to gpg keyrings by other people.
|
||||
|
||||
## Keybase
|
||||
|
||||
To publish the key `keybase pgp select --multi` (where multi
|
||||
is required for multiple PGP keys per account) and to submit changes to it,
|
||||
To publish the key `keybase pgp select --multi` (where multi is required for
|
||||
multiple PGP keys per account) and to submit changes to it,
|
||||
`keybase pgp update --all` (where --all is again necessary only if you have
|
||||
multiple keys).
|
||||
|
||||
## Claws-mail note that is somewhat related.
|
||||
|
||||
Debian: `sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
|
||||
Debian:
|
||||
`sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
|
||||
|
||||
Load plugins from Configuration (menu) --> Plugins --> Load, they are all
|
||||
somewhere in `/usr/lib/x86_64-linux-gnu/claws-mail/plugins` or similar path.
|
||||
@ -103,17 +107,19 @@ xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
|
||||
|
||||
```
|
||||
|
||||
Note the empty line in the end, as PGP/INLINE is the way to sign emails,
|
||||
it the PGP signature comes after it and in my opinion looks a bit cleaner
|
||||
with the signature ending to an empty line.
|
||||
Note the empty line in the end, as PGP/INLINE is the way to sign emails, it the
|
||||
PGP signature comes after it and in my opinion looks a bit cleaner with the
|
||||
signature ending to an empty line.
|
||||
|
||||
---
|
||||
|
||||
## WKD
|
||||
|
||||
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from
|
||||
Matt Rude whose page is NXDOMAIN and not in Wayback Machine. [What I find is](https://openpgpkey.mattrude.com/)
|
||||
pointers to [1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS) [3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
|
||||
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from Matt Rude
|
||||
whose page is NXDOMAIN and not in Wayback Machine.
|
||||
[What I find is](https://openpgpkey.mattrude.com/) pointers to
|
||||
[1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS)
|
||||
[3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
|
||||
|
||||
Requires a control over domain/.well-known and email under that domain.
|
||||
|
||||
@ -126,7 +132,8 @@ Requires a control over domain/.well-known and email under that domain.
|
||||
7. in Jekyll `_config.yml` ensure existence of `include: [.well-known]` if
|
||||
applicable.
|
||||
8. deploy
|
||||
9. test with `gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
|
||||
9. test with
|
||||
`gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
|
||||
|
||||
NOTE: The empty `policy` goes to the `openpgpkey` directory, not `hu` (I
|
||||
initially failed at this part)
|
||||
@ -144,7 +151,8 @@ commands in `gpg --edit-key "key fingerprint here"`:
|
||||
- Add notations: `notation`
|
||||
- Remove notations: `notation` from `showpref` with a `-` in the beginning
|
||||
|
||||
Don't forget to `gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
|
||||
Don't forget to
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
|
||||
|
||||
### Keyoxide docs
|
||||
|
||||
|
94
n/helen.md
94
n/helen.md
@ -15,7 +15,9 @@ hattiwattlowprice: "10 c/kWh"
|
||||
lang: fi
|
||||
---
|
||||
|
||||
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||
Tuntihinta @
|
||||
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
|
||||
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -40,28 +42,49 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
|
||||
|
||||
Helen markkinahintasähkö kuukaudelle {{ page.month }} on {{ page.monthly }}.
|
||||
|
||||
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }}, siirron marginaali {{ page.distributionmargin }}.
|
||||
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
|
||||
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }},
|
||||
siirron marginaali {{ page.distributionmargin }}.
|
||||
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali
|
||||
{{ page.stockmargin }}.
|
||||
|
||||
## Yhtälöt Tuntihinnalle
|
||||
|
||||
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
||||
|
||||
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helenin markkinasähköhinta + siirtohinta kWh)
|
||||
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2), **_pyöristettynä alaspäin_**
|
||||
- Marginaali: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh + pörssisähkön marginaali).
|
||||
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli {{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
|
||||
- Kallis: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin korkea hinta + Marginaali)
|
||||
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
|
||||
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli {{ page.hattiwatthighprice }} ja halvan olevan alle {{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
|
||||
- Halpa: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin matala hinta + Marginaali)
|
||||
- Kallis: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin korkea hinta + Marginaali)
|
||||
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
|
||||
(Helenin markkinasähköhinta + siirtohinta kWh)
|
||||
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
|
||||
2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2),
|
||||
**_pyöristettynä alaspäin_**
|
||||
- Marginaali: <strong>{{ page.distributionmargin }} +
|
||||
{{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh +
|
||||
pörssisähkön marginaali).
|
||||
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli
|
||||
{{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
|
||||
- Kallis: <strong>{{ page.omahelenhighprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin
|
||||
korkea hinta + Marginaali)
|
||||
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
|
||||
{{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
|
||||
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli
|
||||
{{ page.hattiwatthighprice }} ja halvan olevan alle
|
||||
{{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
|
||||
- Halpa: <strong>{{ page.hattiwattlowprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
|
||||
matala hinta + Marginaali)
|
||||
- Kallis: <strong>{{ page.hattiwatthighprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
|
||||
korkea hinta + Marginaali)
|
||||
|
||||
## Lähteet
|
||||
|
||||
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta) määrittää kalliin hinnan.
|
||||
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
|
||||
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin asiakaslehdessä.
|
||||
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta)
|
||||
määrittää kalliin hinnan.
|
||||
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii
|
||||
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
|
||||
edullisesti.
|
||||
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin
|
||||
asiakaslehdessä.
|
||||
|
||||
<div lang="en">
|
||||
|
||||
@ -69,27 +92,44 @@ _Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
||||
|
||||
Helen's monthly market price for month {{ page.month }} is {{ page.monthly }}.
|
||||
|
||||
- Distribution price: {{ page.basicdistribution }} and {{ page.distributionmargin }}.
|
||||
- Distribution price: {{ page.basicdistribution }} and
|
||||
{{ page.distributionmargin }}.
|
||||
- Stock price: {{ page.basicstock }} and {{ page.stockmargin }}.
|
||||
|
||||
## Equations for Tuntihinta
|
||||
|
||||
_Jekyll doesn't allow maths directly for infosec reasons._
|
||||
|
||||
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helen's Market Price Electricity + distribution margin)
|
||||
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helen's Market Price Electricity + distribution margin / 2), **_round down_**
|
||||
- Margin: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Distribution fee + stock margin)
|
||||
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over {{ page.omahelenhighprice }} as expensive, so alternative equations are:
|
||||
- Expensive: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's high price + Margin)
|
||||
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
|
||||
- [HattiWatt](https://hattiwatt.com/) again treats over {{ page.hattiwatthighprice }} as high price with low price being {{ page.hattiwattlowprice }}. It however shows price in traffic lights.
|
||||
- Cheap: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's low price + Margin))
|
||||
- Expensive: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's high price + Margin)
|
||||
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
|
||||
(Helen's Market Price Electricity + distribution margin)
|
||||
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
|
||||
2</strong> (Helen's Market Price Electricity + distribution margin / 2),
|
||||
**_round down_**
|
||||
- Margin: <strong>{{ page.distributionmargin }} +
|
||||
{{ page.stockmargin }}</strong> (Distribution fee + stock margin)
|
||||
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over
|
||||
{{ page.omahelenhighprice }} as expensive, so alternative equations are:
|
||||
- Expensive: <strong>{{ page.omahelenhighprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's
|
||||
high price + Margin)
|
||||
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
|
||||
{{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
|
||||
- [HattiWatt](https://hattiwatt.com/) again treats over
|
||||
{{ page.hattiwatthighprice }} as high price with low price being
|
||||
{{ page.hattiwattlowprice }}. It however shows price in traffic lights.
|
||||
- Cheap: <strong>{{ page.hattiwattlowprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
|
||||
low price + Margin))
|
||||
- Expensive: <strong>{{ page.hattiwatthighprice }} +
|
||||
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
|
||||
high price + Margin)
|
||||
|
||||
## Sources
|
||||
|
||||
- Definition of monthly plan price: [Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
|
||||
- They use it all month following stock market price and trying to get their own citation.
|
||||
- Definition of monthly plan price:
|
||||
[Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
|
||||
- They use it all month following stock market price and trying to get their
|
||||
own citation.
|
||||
- Distribution is in _Oma Helen_ and changes are announced in their newspaper.
|
||||
|
||||
</div>
|
||||
|
@ -1,7 +1,11 @@
|
||||
---
|
||||
layout: default
|
||||
title: Notes
|
||||
excerpt: You have discovered my notes listing, where I ramble about random subjects for future me, so I don't have to rediscover the things again. I tend to access these with direct link, but for your benefit, they are also listed here. It is not without realm of possibility for you to be reading this page already.
|
||||
excerpt:
|
||||
You have discovered my notes listing, where I ramble about random subjects for
|
||||
future me, so I don't have to rediscover the things again. I tend to access
|
||||
these with direct link, but for your benefit, they are also listed here. It is
|
||||
not without realm of possibility for you to be reading this page already.
|
||||
permalink: /n/index.html
|
||||
redirect_from: /n/n.html
|
||||
navigation: true
|
||||
|
@ -9,10 +9,12 @@ lang: en
|
||||
robots: noai
|
||||
---
|
||||
|
||||
> Keyoxide is a decentralized tool to create and verify decentralized online identities.
|
||||
> Keyoxide is a decentralized tool to create and verify decentralized online
|
||||
> identities.
|
||||
|
||||
- For painful OpenPGP proofs using notations refer to [n/gpg](/n/gpg.html).
|
||||
- For ASP profiles [Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
|
||||
- For ASP profiles
|
||||
[Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
|
||||
- [n/obtainium](/n/obtainium.html) is that way.
|
||||
|
||||
## My ASP profile
|
||||
@ -21,6 +23,8 @@ robots: noai
|
||||
|
||||
### Proofs
|
||||
|
||||
- Plain: [`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
|
||||
- Plain:
|
||||
[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
|
||||
- <code>[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)</code>
|
||||
- Hashed: `$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`
|
||||
- Hashed:
|
||||
`$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`
|
||||
|
23
n/ksoy.md
23
n/ksoy.md
@ -11,7 +11,9 @@ stockmargin: "0.23 c/kWh"
|
||||
lang: fi
|
||||
---
|
||||
|
||||
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||
Tuntihinta @
|
||||
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
|
||||
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -33,19 +35,26 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
|
||||
|
||||
_Siirtohinnasto ei tiedossa, joten se ei ole mukana yhtälöissä._
|
||||
|
||||
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on {{ page.monthly }}.
|
||||
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on
|
||||
{{ page.monthly }}.
|
||||
|
||||
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
|
||||
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali
|
||||
{{ page.stockmargin }}.
|
||||
|
||||
## Yhtälöt Tuntihinnalle
|
||||
|
||||
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
||||
|
||||
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen hinta)
|
||||
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen hinta / 2), **_pyöristettynä alaspäin_**
|
||||
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen
|
||||
hinta)
|
||||
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen
|
||||
hinta / 2), **_pyöristettynä alaspäin_**
|
||||
- Marginaali: <strong>{{ page.stockmargin }}</strong> (pörssisähkön marginaali).
|
||||
|
||||
## Lähteet
|
||||
|
||||
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/) määrittää kalliin hinnan.
|
||||
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
|
||||
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/)
|
||||
määrittää kalliin hinnan.
|
||||
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii
|
||||
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
|
||||
edullisesti.
|
||||
|
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Quick localectl config
|
||||
excerpt: Reminder on systemd keyboard and language settings, also including more regionally tailored ones.
|
||||
excerpt:
|
||||
Reminder on systemd keyboard and language settings, also including more
|
||||
regionally tailored ones.
|
||||
layout: mini
|
||||
permalink: /n/localectl.html
|
||||
redirect_from:
|
||||
@ -49,22 +51,24 @@ sudo localectl set-x11-locale fi
|
||||
sudo localectl set-locale LANG=en_IE.UTF-8 LC_TIME=en_DK.UTF-8 LC_MONETARY=fi_FI.UTF-8 LC_NAME=fi_FI.UTF-8 LC_TELEPHONE=fi_FI.UTF-8
|
||||
```
|
||||
|
||||
- Everything will be in English, but time will be in ISO 8601, financial units use Finnish separators, names are sorted according to Finnish alphabet (a, …, x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
|
||||
- Everything will be in English, but time will be in ISO 8601, financial units
|
||||
use Finnish separators, names are sorted according to Finnish alphabet (a, …,
|
||||
x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
|
||||
|
||||
## Explanations
|
||||
|
||||
- LANG is the language and defaults for other variables if they are unset.
|
||||
en_DK gives ISO 8601 date format for everything respecting LC_TIME.
|
||||
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`,
|
||||
while `LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
|
||||
- LANG is the language and defaults for other variables if they are unset. en_DK
|
||||
gives ISO 8601 date format for everything respecting LC_TIME.
|
||||
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`, while
|
||||
`LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
|
||||
- LC_MONETARY sets the currency and how sums of it are managed.
|
||||
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish
|
||||
which probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
|
||||
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish which
|
||||
probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
|
||||
understands Mx.
|
||||
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it
|
||||
defaults international numbers to +358 and I am more likely to be typing
|
||||
Finnish numbers than Irish. I imagine it can affect office tools, and
|
||||
it's here more of just in case.
|
||||
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it defaults
|
||||
international numbers to +358 and I am more likely to be typing Finnish
|
||||
numbers than Irish. I imagine it can affect office tools, and it's here more
|
||||
of just in case.
|
||||
|
||||
And naturally to use these locales, they must be compiled.
|
||||
|
||||
@ -78,13 +82,12 @@ fi_FI.UTF-8 UTF-8
|
||||
|
||||
and as always, after editing that file, you must run `sudo locale-gen`.
|
||||
|
||||
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges
|
||||
the editing and locale-gen and that is probably what you are supposed to
|
||||
use.)
|
||||
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges the
|
||||
editing and locale-gen and that is probably what you are supposed to use.)
|
||||
|
||||
It seems like I didn't even say anything about that UTF-8 part, but
|
||||
it's 2024 and everything is UTF-8 (or your things are horribly broken
|
||||
and the rest of the world hates you).
|
||||
It seems like I didn't even say anything about that UTF-8 part, but it's 2024
|
||||
and everything is UTF-8 (or your things are horribly broken and the rest of the
|
||||
world hates you).
|
||||
|
||||
Sources/thanks:
|
||||
|
||||
@ -92,32 +95,37 @@ Sources/thanks:
|
||||
- [Locale Helper: en_IE](https://lh.2xlibre.net/locale/en_IE/)
|
||||
- [Locale Helper: fi_FI](https://lh.2xlibre.net/locale/fi_FI/)
|
||||
- [Wikipedia: UTF-8](https://en.wikipedia.org/wiki/UTF-8)
|
||||
- Random misplaced advice: disable charset fallback in your
|
||||
IRC client and be UTF-8 only! You will see when someone is not
|
||||
using UTF-8 and won't submit useless bug reports to
|
||||
bots/bridges/whatever that are UTF-8 only (as supporting every
|
||||
charset is impossible, since IRC has nothing to declare character
|
||||
set, and there is zero reason why you wouln't be using UTF-8! Well nowadays
|
||||
some have [IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
|
||||
- Random misplaced advice: disable charset fallback in your IRC client and be
|
||||
UTF-8 only! You will see when someone is not using UTF-8 and won't submit
|
||||
useless bug reports to bots/bridges/whatever that are UTF-8 only (as
|
||||
supporting every charset is impossible, since IRC has nothing to declare
|
||||
character set, and there is zero reason why you wouln't be using UTF-8! Well
|
||||
nowadays some have
|
||||
[IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
|
||||
- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)
|
||||
- You should read it or at least be aware of it especially if you are
|
||||
in contact with people from other countries and even more if you
|
||||
are in international communities trying to get anything done with
|
||||
anything that has to do with time or date!
|
||||
- You should read it or at least be aware of it especially if you are in
|
||||
contact with people from other countries and even more if you are in
|
||||
international communities trying to get anything done with anything that has
|
||||
to do with time or date!
|
||||
|
||||
---
|
||||
|
||||
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me
|
||||
from changing language of GNOME and `sudo dpkg-reconfigure locales` in the
|
||||
end gave me `*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
|
||||
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me from
|
||||
changing language of GNOME and `sudo dpkg-reconfigure locales` in the end gave
|
||||
me
|
||||
`*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
|
||||
|
||||
Either I was wrong on it being list of fallback languages I wish to use, or
|
||||
GNOME has different view on it, but as I think I have seen errors related
|
||||
to it before, I will drop `LANGUAGE` from the variables I set.
|
||||
GNOME has different view on it, but as I think I have seen errors related to it
|
||||
before, I will drop `LANGUAGE` from the variables I set.
|
||||
|
||||
---
|
||||
|
||||
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my [`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc) works fine as it gets read before my [`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway) anyway.
|
||||
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my
|
||||
[`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc)
|
||||
works fine as it gets read before my
|
||||
[`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway)
|
||||
anyway.
|
||||
|
||||
---
|
||||
|
||||
|
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Spoilers on Matrix protocol
|
||||
excerpt: Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element Web.
|
||||
excerpt:
|
||||
Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element
|
||||
Web.
|
||||
layout: mini
|
||||
permalink: /n/matrixspoilers.html
|
||||
redirect_from:
|
||||
@ -15,10 +17,10 @@ The Matrix specification supports spoilers since version 1.1:
|
||||
|
||||
- [Spoiler messages at Client-Server API of Matrix Specification](https://spec.matrix.org/latest/client-server-api/#spoiler-messages)
|
||||
|
||||
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when
|
||||
the spoiler is in the following format; `||Reason why this is a spoiler|Actually
|
||||
spoilered text.||` It can also be in-line and a spoiler without reason is just
|
||||
`||spoiler goes here||`.
|
||||
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when the
|
||||
spoiler is in the following format;
|
||||
`||Reason why this is a spoiler|Actually spoilered text.||` It can also be
|
||||
in-line and a spoiler without reason is just `||spoiler goes here||`.
|
||||
|
||||
Element Web supports whole message spoilers through the `/spoiler` command.
|
||||
|
||||
@ -28,9 +30,8 @@ Other clients supporting formatting may have to enter the HTML directly e.g.:
|
||||
<span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
||||
```
|
||||
|
||||
Some clients, like Nheko, have a `/plain` command to disable formatting for
|
||||
that message which allows sending this message in plain text to help someone
|
||||
else.
|
||||
Some clients, like Nheko, have a `/plain` command to disable formatting for that
|
||||
message which allows sending this message in plain text to help someone else.
|
||||
|
||||
```html
|
||||
/plain <span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
||||
|
14
n/nomap.md
14
n/nomap.md
@ -19,10 +19,11 @@ excerpt: Previously a blog post, now a note on _nomap in SSID.
|
||||
|
||||
_{{ page.excerpt }}_
|
||||
|
||||
`_nomap` in the end of your SSID will exclude your network from Google, Apple, WiGLE etc.
|
||||
`_nomap` in the end of your SSID will exclude your network from Google, Apple,
|
||||
WiGLE etc.
|
||||
|
||||
Microsoft has a separate [location services
|
||||
opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
|
||||
Microsoft has a separate
|
||||
[location services opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
|
||||
which uses MAC addresses instead.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
@ -42,10 +43,13 @@ which uses MAC addresses instead.
|
||||
|
||||
## Why?
|
||||
|
||||
Privacy. WiGLE.net may point your home directly just by entering the SSID and who knows how many similar services there are. While I have been thinking of this since 2015, there is at least one case where this has been used:
|
||||
Privacy. WiGLE.net may point your home directly just by entering the SSID and
|
||||
who knows how many similar services there are. While I have been thinking of
|
||||
this since 2015, there is at least one case where this has been used:
|
||||
|
||||
- [Christian Haschek: The curious case of the Raspberry Pi in the network closet](https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html)
|
||||
|
||||
## `_optout`
|
||||
|
||||
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi networks and passwords to all contacts.
|
||||
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi
|
||||
networks and passwords to all contacts.
|
||||
|
@ -1,6 +1,9 @@
|
||||
---
|
||||
title: Obtainiun
|
||||
excerpt: Obtainium downloads apps directly from forge/whatever without need for app stores and theoretically I can bootstrap it by copy-pasting the txt linked below into it, especially on devices that Google doesn't smile upon.
|
||||
excerpt:
|
||||
Obtainium downloads apps directly from forge/whatever without need for app
|
||||
stores and theoretically I can bootstrap it by copy-pasting the txt linked
|
||||
below into it, especially on devices that Google doesn't smile upon.
|
||||
layout: mini
|
||||
permalink: /n/obtainium.html
|
||||
sitemap: true
|
||||
@ -10,18 +13,20 @@ robots: noai
|
||||
|
||||
_{{ page.excerpt }}_
|
||||
|
||||
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from forge/whatever without need for app
|
||||
stores and theoretically I can bootstrap it by copy-pasting the txt linked
|
||||
below into it, especially on devices that Google doesn't smile upon.
|
||||
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from
|
||||
forge/whatever without need for app stores and theoretically I can bootstrap it
|
||||
by copy-pasting the txt linked below into it, especially on devices that Google
|
||||
doesn't smile upon.
|
||||
|
||||
- [Obtainium's latest release](https://github.com/ImranR98/Obtainium/releases/latest)
|
||||
|
||||
See also [2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
|
||||
See also
|
||||
[2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
|
||||
regardless of my list containing F-Droids. Regarding that, **prefer
|
||||
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over
|
||||
F-Droid** whenever possible (if nearby features aren't required)
|
||||
as it addesses some issues such as targeting higher API version and having
|
||||
automatic updates on Android 12+.
|
||||
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over F-Droid**
|
||||
whenever possible (if nearby features aren't required) as it addesses some
|
||||
issues such as targeting higher API version and having automatic updates on
|
||||
Android 12+.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -43,8 +48,10 @@ automatic updates on Android 12+.
|
||||
|
||||
## Importable app list
|
||||
|
||||
- For apps that don't require API keys to be entered into Obtainium, see [txt/obtainium.txt](/txt/obtainium.txt).
|
||||
- For apps that require GitHub or GitLab API key to be entered into Obtainium, see [txt/obtainium2.txt](/txt/obtainium2.txt)
|
||||
- For apps that don't require API keys to be entered into Obtainium, see
|
||||
[txt/obtainium.txt](/txt/obtainium.txt).
|
||||
- For apps that require GitHub or GitLab API key to be entered into Obtainium,
|
||||
see [txt/obtainium2.txt](/txt/obtainium2.txt)
|
||||
|
||||
## Third party F-Droid repositories
|
||||
|
||||
@ -67,34 +74,57 @@ _However I would use [the F-Droid repositories directly](/n/f-droid.html)._
|
||||
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.malwarescanner`
|
||||
- Hypatia malware scanner. Third party F-Droid repo.
|
||||
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.fennec_dos`
|
||||
- Mull Browser (not to be confused with Mullvad). Often suggested as the closest to [LibreWolf](https://librewolf.net)
|
||||
on Android. Third party F-Droid repo.
|
||||
- Mull Browser (not to be confused with Mullvad). Often suggested as the
|
||||
closest to [LibreWolf](https://librewolf.net) on Android. Third party
|
||||
F-Droid repo.
|
||||
|
||||
## App Stores
|
||||
|
||||
_Always exercise caution when installing apps, even from Google Play Store!_
|
||||
|
||||
- `https://github.com/accrescent/accrescent`
|
||||
- Accrescent is a recent App Store which I have seen recommended especially in privacy circles, while it's a bit plain and doesn't have much selection yet.
|
||||
- Accrescent is a recent App Store which I have seen recommended especially in
|
||||
privacy circles, while it's a bit plain and doesn't have much selection yet.
|
||||
- `https://apkpure.net/apkpure/com.apkpure.aegon`
|
||||
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker and even then would keep my family away from it.
|
||||
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker
|
||||
and even then would keep my family away from it.
|
||||
- `https://gitlab.com/AuroraOSS/AuroraStore`
|
||||
- Open source and anonymous interface for Google Play Store. Google doesn't like it, so the accounts often don't work, which is the reason this section has so many apps regardless of the common advice to install nothing outside of Play Store (that I obviously disagree with as there are dangerous and unwanted apps there too).
|
||||
- Open source and anonymous interface for Google Play Store. Google doesn't
|
||||
like it, so the accounts often don't work, which is the reason this section
|
||||
has so many apps regardless of the common advice to install nothing outside
|
||||
of Play Store (that I obviously disagree with as there are dangerous and
|
||||
unwanted apps there too).
|
||||
- `https://f-droid.org/packages/org.fdroid.fdroid`
|
||||
- FOSS-only app store with support for additional [repositories](/n/f-droid.html). I prefer the Basic version though, see below.
|
||||
- FOSS-only app store with support for additional
|
||||
[repositories](/n/f-droid.html). I prefer the Basic version though, see
|
||||
below.
|
||||
- `https://f-droid.org/packages/org.fdroid.basic`
|
||||
- F-Droid without local application sharing. Used to target higher API level than the main app allowing automatic updates for apps targeting recent enough app version. This is what I recommend and have installed for family for years.
|
||||
- F-Droid without local application sharing. Used to target higher API level
|
||||
than the main app allowing automatic updates for apps targeting recent
|
||||
enough app version. This is what I recommend and have installed for family
|
||||
for years.
|
||||
- `https://github.com/Tobi823/ffupdater`
|
||||
- Installer and updater for privacy friendly browsers (and itself), including, but not limited to Firefox, Chromium and other browsers based on them (except obviously not Google Chrome). Would install for family, if they didn't have Google Play Store.
|
||||
- Installer and updater for privacy friendly browsers (and itself), including,
|
||||
but not limited to Firefox, Chromium and other browsers based on them
|
||||
(except obviously not Google Chrome). Would install for family, if they
|
||||
didn't have Google Play Store.
|
||||
- `https://appgallery.huawei.com/app/C27162`
|
||||
- Huawei App Gallery. I don't think I recommend it, unless it comes with your phone, but it's nice to know it exists and can be installed?
|
||||
- Huawei App Gallery. I don't think I recommend it, unless it comes with your
|
||||
phone, but it's nice to know it exists and can be installed?
|
||||
- `https://github.com/ImranR98/Obtainium`
|
||||
- An app downloader that can install apps directly from the publishers, a few other app stores and F-Droid repositories (see an earlier section on this page). But you should know that already considering this page is of no interest to anyone else than Obtainium users (and mainly only me).
|
||||
- An app downloader that can install apps directly from the publishers, a few
|
||||
other app stores and F-Droid repositories (see an earlier section on this
|
||||
page). But you should know that already considering this page is of no
|
||||
interest to anyone else than Obtainium users (and mainly only me).
|
||||
- `https://uptodown-android.en.uptodown.com/android`
|
||||
- Uptodown app store, pleasant interface and not so intrusive advertising
|
||||
as opposed to APK Pure. I would consider installing it for a family member, should they reach ??? apps outside of Play Store that it offers (such as AdGuard (which Google again dislikes), Telegram.org/Android...)
|
||||
- Uptodown app store, pleasant interface and not so intrusive advertising as
|
||||
opposed to APK Pure. I would consider installing it for a family member,
|
||||
should they reach ??? apps outside of Play Store that it offers (such as
|
||||
AdGuard (which Google again dislikes), Telegram.org/Android...)
|
||||
- `https://lite-uptodown-app-store.en.uptodown.com/android`
|
||||
- Lighter version for less powerful phones, thinking of you Android Go Edition, or certain other 8 GB memory phones. Additionally Google is stripped out of it.
|
||||
- Lighter version for less powerful phones, thinking of you Android Go
|
||||
Edition, or certain other 8 GB memory phones. Additionally Google is
|
||||
stripped out of it.
|
||||
|
||||
## Other noteworthy apps:
|
||||
|
||||
|
@ -41,13 +41,16 @@ _{{ page.excerpt }}_
|
||||
|
||||
## Installation
|
||||
|
||||
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0` or probably just `pnpm install -D` if it's not your project.
|
||||
1. If they don't exist already `echo "{}" > .prettierrc && touch .prettierignore`
|
||||
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0`
|
||||
or probably just `pnpm install -D` if it's not your project.
|
||||
1. If they don't exist already
|
||||
`echo "{}" > .prettierrc && touch .prettierignore`
|
||||
1. `pnpm exec prettier . --write` or `pnpm exec prettier . --check`
|
||||
|
||||
## Configuration
|
||||
|
||||
I do with `.editorconfig` what I can, but for example my template `.prettierrc` looks like:
|
||||
I do with `.editorconfig` what I can, but for example my template `.prettierrc`
|
||||
looks like:
|
||||
|
||||
```json
|
||||
{
|
||||
@ -68,7 +71,8 @@ I do with `.editorconfig` what I can, but for example my template `.prettierrc`
|
||||
}
|
||||
```
|
||||
|
||||
at the time of writing. It's directly from documentation excluding the plugin names, but I will want it everywhere.
|
||||
at the time of writing. It's directly from documentation excluding the plugin
|
||||
names, but I will want it everywhere.
|
||||
|
||||
## `.pre-commit-config.yaml`
|
||||
|
||||
@ -76,7 +80,11 @@ This is the file that controls [`pre-commit`]s behaviour.
|
||||
|
||||
### Offline
|
||||
|
||||
I accidentally wrote this while updating this page to reflect me using prettier outside of [`pre-commit`] too nowadays. This has the advantage that the same local environment gets reused and dependencies are managed centrally, but assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues I am not thinking of as a not-coder myself.
|
||||
I accidentally wrote this while updating this page to reflect me using prettier
|
||||
outside of [`pre-commit`] too nowadays. This has the advantage that the same
|
||||
local environment gets reused and dependencies are managed centrally, but
|
||||
assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues
|
||||
I am not thinking of as a not-coder myself.
|
||||
|
||||
[`pre-commit`]: https://pre-commit.com
|
||||
[`pre-commit` ci]: https://pre-commit.ci
|
||||
|
@ -13,8 +13,8 @@ sitemap: false
|
||||
lang: fi
|
||||
---
|
||||
|
||||
Uudet puhelimet: https://android.com/one
|
||||
LineageOS-yhteensopivuus: https://wiki.lineageos.org/devices/
|
||||
Uudet puhelimet: https://android.com/one LineageOS-yhteensopivuus:
|
||||
https://wiki.lineageos.org/devices/
|
||||
|
||||
Käytettyjä puhelimia suomalaisilta tai suomenkielisiltä yrityksiltä:
|
||||
|
||||
|
11
n/reuse.md
11
n/reuse.md
@ -35,12 +35,13 @@ SPDX-License-Identifier: CC-BY-SA-4.0
|
||||
|
||||
> reuse is a tool for compliance with the REUSE recommendations.
|
||||
|
||||
says [their GitHub description](https://github.com/fsfe/reuse-tool) and
|
||||
in practice this means having a license header in all files or alternatively
|
||||
a `file.license` file. The tool can generate these, but I never remember
|
||||
the commands.
|
||||
says [their GitHub description](https://github.com/fsfe/reuse-tool) and in
|
||||
practice this means having a license header in all files or alternatively a
|
||||
`file.license` file. The tool can generate these, but I never remember the
|
||||
commands.
|
||||
|
||||
For more detailed explanation, consult [reuse.software/tutorial](https://reuse.software/tutorial/)
|
||||
For more detailed explanation, consult
|
||||
[reuse.software/tutorial](https://reuse.software/tutorial/)
|
||||
|
||||
---
|
||||
|
||||
|
@ -11,9 +11,10 @@ sitemap: false
|
||||
lang: en
|
||||
---
|
||||
|
||||
This is mostly based on [kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/) which also tells
|
||||
more clearly what to do. These are my notes on what I have done on top of it
|
||||
and probably not very much comprehensible by others than me.
|
||||
This is mostly based on
|
||||
[kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/)
|
||||
which also tells more clearly what to do. These are my notes on what I have done
|
||||
on top of it and probably not very much comprehensible by others than me.
|
||||
|
||||
<!-- editorconfig-checker-disable -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@ -43,17 +44,17 @@ later.
|
||||
1. `sudo mkdir $(cat /etc/machine-id)` also note the machine-id, it's used a
|
||||
lot.
|
||||
1. `sudo dnf install systemd-boot-unsigned sdubby -y`
|
||||
1. `cat /proc/cmdline` noting it, it will become included in
|
||||
`kernel_cmdline=""` in `/etc/dracut.conf.d/99-cmdline.conf` (or other
|
||||
freeform name as long as it ends to .conf?) Might also be worth it to note
|
||||
other dracut configuration files including defaults
|
||||
`/usr/lib/dracut/dracut.conf.d`
|
||||
1. `cat /proc/cmdline` noting it, it will become included in `kernel_cmdline=""`
|
||||
in `/etc/dracut.conf.d/99-cmdline.conf` (or other freeform name as long as it
|
||||
ends to .conf?) Might also be worth it to note other dracut configuration
|
||||
files including defaults `/usr/lib/dracut/dracut.conf.d`
|
||||
1. TODO BOOTCTL INSTALL FROM ARCH WIKI?
|
||||
1. TODO `printf "\tsudo mkdir /boot/%b/%b\n" "$MACHINEID" "$EXPECTEDKERNEL"`
|
||||
1. TODO `printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
|
||||
1. The original instructions said to `sudo dnf reinstall kernel-core`, but
|
||||
this has deviated with systemd-uki. They also said to `sudo bootctl` to
|
||||
see if it got installed properly before...
|
||||
1. TODO
|
||||
`printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
|
||||
1. The original instructions said to `sudo dnf reinstall kernel-core`, but this
|
||||
has deviated with systemd-uki. They also said to `sudo bootctl` to see if it
|
||||
got installed properly before...
|
||||
1. `sudo reboot`
|
||||
1. TODO: PROTECTED PACKAGES SHELL-THINGS!
|
||||
|
||||
@ -64,9 +65,9 @@ the image, but that doesn't seem to be the case for UKI. TODO!
|
||||
|
||||
# REMOVE ME UPON CONFIRMING THE ABOVE IS CORRECT
|
||||
|
||||
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and base of this
|
||||
2. Anaconda inst.sdboot
|
||||
3.efi mounttaus /efi, fstab
|
||||
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and
|
||||
base of this
|
||||
2. Anaconda inst.sdboot 3.efi mounttaus /efi, fstab
|
||||
3. Mkdir /efi/machine-id
|
||||
4. systemd-boot-unsigned sdubby
|
||||
5. cat /proc/cmdline
|
||||
|
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Telegram language links
|
||||
excerpt: You have ended up to my note-to-self on languages of Telegram that I care about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
|
||||
excerpt:
|
||||
You have ended up to my note-to-self on languages of Telegram that I care
|
||||
about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
|
||||
layout: mini
|
||||
permalink: /n/telegram.html
|
||||
redirect_from: /r/telegram.html
|
||||
|
18
n/telia.md
18
n/telia.md
@ -5,20 +5,24 @@ redirect_from: /r/telia.html
|
||||
sitemap: false
|
||||
lang: fi
|
||||
locale: fi_FI
|
||||
excerpt: Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan häiriön tapahtumista.
|
||||
excerpt:
|
||||
Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän
|
||||
verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan
|
||||
häiriön tapahtumista.
|
||||
---
|
||||
|
||||
_{{ page.excerpt }}_
|
||||
|
||||
Telian IPv6: https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
|
||||
Telian IPv6:
|
||||
https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
|
||||
|
||||
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon
|
||||
vikatilanteesta johtuen koko Suomessa hätäpuhelujen soittamisessa Telian
|
||||
liittymistä on ilmennyt häiriöitä."
|
||||
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon vikatilanteesta
|
||||
johtuen koko Suomessa hätäpuhelujen soittamisessa Telian liittymistä on
|
||||
ilmennyt häiriöitä."
|
||||
- https://yle.fi/uutiset/3-11083175 vaaratiedote ohi
|
||||
- 2020-02-12: https://yle.fi/uutiset/3-11205636 "Telian mobiiliverkossa oli
|
||||
laaja vikatilanne "
|
||||
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia
|
||||
yhteyksissä – vikaa selvitellään parhaillaan, syy ei vielä selvillä"
|
||||
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia yhteyksissä –
|
||||
vikaa selvitellään parhaillaan, syy ei vielä selvillä"
|
||||
- 2020-09-21: https://yle.fi/uutiset/3-11554861 "Telian liittymissä oli
|
||||
häiriöitä hätäpuheluiden soittamisessa – Vika on korjattu"
|
||||
|
@ -9,9 +9,7 @@ lang: fi
|
||||
<div lang="fi">Käytettyjä enimmäkseen yrityskoneita suomalaisilta tai suomenkielisiltä
|
||||
yrityksiltä:
|
||||
|
||||
https://cimos.fi/
|
||||
https://taitonetti.fi/
|
||||
https://www.inrego.fi/
|
||||
https://cimos.fi/ https://taitonetti.fi/ https://www.inrego.fi/
|
||||
|
||||
Katso myös /n/puhelin
|
||||
|
||||
@ -19,13 +17,11 @@ Katso myös /n/puhelin
|
||||
|
||||
<div lang="en">
|
||||
|
||||
International used devices (the goal of this note is business devices, but
|
||||
I am unsure whether all here are):
|
||||
International used devices (the goal of this note is business devices, but I am
|
||||
unsure whether all here are):
|
||||
|
||||
Hungary:
|
||||
https://www.marseus.com/
|
||||
Hungary: https://www.marseus.com/
|
||||
|
||||
Czech Republic in Czech
|
||||
https://www.gigacomputer.cz/
|
||||
Czech Republic in Czech https://www.gigacomputer.cz/
|
||||
|
||||
</div>
|
||||
|
@ -6,4 +6,5 @@ excerpt: "404, not found, don't bother clicking..."
|
||||
lang: en
|
||||
---
|
||||
|
||||
Sorry, whatever you were looking for, is not here. Maybe the navigation bar above or on the top right on smaller displays will help you?
|
||||
Sorry, whatever you were looking for, is not here. Maybe the navigation bar
|
||||
above or on the top right on smaller displays will help you?
|
||||
|
@ -2,100 +2,100 @@
|
||||
title: About me
|
||||
layout: page
|
||||
permalink: /about.html
|
||||
excerpt: "A little about me on transness, Asperger's syndrome/autism, feminism, asexuality & using Linux."
|
||||
excerpt:
|
||||
"A little about me on transness, Asperger's syndrome/autism, feminism,
|
||||
asexuality & using Linux."
|
||||
published: false
|
||||
lang: en
|
||||
---
|
||||
|
||||
<em>Even if I talk about these things openly here, I prefer that
|
||||
<strong>you don't talk about me being these minorities to anyone</strong>
|
||||
and <strong>let me tell by myself</strong> if I see reason to do it.
|
||||
People interested enough can put my name to any search engine and find here sooner or later.</em>
|
||||
<em>Even if I talk about these things openly here, I prefer that <strong>you
|
||||
don't talk about me being these minorities to anyone</strong> and <strong>let me
|
||||
tell by myself</strong> if I see reason to do it. People interested enough can
|
||||
put my name to any search engine and find here sooner or later.</em>
|
||||
|
||||
<em>If you did out me, you would risk me being treated differently and
|
||||
possibly cause dangerous concequences.</em>
|
||||
<em>If you did out me, you would risk me being treated differently and possibly
|
||||
cause dangerous concequences.</em>
|
||||
|
||||
On this page I am trying to explain myself more or those things that you
|
||||
might wonder in my self-description. Some things that I explain here may
|
||||
overlap with different features.
|
||||
On this page I am trying to explain myself more or those things that you might
|
||||
wonder in my self-description. Some things that I explain here may overlap with
|
||||
different features.
|
||||
|
||||
_For more material about these things, please see [GRSM links](/links2)._
|
||||
|
||||
## GirlsLikeUs — I am a trans woman
|
||||
|
||||
It simply means that I was incorrectly defined as boy at birth which I
|
||||
never was. I didn't always know it, but around 14-15 Dysphoria really hit
|
||||
me.
|
||||
It simply means that I was incorrectly defined as boy at birth which I never
|
||||
was. I didn't always know it, but around 14-15 Dysphoria really hit me.
|
||||
|
||||
I was always different from boys and I have been always bullied and I
|
||||
became suicidal and depressed. I was diagnosed with AS which didn't so
|
||||
much, but finally I came to realization on who I am and started the
|
||||
progress to be recognized as myself.
|
||||
I was always different from boys and I have been always bullied and I became
|
||||
suicidal and depressed. I was diagnosed with AS which didn't so much, but
|
||||
finally I came to realization on who I am and started the progress to be
|
||||
recognized as myself.
|
||||
|
||||
As the progress is too slow in Finland I ended up starting HRT
|
||||
([Hormone Replacement Therapy](https://en.wikipedia.org/wiki/Hormone_replacement_therapy))
|
||||
by myself (like many (if not most) of us here do) and was on it for year
|
||||
before getting diagnosed and getting HRT officially.
|
||||
by myself (like many (if not most) of us here do) and was on it for year before
|
||||
getting diagnosed and getting HRT officially.
|
||||
|
||||
Many people have said that I am nowadays happier and smile more and other
|
||||
things like that and I know this is who I am.
|
||||
Many people have said that I am nowadays happier and smile more and other things
|
||||
like that and I know this is who I am.
|
||||
|
||||
It's also not very nice when you separate sex and gender by saying "your
|
||||
gender can be female, but you are always biologically male" and it has
|
||||
been noted multiple times that gender is biological.
|
||||
_[GRSM links](/links2)_
|
||||
It's also not very nice when you separate sex and gender by saying "your gender
|
||||
can be female, but you are always biologically male" and it has been noted
|
||||
multiple times that gender is biological. _[GRSM links](/links2)_
|
||||
|
||||
- [How to respect a Transgender person at WikiHow](http://www.wikihow.com/Respect-a-Transgender-Person)
|
||||
|
||||
_I feel this part doesn't transmit how being trans feels and some things
|
||||
should possibly be mentioned here..._
|
||||
_I feel this part doesn't transmit how being trans feels and some things should
|
||||
possibly be mentioned here..._
|
||||
|
||||
## AS - Asperger's Syndrome
|
||||
|
||||
I am AS-person and you might see it from the way I write and speak. I have
|
||||
some over-sensitive senses like sense of hearing and it becomes difficult
|
||||
for me to speak if I try to look into your eyes at the same time, so I am
|
||||
not trying to be impolite or anything, it's just easier to not look at you
|
||||
while I speak. Same applies to understanding your speaking.
|
||||
I am AS-person and you might see it from the way I write and speak. I have some
|
||||
over-sensitive senses like sense of hearing and it becomes difficult for me to
|
||||
speak if I try to look into your eyes at the same time, so I am not trying to be
|
||||
impolite or anything, it's just easier to not look at you while I speak. Same
|
||||
applies to understanding your speaking.
|
||||
|
||||
_This paragraph is stub -.-_
|
||||
|
||||
- [How to understand Autism at WikiHow](http://www.wikihow.com/Understand-Autism)
|
||||
- Might apply more to children, but it's a feature so one won't simply
|
||||
get healed from it.
|
||||
- Might apply more to children, but it's a feature so one won't simply get
|
||||
healed from it.
|
||||
|
||||
_I have afterwards learned that I am also a [Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity), but it
|
||||
overlaps with autism a little and I don't know what to start typing it and
|
||||
it's piece of information that would mainly interest another HSP like
|
||||
many other things on this page, so I am just leaving it here._
|
||||
_I have afterwards learned that I am also a
|
||||
[Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity),
|
||||
but it overlaps with autism a little and I don't know what to start typing it
|
||||
and it's piece of information that would mainly interest another HSP like many
|
||||
other things on this page, so I am just leaving it here._
|
||||
|
||||
## Ace & Relationship Anarchist
|
||||
|
||||
_I am asexual and possibly relationship anarchist, but it will be seen..._
|
||||
|
||||
I used to define myself as poly-curiuos (wondering if I am poly (capable
|
||||
of having simultaneous close romantic relationships with two or more
|
||||
people or not) and demiromantic (the ace of diamonds playing card is their
|
||||
symbol shared by demisexuals) which means only forming romantic attraction
|
||||
after forming close emotional bond with the person
|
||||
I used to define myself as poly-curiuos (wondering if I am poly (capable of
|
||||
having simultaneous close romantic relationships with two or more people or not)
|
||||
and demiromantic (the ace of diamonds playing card is their symbol shared by
|
||||
demisexuals) which means only forming romantic attraction after forming close
|
||||
emotional bond with the person
|
||||
|
||||
At some point I started wondering does touching and caring have to be
|
||||
limited into relationship and found
|
||||
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?) which made sense and made
|
||||
me think that there is no romanticity, just sensuality and in the bottom
|
||||
relationship anarchy. As what is the difference between friend and partner,
|
||||
what prevents you from (consentually) cuddling or having sex with friends?
|
||||
What prevents you from loving your friends and is loving so different from
|
||||
liking and don't you sometimes use the words interchangeably? What prevents
|
||||
you from doing all the things you wish to do with your partner with some
|
||||
friend? What if love comes after you stop for especially looking for one
|
||||
or multiple people to call as partner(s)?
|
||||
At some point I started wondering does touching and caring have to be limited
|
||||
into relationship and found
|
||||
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?)
|
||||
which made sense and made me think that there is no romanticity, just sensuality
|
||||
and in the bottom relationship anarchy. As what is the difference between friend
|
||||
and partner, what prevents you from (consentually) cuddling or having sex with
|
||||
friends? What prevents you from loving your friends and is loving so different
|
||||
from liking and don't you sometimes use the words interchangeably? What prevents
|
||||
you from doing all the things you wish to do with your partner with some friend?
|
||||
What if love comes after you stop for especially looking for one or multiple
|
||||
people to call as partner(s)?
|
||||
|
||||
I have found a word for this, _quoiromantic_ (aka _wtfromantic_ or
|
||||
_whatromantic_) and I think I can still use the ace of diamonds symbol
|
||||
as _demisensual_ is the closest to describe my relationship with
|
||||
touch (meaning that I might like it after there is some sort of a emotional
|
||||
bond).
|
||||
_whatromantic_) and I think I can still use the ace of diamonds symbol as
|
||||
_demisensual_ is the closest to describe my relationship with touch (meaning
|
||||
that I might like it after there is some sort of a emotional bond).
|
||||
|
||||
However labels such as partner still appear to be necessary with unique
|
||||
relationships based on their development or otherwise I am not understood.
|
||||
@ -108,24 +108,22 @@ happen will be seen when it happens._
|
||||
|
||||
## Feminist
|
||||
|
||||
I support equal rights for everyone and the right of self-definition (or
|
||||
not requiring anyone to define themselves). Everyone should also be the one
|
||||
to choose what they do with their body (abortion, gender transition etc.)
|
||||
freely without complicated researchs and other people or society judging
|
||||
them.
|
||||
I support equal rights for everyone and the right of self-definition (or not
|
||||
requiring anyone to define themselves). Everyone should also be the one to
|
||||
choose what they do with their body (abortion, gender transition etc.) freely
|
||||
without complicated researchs and other people or society judging them.
|
||||
|
||||
_This is basicaly everything, but shouldn't I also say something more?_
|
||||
|
||||
## Linux user
|
||||
|
||||
I have been used Linux since 2008, I started with [Ubuntu] \(8.04).
|
||||
My preferred distribution is [Ubuntu MATE] or [Arch Linux] or with servers
|
||||
[Debian], but I am also familiar with other distributions, mainly
|
||||
[Debian]-deriatives.
|
||||
I have been used Linux since 2008, I started with [Ubuntu] \(8.04). My preferred
|
||||
distribution is [Ubuntu MATE] or [Arch Linux] or with servers [Debian], but I am
|
||||
also familiar with other distributions, mainly [Debian]-deriatives.
|
||||
|
||||
I have experience with [Fedora] and other distributions from that side too
|
||||
and I am not entirely lost while using them, but somehow I have always
|
||||
preferred Debian side. Maybe it's just that I have learned to use it.
|
||||
I have experience with [Fedora] and other distributions from that side too and I
|
||||
am not entirely lost while using them, but somehow I have always preferred
|
||||
Debian side. Maybe it's just that I have learned to use it.
|
||||
|
||||
[ubuntu]: http://www.ubuntu.com/desktop
|
||||
[ubuntu mate]: https://ubuntu-mate.org/
|
||||
@ -143,26 +141,30 @@ getting removed entirely sometime._
|
||||
|
||||
## Life
|
||||
|
||||
This link list to life post on my blog shouldn't be here, but it has no
|
||||
better place, so where else should it be?
|
||||
This link list to life post on my blog shouldn't be here, but it has no better
|
||||
place, so where else should it be?
|
||||
|
||||
_Time of writing in YYYY-MM-DD (ISO 8601): title or what it's about._
|
||||
|
||||
- [2015-03-25: Leaving bot communities & a little on my life]({% post_url 2015-03-25-leaving-bots-life %})
|
||||
- [2015-04-03: Scum]({% post_url 2015-04-03-scum %})
|
||||
- [2015-04-01: Saasta (same in Finnish)]({% post_url 2015-04-01-saasta %})
|
||||
- [2015-05-18: Somewhat more on my life & untold background of bots]({% post_url 2015-05-18-life-bot-background %})
|
||||
- [2015-06-16: Feelings and wounds of school bullying]({% post_url 2015-06-16-feelings %})
|
||||
- [2015-05-18: Somewhat more on my life & untold background
|
||||
of bots]({% post_url 2015-05-18-life-bot-background %})
|
||||
- [2015-06-16: Feelings and wounds of
|
||||
school bullying]({% post_url 2015-06-16-feelings %})
|
||||
- [2015-06-29: Google translated "suicide post"](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=fi&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F06%2F29%2Fminusta.html&edit-text=)
|
||||
- _I was at psychiatrical hospital after writing this._
|
||||
- [2015-09-09: The most important post that I have written]({% post_url 2015-09-09-act-around-trans %})
|
||||
- [2015-09-09: The most important post that I
|
||||
have written]({% post_url 2015-09-09-act-around-trans %})
|
||||
- [2015-11-03: I moved to Lauttasaari, Helsinki]({% post_url 2015-11-03-moving %})
|
||||
- way too positive for this section, but where else...
|
||||
- [2015-11-21: Email to Legal Affairs Committee on how trans law must be based on the right of self-definition](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F11%2F21%2Fsahkopostia-lakivaliokunnalle-translaki.html&edit-text=)
|
||||
- [2017-04-18: Google Translated dance lesson trauma](https://translate.google.com/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2017%2F04%2F18%2Ftanssitunti.html&edit-text=)
|
||||
- [2017-04-30: After trans process and AvPD, everything is OK]({% post_url 2017-04-30-post-trans %})
|
||||
- [2017-04-30: After trans process and AvPD, everything
|
||||
is OK]({% post_url 2017-04-30-post-trans %})
|
||||
|
||||
---
|
||||
|
||||
_Please keep in mind that everything in this page is just my opinion and
|
||||
not all trans or AS or \<any group\> people are the exact same._
|
||||
_Please keep in mind that everything in this page is just my opinion and not all
|
||||
trans or AS or \<any group\> people are the exact same._
|
||||
|
@ -169,7 +169,9 @@ TODO: Sort this list.
|
||||
|
||||
# Chromium flags
|
||||
|
||||
These can generally be found from `about:flags` on Chromium based browsers, for Vivaldi explicit `vivaldi://flags` is required and it also has `chrome://settings` for the usual Chromium settings.
|
||||
These can generally be found from `about:flags` on Chromium based browsers, for
|
||||
Vivaldi explicit `vivaldi://flags` is required and it also has
|
||||
`chrome://settings` for the usual Chromium settings.
|
||||
|
||||
- `#enable-quic` - enabled
|
||||
- `#enable-force-dark` - enabled with increased text constract
|
||||
@ -188,29 +190,49 @@ These likely also exist, but just without the `vendor-` part when searhcing.
|
||||
|
||||
# Firefox about:config
|
||||
|
||||
_On LibreAwoo or autoconfig, refer to my [conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg) which has kind of replaced this section?._
|
||||
_On LibreAwoo or autoconfig, refer to my
|
||||
[conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg)
|
||||
which has kind of replaced this section?._
|
||||
|
||||
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to not trust system CA store in case of enterprise MITM
|
||||
- `security.OCSP.require` to `true` in order to not allow [OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a bit paranoid, but _only the paranoid survive._
|
||||
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is
|
||||
used to hide real browser size. [Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
|
||||
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to
|
||||
not trust system CA store in case of enterprise MITM
|
||||
- `security.OCSP.require` to `true` in order to not allow
|
||||
[OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a
|
||||
bit paranoid, but _only the paranoid survive._
|
||||
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is used
|
||||
to hide real browser size.
|
||||
[Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
|
||||
- [Bug 70315: text in menus and boxes unreadable if using dark GTK theme](https://bugzilla.mozilla.org/show_bug.cgi?id=70315))
|
||||
- `image.animation_mode` to `once` in order to have gifs play once and
|
||||
then stop everywhere (`none` to never have them play).
|
||||
- `geo.provider.network.url` to `https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in order to send nearby WiFi networks to Mozilla instead of Google. See also [MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
|
||||
- `network.IDN_show_punycode` to `true` in order to see punycode instead of UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains painful. E.g. Cyrillic alphabet
|
||||
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to be used on ~all websites and devices (regardless of low RAM?)
|
||||
- `image.animation_mode` to `once` in order to have gifs play once and then stop
|
||||
everywhere (`none` to never have them play).
|
||||
- `geo.provider.network.url` to
|
||||
`https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in
|
||||
order to send nearby WiFi networks to Mozilla instead of Google. See also
|
||||
[MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
|
||||
- `network.IDN_show_punycode` to `true` in order to see punycode instead of
|
||||
UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains
|
||||
painful. E.g. Cyrillic alphabet
|
||||
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to
|
||||
be used on ~all websites and devices (regardless of low RAM?)
|
||||
|
||||
Future note: [`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263) ?
|
||||
Future note:
|
||||
[`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263)
|
||||
?
|
||||
|
||||
## Advertising
|
||||
|
||||
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to other Mozilla products or whoever pays them. See also [Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
|
||||
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to
|
||||
other Mozilla products or whoever pays them. See also
|
||||
[Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
|
||||
|
||||
- `browser.newtabpage.activity-stream.showSponsored` & `browser.newtabpage.activity-stream.showSponsored` to `false` to stop sponsored links.
|
||||
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN advertisements
|
||||
- `browser.newtabpage.activity-stream.showSponsored` &
|
||||
`browser.newtabpage.activity-stream.showSponsored` to `false` to stop
|
||||
sponsored links.
|
||||
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN
|
||||
advertisements
|
||||
- `browser.promo.focus.enabled` to `false` to stop Firefox Focus advertisements?
|
||||
- `browser.preferences.moreFromMozilla` to `false` to not hear from other Mozilla products?
|
||||
- `browser.preferences.moreFromMozilla` to `false` to not hear from other
|
||||
Mozilla products?
|
||||
|
||||
## [Cookie banner blocking](https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/)
|
||||
|
||||
@ -224,44 +246,69 @@ defaultPref("cookiebanners.bannerClicking.enabled", true);
|
||||
|
||||
## DNS over HTTPS
|
||||
|
||||
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to explicitly disable. `2` to prefer DoH, but fallback to system also exists.
|
||||
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289) which encrypts SNI/ClientHello which would still leak which
|
||||
sites you visit. [Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
|
||||
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer is 3 for ESNI/ECH?
|
||||
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to
|
||||
explicitly disable. `2` to prefer DoH, but fallback to system also exists.
|
||||
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289)
|
||||
which encrypts SNI/ClientHello which would still leak which sites you visit.
|
||||
[Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
|
||||
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer
|
||||
is 3 for ESNI/ECH?
|
||||
- `network.trr.early-AAAA` `true` to hopefully prefer IPv6
|
||||
- `network.trr.uri` for the actual resolver address, e.g.
|
||||
`https://doh.mullvad.net/dns-query`
|
||||
- and if they provide as SOCKS proxy as a killswitch, `network.proxy.socks_remote_dns` must be `false`
|
||||
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using NextDNS private ECS.
|
||||
- and if they provide as SOCKS proxy as a killswitch,
|
||||
`network.proxy.socks_remote_dns` must be `false`
|
||||
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using
|
||||
NextDNS private ECS.
|
||||
- [Wikipedia: EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet)
|
||||
|
||||
Some notes:
|
||||
|
||||
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for blocking.
|
||||
- You can confirm TRR working by visiting `about:networking#dns` where
|
||||
you should be seeing DNS cache of Firefox and a lot of `TRR: true`.
|
||||
- ECH requires `network.dns.echconfig.enabled` and `network.dns.use_https_rr_as_altsvc` to be `true`,
|
||||
but they seem to default to true at least in Firefox Nightly so maybe no action is needed.
|
||||
- [While investingating how Android 9 Private DNS works, I also wrote a DNS provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
|
||||
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for
|
||||
blocking.
|
||||
- You can confirm TRR working by visiting `about:networking#dns` where you
|
||||
should be seeing DNS cache of Firefox and a lot of `TRR: true`.
|
||||
- ECH requires `network.dns.echconfig.enabled` and
|
||||
`network.dns.use_https_rr_as_altsvc` to be `true`, but they seem to default to
|
||||
true at least in Firefox Nightly so maybe no action is needed.
|
||||
- [While investingating how Android 9 Private DNS works, I also wrote a DNS
|
||||
provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
|
||||
|
||||
## SSDs
|
||||
|
||||
This information is from [Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
|
||||
This information is from
|
||||
[Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
|
||||
|
||||
<!-- - `browser.cache.disk.enable` to `false` to only cache to RAM.
|
||||
- (`browser.cache.memory.enable` to `true` which should be default) -->
|
||||
|
||||
- `browser.sessionstore.interval` to `600000` in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.
|
||||
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.
|
||||
- `browser.sessionstore.interval` to `600000` in order to only store open
|
||||
session every ten minutes (instead of 15 seconds) in case of crashes.
|
||||
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not
|
||||
store the session data for crash recovery at all. I think this may be the
|
||||
more healthy option with all the information flood and dozens of tabs.
|
||||
|
||||
Why?
|
||||
|
||||
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.
|
||||
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is
|
||||
> saved in the Firefox cache for future use without the need to download it
|
||||
> again. It is estimated that only a fraction of these objects will be reused,
|
||||
> usually about 30%. This because of very short object expiration time, updates
|
||||
> or simply user behavior (loading new pages instead of returning to the ones
|
||||
> already visited). The Firefox cache is divided into memory and disk cache and
|
||||
> the latter results in frequent disk writes: newly loaded objects are written
|
||||
> to memory and older objects are removed.
|
||||
|
||||
> Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.
|
||||
> Firefox stores the current session status (opened urls, cookies, history and
|
||||
> form data) to the disk on a regular basis. It is used to recover a previous
|
||||
> session in case of crash. The default setting is to save the session every 15
|
||||
> seconds, resulting in frequent disk access.
|
||||
|
||||
and this is the reason why Firefox is at times accused of killing SSDs.
|
||||
|
||||
---
|
||||
|
||||
Changelog: [GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown) | [gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)
|
||||
Changelog:
|
||||
[GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown)
|
||||
|
|
||||
[gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)
|
||||
|
@ -14,9 +14,14 @@ robots: noai
|
||||
|
||||
I have multiple instant messaging chatrooms.
|
||||
|
||||
- [The ones listed below](#the-links) are for comments to my blog, this website in general, my FOSS <s>spam</s> activity and a contact point for reaching me in general for not so private matters. They are connected together by [Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
|
||||
- [The ones listed below](#the-links) are for comments to my blog, this website
|
||||
in general, my FOSS <s>spam</s> activity and a contact point for reaching me
|
||||
in general for not so private matters. They are connected together by
|
||||
[Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
|
||||
- Many linking here utilize the rules listed below.
|
||||
- Others are simply curious about protocols, transports, relays, bridges, etc. _Why did they end up on this page when they could have ended up anywhere else?_
|
||||
- Others are simply curious about protocols, transports, relays, bridges, etc.
|
||||
_Why did they end up on this page when they could have ended up anywhere
|
||||
else?_
|
||||
|
||||
---
|
||||
|
||||
@ -42,43 +47,63 @@ I have multiple instant messaging chatrooms.
|
||||
|
||||
## Rules
|
||||
|
||||
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) is the primary Code of Conduct here (which isn't forked due to this community forming around me and my website. Any project growing bigger would have its own), but we do have a couple of other rules too:
|
||||
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/)
|
||||
is the primary Code of Conduct here (which isn't forked due to this community
|
||||
forming around me and my website. Any project growing bigger would have its
|
||||
own), but we do have a couple of other rules too:
|
||||
|
||||
- Don't send private messages without asking for a permission first unless your message is purely moderation related.
|
||||
- Please include your business in your first message and not only greeting. See [nohello.net](https://nohello.net) for more about that.
|
||||
- Don't share personal affairs of other people outside of the room. This includes, but isn't limited to, gender/sexual/romantic orientation questioning, plurality, religion, etc. When in doubt, assume it's private.
|
||||
- Mind the limitations of machines and people especially in the private side. Transport encryption is not [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption), which can be broken by a compromised client device (including, but not limited to bot/relay/bridge) or the protocol in question may neglect to encrypt something [like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
|
||||
- For other matters, [_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule) applies.
|
||||
- Don't send private messages without asking for a permission first unless your
|
||||
message is purely moderation related.
|
||||
- Please include your business in your first message and not only greeting.
|
||||
See [nohello.net](https://nohello.net) for more about that.
|
||||
- Don't share personal affairs of other people outside of the room. This
|
||||
includes, but isn't limited to, gender/sexual/romantic orientation
|
||||
questioning, plurality, religion, etc. When in doubt, assume it's private.
|
||||
- Mind the limitations of machines and people especially in the private side.
|
||||
Transport encryption is not
|
||||
[end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption),
|
||||
which can be broken by a compromised client device (including, but not
|
||||
limited to bot/relay/bridge) or the protocol in question may neglect to
|
||||
encrypt something
|
||||
[like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
|
||||
- For other matters,
|
||||
[_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule)
|
||||
applies.
|
||||
|
||||
## Languages
|
||||
|
||||
As for languages; English is preferred due to majority of the discussion
|
||||
participants speaking it, but Finnish and Esperanto are also fine.<br> I sadly
|
||||
don't consider myself capable of holding a discussion in other languages, but
|
||||
I do hope to be able to grow this list in the future.
|
||||
don't consider myself capable of holding a discussion in other languages, but I
|
||||
do hope to be able to grow this list in the future.
|
||||
|
||||
## The links
|
||||
|
||||
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info)
|
||||
my selfhosted IRC server.
|
||||
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info) my
|
||||
selfhosted IRC server.
|
||||
- [(Recommended) Gamja webchat](https://irc.etro.mikaela.info/#mikaela.info)
|
||||
- `MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion`
|
||||
- [LiberaChat], [`#mikaela.info`](ircs://irc.libera.chat:6697/#mikaela.info)
|
||||
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info), [KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning: Libera.Chat has no message history_
|
||||
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info),
|
||||
[KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning:
|
||||
Libera.Chat has no message history_
|
||||
- `MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion`
|
||||
- [Matrix], [`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
|
||||
- [Matrix],
|
||||
[`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
|
||||
a decentralised conversation store.
|
||||
- [Convene webchat](https://letsconvene.im/app/#/join/%23mikaela.info:matrix.org)
|
||||
- [PirateIRC], [`#mikaela.info`](ircs://irc.pirateirc.net:6697/#mikaela.info)
|
||||
- [Gamja webchat](https://webchat.pirateirc.net/)
|
||||
- `MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion`
|
||||
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a
|
||||
popular instant messenger with open source clients.
|
||||
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a popular
|
||||
instant messenger with open source clients.
|
||||
- [Twitch], [Ciblia](https://twitch.tv/Ciblia), a propietary game streaming
|
||||
platform.
|
||||
- Expect my streaming to happen in [mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
|
||||
- Expect my streaming to happen in
|
||||
[mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
|
||||
(PeerTube) instead.
|
||||
- [XMPP], [`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
|
||||
- [XMPP],
|
||||
[`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
|
||||
a federated chat protocol.
|
||||
|
||||
[ergochat]: https://ergo.chat/
|
||||
@ -90,67 +115,81 @@ I do hope to be able to grow this list in the future.
|
||||
[twitch]: https://twitch.tv/
|
||||
[xmpp]: https://xmpp.org/
|
||||
|
||||
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by protocol and thus
|
||||
users joining in the future could see messages up to one year or longer in the
|
||||
past.
|
||||
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by
|
||||
protocol and thus users joining in the future could see messages up to one year
|
||||
or longer in the past.
|
||||
|
||||
## A couple of words on protocols
|
||||
|
||||
- _IRC_ was invented in 1988 and regardless of developing integrated message
|
||||
storage since then, it's still _trivial to setup_ and runs well on _a toaster_.
|
||||
_IRC servers_ are generally _[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_ and _IRC clients_
|
||||
widely come with _[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_ where _[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_. My personal
|
||||
_IRC_ history begins in 2010 as user and since then I have also opered
|
||||
mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
|
||||
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each other
|
||||
without prior approval, it was originally introduced in 1999. I don't have
|
||||
a record on when I begun using it as _all multi-protocol chat apps_ that were
|
||||
common even before 2010 supported it. I haven't had a need or desire to _selfhost_.
|
||||
storage since then, it's still _trivial to setup_ and runs well on _a
|
||||
toaster_. _IRC servers_ are generally
|
||||
_[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_
|
||||
and _IRC clients_ widely come with
|
||||
_[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_
|
||||
where
|
||||
_[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_.
|
||||
My personal _IRC_ history begins in 2010 as user and since then I have also
|
||||
opered mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
|
||||
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each
|
||||
other without prior approval, it was originally introduced in 1999. I don't
|
||||
have a record on when I begun using it as _all multi-protocol chat apps_ that
|
||||
were common even before 2010 supported it. I haven't had a need or desire to
|
||||
_selfhost_.
|
||||
- _Telegram_ was introduced in 2013 and is a popular _instant messenger_ with
|
||||
many _open source clients (not server)_ also on minority platforms (by third
|
||||
parties). It's favoured by many for stickers and ease-to-use, while that
|
||||
comes with _concern on security and privacy_.
|
||||
parties). It's favoured by many for stickers and ease-to-use, while that comes
|
||||
with _concern on security and privacy_.
|
||||
- _Matrix_ was introduced in 2014 and I started using it in 2016. Many of the
|
||||
_client and server implementations are heavy_, _especially on server side_ requiring what to outside looks
|
||||
like _a constant maintenance_ to deal with the _implementation performance issues_,
|
||||
_I am not interested in even trying to selfhost a Matrix (home)server and bridges
|
||||
until the situation significantly improves_. _[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
|
||||
while the _[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152) through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at [all](https://github.com/matrix-org/synapse/issues/7088)_.
|
||||
- Exception: [Hydrogen](https://hydrogen.element.io) ([GitHub](https://github.com/vector-im/hydrogen-web))
|
||||
is the only client I have encountered that works well on Nokia 1 TA-1047
|
||||
or in other words passes the so-called toaster test. It does self-describe
|
||||
as _A minimal Matrix chat client, focused on performance, offline
|
||||
functionality, and broad browser support_, which it redeems.
|
||||
- Good luck to users of either [dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
|
||||
_client and server implementations are heavy_, _especially on server side_
|
||||
requiring what to outside looks like _a constant maintenance_ to deal with the
|
||||
_implementation performance issues_, _I am not interested in even trying to
|
||||
selfhost a Matrix (home)server and bridges until the situation significantly
|
||||
improves_.
|
||||
_[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
|
||||
while the
|
||||
_[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152)
|
||||
through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at
|
||||
[all](https://github.com/matrix-org/synapse/issues/7088)_.
|
||||
- Exception: [Hydrogen](https://hydrogen.element.io)
|
||||
([GitHub](https://github.com/vector-im/hydrogen-web)) is the only client I
|
||||
have encountered that works well on Nokia 1 TA-1047 or in other words passes
|
||||
the so-called toaster test. It does self-describe as _A minimal Matrix chat
|
||||
client, focused on performance, offline functionality, and broad browser
|
||||
support_, which it redeems.
|
||||
- Good luck to users of either
|
||||
[dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
|
||||
|
||||
## And on transports, relays and bridges
|
||||
|
||||
- One of the marketing points of _XMPP_ was to connect to other protocols by
|
||||
means of transports. They plug into a _XMPP server_ and can be provided either
|
||||
by yours or be open for other _XMPP servers_.
|
||||
- The word _relay_ is often used on _bots which copy messages from one protocol/network
|
||||
and paste (or more simply said relay) it to another_. They aren't transparent and thus the
|
||||
messages from them appear to be coming from bots beginning with the message
|
||||
sender instead of being completely transparent. This is what is _commonly
|
||||
used on IRC to connect to other IRC networks or protocols_.
|
||||
- The word _relay_ is often used on _bots which copy messages from one
|
||||
protocol/network and paste (or more simply said relay) it to another_. They
|
||||
aren't transparent and thus the messages from them appear to be coming from
|
||||
bots beginning with the message sender instead of being completely
|
||||
transparent. This is what is _commonly used on IRC to connect to other IRC
|
||||
networks or protocols_.
|
||||
- _Matterbridge regardless of the name acts like a relay. Like IRC and XMPP_,
|
||||
it also _runs on a toaster requiring only [the binary](https://github.com/42wim/matterbridge/releases)
|
||||
and a [config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
|
||||
it also _runs on a toaster requiring only
|
||||
[the binary](https://github.com/42wim/matterbridge/releases) and a
|
||||
[config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
|
||||
being trivial to setup anywhere quickly or move around.
|
||||
- _[Recent IRC development allows (RELAYMSG)](https://github.com/ircv3/ircv3-specifications/pull/417)_
|
||||
allows relays to be transparent making messages appear from users outside
|
||||
of the channel that don't actually exist. This is similar to _Discord webhooks
|
||||
allows relays to be transparent making messages appear from users outside of
|
||||
the channel that don't actually exist. This is similar to _Discord webhooks
|
||||
(that Matterbridge also supports) and Matrix Discord bridge_.
|
||||
- Common complaint from _Matrix_ users is that they look ugly, but as shown
|
||||
by _IRC and Discord_, that doesn't have to be the case
|
||||
- Common complaint from _Matrix_ users is that they look ugly, but as shown by
|
||||
_IRC and Discord_, that doesn't have to be the case
|
||||
_[and I hope Matrix will fix their issue allowing low-budget "toasterbridges"](https://github.com/matrix-org/matrix-spec/issues/840)_.
|
||||
- _Bridges are popularised by Matrix_ and _are almost XMPP transports_. However
|
||||
while _XMPP transports connect to the other protocol, bridges attempt to
|
||||
copy everything on both sides_ so _Matrix users_ see each other directly instead
|
||||
of through the _transport_ on the other side and on the other side of _open protocols_
|
||||
_Matrix users_ can be interacted with as if they were native to it.
|
||||
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full homeserver
|
||||
setup._ The _IRC bridge also generally requires blessing from the IRC network_
|
||||
and while some public bridges exist, they _move the control away from you_
|
||||
hijacking the room to _their rules_ and often have _performance trouble
|
||||
compared to "local toaster matterbridge"._
|
||||
while _XMPP transports connect to the other protocol, bridges attempt to copy
|
||||
everything on both sides_ so _Matrix users_ see each other directly instead of
|
||||
through the _transport_ on the other side and on the other side of _open
|
||||
protocols_ _Matrix users_ can be interacted with as if they were native to it.
|
||||
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full
|
||||
homeserver setup._ The _IRC bridge also generally requires blessing from the
|
||||
IRC network_ and while some public bridges exist, they _move the control
|
||||
away from you_ hijacking the room to _their rules_ and often have
|
||||
_performance trouble compared to "local toaster matterbridge"._
|
||||
|
@ -3,7 +3,9 @@ layout: page
|
||||
title: The IRC bot Euforia
|
||||
permalink: /irc/bot.html
|
||||
sitemap: true
|
||||
excerpt: "A little about my IRC bot. Useful links, why it doesn't reply to me, how to make it recognize me, what does it actually do?"
|
||||
excerpt:
|
||||
"A little about my IRC bot. Useful links, why it doesn't reply to me, how to
|
||||
make it recognize me, what does it actually do?"
|
||||
redirect_from: /bot.html
|
||||
published: false
|
||||
---
|
||||
@ -17,14 +19,13 @@ _Please read also [rules of my channels.](https://mikaela.info/channel.html)_
|
||||
|
||||
## Limnoria
|
||||
|
||||
My bot is [Limnoria] which is currently the most popular [Supybot] fork
|
||||
that is still under active development and it has merged in features of
|
||||
another popular fork, [Gribble].
|
||||
My bot is [Limnoria] which is currently the most popular [Supybot] fork that is
|
||||
still under active development and it has merged in features of another popular
|
||||
fork, [Gribble].
|
||||
|
||||
My role with [Limnoria] was Finnish translator and IRC support and I also
|
||||
made minor changes to make some default configuration variables more
|
||||
reasonable. Most of [documentation] since [Supybot] and before my leaving
|
||||
is also written by me.
|
||||
My role with [Limnoria] was Finnish translator and IRC support and I also made
|
||||
minor changes to make some default configuration variables more reasonable. Most
|
||||
of [documentation] since [Supybot] and before my leaving is also written by me.
|
||||
|
||||
[supybot]: https://github.com/Supybot/Supybot
|
||||
[limnoria]: https://github.com/ProgVal/Limnoria
|
||||
@ -35,8 +36,8 @@ is also written by me.
|
||||
|
||||
### Addressing the bot
|
||||
|
||||
The following table opens where the bot will reply to in channel. In PM
|
||||
the bot replies to everything _(without prefix)_.
|
||||
The following table opens where the bot will reply to in channel. In PM the bot
|
||||
replies to everything _(without prefix)_.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
@ -73,8 +74,8 @@ the bot replies to everything _(without prefix)_.
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
For checking the channel specific prefixes, refer to the following
|
||||
commands. They can be used in channel (if you know the prefix) or PM.
|
||||
For checking the channel specific prefixes, refer to the following commands.
|
||||
They can be used in channel (if you know the prefix) or PM.
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
@ -99,28 +100,27 @@ commands. They can be used in channel (if you know the prefix) or PM.
|
||||
### Quick start
|
||||
|
||||
Use `list` command to get list of plugins, `list <plugin>` to get list of
|
||||
commands in plugin, `help <plugin> <command>` to get usage instructions
|
||||
for \<command\> in \<plugin\>.
|
||||
commands in plugin, `help <plugin> <command>` to get usage instructions for
|
||||
\<command\> in \<plugin\>.
|
||||
|
||||
If the bot tells you `(X more messages)`, use the `more` command to see
|
||||
more output.
|
||||
If the bot tells you `(X more messages)`, use the `more` command to see more
|
||||
output.
|
||||
|
||||
There are also default plugins which means that when you use only
|
||||
`<command>` the command is automatically understood as `<plugin> <command>`
|
||||
for example `tell` is configured to be `later tell` which tells text
|
||||
to nick next time it's seen. If `command` exists only in one plugin,
|
||||
it's gets turned to `<plugin> <command>` automatically.
|
||||
There are also default plugins which means that when you use only `<command>`
|
||||
the command is automatically understood as `<plugin> <command>` for example
|
||||
`tell` is configured to be `later tell` which tells text to nick next time it's
|
||||
seen. If `command` exists only in one plugin, it's gets turned to
|
||||
`<plugin> <command>` automatically.
|
||||
|
||||
In case command exists in multiple plugins, the bot will tell you that
|
||||
the command exists in multiple plugins and asks you to specify the plugin
|
||||
before it.
|
||||
In case command exists in multiple plugins, the bot will tell you that the
|
||||
command exists in multiple plugins and asks you to specify the plugin before it.
|
||||
|
||||
## Users
|
||||
|
||||
The bot doesn't allow anyone to register and I will register channel ops
|
||||
manually on the channels the bot is on. Users are primarily identified by
|
||||
NickServ account, but on networks where there are no services it's required
|
||||
to use hostmasks.
|
||||
NickServ account, but on networks where there are no services it's required to
|
||||
use hostmasks.
|
||||
|
||||
Requirements for getting account:
|
||||
|
||||
@ -131,59 +131,60 @@ Requirements for getting account:
|
||||
|
||||
### Identifying
|
||||
|
||||
_All users have a password in the bot, but I have made them invalid (by
|
||||
adding `!` in front of the hash in users.conf). If you have password set
|
||||
separately as said below, it will work._
|
||||
_All users have a password in the bot, but I have made them invalid (by adding
|
||||
`!` in front of the hash in users.conf). If you have password set separately as
|
||||
said below, it will work._
|
||||
|
||||
- If you have a password, `/msg <bot> user identify username password`
|
||||
- Passwords can be asked from me if needed. After getting one, change
|
||||
it immediately with
|
||||
`/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
|
||||
- Passwords can be asked from me if needed. After getting one, change it
|
||||
immediately with `/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
|
||||
- If you use NickServ account:
|
||||
- Use the `auth` command.
|
||||
- `/cycle` so extended-join sends your account name to the bot.
|
||||
- `/kick <bot>` so the bot will automatically rejoin and send whox
|
||||
requests to the channel receiving your NickServ account.
|
||||
- `/kick <bot>` so the bot will automatically rejoin and send whox requests to
|
||||
the channel receiving your NickServ account.
|
||||
- [Other methods / Official documentation](https://limnoria-doc.readthedocs.org/en/latest/use/getting_started.html#making-supybot-recognize-you)
|
||||
|
||||
## Channels
|
||||
|
||||
List of the channels where the bot is on can be seen with /whois. However
|
||||
this list doesn't include secret/private channels (mode +s/+p).
|
||||
List of the channels where the bot is on can be seen with /whois. However this
|
||||
list doesn't include secret/private channels (mode +s/+p).
|
||||
|
||||
The bot can also be requested to join other channels, but I reserve the
|
||||
right to not join it anywhere or to not register specific channel ops
|
||||
to the bot.
|
||||
The bot can also be requested to join other channels, but I reserve the right to
|
||||
not join it anywhere or to not register specific channel ops to the bot.
|
||||
|
||||
## What does the bot do?
|
||||
|
||||
Currently the bot is primarily spamming my channels with new items in some
|
||||
RSS feeds. You can find list of the feeds added to the bot at
|
||||
Currently the bot is primarily spamming my channels with new items in some RSS
|
||||
feeds. You can find list of the feeds added to the bot at
|
||||
[the web documentation for RSS plugin](https://bot.mikaela.info/plugindoc/RSS/),
|
||||
but listing the feeds automatically announced on the channel isn't
|
||||
possible [yet](https://github.com/ProgVal/Limnoria/issues/1085).
|
||||
but listing the feeds automatically announced on the channel isn't possible
|
||||
[yet](https://github.com/ProgVal/Limnoria/issues/1085).
|
||||
|
||||
It's also protecting channels from spam using the [AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
|
||||
It's also protecting channels from spam using the
|
||||
[AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
|
||||
|
||||
The bot also has `ops` command for getting op attention, but it requires
|
||||
correct prefix to be used.
|
||||
The bot also has `ops` command for getting op attention, but it requires correct
|
||||
prefix to be used.
|
||||
|
||||
## Issues you may encounter
|
||||
|
||||
For all known issues, see the issue tracker link below relevant subtopic
|
||||
as this section only lists those that you are likely to see or that others
|
||||
have asked about from me.
|
||||
For all known issues, see the issue tracker link below relevant subtopic as this
|
||||
section only lists those that you are likely to see or that others have asked
|
||||
about from me.
|
||||
|
||||
I am trying to run [the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
|
||||
I am trying to run
|
||||
[the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
|
||||
|
||||
External plugins are updated whenever I see need for it, but at least when
|
||||
I upgrade Limnoria.
|
||||
External plugins are updated whenever I see need for it, but at least when I
|
||||
upgrade Limnoria.
|
||||
|
||||
### Limnoria issues
|
||||
|
||||
- Issue tracker: https://github.com/ProgVal/Limnoria/issues
|
||||
|
||||
_Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
|
||||
_Includes Limnoria core and
|
||||
[included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
|
||||
|
||||
- [Title is only told for the first link in a message](https://github.com/ProgVal/Limnoria/issues/152)
|
||||
- [Some commands using hostmasks behave weirdly](https://github.com/ProgVal/Limnoria/issues/281)
|
||||
@ -195,11 +196,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
|
||||
- [Meta descriptions for links aren't told](https://github.com/ProgVal/Limnoria/issues/650)
|
||||
- these could be useful with news sites.
|
||||
- [DNS command doesn't mention CNAMEs/ALIASes](https://github.com/ProgVal/Limnoria/issues/864)
|
||||
- Internet whois is quite broken [1](https://github.com/ProgVal/Limnoria/issues/993) [2](https://github.com/ProgVal/Limnoria/issues/994)
|
||||
- Internet whois is quite broken
|
||||
[1](https://github.com/ProgVal/Limnoria/issues/993)
|
||||
[2](https://github.com/ProgVal/Limnoria/issues/994)
|
||||
- [RSS: no announced feeds in web interface](https://github.com/ProgVal/Limnoria/issues/1085)
|
||||
- [html/javascript redirects aren't followed](https://github.com/ProgVal/Limnoria/issues/1120)
|
||||
- you will especially see this if you encounter links to my
|
||||
"URL shortener"
|
||||
- you will especially see this if you encounter links to my "URL shortener"
|
||||
- [Google says: Error invalid resultSize](https://github.com/ProgVal/Limnoria/issues/1163)
|
||||
- [Web title & titlesnarfer are broken](https://github.com/ProgVal/Limnoria/issues/1173)
|
||||
|
||||
@ -207,11 +209,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
|
||||
|
||||
- Issue tracker: https://github.com/ProgVal/Supybot-plugins/issues
|
||||
|
||||
_Includes plugins from @ProgVal's/pinkieval's [plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
|
||||
_Includes plugins from @ProgVal's/pinkieval's
|
||||
[plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
|
||||
|
||||
- LinkRelay
|
||||
- [Doesn't sync topics between relayed channels](https://github.com/ProgVal/Supybot-plugins/issues/31)
|
||||
- [Status of user in the channel isn't shown](https://github.com/ProgVal/Supybot-plugins/issues/60)
|
||||
- [What the bot says isn't relayed.](https://github.com/ProgVal/Supybot-plugins/issues/288)
|
||||
- **This is currently the most visible issue on channels where
|
||||
LinkRelay is used.**
|
||||
- **This is currently the most visible issue on channels where LinkRelay is
|
||||
used.**
|
||||
|
@ -3,7 +3,9 @@ layout: page
|
||||
title: IRC-kanavien ja muiden sellaisten säännöt
|
||||
permalink: /irc/channel.fi.html
|
||||
sitemap: true
|
||||
excerpt: "IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää, ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
|
||||
excerpt:
|
||||
"IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää,
|
||||
ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
|
||||
redirect_from:
|
||||
- /kanava.html
|
||||
- /channel.fi.html
|
||||
@ -12,10 +14,11 @@ published: false
|
||||
|
||||
**[In English](channel.html)**
|
||||
|
||||
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt
|
||||
koskettavat pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole
|
||||
kovin hyvä paikka, koska monet asiakasohjelmat piilottavat sen jonnekin
|
||||
(joka tosin tapahtuu kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
|
||||
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt koskettavat
|
||||
pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti
|
||||
lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole kovin hyvä paikka,
|
||||
koska monet asiakasohjelmat piilottavat sen jonnekin (joka tosin tapahtuu
|
||||
kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
|
||||
|
||||
_[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
|
||||
|
||||
@ -24,35 +27,37 @@ _[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
|
||||
- Vahdi kielenkäyttöäsi, älä kiroile tai hauku.
|
||||
- Ellet (englantia puhuessa) ole varma mitä pronominejä käyttää, käytä
|
||||
[singular theytä)](https://en.wikipedia.org/wiki/Singular_they)
|
||||
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille,
|
||||
lisäämällä niiden eteen `[NSFW]` tai jotakin vastaavaa.
|
||||
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä
|
||||
kysymättä ensin.
|
||||
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää
|
||||
sinulle yksityisviestejä, mikäli sitä vaaditaan mahdollisen
|
||||
ongelman ratkaisuun rauhallisesti._
|
||||
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille, lisäämällä
|
||||
niiden eteen `[NSFW]` tai jotakin vastaavaa.
|
||||
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä kysymättä
|
||||
ensin.
|
||||
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää sinulle
|
||||
yksityisviestejä, mikäli sitä vaaditaan mahdollisen ongelman ratkaisuun
|
||||
rauhallisesti._
|
||||
- Älä julkaise kanavan lokeja.
|
||||
- Älä tuo kanavalle botteja kysymättä ensin opeilta.
|
||||
|
||||
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja),
|
||||
jos näet heidän rikkovan näitä sääntöjä, sano se._
|
||||
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja), jos
|
||||
näet heidän rikkovan näitä sääntöjä, sano se._
|
||||
|
||||
- Mikäli tarvitset apua kanava-operaattorilta...
|
||||
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat
|
||||
estää kaikki yksityisviestit.
|
||||
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat estää
|
||||
kaikki yksityisviestit.
|
||||
- jos verkko tukee sitä ja sinulla on oikeat liput (voice?),
|
||||
`/msg memoserv sendops #kanava <ongelma tähän>`
|
||||
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti
|
||||
käsittelee sen, mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
|
||||
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti käsittelee sen,
|
||||
mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
|
||||
- ellei kanav-operattoreita ole paikalla, yritä otaa yhteyttä
|
||||
verkko-operaattoreihin, heillä pitäisi olla liput auttamista varten.
|
||||
|
||||
Lisälukemista:
|
||||
|
||||
- [Pidä opit oppeina (englanniksi)]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||
- [Kaikkien yksityisviestien estäminen oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
|
||||
- [Kaikkien yksityisviestien estäminen
|
||||
oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
|
||||
|
||||
Muutosloki ([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
|
||||
Muutosloki
|
||||
([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
|
||||
|
||||
- 2015-06-28: lisää yleistystä ja selvennetty yksityisviestejä (rajojen
|
||||
kunnioittamisessa)
|
||||
|
@ -3,7 +3,9 @@ layout: page
|
||||
title: Rules of my IRC channels and others like that
|
||||
permalink: /irc/channel.html
|
||||
sitemap: true
|
||||
excerpt: "Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination, no public logging, don't bring bots without permission. Thanks ♥"
|
||||
excerpt:
|
||||
"Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination,
|
||||
no public logging, don't bring bots without permission. Thanks ♥"
|
||||
redirect_from:
|
||||
- /channel.html
|
||||
- /channel.en.html
|
||||
@ -13,51 +15,52 @@ published: false
|
||||
|
||||
**[Suomeksi](channel.fi.html)**
|
||||
|
||||
Rules of channel X in network Y.<br/>The channels which use these rules
|
||||
should link to this page in ENTRYMSG (or other automatic msg by bot) or
|
||||
topic. Channel URL is not so good as many clients hide it somewhere (which
|
||||
actually happens with everything else than topic)
|
||||
Rules of channel X in network Y.<br/>The channels which use these rules should
|
||||
link to this page in ENTRYMSG (or other automatic msg by bot) or topic. Channel
|
||||
URL is not so good as many clients hide it somewhere (which actually happens
|
||||
with everything else than topic)
|
||||
|
||||
_[More about my bot (which might or might not be on this channel) here.](bot.html)_
|
||||
|
||||
- **Use common sense.**
|
||||
- Be nice, no discrimination
|
||||
- Mind your language, not everyone is e.g. your brother ("bro"), don't
|
||||
swear or use slurs.
|
||||
- In case you aren't sure which pronouns to use about someone else,
|
||||
please use [singular they](https://en.wikipedia.org/wiki/Singular_they)
|
||||
- Clearly tell when links aren't safe for everyone by prefixing them
|
||||
with `[NSFW]` or similar.
|
||||
- Mind your language, not everyone is e.g. your brother ("bro"), don't swear
|
||||
or use slurs.
|
||||
- In case you aren't sure which pronouns to use about someone else, please use
|
||||
[singular they](https://en.wikipedia.org/wiki/Singular_they)
|
||||
- Clearly tell when links aren't safe for everyone by prefixing them with
|
||||
`[NSFW]` or similar.
|
||||
- Respect boundaries, don't PM people without asking first.
|
||||
- _You may PM ops or ops may PM you if it's required for solving
|
||||
potential channel issue peacefully._
|
||||
- _You may PM ops or ops may PM you if it's required for solving potential
|
||||
channel issue peacefully._
|
||||
- Don't log the channel publicly.
|
||||
- Don't bring bots to the channel without asking ops first.
|
||||
|
||||
_These rules also affect (h)ops (and higher), if you see them breaking
|
||||
these rules, please do say it._
|
||||
_These rules also affect (h)ops (and higher), if you see them breaking these
|
||||
rules, please do say it._
|
||||
|
||||
- If you need help from channel op...
|
||||
- ping or PM them (but keep in mind they might be blocking all PMs)
|
||||
- if the network supports it and you have correct flags (voice?),
|
||||
`/msg memoserv sendops #channel <the issue>`
|
||||
- `!ops` might work if the ops are highlighting on it or there is bot
|
||||
handling it, but it's not as recommended as the other ways.
|
||||
- if there are no ops present, try contacting the network operators,
|
||||
they should have flags to help.
|
||||
- `!ops` might work if the ops are highlighting on it or there is bot handling
|
||||
it, but it's not as recommended as the other ways.
|
||||
- if there are no ops present, try contacting the network operators, they
|
||||
should have flags to help.
|
||||
|
||||
Furher reading:
|
||||
|
||||
- [Keep your ops opped!]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||
- [Blocking all PMs by default]({% post_url blog/2015-04-02-umodeg %})
|
||||
|
||||
Changelog ([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
|
||||
Changelog
|
||||
([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
|
||||
|
||||
- 2015-06-28: more generalization & clarifying on PMing (on respecting
|
||||
boundaries)
|
||||
- 2015-05-07: make getting help from ops a little more clear
|
||||
- 2015-05-03: add TL;DR to meta description & remove weird feeling line &
|
||||
fix language & Finnish translation
|
||||
- 2015-05-03: add TL;DR to meta description & remove weird feeling line & fix
|
||||
language & Finnish translation
|
||||
- 2015-05-02: no \*isms --> no discrimination & cleaning
|
||||
- 2015-04-26: typo fixes, cleaning up
|
||||
- 2015-04-14: Initial version
|
||||
|
@ -3,23 +3,25 @@ layout: page
|
||||
title: IRC
|
||||
navigation: true
|
||||
permalink: /irc/
|
||||
excerpt: "Where do you find me at IRC and verify that it's me. Also includes my IRC related posts that are hopefully helpful."
|
||||
excerpt:
|
||||
"Where do you find me at IRC and verify that it's me. Also includes my IRC
|
||||
related posts that are hopefully helpful."
|
||||
robots: noai
|
||||
---
|
||||
|
||||
IRC has been a big part of my life, I discovered it during junior high school
|
||||
and have several friends and communities there. This is also shown by
|
||||
the amount of blog posts, I have below.
|
||||
and have several friends and communities there. This is also shown by the amount
|
||||
of blog posts, I have below.
|
||||
|
||||
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info) ([webchat](https://irc.etro.mikaela.info/))
|
||||
and oper on a couple of other networks too. For a list of my registered IRCaccounts
|
||||
in general, please see [txt/irc.txt](/txt/irc.txt)
|
||||
and [my discuss page](/discuss) for registered channels outside of IRC@Etro.
|
||||
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info)
|
||||
([webchat](https://irc.etro.mikaela.info/)) and oper on a couple of other
|
||||
networks too. For a list of my registered IRCaccounts in general, please see
|
||||
[txt/irc.txt](/txt/irc.txt) and [my discuss page](/discuss) for registered
|
||||
channels outside of IRC@Etro.
|
||||
|
||||
### IRC-related posts
|
||||
|
||||
_Note that this section is manually updated and might be missing some
|
||||
links._
|
||||
_Note that this section is manually updated and might be missing some links._
|
||||
|
||||
- General
|
||||
- [Getting help from network operators when channel ops are away]({% post_url blog/2015-01-24-getting_help_with_channel_issues %})
|
||||
@ -27,10 +29,14 @@ links._
|
||||
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||
- [IRC over TLS is not pointless.]({% post_url blog/2015-04-22-IRC-over-TLS %})
|
||||
- [Forming irc:// or ircs:// links]({% post_url blog/2015-05-18-ircs_links %})
|
||||
- [Making channel secret or private]({% post_url blog/2015-06-08-private_secret_channels %})
|
||||
- [Atheme quickstart: NickServ, HostServ, ChanServ & GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
|
||||
- [Making channel secret
|
||||
or private]({% post_url blog/2015-06-08-private_secret_channels %})
|
||||
- [Atheme quickstart: NickServ, HostServ, ChanServ
|
||||
& GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
|
||||
- Oper
|
||||
- [Channels & Hostmask groups: A Basic howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||
- [Channels & Hostmask groups: A
|
||||
Basic
|
||||
howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||
- WeeChat
|
||||
- [Easy instructions for using SASL PLAIN]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
||||
- [Ignoring with /filter]({% post_url blog/2015-05-31-weechat-filter %})
|
||||
|
@ -10,8 +10,8 @@ published: false
|
||||
|
||||
## ZNC
|
||||
|
||||
Vardiera is hosting stable ZNC (latest git tag) where people I trust can
|
||||
get accounts.
|
||||
Vardiera is hosting stable ZNC (latest git tag) where people I trust can get
|
||||
accounts.
|
||||
|
||||
### Simple rules
|
||||
|
||||
@ -21,33 +21,34 @@ get accounts.
|
||||
- accounts can be removed at any time.
|
||||
- it can crash any time without me being there to fix it.
|
||||
- it can be restarted any time to install upgrades.
|
||||
- No logging unless you load the log module by yourself (log access
|
||||
requires shell access which I don't give!)
|
||||
- No logging unless you load the log module by yourself (log access requires
|
||||
shell access which I don't give!)
|
||||
- If you use the [SASL](http://wiki.znc.in/sasl) or
|
||||
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored
|
||||
in plain text.
|
||||
- I won't ever read it there, but I think it should be mentioned. Don't
|
||||
use server password unless you have to as that password is thrown
|
||||
to my eyes in ZNC startup messages.
|
||||
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored in
|
||||
plain text.
|
||||
- I won't ever read it there, but I think it should be mentioned. Don't use
|
||||
server password unless you have to as that password is thrown to my eyes in
|
||||
ZNC startup messages.
|
||||
- In case more networks are needed, contact me.
|
||||
|
||||
### Tips & tricks
|
||||
|
||||
1. Read the [ZNC wiki], at least [FAQ].
|
||||
2. **Load savebuff** so your buffers aren't lost on restart/crash/etc.
|
||||
- **Don't specify a password or I am going to be angry and you are
|
||||
going to lose your account!**
|
||||
3. If your network has NickServ, [load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
|
||||
- **Don't specify a password or I am going to be angry and you are going to
|
||||
lose your account!**
|
||||
3. If your network has NickServ,
|
||||
[load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
|
||||
|
||||
[znc wiki]: http://wiki.znc.in/
|
||||
[faq]: http://wiki.znc.in/FAQ
|
||||
|
||||
#### Accessing webadmin
|
||||
|
||||
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid
|
||||
fingerprints are listed below)
|
||||
- https://znc.mikaela.info/ (CloudFlare, https only between you and
|
||||
CloudFlare (aka not recommended or use only if you have to))
|
||||
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid fingerprints
|
||||
are listed below)
|
||||
- https://znc.mikaela.info/ (CloudFlare, https only between you and CloudFlare
|
||||
(aka not recommended or use only if you have to))
|
||||
|
||||
### Certificate fingerprints
|
||||
|
||||
@ -71,9 +72,9 @@ SHA512 Fingerprint=FF:B3:D6:8B:EB:2E:2B:96:10:C0:7C:F0:7A:17:28:8F:77:14:73:FC:6
|
||||
|
||||
_If you forget -ssl, `/set irc.server.WHATEVER.ssl on`_
|
||||
|
||||
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want
|
||||
to read at least the _Enabling server-time & other IRCv3 capabilities_ to
|
||||
make your experience smoother.
|
||||
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want to
|
||||
read at least the _Enabling server-time & other IRCv3 capabilities_ to make your
|
||||
experience smoother.
|
||||
|
||||
### Webchat
|
||||
|
||||
|
@ -10,6 +10,8 @@ redirect_from:
|
||||
- /pgp.html
|
||||
- /wire.html
|
||||
redirect_to: /keys.txt
|
||||
excerpt: "My public key fingerprints (that I think can be put here, if I am missing something, tell me) for secure communication with me."
|
||||
excerpt:
|
||||
"My public key fingerprints (that I think can be put here, if I am missing
|
||||
something, tell me) for secure communication with me."
|
||||
lang: en
|
||||
---
|
||||
|
@ -7,9 +7,9 @@ sitemap: false
|
||||
lang: en
|
||||
---
|
||||
|
||||
_This page has some kind of link list on minorities which mostly somehow
|
||||
affect me and is probably always under construction. The order is somewhat
|
||||
random and [improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
|
||||
_This page has some kind of link list on minorities which mostly somehow affect
|
||||
me and is probably always under construction. The order is somewhat random and
|
||||
[improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
|
||||
|
||||
_This page is also in need of attention._
|
||||
|
||||
@ -47,13 +47,13 @@ _This page is also in need of attention._
|
||||
- I think there are a lot better pages telling this than this one.
|
||||
- [Review article provides evidence on the biological nature of gender identity](http://medicalxpress.com/news/2015-02-article-evidence-biological-nature-gender.html)
|
||||
- [Sex redefined](http://www.nature.com/news/sex-redefined-1.16943?WT.mc_id=FBK_NatureNews)
|
||||
- _So if the law requires that a person is male or female, should that
|
||||
sex be assigned by anatomy, hormones, cells or chromosomes, and what
|
||||
should be done if they clash? “My feeling is that since there is not
|
||||
one biological parameter that takes over every other parameter, at
|
||||
the end of the day, gender identity seems to be the most reasonable
|
||||
parameter,” says Vilain. In other words, if you want to know whether
|
||||
someone is male or female, it may be best just to ask._
|
||||
- _So if the law requires that a person is male or female, should that sex be
|
||||
assigned by anatomy, hormones, cells or chromosomes, and what should be done
|
||||
if they clash? “My feeling is that since there is not one biological
|
||||
parameter that takes over every other parameter, at the end of the day,
|
||||
gender identity seems to be the most reasonable parameter,” says Vilain. In
|
||||
other words, if you want to know whether someone is male or female, it may
|
||||
be best just to ask._
|
||||
- [Gender identity is biological study says](https://gma.yahoo.com/gender-identity-biological-study-says-090824140--abc-news-health.html)
|
||||
- [Stop Using Phony Science to Justify Transphobia - Scientific American Blog Network](https://blogs.scientificamerican.com/voices/stop-using-phony-science-to-justify-transphobia/)
|
||||
|
||||
|
@ -11,11 +11,12 @@ robots: noai
|
||||
---
|
||||
|
||||
Just like [IRC](/irc/), _Matrix_ has became a part of my social life online. My
|
||||
room can be found from [my discuss page](/discuss) alongside
|
||||
some protocol comparison and my main accounts are in [index](/).
|
||||
room can be found from [my discuss page](/discuss) alongside some protocol
|
||||
comparison and my main accounts are in [index](/).
|
||||
|
||||
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which [has SSH signature](/txt/matrix.txt.sig).
|
||||
Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
|
||||
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which
|
||||
[has SSH signature](/txt/matrix.txt.sig). Some of my accounts are also on my
|
||||
[Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
|
||||
|
||||
[Questions and Answers about Matrix](#questions--answers)
|
||||
|
||||
@ -23,12 +24,14 @@ Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/a
|
||||
|
||||
## Matrix-related posts
|
||||
|
||||
_Note that this section is manually updated and might be missing some
|
||||
links._
|
||||
_Note that this section is manually updated and might be missing some links._
|
||||
|
||||
- Critique
|
||||
- [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %})
|
||||
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely on security through obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
|
||||
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely
|
||||
on security
|
||||
through
|
||||
obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
|
||||
- [A couple of words on protocols (on the Discuss page)](/discuss.html#a-couple-of-words-on-protocols)
|
||||
|
||||
## Questions & Answers
|
||||
@ -80,10 +83,14 @@ links._
|
||||
|
||||
### Where else can I read about Matrix?
|
||||
|
||||
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to contribute to.
|
||||
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to
|
||||
contribute to.
|
||||
- [Matrix.org](https://matrix.org/) is the official website.
|
||||
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix), they predate Miki and I hope to sort more relevant or historical parts there.
|
||||
- PPFI also has [a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix), ([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
|
||||
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix),
|
||||
they predate Miki and I hope to sort more relevant or historical parts there.
|
||||
- PPFI also has
|
||||
[a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix),
|
||||
([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
|
||||
<!-- and [PPFI wiki page has an article](https://wiki.piraattipuolue.fi/Matrix) ([waybackmachine](https://web.archive.org/web/20230000000000*/https://wiki.piraattipuolue.fi/Matrix)).-->
|
||||
_Note that they are in Finnish_.
|
||||
- This site has random assortment of Matrix details around.
|
||||
@ -91,22 +98,25 @@ links._
|
||||
- [n/matrixspoilers](/n/matrixspoilers.html) has a quick note on spoilers.
|
||||
- [the-apothecary.club has a Matrix Tips & Tricks page](https://the-apothecary.club/coc/matrix-tricks/)
|
||||
- At the time of writing also on using spoilers and custom emotes/stickers.
|
||||
- Cos has written [Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you) containing a FAQ, hints and guides.
|
||||
- Cos has written
|
||||
[Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you)
|
||||
containing a FAQ, hints and guides.
|
||||
|
||||
### Is there any kind of Matrix etiquette I should know about?
|
||||
|
||||
Not particularly, you will find the same kind of social expectations like
|
||||
anywhere else, such as at IRC or Telegram. Here are some guidelines:
|
||||
|
||||
- Ask for a permission in room before starting a private/direct message/discussion with someone.
|
||||
- There is commonly an exception when you are contacting a moderator of about an issue in
|
||||
the chat and wish to avoid getting attention on yourself.
|
||||
- Ask for a permission in room before starting a private/direct
|
||||
message/discussion with someone.
|
||||
- There is commonly an exception when you are contacting a moderator of about
|
||||
an issue in the chat and wish to avoid getting attention on yourself.
|
||||
- When you eventually do message someone, state your business, without leaving
|
||||
your first message to a greeting. For more information about this, refer to
|
||||
[nohello.net](https://nohello.net/).
|
||||
- When creating a new room, avoid advertising it in existing rooms. The
|
||||
first guideline also applies, refrain from inviting random people from
|
||||
other rooms without their permission.
|
||||
- When creating a new room, avoid advertising it in existing rooms. The first
|
||||
guideline also applies, refrain from inviting random people from other rooms
|
||||
without their permission.
|
||||
- If you do perform mass inviting of strangers, you will be considered as a
|
||||
spammer and most likely end up on shared banlists resulting a significant
|
||||
portition of Matrix communities instantly banning you even if you never
|
||||
@ -133,90 +143,124 @@ profiles.
|
||||
|
||||
### How do you do custom not-emoji reactions?
|
||||
|
||||
As long as your client isn't by Element HQ ([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
|
||||
As long as your client isn't by Element HQ
|
||||
([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
|
||||
[matrix-org/matrix-react-sdk#6628](https://github.com/matrix-org/matrix-react-sdk/pull/6628#issuecomment-1598708914)),
|
||||
there are a couple of methods to try:
|
||||
|
||||
- Reply to the message you wish to react to with `/react something`. This will
|
||||
commonly add a reaction `something` to the message.
|
||||
- This works at least within [FluffyChat](https://fluffychat.im), [Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages) and [Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
|
||||
- This works at least within [FluffyChat](https://fluffychat.im),
|
||||
[Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages)
|
||||
and
|
||||
[Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
|
||||
- Hold the message and look at the emoji bar. There may be a `…` allowing for
|
||||
free-form reactions.
|
||||
- This works at least within [Hydrogen](https://github.com/element-hq/hydrogen-web/).
|
||||
- Does the emoji bar have search? Some allow entering arbitary reactions
|
||||
through it offering a `react` button or `react with <your query>` option.
|
||||
- This works at least within [Cinny](https://cinny.in) and [SchildiChat](https://schildi.chat).
|
||||
- This works at least within
|
||||
[Hydrogen](https://github.com/element-hq/hydrogen-web/).
|
||||
- Does the emoji bar have search? Some allow entering arbitary reactions through
|
||||
it offering a `react` button or `react with <your query>` option.
|
||||
- This works at least within [Cinny](https://cinny.in) and
|
||||
[SchildiChat](https://schildi.chat).
|
||||
|
||||
Please note that your **_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_** even in encrypted
|
||||
rooms. See also my blog post, [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
|
||||
Please note that your
|
||||
**_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_**
|
||||
even in encrypted rooms. See also my blog post, [Inconsistency issues of
|
||||
Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
|
||||
|
||||
### What are ghost and puppets?
|
||||
|
||||
They are related to bridging Matrix with other protocols.
|
||||
|
||||
- A ghost is a virtual user account created by a bridge service to represent a user from another protocol (controlled by the actions of that user). They appear when an entire room is bridged. Some protocols like Discord or Slack have no native support for ghosts but can approximate them by changing the display name and avatar of the messages sent by the bridge.
|
||||
- A puppet is a real user account controlled by a bridge service (based on their actions on another protocol). They may arise from personal bridging but also from room-level bridging when the target protocol does not support ghosts (such as IRC). Unlike a ghost, it's possible to log in to a puppet account using a normal client application so it's impossible to tell at a glance if the controller is a human or a bridge service (however message contents may provide hints).
|
||||
- Double puppeting is when a user bridges their real accounts from two protocols so their actions on either side are mirrored on the other.
|
||||
- A ghost is a virtual user account created by a bridge service to represent a
|
||||
user from another protocol (controlled by the actions of that user). They
|
||||
appear when an entire room is bridged. Some protocols like Discord or Slack
|
||||
have no native support for ghosts but can approximate them by changing the
|
||||
display name and avatar of the messages sent by the bridge.
|
||||
- A puppet is a real user account controlled by a bridge service (based on their
|
||||
actions on another protocol). They may arise from personal bridging but also
|
||||
from room-level bridging when the target protocol does not support ghosts
|
||||
(such as IRC). Unlike a ghost, it's possible to log in to a puppet account
|
||||
using a normal client application so it's impossible to tell at a glance if
|
||||
the controller is a human or a bridge service (however message contents may
|
||||
provide hints).
|
||||
- Double puppeting is when a user bridges their real accounts from two protocols
|
||||
so their actions on either side are mirrored on the other.
|
||||
|
||||
### What does the public history visibility mean? I don't want to appear in search engines
|
||||
|
||||
The public/world-readable history visibility option means exactly what it says,
|
||||
public even without joining the room. These rooms are accessible to tools
|
||||
such as [Matrix Static](https://view.matrix.org/) and its successor [Matrix Viewer](https://github.com/matrix-org/matrix-viewer)
|
||||
and thus their history is visible in search engines.
|
||||
public even without joining the room. These rooms are accessible to tools such
|
||||
as [Matrix Static](https://view.matrix.org/) and its successor
|
||||
[Matrix Viewer](https://github.com/matrix-org/matrix-viewer) and thus their
|
||||
history is visible in search engines.
|
||||
|
||||
Note that as the option name hints, the history visibility option will not
|
||||
apply to previous messages. Thus if you first make room public and then
|
||||
restrict it to members only the messages between these two changes are public
|
||||
and new users will see them. Same if messages are visible to members and
|
||||
then restricted further.
|
||||
Note that as the option name hints, the history visibility option will not apply
|
||||
to previous messages. Thus if you first make room public and then restrict it to
|
||||
members only the messages between these two changes are public and new users
|
||||
will see them. Same if messages are visible to members and then restricted
|
||||
further.
|
||||
|
||||
Another thing worth noting here is that encryption will not prevent new users
|
||||
from reading the future messages, Matrix will share keys to new joiners to
|
||||
some extent. For more information refer to [Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1)
|
||||
and related issues.
|
||||
from reading the future messages, Matrix will share keys to new joiners to some
|
||||
extent. For more information refer to
|
||||
[Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1) and
|
||||
related issues.
|
||||
|
||||
### Can I see who is in any specific room without being there?
|
||||
|
||||
It depends.
|
||||
|
||||
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g. for Matrix HQ ~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
|
||||
or~~ [matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org) ([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc))
|
||||
or [view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
|
||||
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g.
|
||||
for Matrix HQ
|
||||
~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
|
||||
or~~
|
||||
[matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org)
|
||||
([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc)) or
|
||||
[view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
|
||||
omitting the leading `#`.
|
||||
|
||||
_Until 2023-06-27 [Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
|
||||
so some outdated or intentionally misbehaving archive instances may still reveal information.
|
||||
_Until 2023-06-27
|
||||
[Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
|
||||
so some outdated or intentionally misbehaving archive instances may still reveal
|
||||
information.
|
||||
[Method to opt-out is still not in sight.](https://github.com/matrix-org/matrix-viewer/issues/47)_
|
||||
|
||||
Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org): [https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org), you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires `matrix.org` to be in the room and aware of the alias.
|
||||
Alternatively if the room in question has an alias, you can try poking the room
|
||||
directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org):
|
||||
[https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org),
|
||||
you get the room ID and list of homeservers in it and if you see a single user
|
||||
(or otherwise not so popular homeserver), you can make educated guesses on who
|
||||
may be in the room. Note that this particular link requires `matrix.org` to be
|
||||
in the room and aware of the alias.
|
||||
|
||||
Otherwise no, you cannot.
|
||||
|
||||
### How can I remove my messages automatically like on Signal, WhatsApp, Telegram and everything else?
|
||||
|
||||
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For
|
||||
more information including countless reasons why you would like to do this, consult
|
||||
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For more
|
||||
information including countless reasons why you would like to do this, consult
|
||||
[Element Meta discussion #682: Self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
||||
|
||||
#### How can I remove my messages automatically on Nheko?
|
||||
|
||||
Assuming you are on nightly build, there are three steps:
|
||||
|
||||
1. In global settings of Nheko, enable _Periodically disable expired events_,
|
||||
it will affect all profiles upon restart.
|
||||
2. In the room where you wish to automatically remove your messages, go to
|
||||
room settings and select _Configure_ next to _Automatic event deletion_.
|
||||
There you will find the options _Expire events after X days_, _Only keep
|
||||
latest X events_, _Always keep latest X events_ and _Include state events_.
|
||||
1. In global settings of Nheko, enable _Periodically disable expired events_, it
|
||||
will affect all profiles upon restart.
|
||||
2. In the room where you wish to automatically remove your messages, go to room
|
||||
settings and select _Configure_ next to _Automatic event deletion_. There you
|
||||
will find the options _Expire events after X days_, _Only keep latest X
|
||||
events_, _Always keep latest X events_ and _Include state events_.
|
||||
3. Keep your Nheko running for at least 20 minutes. Nheko will automatically
|
||||
remove the messages older than the time you specified and will check for
|
||||
event expiry occassionally after running for at least 20 minutes,
|
||||
regardless of which client send the event in the first place or whether
|
||||
Nheko was online at that time.
|
||||
event expiry occassionally after running for at least 20 minutes, regardless
|
||||
of which client send the event in the first place or whether Nheko was online
|
||||
at that time.
|
||||
|
||||
Secretly it's also possible to configure defaults for all rooms using Element
|
||||
Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
|
||||
Web's `/devtools` through
|
||||
[`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
|
||||
|
||||
```json
|
||||
{
|
||||
@ -225,21 +269,21 @@ Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://g
|
||||
}
|
||||
```
|
||||
|
||||
This configuration would make Nheko remove all other messages than state
|
||||
events when they became one year old (and the scheduled expiry job ran after
|
||||
Nheko being online for around twenty minutes).
|
||||
This configuration would make Nheko remove all other messages than state events
|
||||
when they became one year old (and the scheduled expiry job ran after Nheko
|
||||
being online for around twenty minutes).
|
||||
|
||||
I am intentionally not going into deeper detail since that may be dangerous
|
||||
and if you cannot figure it out, you probably shouldn't be touching it.
|
||||
I am intentionally not going into deeper detail since that may be dangerous and
|
||||
if you cannot figure it out, you probably shouldn't be touching it.
|
||||
|
||||
#### How can I install Nheko nightly?
|
||||
|
||||
I use the nightly flatpak which is easy to install for all users as you
|
||||
just add the nightly repo and install it. However I am assuming you have
|
||||
already performed the [Flathub setup](https://flathub.org/setup).
|
||||
I use the nightly flatpak which is easy to install for all users as you just add
|
||||
the nightly repo and install it. However I am assuming you have already
|
||||
performed the [Flathub setup](https://flathub.org/setup).
|
||||
|
||||
_Note that `#` means a comment and is there just to explain what is being
|
||||
done, not to be actually entered into the terminal._
|
||||
_Note that `#` means a comment and is there just to explain what is being done,
|
||||
not to be actually entered into the terminal._
|
||||
|
||||
```bash
|
||||
# Add the Nheko nightly remote onto your system
|
||||
@ -253,8 +297,8 @@ sudo flatpak install nheko-nightly im.nheko.Nheko --assumeyes
|
||||
|
||||
For installing it just for one user, omit `sudo` and append `--user`.
|
||||
|
||||
To run it, either use the new application menu icons or `flatpak run
|
||||
im.nheko.Nheko//master`.
|
||||
To run it, either use the new application menu icons or
|
||||
`flatpak run im.nheko.Nheko//master`.
|
||||
|
||||
To use something else than flatpak, ask someone else like Nheko documentation.
|
||||
|
||||
@ -264,49 +308,66 @@ The term is used least in two different scenarios:
|
||||
|
||||
- when your display name and/or avatar return back to what they were previously
|
||||
without anyone doing anything.
|
||||
- more seriously when the Matrix federation decides that the room is actually
|
||||
in the past adding/removing users who were (or weren't) in the room at that time.
|
||||
- more seriously when the Matrix federation decides that the room is actually in
|
||||
the past adding/removing users who were (or weren't) in the room at that time.
|
||||
This also affects administrator/moderator access.
|
||||
|
||||
[This issue was supposed to be fixed at room version 2 with State Resolution Version 2](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions),
|
||||
but regardless [still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629) ([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)). If you are affected, your best bet is to
|
||||
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in `/devtools`, which is a bit distruptive operation as all your users have to join the upgraded version and all homeservers involved must support it.
|
||||
but regardless
|
||||
[still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629)
|
||||
([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)).
|
||||
If you are affected, your best bet is to
|
||||
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in
|
||||
`/devtools`, which is a bit distruptive operation as all your users have to join
|
||||
the upgraded version and all homeservers involved must support it.
|
||||
|
||||
You shouldn't just trust me or the variable on this site on what is the latest version, [consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and add [Version Checker](matrix:u/version:maunium.net) or [their sibling](https://github.com/maubot/rsvc) to your room and once they join, `!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the {{site.matrixLatestRoomVersion}} with your target version.
|
||||
You shouldn't just trust me or the variable on this site on what is the latest
|
||||
version,
|
||||
[consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
|
||||
and add [Version Checker](matrix:u/version:maunium.net) or
|
||||
[their sibling](https://github.com/maubot/rsvc) to your room and once they join,
|
||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the
|
||||
{{site.matrixLatestRoomVersion}} with your target version.
|
||||
|
||||
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||
- See also
|
||||
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||
|
||||
#### How about DAG splits?
|
||||
|
||||
DAG splits are a phenomenon somehow related to state resets above, but instead
|
||||
of all servers accepting the same old state, they disagree and split to different
|
||||
directions with varying severity.
|
||||
of all servers accepting the same old state, they disagree and split to
|
||||
different directions with varying severity.
|
||||
|
||||
In minor case some servers may decide that a user is not in the room and not
|
||||
display messages from them, while in more severe situations the room may practically
|
||||
be two different rooms with no new messages in common between different sides
|
||||
kind of resembling [IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
|
||||
display messages from them, while in more severe situations the room may
|
||||
practically be two different rooms with no new messages in common between
|
||||
different sides kind of resembling
|
||||
[IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
|
||||
|
||||
People understanding state resolution (which by the way don't include me)
|
||||
disagree on the exact cause only agreeing that it's difficult to fix. From
|
||||
what is told to me, I understand it to be tracked [in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629) or actually [element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
|
||||
disagree on the exact cause only agreeing that it's difficult to fix. From what
|
||||
is told to me, I understand it to be tracked
|
||||
[in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629)
|
||||
or actually
|
||||
[element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
|
||||
|
||||
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||
- See also
|
||||
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||
|
||||
### Can I have a non-federated room?
|
||||
|
||||
Yes, there are two methods.
|
||||
|
||||
1. During room creation, Element Web offers an option to have a non-federated
|
||||
room. That will permanently prevent any other homeserver from joining and
|
||||
to change that a manual room upgrade is required.
|
||||
room. That will permanently prevent any other homeserver from joining and to
|
||||
change that a manual room upgrade is required.
|
||||
1. What I recommend instead is setting a server ACL, so if necessary it can be
|
||||
changed later. This may be helpful when migrating to another domain (which
|
||||
Matrix doesn't support) or cooperation with another entity with their own
|
||||
homeserver or anything.
|
||||
|
||||
The second method begins with the usual `/devtools`, explore room state, `Send
|
||||
custom state event`, enter type as `m.room.server_acl` and contents:
|
||||
The second method begins with the usual `/devtools`, explore room state,
|
||||
`Send custom state event`, enter type as `m.room.server_acl` and contents:
|
||||
|
||||
```json
|
||||
{
|
||||
@ -316,8 +377,8 @@ custom state event`, enter type as `m.room.server_acl` and contents:
|
||||
}
|
||||
```
|
||||
|
||||
Now assuming all homeservers in the room implement ACL, only `example.org`
|
||||
users can join the room.
|
||||
Now assuming all homeservers in the room implement ACL, only `example.org` users
|
||||
can join the room.
|
||||
|
||||
For futher reading about ACL:
|
||||
|
||||
@ -332,14 +393,15 @@ Room upgrading basically means:
|
||||
|
||||
1. Create a new room.
|
||||
1. Send an event to old room saying "the room has now moved to new room"
|
||||
1. Unless upgraded manually, the client copies some state such as power
|
||||
levels from the old room to the new one.
|
||||
1. Unless upgraded manually, the client copies some state such as power levels
|
||||
from the old room to the new one.
|
||||
|
||||
Manual upgrading means poking the API endpoint manually and thus not copying
|
||||
creation event (non-federation state) or power levels. For an example see my
|
||||
[matrix-tombstone-room.bash script](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/matrix-tombstone-room.bash)
|
||||
|
||||
See also [Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
|
||||
See also
|
||||
[Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
|
||||
or `CTRL-F` this page for `/upgraderoom {{site.matrixLatestRoomVersion}}`
|
||||
(Element Web `/devtools` _developer mode_ command to perform the upgrade).
|
||||
|
||||
@ -349,14 +411,14 @@ I think there are three important questions that will each require
|
||||
consideration:
|
||||
|
||||
- Do you want to encrypt the room?
|
||||
- Is the room public? If so, encryption will just cause strange issues for
|
||||
you to troubleshoot and hinder the purpouse of the channel (which you
|
||||
should also consider).
|
||||
- Is the room public? If so, encryption will just cause strange issues for you
|
||||
to troubleshoot and hinder the purpouse of the channel (which you should
|
||||
also consider).
|
||||
- Do you want to use bridges or integrations? Unless you or someone close to
|
||||
you is selfhosting those, they are untrusted and will defeat the point of
|
||||
encryption, so don't encrypt.
|
||||
- Does the room only contain trustworthy participants? Encryption may be
|
||||
your friend.
|
||||
- Does the room only contain trustworthy participants? Encryption may be your
|
||||
friend.
|
||||
- Who can see the room history?
|
||||
- If you want everyone to be able to read it, choose everyone or
|
||||
`world_readable`.
|
||||
@ -364,21 +426,27 @@ consideration:
|
||||
publish the history further), choose members-only or `shared`.
|
||||
- If you want users to see the history since they were invited to the room,
|
||||
select `invited`
|
||||
- Otherwise select `joined` to have users only see history since they
|
||||
joined.
|
||||
- Otherwise select `joined` to have users only see history since they joined.
|
||||
- Who can join the room? This is self-explanatory so probably everyone or
|
||||
invited users.
|
||||
- However my favourite rules are `knock` so that users have to ask for permission to
|
||||
join and `knock_restricted` so users in trusted rooms can join directly
|
||||
without knocking.
|
||||
- However my favourite rules are `knock` so that users have to ask for
|
||||
permission to join and `knock_restricted` so users in trusted rooms can join
|
||||
directly without knocking.
|
||||
|
||||
If you choose to make your room public as in joinable by anyone and history
|
||||
viewable by members joining in the future, _please communicate that in the room
|
||||
topic_.
|
||||
|
||||
> Some projects may wish to log their channels publicly, if you do so the logging should be authorised by the channel owners and users in the channel should be notified (through for instance the topic, entry message, or similar) that public logging is taking place. Channel operators should consider ways for users to make unlogged comments and a process for requesting the removal of certain logs.
|
||||
> Some projects may wish to log their channels publicly, if you do so the
|
||||
> logging should be authorised by the channel owners and users in the channel
|
||||
> should be notified (through for instance the topic, entry message, or similar)
|
||||
> that public logging is taking place. Channel operators should consider ways
|
||||
> for users to make unlogged comments and a process for requesting the removal
|
||||
> of certain logs.
|
||||
|
||||
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging) which I consider as good advice regarldess of being written for IRC rather than Matrix.
|
||||
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging)
|
||||
which I consider as good advice regarldess of being written for IRC rather
|
||||
than Matrix.
|
||||
|
||||
Sample events for `/devtools`
|
||||
|
||||
@ -431,130 +499,185 @@ Sample events for `/devtools`
|
||||
|
||||
### What are these idlekicks for inactivity, why are they for?
|
||||
|
||||
Some Matrix rooms decide to connect their channel to IRC maintaining the same users on both sides, which can be heavy for the IRC network depending on bridge type of which there are three "major" variants:
|
||||
Some Matrix rooms decide to connect their channel to IRC maintaining the same
|
||||
users on both sides, which can be heavy for the IRC network depending on bridge
|
||||
type of which there are three "major" variants:
|
||||
|
||||
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC side. All of these pretend to be separate clients, so if you have 1000 ghosts at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times every few minutes and so will every message received.
|
||||
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything separate for every user or a single bot connection to IRC while creating puppets for IRC users to use at Matrix. It also supports RELAYMSG for more modern IRC networks.
|
||||
- matterbridge is the most lightweight of the three working as a traditional relaybot on both sides. Unlike the others, it doesn't require selfhosting your own homeserver making it the most accessible for those with less resources and the option I use whenever possible. Sadly it doesn't look that great [without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
|
||||
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC
|
||||
side. All of these pretend to be separate clients, so if you have 1000 ghosts
|
||||
at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times
|
||||
every few minutes and so will every message received.
|
||||
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything
|
||||
separate for every user or a single bot connection to IRC while creating
|
||||
puppets for IRC users to use at Matrix. It also supports RELAYMSG for more
|
||||
modern IRC networks.
|
||||
- matterbridge is the most lightweight of the three working as a traditional
|
||||
relaybot on both sides. Unlike the others, it doesn't require selfhosting your
|
||||
own homeserver making it the most accessible for those with less resources and
|
||||
the option I use whenever possible. Sadly it doesn't look that great
|
||||
[without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
|
||||
|
||||
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators generally have agreement with IRC networks (or are IRC networks by themselves) to remove unused connections after a month or three of inactivity, which is judged by lack of public read-receipts anywhere the bridge can see. It could have been implemented better [pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329), which would have a problem of practically being `root` and thus not many IRC networks would open their door to a third party bridge and the Ergo IRCd doesn't even support server linking (opting to be HA instead, but more of that in "Why should I use Matrix instead of IRC?").
|
||||
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators
|
||||
generally have agreement with IRC networks (or are IRC networks by themselves)
|
||||
to remove unused connections after a month or three of inactivity, which is
|
||||
judged by lack of public read-receipts anywhere the bridge can see. It could
|
||||
have been implemented better
|
||||
[pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329),
|
||||
which would have a problem of practically being `root` and thus not many IRC
|
||||
networks would open their door to a third party bridge and the Ergo IRCd doesn't
|
||||
even support server linking (opting to be HA instead, but more of that in "Why
|
||||
should I use Matrix instead of IRC?").
|
||||
|
||||
Being a server would also resolve IRC users getting annoyed by huge disconnection floods whenever matrix-appservice-irc restarts as it could be [batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
|
||||
Being a server would also resolve IRC users getting annoyed by huge
|
||||
disconnection floods whenever matrix-appservice-irc restarts as it could be
|
||||
[batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
|
||||
|
||||
The issues of matrix-appservice-irc grow worse when the room has bridges to other protocols, as those grow the IRC user count, use nicknames (sometimes capturing nicknames of people using both protocols and may be difficult to regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially when the other protocol doesn't support direct/private messages and doesn't have even that excuse of using a connection slot.
|
||||
The issues of matrix-appservice-irc grow worse when the room has bridges to
|
||||
other protocols, as those grow the IRC user count, use nicknames (sometimes
|
||||
capturing nicknames of people using both protocols and may be difficult to
|
||||
regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially
|
||||
when the other protocol doesn't support direct/private messages and doesn't have
|
||||
even that excuse of using a connection slot.
|
||||
|
||||
I hope this answer helped explain why this behaviour exists and that IRC users aren't opposed to bridging out of malice.
|
||||
I hope this answer helped explain why this behaviour exists and that IRC users
|
||||
aren't opposed to bridging out of malice.
|
||||
|
||||
#### But the relaybots look so ugly
|
||||
|
||||
IRC users have dealt with them since always, I tend to use Limnoria IRC bot which is forked from Supybot and has had the Relay plugin (for relaying messages between multiple IRC networks) [since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e) and I imagine it was far from the first IRC relay.
|
||||
IRC users have dealt with them since always, I tend to use Limnoria IRC bot
|
||||
which is forked from Supybot and has had the Relay plugin (for relaying messages
|
||||
between multiple IRC networks)
|
||||
[since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e)
|
||||
and I imagine it was far from the first IRC relay.
|
||||
|
||||
This means that even before IRCv3 RELAYMSG and displayname proposals, which I wish to merge so modern clients could show displaynames and legacy RELAYMSGs, there have been client-side solutions that have also been evolving:
|
||||
This means that even before IRCv3 RELAYMSG and displayname proposals, which I
|
||||
wish to merge so modern clients could show displaynames and legacy RELAYMSGs,
|
||||
there have been client-side solutions that have also been evolving:
|
||||
|
||||
- Irssi I haven't used personally, but I hear it has a [detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit like it's made with Heisenbridge in mind.
|
||||
- WeeChat used to have a separate script for this, but at version 1.1 in gained the Trigger plugin able to perform actions without scripts, thus meaning you can use something like [this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2) without having to install anything (while `/script` would be easy too).
|
||||
- Irssi I haven't used personally, but I hear it has a
|
||||
[detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit
|
||||
like it's made with Heisenbridge in mind.
|
||||
- WeeChat used to have a separate script for this, but at version 1.1 in gained
|
||||
the Trigger plugin able to perform actions without scripts, thus meaning you
|
||||
can use something like
|
||||
[this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2)
|
||||
without having to install anything (while `/script` would be easy too).
|
||||
|
||||
I hope Matrix will get better at this too.
|
||||
|
||||
### I am told that I should Matrixify my IRC channel, what does that mean?
|
||||
|
||||
You are likely using IRCnet and I am sorry that you have to deal with this raider group. It means some mix of:
|
||||
You are likely using IRCnet and I am sorry that you have to deal with this
|
||||
raider group. It means some mix of:
|
||||
|
||||
- setting a Matrix avatar to the room
|
||||
- removing the `#` from the name of the Matrix room
|
||||
- setting a main alias to the Matrix room that doesn't contain the IRC network's name
|
||||
- bridging to Matrix in a way that Matrix user (that may not be you) has full power over the room, potentially also over the bridge bot
|
||||
- setting a main alias to the Matrix room that doesn't contain the IRC network's
|
||||
name
|
||||
- bridging to Matrix in a way that Matrix user (that may not be you) has full
|
||||
power over the room, potentially also over the bridge bot
|
||||
- be careful if you are told to answer a bot `yes` in a `/query`!
|
||||
|
||||
### Why should I use Matrix instead of IRC?
|
||||
|
||||
No reason, if IRC suits you better than Matrix. As I have said before, I find
|
||||
maintaining IRC easier. IRC also tends to work better for me in poor network conditions
|
||||
and with [IRCv3](https://ircv3.net/) specifications and implemented draft proposals,
|
||||
it can be very pleasant modern experience without the issues that come from federation.
|
||||
maintaining IRC easier. IRC also tends to work better for me in poor network
|
||||
conditions and with [IRCv3](https://ircv3.net/) specifications and implemented
|
||||
draft proposals, it can be very pleasant modern experience without the issues
|
||||
that come from federation.
|
||||
|
||||
There is a usecase for every tool and while federation is important feature
|
||||
in general I am yet to miss it in IRC.
|
||||
There is a usecase for every tool and while federation is important feature in
|
||||
general I am yet to miss it in IRC.
|
||||
|
||||
I keep mentioning Ergo IRCd, which [scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability), has serverside history and integrated bouncer
|
||||
feature so it's just a matter of adding it to your IRC client alongside your
|
||||
SASL credentials and you will receive your offline messages whenever you
|
||||
reconnect. Ergo also supports `RELAYMSG` making messages from other protocols
|
||||
seem more native to read and many graphical IRC clients even provide integrated
|
||||
image uploading support.
|
||||
I keep mentioning Ergo IRCd, which
|
||||
[scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability),
|
||||
has serverside history and integrated bouncer feature so it's just a matter of
|
||||
adding it to your IRC client alongside your SASL credentials and you will
|
||||
receive your offline messages whenever you reconnect. Ergo also supports
|
||||
`RELAYMSG` making messages from other protocols seem more native to read and
|
||||
many graphical IRC clients even provide integrated image uploading support.
|
||||
|
||||
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based [PirateIRC](https://pirateirc.net/)
|
||||
and [its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we have to leave other protocols
|
||||
or they would be unusable otherwise.
|
||||
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based
|
||||
[PirateIRC](https://pirateirc.net/) and
|
||||
[its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we
|
||||
have to leave other protocols or they would be unusable otherwise.
|
||||
|
||||
#### Why isn't Pirate Party of Finland using Matrix?
|
||||
|
||||
This goes a bit past my personal Q&A, but we are using it kind of as a "tech demo".
|
||||
However it cannot currently mature past that as:
|
||||
This goes a bit past my personal Q&A, but we are using it kind of as a "tech
|
||||
demo". However it cannot currently mature past that as:
|
||||
|
||||
- we don't have people interested in Matrix (obviously excluding me).
|
||||
- we don't have resources for hosting a Matrix homeserver, while we had IRC before we were founded.
|
||||
- moderation tools are so bad it's only me dealing with them (see critiques near top of the page).
|
||||
- we don't have resources for hosting a Matrix homeserver, while we had IRC
|
||||
before we were founded.
|
||||
- moderation tools are so bad it's only me dealing with them (see critiques near
|
||||
top of the page).
|
||||
- [Matrix flagship clients, Element Web, Element Android and Element iOS don't support knocking](https://github.com/vector-im/element-meta/issues/43)
|
||||
which has been supported by Matrix Specification since September 2021 or so meaning
|
||||
users of those aren't able to request access to our rooms, unless they
|
||||
which has been supported by Matrix Specification since September 2021 or so
|
||||
meaning users of those aren't able to request access to our rooms, unless they
|
||||
are members of an allowed rooms first.
|
||||
|
||||
If you want in, your options are:
|
||||
|
||||
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists
|
||||
Finnish speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
|
||||
- Due to aforementioned lack of moderation tools, this can be withdrawn should that become necessary to mitigate abuse.
|
||||
- Knock one of our rooms using Nheko and [hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
|
||||
- Come to [#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
|
||||
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you aren't a bot) that you wish in.
|
||||
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists Finnish
|
||||
speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
|
||||
- Due to aforementioned lack of moderation tools, this can be withdrawn should
|
||||
that become necessary to mitigate abuse.
|
||||
- Knock one of our rooms using Nheko and
|
||||
[hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
|
||||
- Come to
|
||||
[#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
|
||||
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you
|
||||
aren't a bot) that you wish in.
|
||||
|
||||
### I don't currently want to touch Matrix, but I am seeing abuse from there, what can I do?
|
||||
|
||||
If you are using Telegram or Discord, you are out of luck, as while you can
|
||||
remove messages, that may get removed from Matrix, you cannot remove the
|
||||
abusive users. If you are using XMPP you may be out of luck.
|
||||
remove messages, that may get removed from Matrix, you cannot remove the abusive
|
||||
users. If you are using XMPP you may be out of luck.
|
||||
|
||||
However if you use IRC and the Matrix users are behind matrix-appservice-irc
|
||||
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md) or your network operators) you may be in luck as long as
|
||||
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md)
|
||||
or your network operators) you may be in luck as long as
|
||||
[you or your ops haven't answered "yes" to the Matrix bot](https://github.com/matrix-org/matrix-appservice-irc/issues/462).
|
||||
|
||||
Matrix-appservice-irc attempts to sync permissions from IRC in a limited fashion,
|
||||
and if it's unable to join a ghost (see an earlier question), it will kick the
|
||||
user from Matrix for as long as the ban stays in place.
|
||||
Matrix-appservice-irc attempts to sync permissions from IRC in a limited
|
||||
fashion, and if it's unable to join a ghost (see an earlier question), it will
|
||||
kick the user from Matrix for as long as the ban stays in place.
|
||||
|
||||
In other words, if you were using Matrix personally, the IRC bridge would
|
||||
drastically increase the moderation tools available for you! You can now use
|
||||
wildcard bans that aren't natively supported and even extbans like (LiberaChat's)
|
||||
`/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org users from your
|
||||
channel or set `+e` ban exceptions on them!
|
||||
wildcard bans that aren't natively supported and even extbans like
|
||||
(LiberaChat's) `/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org
|
||||
users from your channel or set `+e` ban exceptions on them!
|
||||
|
||||
_Note: this obviously stops working should the Matrix user change their
|
||||
gecos/"real name" in which case your only option is to ban the entirety of
|
||||
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming
|
||||
your abusers don't have a cloak (vhost in any other IRC network)._
|
||||
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming your
|
||||
abusers don't have a cloak (vhost in any other IRC network)._
|
||||
|
||||
#### I fear someone has said yes
|
||||
|
||||
In that case someone may have near absolute power on the Matrix side and could have
|
||||
removed the matrix-appservice-irc bot from power thus preventing it from
|
||||
In that case someone may have near absolute power on the Matrix side and could
|
||||
have removed the matrix-appservice-irc bot from power thus preventing it from
|
||||
kicking users banned from IRC letting them spam freely on Matrix while being
|
||||
invisible to IRC. In even worse scenario the abusive user was given power
|
||||
and they are immune to whatever is done from IRC.
|
||||
invisible to IRC. In even worse scenario the abusive user was given power and
|
||||
they are immune to whatever is done from IRC.
|
||||
|
||||
There is also the chance that [a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
|
||||
There is also the chance that
|
||||
[a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
|
||||
|
||||
##### That doesn't help me
|
||||
|
||||
If everything else fails, you can always mail abuse at matrix dot org, who
|
||||
will want the following details (as of 2022-10-16):
|
||||
If everything else fails, you can always mail abuse at matrix dot org, who will
|
||||
want the following details (as of 2022-10-16):
|
||||
|
||||
- Your matrix ID
|
||||
- the room ID(s) your report is about
|
||||
- timestamps or links to the events you are telling us about
|
||||
|
||||
Assuming you are an IRC user and thus unable to provide the two first,
|
||||
I would include:
|
||||
Assuming you are an IRC user and thus unable to provide the two first, I would
|
||||
include:
|
||||
|
||||
- IRC network in question
|
||||
- IRC channel in question
|
||||
@ -571,25 +694,25 @@ sending raw events in JSON to them.
|
||||
My reasons for that are many and I am often proved correct in them.
|
||||
|
||||
- By having multiple accounts on different homeservers, there is no single
|
||||
entity that can decide whether I participate on Matrix or not. This is also
|
||||
a benefit of decentralisation in general.
|
||||
entity that can decide whether I participate on Matrix or not. This is also a
|
||||
benefit of decentralisation in general.
|
||||
- Matrix rooms are hosted on all homeservers that have at least one account
|
||||
joined to them.
|
||||
- In case of federation meltdown, I have multiple entrypoints to send events
|
||||
and thus hopefully one of them goes through faster. There have been
|
||||
multiple incidents where this could have been useful for room
|
||||
administrators.
|
||||
- In case of federation meltdown, I have multiple entrypoints to send events and
|
||||
thus hopefully one of them goes through faster. There have been multiple
|
||||
incidents where this could have been useful for room administrators.
|
||||
- Matrix homeservers used to allow open registration with no kind of
|
||||
protection and no warnings they are being ran with that configuration
|
||||
until some time before room version 10 was released. This
|
||||
allowed multiple rooms to be spammed trivially and it took days for all
|
||||
homeservers to sync ACL bans in the worst cases. It also resulted to a lot
|
||||
of state resetting so the affected rooms never got cleaned up as the spam
|
||||
users kept coming back and clients had issues handling so inflated rooms.
|
||||
- Federation also fails when a spammer sends messages after getting banned
|
||||
and thus moderation bots fail to remove messages from them as those don't
|
||||
get to the banning server. Thus moderators need more accounts again.
|
||||
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329). [The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
|
||||
protection and no warnings they are being ran with that configuration until
|
||||
some time before room version 10 was released. This allowed multiple rooms
|
||||
to be spammed trivially and it took days for all homeservers to sync ACL
|
||||
bans in the worst cases. It also resulted to a lot of state resetting so the
|
||||
affected rooms never got cleaned up as the spam users kept coming back and
|
||||
clients had issues handling so inflated rooms.
|
||||
- Federation also fails when a spammer sends messages after getting banned and
|
||||
thus moderation bots fail to remove messages from them as those don't get to
|
||||
the banning server. Thus moderators need more accounts again.
|
||||
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329).
|
||||
[The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
|
||||
- State resets keep happening and thus I cannot trust other accounts than the
|
||||
one which created a room in question stay as power level 100.
|
||||
- Homeservers come and go, sometimes with little to no warning. As I have many
|
||||
@ -600,62 +723,90 @@ My reasons for that are many and I am often proved correct in them.
|
||||
##### Brief history of my experiences with dead homeservers
|
||||
|
||||
Believe my concern on homeservers coming and going or not, no homeserver is
|
||||
safe, you should have backup accounts on multiple independent ones. Or maybe
|
||||
I am just personally unlucky?
|
||||
safe, you should have backup accounts on multiple independent ones. Or maybe I
|
||||
am just personally unlucky?
|
||||
|
||||
1. 2018-09-07: [Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
|
||||
1. 2019-04-12: [Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
|
||||
1. 2018-09-07:
|
||||
[Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
|
||||
1. 2019-04-12:
|
||||
[Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
|
||||
resulting the homeserver being down for a while, some integrations even
|
||||
longer and the XMPP bridge returned months later.
|
||||
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks <em>as</em>sociation, thinking that homeserver being a paid
|
||||
membership benefit would help it to stay up and be reliable. However in
|
||||
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt) and [early
|
||||
2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt) we decided to disband the association due to
|
||||
COVID-19 pandemic, lack of volunteers, lack of money (which wasn't helped
|
||||
by [Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
|
||||
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks
|
||||
<em>as</em>sociation, thinking that homeserver being a paid membership
|
||||
benefit would help it to stay up and be reliable. However in
|
||||
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt)
|
||||
and
|
||||
[early 2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt)
|
||||
we decided to disband the association due to COVID-19 pandemic, lack of
|
||||
volunteers, lack of money (which wasn't helped by
|
||||
[Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
|
||||
etc.
|
||||
1. Around 2023-04-24 the-apothecary.club went down and returned sometime
|
||||
2023-05-06. That would have been a long time with no communication on
|
||||
Matrix and not having access to any rooms, but luckily I have been using my
|
||||
account there just for accessibility testing and even if it was my primary
|
||||
account, I would have had backup accounts. I still don't know what exactly
|
||||
happened there, but I am not an active member of their community and they
|
||||
are volunteers like most of Matrix (excluding EMS and other paid homeserver
|
||||
2023-05-06. That would have been a long time with no communication on Matrix
|
||||
and not having access to any rooms, but luckily I have been using my account
|
||||
there just for accessibility testing and even if it was my primary account, I
|
||||
would have had backup accounts. I still don't know what exactly happened
|
||||
there, but I am not an active member of their community and they are
|
||||
volunteers like most of Matrix (excluding EMS and other paid homeserver
|
||||
offerings).
|
||||
1. 2023-05-08 13:15 [Kapsi.fi](https://www.kapsi.fi/english.html)
|
||||
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488) taking down their homeserver and
|
||||
[pikaviestin.fi](https://www.pikaviestin.fi) (alongside [sauna.social](https://sauna.social)
|
||||
and [järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It
|
||||
returned a couple of days later on the evening of 2023-05-11.
|
||||
1. On 2023-10-25 [IT group of Pirate Party Austria made an announcement that
|
||||
pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
|
||||
1. 2023-12-24 saw that _[the hard drive hosting the jae.fi matrix server shat
|
||||
itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_ and as per that
|
||||
announcement, it's not returning anytime soon. My matterbridge had account
|
||||
#4 there while it later returned to account #3 on tedomum.net.
|
||||
1. 2024-01-18 brought the [shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
|
||||
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488)
|
||||
taking down their homeserver and [pikaviestin.fi](https://www.pikaviestin.fi)
|
||||
(alongside [sauna.social](https://sauna.social) and
|
||||
[järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It returned a
|
||||
couple of days later on the evening of 2023-05-11.
|
||||
1. On 2023-10-25
|
||||
[IT group of Pirate Party Austria made an announcement that pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
|
||||
1. 2023-12-24 saw that
|
||||
_[the hard drive hosting the jae.fi matrix server shat itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_
|
||||
and as per that announcement, it's not returning anytime soon. My
|
||||
matterbridge had account #4 there while it later returned to account #3 on
|
||||
tedomum.net.
|
||||
1. 2024-01-18 brought the
|
||||
[shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
|
||||
and their [call for volunteers page](https://diasp.in/volunteer) has sunset
|
||||
date set for 2024-01-31. As I have been PirateIRC operator since
|
||||
2017-05-11, Diasp.in received a spot in this listing.
|
||||
date set for 2024-01-31. As I have been PirateIRC operator since 2017-05-11,
|
||||
Diasp.in received a spot in this listing.
|
||||
|
||||
#### Why do you use Matrix URI scheme instead of matrix.to?
|
||||
|
||||
I dislike matrix.to as a concept. It's a centralized service on decentralized protocol and in my opinion it shows lack of self-esteem on Matrix side considering neither XMPP or IRC require something like it, both of those trust being known or handled appropiately.
|
||||
I dislike matrix.to as a concept. It's a centralized service on decentralized
|
||||
protocol and in my opinion it shows lack of self-esteem on Matrix side
|
||||
considering neither XMPP or IRC require something like it, both of those trust
|
||||
being known or handled appropiately.
|
||||
|
||||
#### Why does one of your accounts have capital letter in the username?
|
||||
|
||||
In 2016 or so I mistakenly thought that usernames would be case-insensitive
|
||||
and they only [got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
|
||||
In 2016 or so I mistakenly thought that usernames would be case-insensitive and
|
||||
they only
|
||||
[got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
|
||||
|
||||
#### Which client do you recommend?
|
||||
|
||||
Honestly the only one that I can recommend is [Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
|
||||
Honestly the only one that I can recommend is
|
||||
[Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
|
||||
|
||||
I have also said it before, but for any serious use of Matrix, you will need [Element Web](https://github.com/vector-im/element-web) and especially the `/devtools` command it has.
|
||||
I have also said it before, but for any serious use of Matrix, you will need
|
||||
[Element Web](https://github.com/vector-im/element-web) and especially the
|
||||
`/devtools` command it has.
|
||||
|
||||
If you absolutely need Matrix somewhere neither fits you, ~~maybe [Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your needs don't include too many Matrix accounts ([#783](https://github.com/vector-im/hydrogen-web/issues/783), [#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you [don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela) ([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or [Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~ Good luck!
|
||||
If you absolutely need Matrix somewhere neither fits you, ~~maybe
|
||||
[Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your
|
||||
needs don't include too many Matrix accounts
|
||||
([#783](https://github.com/vector-im/hydrogen-web/issues/783),
|
||||
[#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you
|
||||
[don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela)
|
||||
([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or
|
||||
[Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~
|
||||
Good luck!
|
||||
|
||||
On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdroid/repo) ([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many Element shortcomings being a fork and Matrix isn't too mobile friendly protocol in my opinion. (For my view of the repo fingerprints, refer to [n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
|
||||
On Android I often find myself using
|
||||
[SchildiChat](https://s2.spiritcroc.de/fdroid/repo)
|
||||
([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many
|
||||
Element shortcomings being a fork and Matrix isn't too mobile friendly protocol
|
||||
in my opinion. (For my view of the repo fingerprints, refer to
|
||||
[n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
|
||||
|
||||
<!-- The one that fits your needs. Personally I mix-and-match:
|
||||
|
||||
@ -674,58 +825,74 @@ On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdro
|
||||
|
||||
I don't know, I have
|
||||
[spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
||||
which doubles as a critique towards Matrix room directory, which is
|
||||
centralized and everyone wants to be on `matrix.org` room directory, which
|
||||
again leads to them registering on `matrix.org` to add themselves there and
|
||||
did I mention that on 29-02-2024 it has been locked for a couple of months for
|
||||
a cleanup?
|
||||
which doubles as a critique towards Matrix room directory, which is centralized
|
||||
and everyone wants to be on `matrix.org` room directory, which again leads to
|
||||
them registering on `matrix.org` to add themselves there and did I mention that
|
||||
on 29-02-2024 it has been locked for a couple of months for a cleanup?
|
||||
|
||||
> Of course this file makes me the curator/authority of room listing and thus
|
||||
> I challenge you, the reader, to make your own space or version of this file,
|
||||
> Of course this file makes me the curator/authority of room listing and thus I
|
||||
> challenge you, the reader, to make your own space or version of this file,
|
||||
> maybe I can even link to your list here? :smiley_cat:
|
||||
|
||||
- [spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
||||
|
||||
#### Which homeserver do you recommend?
|
||||
|
||||
I am hesistant to recommend any. Finnish users may be interested in the [Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be served by [joinmatrix.org listing](https://servers.joinmatrix.org).
|
||||
I am hesistant to recommend any. Finnish users may be interested in the
|
||||
[Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be
|
||||
served by [joinmatrix.org listing](https://servers.joinmatrix.org).
|
||||
|
||||
#### Why don't you run your own?
|
||||
|
||||
As can be read between the lines from my critiques, I don't consider any homeserver to be in the state that it's either safe to run legally or lightweight enough or not require constant maintenance as opposed to IRC which I do selfhost.
|
||||
As can be read between the lines from my critiques, I don't consider any
|
||||
homeserver to be in the state that it's either safe to run legally or
|
||||
lightweight enough or not require constant maintenance as opposed to IRC which I
|
||||
do selfhost.
|
||||
|
||||
The world situation in general discourages me from anything as heavy.
|
||||
|
||||
#### Why cannot I see history in your Matrix rooms?
|
||||
|
||||
Matrix doesn't support self-destructing messages or message expiry in general, so
|
||||
I don't feel comfortable with world-readable logs (which would easily end to
|
||||
Matrix doesn't support self-destructing messages or message expiry in general,
|
||||
so I don't feel comfortable with world-readable logs (which would easily end to
|
||||
search engines forever).
|
||||
|
||||
If you need to see something in the backlog, I suggest
|
||||
using IRC (IRC@Etro or PirateIRC especially) or XMPP which each store messages
|
||||
only for 7 days (Ergo default) or some months (Prosody default) on a single server.
|
||||
If you need to see something in the backlog, I suggest using IRC (IRC@Etro or
|
||||
PirateIRC especially) or XMPP which each store messages only for 7 days (Ergo
|
||||
default) or some months (Prosody default) on a single server.
|
||||
|
||||
#### So do you wish Matrix to fail?
|
||||
|
||||
No, I have been using countless of hours at writing these critiques and performing "quality assurance"/testing,
|
||||
localizing clients to Finnish, providing support on their rooms for users of those clients, writing a Matrix
|
||||
Spec Change proposal (that was merged), having coauthored another, writing or contributing documentation in two languages
|
||||
and whatever else I have been doing since 2016.
|
||||
No, I have been using countless of hours at writing these critiques and
|
||||
performing "quality assurance"/testing, localizing clients to Finnish, providing
|
||||
support on their rooms for users of those clients, writing a Matrix Spec Change
|
||||
proposal (that was merged), having coauthored another, writing or contributing
|
||||
documentation in two languages and whatever else I have been doing since 2016.
|
||||
|
||||
Matrix has a place in my heart, just as IRC and XMPP and while none of the three are perfect, I wish for the issues
|
||||
get resolved and the fighting between them to end and I am tired of the "stop having fun" or "you are worse person for still using deprecated IRC"
|
||||
or "I wish IRC/XMPP just died already as it's so old" or whatever attitude I see amongst certain Matrix user/enthustiastic groups.
|
||||
Matrix has a place in my heart, just as IRC and XMPP and while none of the three
|
||||
are perfect, I wish for the issues get resolved and the fighting between them to
|
||||
end and I am tired of the "stop having fun" or "you are worse person for still
|
||||
using deprecated IRC" or "I wish IRC/XMPP just died already as it's so old" or
|
||||
whatever attitude I see amongst certain Matrix user/enthustiastic groups.
|
||||
|
||||
However I admit sometimes having difficult time believing that either _Matrix
|
||||
Foundation_ or _New Vector trading as Element_ has their users best interests
|
||||
in heart. On my worse days, I especially hardwordedly criticise [media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193) ([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
|
||||
or [fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845) ([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
|
||||
and especially [lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
|
||||
Foundation_ or _New Vector trading as Element_ has their users best interests in
|
||||
heart. On my worse days, I especially hardwordedly criticise
|
||||
[media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193)
|
||||
([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
|
||||
or
|
||||
[fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845)
|
||||
([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
|
||||
and especially
|
||||
[lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
|
||||
considering even [DeltaChat (also known as an email client)](https://delta.chat)
|
||||
manages to implement it without control over the underlying protocol and even
|
||||
less guarantees!
|
||||
|
||||
---
|
||||
|
||||
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do [consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from [Version Checker](matrix:u/version:maunium.net) or [their siblings](https://github.com/maubot/rsvc)._
|
||||
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do
|
||||
[consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
|
||||
and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from
|
||||
[Version Checker](matrix:u/version:maunium.net) or
|
||||
[their siblings](https://github.com/maubot/rsvc)._
|
||||
|
@ -13,12 +13,13 @@ excerpt: "Links to my my referral links around the internet."
|
||||
lang: en
|
||||
---
|
||||
|
||||
Looking for my social media accounts? They have moved to the [index](/index.html#web).
|
||||
Looking for my social media accounts? They have moved to the
|
||||
[index](/index.html#web).
|
||||
|
||||
- [Wolt](http://get.woltapp.com/93O1)
|
||||
- "_Every time a new friend signs up to Wolt with your personal code
|
||||
and makes their first order, they get a €5.00 discount and you get
|
||||
€5.00 worth in credits. Happy sharing!_"
|
||||
- "_Every time a new friend signs up to Wolt with your personal code and makes
|
||||
their first order, they get a €5.00 discount and you get €5.00 worth in
|
||||
credits. Happy sharing!_"
|
||||
- `93O1`
|
||||
- [N26](https://n26.com/r/mikaelas0922)
|
||||
- `mikaelas0922`
|
||||
|
Loading…
Reference in New Issue
Block a user