mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-11-25 05:49:23 +01:00
run prettier (mainly proseWrap)
This commit is contained in:
parent
b6704b8da6
commit
85153f7ac2
4
.github/workflows/jekyll.yml
vendored
4
.github/workflows/jekyll.yml
vendored
@ -46,7 +46,9 @@ jobs:
|
|||||||
uses: actions/configure-pages@v5
|
uses: actions/configure-pages@v5
|
||||||
- name: Build with Jekyll
|
- name: Build with Jekyll
|
||||||
# Outputs to the './_site' directory by default
|
# Outputs to the './_site' directory by default
|
||||||
run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
|
run:
|
||||||
|
bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path
|
||||||
|
}}"
|
||||||
env:
|
env:
|
||||||
JEKYLL_ENV: production
|
JEKYLL_ENV: production
|
||||||
- name: Upload artifact
|
- name: Upload artifact
|
||||||
|
@ -11,7 +11,8 @@ cache:
|
|||||||
- ${CI_PROJECT_DIR}/vendor
|
- ${CI_PROJECT_DIR}/vendor
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev build-base libffi-dev libxml2-dev
|
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev
|
||||||
|
build-base libffi-dev libxml2-dev
|
||||||
- bundle install
|
- bundle install
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@ -37,7 +38,8 @@ pages:
|
|||||||
gitlab-ci-pre-commit:
|
gitlab-ci-pre-commit:
|
||||||
stage: build
|
stage: build
|
||||||
before_script:
|
before_script:
|
||||||
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev bash nodejs-current npm ruby ruby-bundler
|
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev
|
||||||
|
bash nodejs-current npm ruby ruby-bundler
|
||||||
- pip install pre-commit --break-system-packages
|
- pip install pre-commit --break-system-packages
|
||||||
script:
|
script:
|
||||||
- pre-commit run --all-files --show-diff-on-failure
|
- pre-commit run --all-files --show-diff-on-failure
|
||||||
|
@ -58,7 +58,8 @@ repos:
|
|||||||
[
|
[
|
||||||
--update-only,
|
--update-only,
|
||||||
--title,
|
--title,
|
||||||
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>',
|
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em
|
||||||
|
lang="en">Automatically generated Table of Contents</em>',
|
||||||
]
|
]
|
||||||
|
|
||||||
- repo: https://github.com/python-jsonschema/check-jsonschema
|
- repo: https://github.com/python-jsonschema/check-jsonschema
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
cff-version: 1.2.0
|
cff-version: 1.2.0
|
||||||
title: Aminda.eu
|
title: Aminda.eu
|
||||||
message: >-
|
message: >-
|
||||||
If you use this website, please cite it using the
|
If you use this website, please cite it using the metadata from this file.
|
||||||
metadata from this file.
|
|
||||||
type: software
|
type: software
|
||||||
authors:
|
authors:
|
||||||
- given-names: Aminda
|
- given-names: Aminda
|
||||||
|
@ -32,29 +32,37 @@ checkmark.
|
|||||||
|
|
||||||
- `sitemap.xml` — automatically generated by Jekyll when building
|
- `sitemap.xml` — automatically generated by Jekyll when building
|
||||||
- `sitemaps.xml` — manually written sitemap index pointing to sitemaps on my
|
- `sitemaps.xml` — manually written sitemap index pointing to sitemaps on my
|
||||||
sites. I am not sure how it works when there are multiple domains, so
|
sites. I am not sure how it works when there are multiple domains, so I am
|
||||||
I am keeping all sitemaps in robots.txt and sitemaps.xml on bottom
|
keeping all sitemaps in robots.txt and sitemaps.xml on bottom of it. Same will
|
||||||
of it. Same will possibly happen with other domains.
|
possibly happen with other domains.
|
||||||
|
|
||||||
## Unusual directories
|
## Unusual directories
|
||||||
|
|
||||||
Or directories that generally aren't encountered in other similar projects.
|
Or directories that generally aren't encountered in other similar projects.
|
||||||
|
|
||||||
- `n/` - quick notes for my personal reference with memorable addresses.
|
- `n/` - quick notes for my personal reference with memorable addresses.
|
||||||
- `r/` - my personal url redirector for links that I have to refer to more or less often.
|
- `r/` - my personal url redirector for links that I have to refer to more or
|
||||||
- `txt/` - signed text files such as account list to decrease impact of identity theft attempts.
|
less often.
|
||||||
|
- `txt/` - signed text files such as account list to decrease impact of identity
|
||||||
|
theft attempts.
|
||||||
- `PGP/` - my current and some previous PGP keys.
|
- `PGP/` - my current and some previous PGP keys.
|
||||||
|
|
||||||
### Submodules
|
### Submodules
|
||||||
|
|
||||||
- `ir/` - list of I2P services, previously a part of this repository for memorable addresses.
|
- `ir/` - list of I2P services, previously a part of this repository for
|
||||||
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However it doesn't work with GitHub pages.
|
memorable addresses.
|
||||||
|
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However
|
||||||
|
it doesn't work with GitHub pages.
|
||||||
- `or/` - same as `ir/`, but for Tor Onion Services.
|
- `or/` - same as `ir/`, but for Tor Onion Services.
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
1. Install `bundler` onto your system.
|
1. Install `bundler` onto your system.
|
||||||
1. `cd` to root of this repository, if you didn't already.
|
1. `cd` to root of this repository, if you didn't already.
|
||||||
1. _Optionally_ configure where you wish bundler to install everything. This repository already specifies `bundle config set --local path 'vendor/bundle'` in the gitignored `.bundle/config` file.
|
1. _Optionally_ configure where you wish bundler to install everything. This
|
||||||
|
repository already specifies `bundle config set --local path 'vendor/bundle'`
|
||||||
|
in the gitignored `.bundle/config` file.
|
||||||
1. Run `bundle install`
|
1. Run `bundle install`
|
||||||
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should work, just remember `bundle exec` in front of the command so the system wide installation doesn't unintentionally get used.
|
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should
|
||||||
|
work, just remember `bundle exec` in front of the command so the system wide
|
||||||
|
installation doesn't unintentionally get used.
|
||||||
|
10
_config.yml
10
_config.yml
@ -6,10 +6,12 @@ author:
|
|||||||
# Jekyll seo, appended after title
|
# Jekyll seo, appended after title
|
||||||
tagline: Aminda Suomalainen ⚧︎
|
tagline: Aminda Suomalainen ⚧︎
|
||||||
description: > # this means to ignore newlines until "baseurl:"
|
description: > # this means to ignore newlines until "baseurl:"
|
||||||
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment. ⚧︎
|
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am
|
||||||
<br/><br/><em lang="en">This website is licensed under the
|
familiar with git and looking for employment. ⚧︎ <br/><br/><em
|
||||||
<a href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>
|
lang="en">This website is licensed under the <a
|
||||||
by <a href="https://aminda.eu">Aminda Suomalainen</a>.</em>
|
href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons
|
||||||
|
Attribution 4.0 International License</a> by <a
|
||||||
|
href="https://aminda.eu">Aminda Suomalainen</a>.</em>
|
||||||
baseurl: "" # the subpath of your site, e.g. /blog/
|
baseurl: "" # the subpath of your site, e.g. /blog/
|
||||||
# I would like to use www subdomain to not have all cookies passed to top
|
# I would like to use www subdomain to not have all cookies passed to top
|
||||||
# level, but there seems to be a redirect issue otherwise.
|
# level, but there seems to be a redirect issue otherwise.
|
||||||
|
@ -9,24 +9,24 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
`@Annwenn` got me opering at her network after long pause with my opering.
|
`@Annwenn` got me opering at her network after long pause with my opering. She
|
||||||
She also named this blogpost and requested me to write this and I don't
|
also named this blogpost and requested me to write this and I don't have any
|
||||||
have any better place where to put this, but I am starting with other talk
|
better place where to put this, but I am starting with other talk before getting
|
||||||
before getting to the subject.
|
to the subject.
|
||||||
|
|
||||||
It appears that I am not as bad oper as I thought as I was able to identify
|
It appears that I am not as bad oper as I thought as I was able to identify and
|
||||||
and find solutions to multiple issues including server-side aliases not
|
find solutions to multiple issues including server-side aliases not working,
|
||||||
working, SASL being loaded with services, but not with IRCd, CertFP loaded
|
SASL being loaded with services, but not with IRCd, CertFP loaded with services,
|
||||||
with services, but not IRCd, missing oper-only channels (and allowing
|
but not IRCd, missing oper-only channels (and allowing everyone to join
|
||||||
everyone to join #services) etc.
|
#services) etc.
|
||||||
|
|
||||||
The services package is Atheme and IRCd InspIRCd which are the same I would
|
The services package is Atheme and IRCd InspIRCd which are the same I would have
|
||||||
have picked if I had started running IRC server which I was avoiding
|
picked if I had started running IRC server which I was avoiding before. The
|
||||||
before. The forks of Atheme don't have any stable releases yet and Atheme
|
forks of Atheme don't have any stable releases yet and Atheme is still getting
|
||||||
is still getting security fixes.
|
security fixes.
|
||||||
|
|
||||||
I am not linking to the network or complete issue list here as I don't want
|
I am not linking to the network or complete issue list here as I don't want too
|
||||||
too much traffic there.
|
much traffic there.
|
||||||
|
|
||||||
And now to the subject.
|
And now to the subject.
|
||||||
|
|
||||||
@ -59,12 +59,11 @@ First, register a channel, for example #test.
|
|||||||
```
|
```
|
||||||
|
|
||||||
Here $oper adds people who are opered to access list (if EXTTARGET $oper is
|
Here $oper adds people who are opered to access list (if EXTTARGET $oper is
|
||||||
enabled) and allows people who have +c in group !test to see the access
|
enabled) and allows people who have +c in group !test to see the access list
|
||||||
list (even with PRIVATE on), invite themselves or see the channel key using
|
(even with PRIVATE on), invite themselves or see the channel key using ChanServ
|
||||||
ChanServ and have autovoice on the channel.
|
and have autovoice on the channel.
|
||||||
|
|
||||||
4. Set the options and flags of !test.4. Set the options and flags of
|
4. Set the options and flags of !test.4. Set the options and flags of !test.
|
||||||
!test.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
/msg groupserv set !test channel #test
|
/msg groupserv set !test channel #test
|
||||||
@ -72,10 +71,9 @@ ChanServ and have autovoice on the channel.
|
|||||||
/msg groupserv set !test open on
|
/msg groupserv set !test open on
|
||||||
```
|
```
|
||||||
|
|
||||||
joinflags +cvi means that when people join the group, they automatically
|
joinflags +cvi means that when people join the group, they automatically have
|
||||||
have +cvi which allows them to have access in channels where !test has
|
+cvi which allows them to have access in channels where !test has flags, take
|
||||||
flags, take vhosts which are offered to the group and invite other people
|
vhosts which are offered to the group and invite other people to the group.
|
||||||
to the group.
|
|
||||||
|
|
||||||
5. Offer vhosts to the group (requires you to be oper).
|
5. Offer vhosts to the group (requires you to be oper).
|
||||||
|
|
||||||
@ -92,5 +90,5 @@ to the group.
|
|||||||
/hs on
|
/hs on
|
||||||
```
|
```
|
||||||
|
|
||||||
`/hs offerlist` shows which vhosts are offered to you or groups where you
|
`/hs offerlist` shows which vhosts are offered to you or groups where you have
|
||||||
have `+v`.
|
`+v`.
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
comments: true
|
comments: true
|
||||||
title: "Getting help from network operators with channel issues when ops are away"
|
title:
|
||||||
|
"Getting help from network operators with channel issues when ops are away"
|
||||||
category: [english]
|
category: [english]
|
||||||
tags: [irc, english]
|
tags: [irc, english]
|
||||||
redirect_from: /english/2015/01/24/getting_help_with_channel_issues.html
|
redirect_from: /english/2015/01/24/getting_help_with_channel_issues.html
|
||||||
@ -9,19 +10,18 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
In case you wish network operators to help you when your channel operators
|
In case you wish network operators to help you when your channel operators are
|
||||||
are away, please authorize them to do so. You can do this simply by
|
away, please authorize them to do so. You can do this simply by command
|
||||||
command `/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this
|
`/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this assumes that
|
||||||
assumes that your network uses Atheme with exttarget $oper loaded._
|
your network uses Atheme with exttarget $oper loaded._
|
||||||
|
|
||||||
If you don't do this and there is trouble on your channel, it can be
|
If you don't do this and there is trouble on your channel, it can be assumed
|
||||||
assumed that you don't want network operators to intervene and they most
|
that you don't want network operators to intervene and they most likely take no
|
||||||
likely take no action. Taking action would also require using operator
|
action. Taking action would also require using operator privileges such as
|
||||||
privileges such as `/samode` which might not be so nice unless the flags
|
`/samode` which might not be so nice unless the flags are set.
|
||||||
are set.
|
|
||||||
|
|
||||||
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`.
|
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`. The
|
||||||
The only thing that must be changed is `#channel`.
|
only thing that must be changed is `#channel`.
|
||||||
|
|
||||||
## Explanation of these flags
|
## Explanation of these flags
|
||||||
|
|
||||||
@ -32,9 +32,8 @@ The only thing that must be changed is `#channel`.
|
|||||||
- r - allows using kick/kickban/ban/unban commands
|
- r - allows using kick/kickban/ban/unban commands
|
||||||
- t - allows using topic/topicappend commands
|
- t - allows using topic/topicappend commands
|
||||||
- A - allows seeing channel access lists and (MemoServ) sendops command
|
- A - allows seeing channel access lists and (MemoServ) sendops command
|
||||||
- most of our alerts seem to be coming from opers who are accidentally
|
- most of our alerts seem to be coming from opers who are accidentally using
|
||||||
using their priviledges and seeing access list of channel they have
|
their priviledges and seeing access list of channel they have no access to.
|
||||||
no access to.
|
|
||||||
- `<ChanServ> Mikaela ACCESS:LIST: #channel (oper override)`
|
- `<ChanServ> Mikaela ACCESS:LIST: #channel (oper override)`
|
||||||
- e - exempts from akick and allows unbanning yourself
|
- e - exempts from akick and allows unbanning yourself
|
||||||
|
|
||||||
@ -48,22 +47,22 @@ Some flags change their meaning if written with wrong case:
|
|||||||
- H - automatic halfop and allows using halfop/dehalfop on yourself
|
- H - automatic halfop and allows using halfop/dehalfop on yourself
|
||||||
- O - automatic op and allows using op/deop on yourself
|
- O - automatic op and allows using op/deop on yourself
|
||||||
- R - allows using recover, sync and clear commands
|
- R - allows using recover, sync and clear commands
|
||||||
- recover - deop everyone, remove key, invite yourself, add ban
|
- recover - deop everyone, remove key, invite yourself, add ban exception on
|
||||||
exception on yourself, unban yourself, set modes +im (invite-only,
|
yourself, unban yourself, set modes +im (invite-only, only voiced users can
|
||||||
only voiced users can talk), op yourself and other fun...
|
talk), op yourself and other fun...
|
||||||
- sync - sync the channel according to access list
|
- sync - sync the channel according to access list
|
||||||
- clear - allows clearing akicks (+b flags), bans, flags, users
|
- clear - allows clearing akicks (+b flags), bans, flags, users (=kick
|
||||||
(=kick everyone)
|
everyone)
|
||||||
- a - allows using protect/deprotect commands
|
- a - allows using protect/deprotect commands
|
||||||
- protect is sometimes also known as admin and is higher than op, but
|
- protect is sometimes also known as admin and is higher than op, but lower
|
||||||
lower than owner/founder. Combine with +O to make it automatic.
|
than owner/founder. Combine with +O to make it automatic.
|
||||||
|
|
||||||
So you don't want to accidentally confuse different letters. `+VHO` aren't
|
So you don't want to accidentally confuse different letters. `+VHO` aren't so
|
||||||
so dangerous and you can freely set them, but avoid confusing +r and +R and
|
dangerous and you can freely set them, but avoid confusing +r and +R and
|
||||||
avoiding confusing +A and +a can also be a good idea.
|
avoiding confusing +A and +a can also be a good idea.
|
||||||
|
|
||||||
## One last note
|
## One last note
|
||||||
|
|
||||||
`$oper` matches everyone who is opered and requires Atheme to have
|
`$oper` matches everyone who is opered and requires Atheme to have exttarget
|
||||||
exttarget $oper loaded. Some other networks use different ways to add opers
|
$oper loaded. Some other networks use different ways to add opers to be on
|
||||||
to be on access list.
|
access list.
|
||||||
|
@ -12,55 +12,59 @@ redirect_from:
|
|||||||
|
|
||||||
**TL;DR: if you don't verify SSL certificates, don't use SSL!**
|
**TL;DR: if you don't verify SSL certificates, don't use SSL!**
|
||||||
|
|
||||||
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple
|
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple improvements
|
||||||
improvements such as taking IP addresses from round-robins randomly instead
|
such as taking IP addresses from round-robins randomly instead of always
|
||||||
of always resolving them into same IP and most notably it actually verifies
|
resolving them into same IP and most notably it actually verifies SSL
|
||||||
SSL certificates.
|
certificates.
|
||||||
|
|
||||||
- [Changelog](https://wiki.znc.in/ChangeLog/1.6.0)
|
- [Changelog](https://wiki.znc.in/ChangeLog/1.6.0)
|
||||||
|
|
||||||
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which
|
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which would
|
||||||
would be stupid, but sadly
|
be stupid, but sadly
|
||||||
[Quakenet is right about most of people just accepting certificates blindly](https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless)
|
[Quakenet is right about most of people just accepting certificates blindly](https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless)
|
||||||
as people are asking how to disable the SSL certificate verification on
|
as people are asking how to disable the SSL certificate verification on \#znc a
|
||||||
\#znc a lot.
|
lot.
|
||||||
|
|
||||||
Some people even wrote [a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
|
Some people even wrote
|
||||||
|
[a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
|
||||||
This isn't a good idea as patching ZNC can cause all kinds of issues as
|
This isn't a good idea as patching ZNC can cause all kinds of issues as
|
||||||
sometimes seen with zncstrap [1](https://github.com/ProjectFirrre/zncstrap/issues/16) [2](https://github.com/ProjectFirrre/zncstrap/issues/18) [3](https://github.com/znc/znc/issues/384).
|
sometimes seen with zncstrap
|
||||||
See also [contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
|
[1](https://github.com/ProjectFirrre/zncstrap/issues/16)
|
||||||
|
[2](https://github.com/ProjectFirrre/zncstrap/issues/18)
|
||||||
|
[3](https://github.com/znc/znc/issues/384). See also
|
||||||
|
[contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
|
||||||
|
|
||||||
I believe same policy should apply to patching ZNC as to config files,
|
I believe same policy should apply to patching ZNC as to config files, patch ZNC
|
||||||
patch ZNC or edit config file and you will forfeit all support.
|
or edit config file and you will forfeit all support.
|
||||||
|
|
||||||
## And to the subject
|
## And to the subject
|
||||||
|
|
||||||
If you don't verify SSL certificates, you only have a false sense of
|
If you don't verify SSL certificates, you only have a false sense of security as
|
||||||
security as you let anyone between your ZNC and the IRC network. This is
|
you let anyone between your ZNC and the IRC network. This is called as
|
||||||
called as [Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
|
[Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
|
||||||
There are also people asking for ZNC to trust the certificate for the
|
There are also people asking for ZNC to trust the certificate for the first time
|
||||||
first time and then be alerted if the certificate changes. What if the
|
and then be alerted if the certificate changes. What if the MITM is there during
|
||||||
MITM is there during your first connection attempt and then you are
|
your first connection attempt and then you are alerted when the real IRC server
|
||||||
alerted when the real IRC server gives you wrong certificate?
|
gives you wrong certificate?
|
||||||
|
|
||||||
## So what is the correct way?
|
## So what is the correct way?
|
||||||
|
|
||||||
- Check the website of your IRC network in case the fingerprints are
|
- Check the website of your IRC network in case the fingerprints are listed on
|
||||||
listed on their website.
|
their website.
|
||||||
- Try asking the operators of your IRC network somewhere else if you know
|
- Try asking the operators of your IRC network somewhere else if you know them
|
||||||
them (like another network or email).
|
(like another network or email).
|
||||||
- This might not be so recommended, but also check the fingerprints from
|
- This might not be so recommended, but also check the fingerprints from
|
||||||
multiple locations.
|
multiple locations.
|
||||||
|
|
||||||
> But the IRC network has hundreds of servers with different certificates!
|
> But the IRC network has hundreds of servers with different certificates!
|
||||||
|
|
||||||
In this case do what was recommened before ZNC 1.6.0, check some of the
|
In this case do what was recommened before ZNC 1.6.0, check some of the servers
|
||||||
servers that are geographically close to you and use them.
|
that are geographically close to you and use them.
|
||||||
|
|
||||||
## Checking the fingerprint from multiple locations
|
## Checking the fingerprint from multiple locations
|
||||||
|
|
||||||
I have shell function (which you can find later on this page) which I run
|
I have shell function (which you can find later on this page) which I run from
|
||||||
from multiple places:
|
multiple places:
|
||||||
|
|
||||||
- my home, Kotka, Finland
|
- my home, Kotka, Finland
|
||||||
- [Kapsi (shell)](https://www.kapsi.fi/english.html), somewhere in Finland
|
- [Kapsi (shell)](https://www.kapsi.fi/english.html), somewhere in Finland
|
||||||
@ -83,36 +87,34 @@ serversslcertfp() {
|
|||||||
```
|
```
|
||||||
|
|
||||||
I hope this article has helped you to understand the issues with blindly
|
I hope this article has helped you to understand the issues with blindly
|
||||||
accepting SSL certificates or at least to understand that _if you don't
|
accepting SSL certificates or at least to understand that _if you don't want to
|
||||||
want to verify SSL certificates, don't use SSL._
|
verify SSL certificates, don't use SSL._
|
||||||
|
|
||||||
- _Updated on 2015-02-26 10:43Z: just use environment variables in the
|
- _Updated on 2015-02-26 10:43Z: just use environment variables in the function
|
||||||
function like suggested by @DarthGandalf on \#znc._
|
like suggested by @DarthGandalf on \#znc._
|
||||||
|
|
||||||
## I am asked to verify fingerprint for network with valid certificate
|
## I am asked to verify fingerprint for network with valid certificate
|
||||||
|
|
||||||
_Added on 2015-09-03. 4. added on 2016-01-26._
|
_Added on 2015-09-03. 4. added on 2016-01-26._
|
||||||
|
|
||||||
There are usually four causes for this. Lets use liberachat as example
|
There are usually four causes for this. Lets use liberachat as example network.
|
||||||
network.
|
|
||||||
|
|
||||||
1. You don't have the `ca-certificates` package installed (`ca_root_nss`
|
1. You don't have the `ca-certificates` package installed (`ca_root_nss` on
|
||||||
on FreeBSD), so your system trusts no certificate authority. Install it
|
FreeBSD), so your system trusts no certificate authority. Install it and try
|
||||||
and try again.
|
again.
|
||||||
2. You are connecting to wrong address. liberachat's certificate is valid for
|
2. You are connecting to wrong address. liberachat's certificate is valid for
|
||||||
\*.libera.chat, but there are CNAMEs pointing there. If you connect to
|
\*.libera.chat, but there are CNAMEs pointing there. If you connect to CNAME
|
||||||
CNAME and the certificate isn't valid for that CNAME, the certificate
|
and the certificate isn't valid for that CNAME, the certificate is invalid.
|
||||||
is invalid.
|
|
||||||
- You should always connect to `irc.libera.chat`.
|
- You should always connect to `irc.libera.chat`.
|
||||||
3. There is MITM which is unlikely, but unlikely is not impossible.
|
3. There is MITM which is unlikely, but unlikely is not impossible. Validating
|
||||||
Validating the certificates either by trusted certificates or verifying
|
the certificates either by trusted certificates or verifying the fingerprints
|
||||||
the fingerprints securely manually protect you from this. If MITM is the
|
securely manually protect you from this. If MITM is the case, you shouldn't
|
||||||
case, you shouldn't connect.
|
connect.
|
||||||
4. You have `ca-certificates` installed, but the remote certificate is
|
4. You have `ca-certificates` installed, but the remote certificate is signed by
|
||||||
signed by CA that is not included in it. You could try installing
|
CA that is not included in it. You could try installing system updates in
|
||||||
system updates in case `ca-certificates` have been updated or you will
|
case `ca-certificates` have been updated or you will have to treat the
|
||||||
have to treat the certificate as invalid until ZNC starts supporting
|
certificate as invalid until ZNC starts supporting it's own CA storage. See
|
||||||
it's own CA storage. See (and comment if you encounter this)
|
(and comment if you encounter this)
|
||||||
[znc/znc#909](https://github.com/znc/znc/issues/909).
|
[znc/znc#909](https://github.com/znc/znc/issues/909).
|
||||||
|
|
||||||
---
|
---
|
||||||
@ -121,13 +123,14 @@ Section added on 2018-11-10: I have started using the new option to allow
|
|||||||
invalid SSL certificates in some cases as this post is only written with
|
invalid SSL certificates in some cases as this post is only written with
|
||||||
clearnet in mind.
|
clearnet in mind.
|
||||||
|
|
||||||
I am on some networks over Yggdrasil or Cjdns which already have E2EE like
|
I am on some networks over Yggdrasil or Cjdns which already have E2EE like Tor
|
||||||
Tor hidden services so as long as they are accessed directly, all benefits
|
hidden services so as long as they are accessed directly, all benefits of TLS
|
||||||
of TLS are there already and TLS certificates are an additional burden as
|
are there already and TLS certificates are an additional burden as with
|
||||||
with LetsEncrypt they will change often and LetsEncrypt doesn't support
|
LetsEncrypt they will change often and LetsEncrypt doesn't support any network I
|
||||||
any network I mentioned.
|
mentioned.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
_As I seem to be updating this page more than I originally thought I should
|
_As I seem to be updating this page more than I originally thought I should
|
||||||
probably add [this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_
|
probably add
|
||||||
|
[this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_
|
||||||
|
@ -9,33 +9,32 @@ tags: [irc, english]
|
|||||||
redirect_from: /english/2015/03/18/nodcc.html
|
redirect_from: /english/2015/03/18/nodcc.html
|
||||||
---
|
---
|
||||||
|
|
||||||
DCC was way to send files and chat without having IRC server in the
|
DCC was way to send files and chat without having IRC server in the between.
|
||||||
between. It's not very common nowadays and what is done nowadays is
|
It's not very common nowadays and what is done nowadays is uploading images etc.
|
||||||
uploading images etc. to social media services or web servers or using
|
to social media services or web servers or using other file transfer protocols.
|
||||||
other file transfer protocols.
|
|
||||||
|
|
||||||
Here are some reasons to not use it:
|
Here are some reasons to not use it:
|
||||||
|
|
||||||
- There is no proper standard or if there is, no one follows it, all
|
- There is no proper standard or if there is, no one follows it, all clients
|
||||||
clients speak their own dialects and may be unable to communicate with
|
speak their own dialects and may be unable to communicate with other clients.
|
||||||
other clients. Not all clients even implement the same features.
|
Not all clients even implement the same features.
|
||||||
- NAT and firewalls break it
|
- NAT and firewalls break it
|
||||||
- As DCC requires port on sending/hosting side, it must be opened in
|
- As DCC requires port on sending/hosting side, it must be opened in firewall
|
||||||
firewall and if there is NAT which there is in most of situations
|
and if there is NAT which there is in most of situations nowadays, the port
|
||||||
nowadays, the port must be forwarded. Most of average users have
|
must be forwarded. Most of average users have no idea how to do the latter
|
||||||
no idea how to do the latter if even the first.
|
if even the first.
|
||||||
- The only place where most of people see it is spam. The only thing lately
|
- The only place where most of people see it is spam. The only thing lately
|
||||||
where people have seen is two attacks which @grawity has documented
|
where people have seen is two attacks which @grawity has documented
|
||||||
[here](https://nullroute.eu.org/~grawity/dcc.html)
|
[here](https://nullroute.eu.org/~grawity/dcc.html)
|
||||||
|
|
||||||
## Disabling DCC
|
## Disabling DCC
|
||||||
|
|
||||||
This depends on your client and I am only able to give instructions for
|
This depends on your client and I am only able to give instructions for three:
|
||||||
three:
|
|
||||||
|
|
||||||
- WeeChat: "`/plugin unload xfer`" and "`/set weechat.plugin.autoload *,!xfer`"
|
- WeeChat: "`/plugin unload xfer`" and "`/set weechat.plugin.autoload *,!xfer`"
|
||||||
- The option in second command can be also be used to not automatically
|
- The option in second command can be also be used to not automatically load
|
||||||
load other plugins, I personally use `/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
|
other plugins, I personally use
|
||||||
|
`/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
|
||||||
The `*,!xfer` simply means load everything else than xfer.
|
The `*,!xfer` simply means load everything else than xfer.
|
||||||
- HexChat: "`/ignore *!*@* DCC`"
|
- HexChat: "`/ignore *!*@* DCC`"
|
||||||
- ZNC & clients behind it: "`/znc *controlpanel addctcp $me DCC`"
|
- ZNC & clients behind it: "`/znc *controlpanel addctcp $me DCC`"
|
||||||
|
@ -14,78 +14,72 @@ A little on my life currently
|
|||||||
|
|
||||||
**TRIGGER WARNING: suicide, school bullying, transphobia**
|
**TRIGGER WARNING: suicide, school bullying, transphobia**
|
||||||
|
|
||||||
I am 19 years old trans woman who also has Asperger's syndrome
|
I am 19 years old trans woman who also has Asperger's syndrome studying <s>for
|
||||||
studying <s>for vocational qualification in business information
|
vocational qualification in business information technology</s> or would be
|
||||||
technology</s> or would be studying if there wasn't one "small bullying
|
studying if there wasn't one "small bullying issue." I haven't been at
|
||||||
issue." I haven't been at
|
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for month
|
||||||
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for
|
and more.
|
||||||
month and more.
|
|
||||||
|
|
||||||
It started some time ago when I went there and it was mainly in three
|
It started some time ago when I went there and it was mainly in three events on
|
||||||
events on different days:
|
different days:
|
||||||
|
|
||||||
- Coming from school canteen someone said "hi Mikaela, you are beautiful"
|
- Coming from school canteen someone said "hi Mikaela, you are beautiful" in one
|
||||||
in one boy group where I have no idea who said it or who they even are.
|
boy group where I have no idea who said it or who they even are.
|
||||||
- Going to school canteen someone of the same group said "hi" and I replied
|
- Going to school canteen someone of the same group said "hi" and I replied "hi"
|
||||||
"hi" and I got third reply imitating my horrible masculine voice.
|
and I got third reply imitating my horrible masculine voice.
|
||||||
- The last time going to school canteen I went to nearby bathroom to
|
- The last time going to school canteen I went to nearby bathroom to \<if I
|
||||||
\<if I understood correctly, trans people do so horrible things in
|
understood correctly, trans people do so horrible things in bahtroom that I
|
||||||
bahtroom that I cannot write it here :P\> and I heard my name being
|
cannot write it here :P\> and I heard my name being shouted there multiple
|
||||||
shouted there multiple times. When I leeft it and went to canteen, I
|
times. When I leeft it and went to canteen, I just ignored them and went to
|
||||||
just ignored them and went to canteen normally and heard them shouting
|
canteen normally and heard them shouting after me "ONKO SULLA MUNAT!" which in
|
||||||
after me "ONKO SULLA MUNAT!" which in spoken (Finnish) language
|
spoken (Finnish) language translates to "DO YOU HAVE TESTICLES?".
|
||||||
translates to "DO YOU HAVE TESTICLES?".
|
|
||||||
|
|
||||||
I informed this to school social worker and two teachers, but then I
|
I informed this to school social worker and two teachers, but then I learned
|
||||||
learned that the school is unable to do anything as I have no idea who
|
that the school is unable to do anything as I have no idea who the people are
|
||||||
the people are (what class or names). I was one day away and on then went
|
(what class or names). I was one day away and on then went back for some time
|
||||||
back for some time and got more and more anxious and stressful on what
|
and got more and more anxious and stressful on what if I saw the people
|
||||||
if I saw the people somewhere or if they walke to canteen using the side
|
somewhere or if they walke to canteen using the side door that I had been using.
|
||||||
door that I had been using. Since then I have been unable to go anywhere
|
Since then I have been unable to go anywhere near Hamina.
|
||||||
near Hamina.
|
|
||||||
|
|
||||||
There was one exception where I had scheduler appointment with the school
|
There was one exception where I had scheduler appointment with the school social
|
||||||
social worker and I went there with my mother, but the school social
|
worker and I went there with my mother, but the school social worker was away
|
||||||
worker was away with label on the door saying "if you had scheduled
|
with label on the door saying "if you had scheduled appointment, please contact
|
||||||
appointment, please contact me using Wilma (place to message teachers
|
me using Wilma (place to message teachers etc.)" so we wasted time 50 minutes
|
||||||
etc.)" so we wasted time 50 minutes per trip from [Kotka] to [Hamina] and
|
per trip from [Kotka] to [Hamina] and [Hamina] to [Kotka].
|
||||||
[Hamina] to [Kotka].
|
|
||||||
|
|
||||||
[kotka]: https://www.kotka.fi/en/residents
|
[kotka]: https://www.kotka.fi/en/residents
|
||||||
[hamina]: https://hamina.fi/en/
|
[hamina]: https://hamina.fi/en/
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
_Update:
|
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||||
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
|
||||||
|
|
||||||
I would graduate in summer without this issue and the only thing I have
|
I would graduate in summer without this issue and the only thing I have missing
|
||||||
missing is work training. As I don't have work training place I was doing
|
is work training. As I don't have work training place I was doing it at school
|
||||||
it at school with some other students until the bullying started.
|
with some other students until the bullying started.
|
||||||
|
|
||||||
The work training didn't went too well as it felt like it was as far
|
The work training didn't went too well as it felt like it was as far from real
|
||||||
from real work environment as possible, teacher giving some tasks that are
|
work environment as possible, teacher giving some tasks that are done in maybe
|
||||||
done in maybe 15 minutes and rest of time other people just playing games
|
15 minutes and rest of time other people just playing games and drinking energy
|
||||||
and drinking energy drinks.
|
drinks.
|
||||||
|
|
||||||
There is also another issue, me being scared of real work environment, but
|
There is also another issue, me being scared of real work environment, but
|
||||||
nothing can be done to it now and the fear will just be moved to trouble
|
nothing can be done to it now and the fear will just be moved to trouble either
|
||||||
either my next school that I have thought to be
|
my next school that I have thought to be [KyUAS](https://www.kyamk.fi/Frontpage)
|
||||||
[KyUAS](https://www.kyamk.fi/Frontpage) (but it seems likely that I will
|
(but it seems likely that I will try to get to [Helsinki] or [Jyväskylä] and
|
||||||
try to get to [Helsinki] or [Jyväskylä] and study there as people have
|
study there as people have offered to help me find apartment either from there)
|
||||||
offered to help me find apartment either from there) or anywhere where I
|
or anywhere where I will work in the future if I ever will.
|
||||||
will work in the future if I ever will.
|
|
||||||
|
|
||||||
[helsinki]: https://www.hel.fi/www/helsinki/en
|
[helsinki]: https://www.hel.fi/www/helsinki/en
|
||||||
[jyväskylä]: https://www.hel.fi/www/helsinki/en
|
[jyväskylä]: https://www.hel.fi/www/helsinki/en
|
||||||
|
|
||||||
The school also offered to also give remote tasks, but it was too late and
|
The school also offered to also give remote tasks, but it was too late and I
|
||||||
I don't feel like I can do anything anymore as the school hasn't done
|
don't feel like I can do anything anymore as the school hasn't done anything to
|
||||||
anything to help the situation.
|
help the situation.
|
||||||
|
|
||||||
How does this affect me? As people say, bullying leaves eternal scars and I
|
How does this affect me? As people say, bullying leaves eternal scars and I am
|
||||||
am not someone who could stay away from school just for fun, I have talked
|
not someone who could stay away from school just for fun, I have talked about
|
||||||
about suicide daily and I have also just been talked out of it for the
|
suicide daily and I have also just been talked out of it for the second time in
|
||||||
second time in two days. I don't believe I can live like this forever.
|
two days. I don't believe I can live like this forever.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -9,25 +9,26 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Or why am I using umode -iI and thus showing all channels that I am on at
|
_Or why am I using umode -iI and thus showing all channels that I am on at IRC?
|
||||||
IRC? So you can find channels that may interest you if we have similar
|
So you can find channels that may interest you if we have similar interests._
|
||||||
interests._
|
|
||||||
|
|
||||||
People ask this question from me a lot, often the same people as they don't
|
People ask this question from me a lot, often the same people as they don't
|
||||||
remember my answer.
|
remember my answer.
|
||||||
|
|
||||||
I am in umode -iI which shows the channels that I am on so if you think
|
I am in umode -iI which shows the channels that I am on so if you think that I
|
||||||
that I seem sane or interesting or whatever person and feel like you have
|
seem sane or interesting or whatever person and feel like you have similar
|
||||||
similar interests, you can simply `/whois Mikaela` to see the public
|
interests, you can simply `/whois Mikaela` to see the public channels that I am
|
||||||
channels that I am on and join if you see anything interesting.
|
on and join if you see anything interesting.
|
||||||
|
|
||||||
But what about the trolls? I haven't had many trolls following me around
|
But what about the trolls? I haven't had many trolls following me around and if
|
||||||
and if that happens to you, you can simply send logs to network operators
|
that happens to you, you can simply send logs to network operators and if they
|
||||||
and if they are good opers, they will take action.
|
are good opers, they will take action.
|
||||||
|
|
||||||
**_This section on (un)setting umodes was broken and moved [here]({% post_url blog/2015-06-03-setting-umodes %})_**
|
**_This section on (un)setting umodes was broken and moved
|
||||||
|
[here]({% post_url blog/2015-06-03-setting-umodes %})_**
|
||||||
|
|
||||||
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding
|
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding all
|
||||||
all channels from whois depending on the modules loaded and IRCd config._
|
channels from whois depending on the modules loaded and IRCd config._
|
||||||
|
|
||||||
_Update on 2015-06-03: setting/unsetting umodes moved [here]({% post_url blog/2015-06-03-setting-umodes %})._
|
_Update on 2015-06-03: setting/unsetting umodes moved
|
||||||
|
[here]({% post_url blog/2015-06-03-setting-umodes %})._
|
||||||
|
@ -14,8 +14,8 @@ redirect_from:
|
|||||||
This seems to confuse many WeeChat users, so I will try to explain it more
|
This seems to confuse many WeeChat users, so I will try to explain it more
|
||||||
simply as I am repeating myself everywhere about this same thing.
|
simply as I am repeating myself everywhere about this same thing.
|
||||||
|
|
||||||
SASL is mechanism for identifying to services at IRC automatically even
|
SASL is mechanism for identifying to services at IRC automatically even before
|
||||||
before you are visible to the network.
|
you are visible to the network.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -25,10 +25,10 @@ First set mechanism as plain if you have it as anything else.
|
|||||||
/set irc.server_default.sasl_mechanism PLAIN
|
/set irc.server_default.sasl_mechanism PLAIN
|
||||||
```
|
```
|
||||||
|
|
||||||
PLAIN is simple "login using username and password" mechanism that sends
|
PLAIN is simple "login using username and password" mechanism that sends the
|
||||||
the username and password in plaintext which isn't an issue if you also use
|
username and password in plaintext which isn't an issue if you also use SSL
|
||||||
SSL (like you should) and trust the server (and
|
(like you should) and trust the server (and **use different password
|
||||||
**use different password everywhere**).
|
everywhere**).
|
||||||
|
|
||||||
Then simply set your username and password
|
Then simply set your username and password
|
||||||
|
|
||||||
@ -39,11 +39,11 @@ Then simply set your username and password
|
|||||||
/save
|
/save
|
||||||
```
|
```
|
||||||
|
|
||||||
_Replace NETWORK with the name of network that you have in WeeChat, for
|
_Replace NETWORK with the name of network that you have in WeeChat, for example
|
||||||
example `liberachat`._
|
`liberachat`._
|
||||||
|
|
||||||
And now after `/reconnect` you should be identified automatically using
|
And now after `/reconnect` you should be identified automatically using SASL,
|
||||||
SASL, but you might also ensure that you use SSL.
|
but you might also ensure that you use SSL.
|
||||||
|
|
||||||
## Using SSL
|
## Using SSL
|
||||||
|
|
||||||
@ -62,10 +62,9 @@ _6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194)._
|
|||||||
liberachat has valid SSL certificate, but if it didn't, you would have two
|
liberachat has valid SSL certificate, but if it didn't, you would have two
|
||||||
choises:
|
choises:
|
||||||
|
|
||||||
1. Trust the fingerprints manually using
|
1. Trust the fingerprints manually using `irc.server.NETWORK.ssl_fingerprint`,
|
||||||
`irc.server.NETWORK.ssl_fingerprint`, see [this post].
|
see [this post].
|
||||||
2. Disable SSL certificate checking using
|
2. Disable SSL certificate checking using
|
||||||
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
|
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see [this post].
|
||||||
[this post].
|
|
||||||
|
|
||||||
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}
|
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}
|
||||||
|
@ -14,54 +14,53 @@ robots: noai
|
|||||||
_Why I think that you should keep the ops opped instead of following
|
_Why I think that you should keep the ops opped instead of following
|
||||||
LiberaChat's recommendations._
|
LiberaChat's recommendations._
|
||||||
|
|
||||||
Is there an issue with your IRC channel needing op attention? Without
|
Is there an issue with your IRC channel needing op attention? Without having ops
|
||||||
having ops visible, your users will very likely go to the network support
|
visible, your users will very likely go to the network support channel instead
|
||||||
channel instead of informing you or your ops.
|
of informing you or your ops.
|
||||||
|
|
||||||
Without ops being visible, who are ops or how to alert them?
|
Without ops being visible, who are ops or how to alert them?
|
||||||
|
|
||||||
- `/msg chanserv flags #channel`
|
- `/msg chanserv flags #channel`
|
||||||
- requires whoising all ops to see if they are present
|
- requires whoising all ops to see if they are present
|
||||||
- idle time gets reset by CTCP replies, OTR and possibly other
|
- idle time gets reset by CTCP replies, OTR and possibly other things.
|
||||||
things. LiberaChat staffers may also base their judgement on are
|
LiberaChat staffers may also base their judgement on are there ops present
|
||||||
there ops present to handle the issue on idletime of ops.
|
to handle the issue on idletime of ops.
|
||||||
- new users most likely have no idea on the command
|
- new users most likely have no idea on the command
|
||||||
- remote (=different server) whois is rate-limited
|
- remote (=different server) whois is rate-limited
|
||||||
- lists accountnames, not nicknames the people are actually using
|
- lists accountnames, not nicknames the people are actually using
|
||||||
- e.g. I have a less privileged account `Mikaela-`, but my Matrix
|
- e.g. I have a less privileged account `Mikaela-`, but my Matrix connection
|
||||||
connection is usually called `Michaela` which may not instantly connect
|
is usually called `Michaela` which may not instantly connect in people's
|
||||||
in people's minds. Ciblia which is one of my fallback usernames is
|
minds. Ciblia which is one of my fallback usernames is even further away
|
||||||
even further away from `Mikaela`.
|
from `Mikaela`.
|
||||||
- `/msg memoserv sendops #channel help! X is spamming`
|
- `/msg memoserv sendops #channel help! X is spamming`
|
||||||
- requires +A flag which isn't mostly given to everyone
|
- requires +A flag which isn't mostly given to everyone
|
||||||
- new users are unsure whether they have the flag if they even know
|
- new users are unsure whether they have the flag if they even know about
|
||||||
about existense of the flag or the MemoServ command.
|
existense of the flag or the MemoServ command.
|
||||||
|
|
||||||
There is also third commonly used method, having trigger word that either
|
There is also third commonly used method, having trigger word that either
|
||||||
highlights all the ops or makes bot PM or highlight the ops which again
|
highlights all the ops or makes bot PM or highlight the ops which again has it's
|
||||||
has it's own issues:
|
own issues:
|
||||||
|
|
||||||
- are the ops surely highlighting on it?
|
- are the ops surely highlighting on it?
|
||||||
- the users can be confused for not getting any kind of acknowledging to
|
- the users can be confused for not getting any kind of acknowledging to the
|
||||||
the triggerword without bot and possibly spam it even more
|
triggerword without bot and possibly spam it even more
|
||||||
- if the bot PMs the ops, what if they are on umode +g and miss the bot?
|
- if the bot PMs the ops, what if they are on umode +g and miss the bot?
|
||||||
- if the bot highlights all the ops, what if the ops automatically ignore
|
- if the bot highlights all the ops, what if the ops automatically ignore mass
|
||||||
mass highlights (multiple nicks highlighted on the same line)?
|
highlights (multiple nicks highlighted on the same line)?
|
||||||
- and again, are the users aware of the triggerword?
|
- and again, are the users aware of the triggerword?
|
||||||
- if you clearly document it on webpage of your channel, the users
|
- if you clearly document it on webpage of your channel, the users should be
|
||||||
should be aware of it, but what if they didn't bother to read it or
|
aware of it, but what if they didn't bother to read it or forgot it? Their
|
||||||
forgot it? Their fault probably, but your channel is having issues
|
fault probably, but your channel is having issues for longer time...
|
||||||
for longer time...
|
|
||||||
|
|
||||||
And there is also the issue of having to trust services or your bots.
|
And there is also the issue of having to trust services or your bots. What if
|
||||||
What if the services go down or netsplit and the same happens to your bot?
|
the services go down or netsplit and the same happens to your bot? You are out
|
||||||
You are out of luck unless you had the ops opped in which case the outage
|
of luck unless you had the ops opped in which case the outage doesn't affect you
|
||||||
doesn't affect you that much at all.
|
that much at all.
|
||||||
|
|
||||||
Counter argument: if ops are shown on a support channel, that can make
|
Counter argument: if ops are shown on a support channel, that can make people
|
||||||
people new to IRC ping them about everything instead of asking in the
|
new to IRC ping them about everything instead of asking in the channel in
|
||||||
channel in gneral. I think it's up to the channel operators to decide how
|
gneral. I think it's up to the channel operators to decide how much that weights
|
||||||
much that weights and can the new users be educated without much effort.
|
and can the new users be educated without much effort.
|
||||||
|
|
||||||
## Fixing LiberaChat
|
## Fixing LiberaChat
|
||||||
|
|
||||||
@ -74,18 +73,19 @@ Tell ChanServ the following three commands:
|
|||||||
```
|
```
|
||||||
|
|
||||||
The ! means "add these flags to everyone who currently matches the template
|
The ! means "add these flags to everyone who currently matches the template
|
||||||
exactly" so when you do this everyone who you have made xOP with
|
exactly" so when you do this everyone who you have made xOP with `/msg chanserv
|
||||||
`/msg chanserv someone xOP" gets opped or voiced automatically.<br/>
|
someone xOP" gets opped or voiced automatically.<br/> _Note: templates including
|
||||||
_Note: templates including F (founder) are not automatically updated even
|
F (founder) are not automatically updated even with the !._
|
||||||
with the !._
|
|
||||||
|
|
||||||
Alternatively if you have been setting flags manually use
|
Alternatively if you have been setting flags manually use
|
||||||
`/msg chanserv flags #channel someone +O` to automatically op them. You
|
`/msg chanserv flags #channel someone +O` to automatically op them. You must
|
||||||
must also do this to yourself if you are channel founder, for auto-voicing
|
also do this to yourself if you are channel founder, for auto-voicing use +V.
|
||||||
use +V. _Note: +o allows you to manually op/deop anyone, +v is the same,
|
_Note: +o allows you to manually op/deop anyone, +v is the same, but for voice,
|
||||||
but for voice, so don't confuse the casing._
|
so don't confuse the casing._
|
||||||
|
|
||||||
Changelog:
|
Changelog:
|
||||||
|
|
||||||
- Part 1: https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
|
- Part 1:
|
||||||
- Part 2: https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md
|
https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
|
||||||
|
- Part 2:
|
||||||
|
https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md
|
||||||
|
@ -12,39 +12,37 @@ redirect_from: /finnish/2015/04/01/saasta.html
|
|||||||
|
|
||||||
> Minun pitäisi kai myös antaa jonkinlainen mielipide.
|
> Minun pitäisi kai myös antaa jonkinlainen mielipide.
|
||||||
>
|
>
|
||||||
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua
|
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua asioita,
|
||||||
> asioita, mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja
|
> mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja kai tälle
|
||||||
> kai tälle sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut
|
> sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut käytettyä,
|
||||||
> käytettyä, mutta luulen että joskus loukkaantuneena olen käyttänyt,
|
> mutta luulen että joskus loukkaantuneena olen käyttänyt, en muista enempää ja
|
||||||
> en muista enempää ja minulla ei muisti ole toiminut viimeaikoina.
|
> minulla ei muisti ole toiminut viimeaikoina.
|
||||||
>
|
>
|
||||||
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin
|
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin yhä
|
||||||
> yhä koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti
|
> koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti kuvaa...
|
||||||
> kuvaa... Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi
|
> Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi Nimi, olet
|
||||||
> Nimi, olet kaunis", seuraavalla kerralla "moi" ja pilkattu
|
> kaunis", seuraavalla kerralla "moi" ja pilkattu maskuliinista ääntäni ja
|
||||||
> maskuliinista ääntäni ja kolmannella kerralla en ole saanut käydä
|
> kolmannella kerralla en ole saanut käydä vessassa rauhassa vaan nimeäni
|
||||||
> vessassa rauhassa vaan nimeäni huudettiin ja kun en kiinnittänyt niihin
|
> huudettiin ja kun en kiinnittänyt niihin minkäänlaista huomiota ne huusivat
|
||||||
> minkäänlaista huomiota ne huusivat perääni onko minulla munat.
|
> perääni onko minulla munat. No kouluhan ei luonnollisesti voi tehdä yhtikäs
|
||||||
> No kouluhan ei luonnollisesti voi tehdä yhtikäs mitään, koska en ole cis,
|
> mitään, koska en ole cis, enkä neurotyypillinen eli minä olen vain kotona
|
||||||
> enkä neurotyypillinen eli minä olen vain kotona ollut kuukauden ja
|
> ollut kuukauden ja varmaan päivittäin puhunut itsemurhasta.
|
||||||
> varmaan päivittäin puhunut itsemurhasta.
|
|
||||||
>
|
>
|
||||||
> Olenhan minä kai myös huono ihminen, koska olen riidoissa kaikkien kanssa
|
> Olenhan minä kai myös huono ihminen, koska olen riidoissa kaikkien kanssa
|
||||||
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain
|
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain toivon,
|
||||||
> toivon, että olisin cistyttö ja neurotyypillinen ja, että joku voisi
|
> että olisin cistyttö ja neurotyypillinen ja, että joku voisi joskus rakastaa
|
||||||
> joskus rakastaa minua. En tiedä onko ulkona oleminen minulle paras
|
> minua. En tiedä onko ulkona oleminen minulle paras vaihtoehto, mutta en voi
|
||||||
> vaihtoehto, mutta en voi muutakaan ja ehkä se auttaa jotakuta edes vähän,
|
> muutakaan ja ehkä se auttaa jotakuta edes vähän, vaikka en koskaan kuulisi
|
||||||
> vaikka en koskaan kuulisi koko henkilöstä mitään ja minä yritän tehdä
|
> koko henkilöstä mitään ja minä yritän tehdä minkä voin, vaikka mikään ei
|
||||||
> minkä voin, vaikka mikään ei onnistukaan ja teen ja sanon kaiken aina
|
> onnistukaan ja teen ja sanon kaiken aina väärin.
|
||||||
> väärin.
|
|
||||||
>
|
>
|
||||||
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti
|
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti jossakin
|
||||||
> jossakin tapetaan trans-henkilö, etenkin trans woman of colour
|
> tapetaan trans-henkilö, etenkin trans woman of colour (en uskalla kääntää tätä
|
||||||
> (en uskalla kääntää tätä suomeksi) ja joka puolella säädetään erilaisia
|
> suomeksi) ja joka puolella säädetään erilaisia LGBTIQ+ vastaisia lakeja ja nyt
|
||||||
> LGBTIQ+ vastaisia lakeja ja nyt on ollut noista vessoista paljon puhetta.
|
> on ollut noista vessoista paljon puhetta. Tästä asiasta vain ei ole
|
||||||
> Tästä asiasta vain ei ole mahdollista saada lepoa.
|
> mahdollista saada lepoa.
|
||||||
>
|
>
|
||||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
|
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
|
||||||
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||||
|
|
||||||
-- Facebook-kommentti
|
-- Facebook-kommentti
|
||||||
|
@ -12,41 +12,39 @@ redirect_from: /english/2015/04/03/scum.html
|
|||||||
|
|
||||||
> I should probably also say some kind of opinion.
|
> I should probably also say some kind of opinion.
|
||||||
|
|
||||||
> I don't like calling anyone names and I think it would be best to just
|
> I don't like calling anyone names and I think it would be best to just talk
|
||||||
> talk about things, but there are always people who don't listen or
|
> about things, but there are always people who don't listen or want to
|
||||||
> want to understand and maybe this word has it's usage, I haven't used it
|
> understand and maybe this word has it's usage, I haven't used it much, but I
|
||||||
> much, but I think that I might have used it sometime when upset, but
|
> think that I might have used it sometime when upset, but I don't remember more
|
||||||
> I don't remember more and my memory hasn't worked lately.
|
> and my memory hasn't worked lately.
|
||||||
>
|
>
|
||||||
> Of course it can probably be thought that if I was more attacking,
|
> Of course it can probably be thought that if I was more attacking, I might
|
||||||
> I might still be at school unlike the people there whom this word
|
> still be at school unlike the people there whom this word possibly
|
||||||
> possibly describes... Shortly, first time they said "hi Name, you are
|
> describes... Shortly, first time they said "hi Name, you are beautiful", next
|
||||||
> beautiful", next time "hi" and mocked my masculine voice and the third
|
> time "hi" and mocked my masculine voice and the third time I couldn't even use
|
||||||
> time I couldn't even use bathroom in peace, my name was shouted and
|
> bathroom in peace, my name was shouted and when I ignored them and didn't look
|
||||||
> when I ignored them and didn't look them at all, they shouted after me
|
> them at all, they shouted after me if I have \<male genitalia\>. School
|
||||||
> if I have \<male genitalia\>. School naturally cannot do anything at
|
> naturally cannot do anything at all, because I am not cis or neurotypical so I
|
||||||
> all, because I am not cis or neurotypical so I have just been at home
|
> have just been at home for month and talked about suicide possibly daily.
|
||||||
> for month and talked about suicide possibly daily.
|
|
||||||
>
|
>
|
||||||
> I am probably bad human, because I am in disputes with everyone
|
> I am probably bad human, because I am in disputes with everyone everywhere and
|
||||||
> everywhere and I am not good trans either, because I only wish that I
|
> I am not good trans either, because I only wish that I was cis girl and
|
||||||
> was cis girl and neurotypical and that someone could love me some day. I
|
> neurotypical and that someone could love me some day. I don't know if being
|
||||||
> don't know if being out is the best possible choise for me, but I don't
|
> out is the best possible choise for me, but I don't have a choice and maybe it
|
||||||
> have a choice and maybe it will help someone even if I never heard about
|
> will help someone even if I never heard about the person and I try to do
|
||||||
> the person and I try to do everything I can even if nothing ever succeeds
|
> everything I can even if nothing ever succeeds and I always do and say
|
||||||
> and I always do and say everything wrongly.
|
> everything wrongly.
|
||||||
>
|
>
|
||||||
> I am tired of this war which is always in these comments and continuosly
|
> I am tired of this war which is always in these comments and continuosly trans
|
||||||
> trans person is killed somewhere, especially trans woman of colour
|
> person is killed somewhere, especially trans woman of colour and everywhere
|
||||||
> and everywhere there are laws against LGBTIQ+ people and now there has
|
> there are laws against LGBTIQ+ people and now there has been aa lot talk about
|
||||||
> been aa lot talk about those bathrooms. It's just not possible to get
|
> those bathrooms. It's just not possible to get rest from this thing.
|
||||||
> rest from this thing.
|
|
||||||
>
|
>
|
||||||
> (and I once again managed to talk offtopic most of the time, but as I
|
> (and I once again managed to talk offtopic most of the time, but as I wrote
|
||||||
> wrote this, maybe I must also send this)
|
> this, maybe I must also send this)
|
||||||
>
|
>
|
||||||
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
|
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
|
||||||
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
|
||||||
|
|
||||||
-- Facebook comment
|
-- Facebook comment
|
||||||
|
|
||||||
|
@ -15,71 +15,78 @@ robots: noai
|
|||||||
_IRC over TLS is not pointless unless you only worry about things that you
|
_IRC over TLS is not pointless unless you only worry about things that you
|
||||||
cannot affect at all. SSL is pointless, because of [POODLE]._
|
cannot affect at all. SSL is pointless, because of [POODLE]._
|
||||||
|
|
||||||
I use IRC over TLS on all networks that support it (=other than IRCnet)
|
I use IRC over TLS on all networks that support it (=other than IRCnet) and I
|
||||||
and I also [verify the certificates]. TLS is used
|
also [verify the certificates]. TLS is used
|
||||||
|
|
||||||
_Update on 2015-06-18: I was told that IRCnet does have SSL on
|
_Update on 2015-06-18: I was told that IRCnet does have SSL on
|
||||||
ssl.irc.atw-inter.net and ssl.rfc1459.ca, but server links are mostly
|
ssl.irc.atw-inter.net and ssl.rfc1459.ca, but server links are mostly
|
||||||
unencrypted. I am not able to use those though as Finnish channels are
|
unencrypted. I am not able to use those though as Finnish channels are mostly
|
||||||
mostly stupid and letting people only in from Finnish servers._
|
stupid and letting people only in from Finnish servers._
|
||||||
|
|
||||||
- between my client and bouncer
|
- between my client and bouncer
|
||||||
- when they both are on localhost it's not used and my bouncer only
|
- when they both are on localhost it's not used and my bouncer only listens
|
||||||
listens for plain text connections only on `127.0.0.1` and `::1`.
|
for plain text connections only on `127.0.0.1` and `::1`.
|
||||||
- between my bouncer and IRCd
|
- between my bouncer and IRCd
|
||||||
|
|
||||||
These are the points that I can affect. I cannot do anything to server
|
These are the points that I can affect. I cannot do anything to server links
|
||||||
links other than hope that the network operators know what they are doing
|
other than hope that the network operators know what they are doing and use TLS.
|
||||||
and use TLS. I cannot affect whether other users use TLS or not or do they
|
I cannot affect whether other users use TLS or not or do they check the
|
||||||
check the certificates or blindly accept whatever they are offered.
|
certificates or blindly accept whatever they are offered.
|
||||||
|
|
||||||
As I use TLS everywhere where I can affect, I can be more sure that
|
As I use TLS everywhere where I can affect, I can be more sure that my
|
||||||
my discussions aren't so easily read on:
|
discussions aren't so easily read on:
|
||||||
|
|
||||||
- open WLAN
|
- open WLAN
|
||||||
- any router between me and the bouncer
|
- any router between me and the bouncer
|
||||||
- any router between bouncer and the IRC server
|
- any router between bouncer and the IRC server
|
||||||
|
|
||||||
And like everyone else says, you cannot be sure on the server links
|
And like everyone else says, you cannot be sure on the server links or other
|
||||||
or other people on the channels or queries. You can only make sure that
|
people on the channels or queries. You can only make sure that **you** are using
|
||||||
**you** are using TLS.
|
TLS.
|
||||||
|
|
||||||
One example where TLS is very helpful even if you have no idea whether
|
One example where TLS is very helpful even if you have no idea whether the other
|
||||||
the other people use SSL is passwords:
|
people use SSL is passwords:
|
||||||
|
|
||||||
- your NickServ password isn't in plain text between you and the IRC
|
- your NickServ password isn't in plain text between you and the IRC server, but
|
||||||
server, but you again cannot know if the IRC server sends it to other
|
you again cannot know if the IRC server sends it to other IRC server(s) in
|
||||||
IRC server(s) in plain text that are between the server where you are
|
plain text that are between the server where you are connected to and services
|
||||||
connected to and services server.
|
server.
|
||||||
- your /OPER password in case you are IRC operator. Imagine being on
|
- your /OPER password in case you are IRC operator. Imagine being on open WLAN
|
||||||
open WLAN or similar situation and transmitting your password in
|
or similar situation and transmitting your password in plain text and someone
|
||||||
plain text and someone else taking that password. What kind of "fun"
|
else taking that password. What kind of "fun" things they could do with it?
|
||||||
things they could do with it?
|
|
||||||
|
|
||||||
_Now you can move into reading why [IRC over SSL is pointless], [web.archive.org]..._
|
_Now you can move into reading why [IRC over SSL is pointless],
|
||||||
|
[web.archive.org]..._
|
||||||
|
|
||||||
[poodle]: https://en.wikipedia.org/wiki/POODLE
|
[poodle]: https://en.wikipedia.org/wiki/POODLE
|
||||||
|
|
||||||
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %}
|
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %} [IRC
|
||||||
[IRC over SSL is pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
over SSL
|
||||||
|
is
|
||||||
|
pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
||||||
[web.archive.org]:https://web.archive.org/web/20130425123002/http://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
[web.archive.org]:https://web.archive.org/web/20130425123002/http://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
||||||
|
|
||||||
## Addition: who is interested in my traffic?
|
## Addition: who is interested in my traffic?
|
||||||
|
|
||||||
- Finland - Security Police & Defence Forces
|
- Finland - Security Police & Defence Forces
|
||||||
- Currently law allowing Security Police and the Defence Forces to do
|
- Currently law allowing Security Police and the Defence Forces to do network
|
||||||
network monitoring without limitations is going to pass in the
|
monitoring without limitations is going to pass in the parlament.
|
||||||
parlament.
|
|
||||||
- Sweden - National Defence Radio Establishment & Security Police & Police
|
- Sweden - National Defence Radio Establishment & Security Police & Police
|
||||||
- Sweden has monitored all traffic going through them since 2008
|
- Sweden has monitored all traffic going through them since 2008 and most of
|
||||||
and most of Finnish traffic goes through them.
|
Finnish traffic goes through them.
|
||||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
|
- 2015-04-23
|
||||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
|
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
|
||||||
- 2015-04-23 (in Finnish) https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html / https://archive.is/iYrsl
|
- 2015-04-23
|
||||||
|
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
|
||||||
|
- 2015-04-23 (in Finnish)
|
||||||
|
https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html
|
||||||
|
/ https://archive.is/iYrsl
|
||||||
- UK - GCHQ
|
- UK - GCHQ
|
||||||
- Cooperating with Sweden
|
- Cooperating with Sweden
|
||||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
|
- 2015-04-23
|
||||||
|
https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
|
||||||
- USA - NSA
|
- USA - NSA
|
||||||
- Cooperating with Sweden
|
- Cooperating with Sweden
|
||||||
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
|
- 2015-04-23
|
||||||
|
https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
|
||||||
- Many others? :(
|
- Many others? :(
|
||||||
|
@ -8,35 +8,36 @@ redirect_from: /english/2015/05/10/znc-ubuntu.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Many people seem to be installing ZNC using some weird instructions and
|
_Many people seem to be installing ZNC using some weird instructions and don't
|
||||||
don't ever upgrade after that. This is yet another unofficial install
|
ever upgrade after that. This is yet another unofficial install guide, but with
|
||||||
guide, but with this you should be able to upgrade too._
|
this you should be able to upgrade too._
|
||||||
|
|
||||||
**This is not the official install guide, if you are looking for that,
|
**This is not the official install guide, if you are looking for that,
|
||||||
[click here.](https://wiki.znc.in/Installation)** _You will find these
|
[click here.](https://wiki.znc.in/Installation)** _You will find these same
|
||||||
same instructions there too though._
|
instructions there too though._
|
||||||
|
|
||||||
Step 0: If you had already installed ZNC from source, go to the source
|
Step 0: If you had already installed ZNC from source, go to the source directory
|
||||||
directory and run `make uninstall` or `sudo make uninstall` if needed.
|
and run `make uninstall` or `sudo make uninstall` if needed.
|
||||||
|
|
||||||
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes
|
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes the
|
||||||
the latest version of ZNC for [supported Ubuntu releases](https://wiki.ubuntu.com/Releases)
|
latest version of ZNC for
|
||||||
and this guide uses it.
|
[supported Ubuntu releases](https://wiki.ubuntu.com/Releases) and this guide
|
||||||
|
uses it.
|
||||||
|
|
||||||
1. Install required package for adding PPAs: `sudo apt-get install python-software-properties`
|
1. Install required package for adding PPAs:
|
||||||
|
`sudo apt-get install python-software-properties`
|
||||||
2. Add the PPA `sudo add-apt-repository ppa:teward/znc`
|
2. Add the PPA `sudo add-apt-repository ppa:teward/znc`
|
||||||
3. Refresh list of packages in the repos `sudo apt-get update`
|
3. Refresh list of packages in the repos `sudo apt-get update`
|
||||||
4. If you had installed ZNC from Ubuntu repositories, now you could run
|
4. If you had installed ZNC from Ubuntu repositories, now you could run
|
||||||
`sudo apt-get upgrade`, otherwise finally install ZNC with
|
`sudo apt-get upgrade`, otherwise finally install ZNC with
|
||||||
`sudo apt-get install znc`.
|
`sudo apt-get install znc`.
|
||||||
|
|
||||||
ZNC is now installed. If you had it running before installing from PPA,
|
ZNC is now installed. If you had it running before installing from PPA, you
|
||||||
you should restart it especially if it was different version than what the
|
should restart it especially if it was different version than what the PPA has.
|
||||||
PPA has.
|
|
||||||
|
|
||||||
Now you can either (new ZNC user) run `znc --makeconf` to create config
|
Now you can either (new ZNC user) run `znc --makeconf` to create config file and
|
||||||
file and then (existing ZNC user) run `znc` and your ZNC starts listening
|
then (existing ZNC user) run `znc` and your ZNC starts listening on where you
|
||||||
on where you told it to listen.
|
told it to listen.
|
||||||
|
|
||||||
You might also want to read:
|
You might also want to read:
|
||||||
|
|
||||||
|
@ -9,34 +9,33 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Yet another note-to-self post, but these links are confusing, how do you
|
_Yet another note-to-self post, but these links are confusing, how do you make
|
||||||
make proper irc:// or ircs:// link?_
|
proper irc:// or ircs:// link?_
|
||||||
|
|
||||||
I started wondering about the proper way to make irc/ircs links today and
|
I started wondering about the proper way to make irc/ircs links today and based
|
||||||
based on the following addresses
|
on the following addresses
|
||||||
|
|
||||||
- https://www.iana.org/assignments/uri-schemes/prov/ircs
|
- https://www.iana.org/assignments/uri-schemes/prov/ircs
|
||||||
- https://tools.ietf.org/html/draft-butcher-irc-url-04
|
- https://tools.ietf.org/html/draft-butcher-irc-url-04
|
||||||
|
|
||||||
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of
|
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of what
|
||||||
what was said above :frown: and the proper way how you make links without
|
was said above :frown: and the proper way how you make links without getting
|
||||||
getting eaten by HTML5 validator is
|
eaten by HTML5 validator is
|
||||||
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address
|
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address would
|
||||||
would become
|
become `ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
|
||||||
`ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
|
|
||||||
See [Percent-encoding at Wikipedia]. Thanks Mardeg at irc.mozilla.org.
|
See [Percent-encoding at Wikipedia]. Thanks Mardeg at irc.mozilla.org.
|
||||||
|
|
||||||
[percent-encoding at wikipedia]: https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
|
[percent-encoding at wikipedia]:
|
||||||
|
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
|
||||||
|
|
||||||
- specifies that the link uses SSL with the _s_ (for plain text just remove
|
- specifies that the link uses SSL with the _s_ (for plain text just remove it)
|
||||||
it)
|
|
||||||
- specifies the port so client doesn't have to guess it
|
- specifies the port so client doesn't have to guess it
|
||||||
- clearly specifies the channels without leaving prefixes for the client
|
- clearly specifies the channels without leaving prefixes for the client to
|
||||||
to guess
|
guess
|
||||||
|
|
||||||
The previously linked pages also contain other forms, but this seems the
|
The previously linked pages also contain other forms, but this seems the best to
|
||||||
best to me and I am against using channel keys as there are better ways
|
me and I am against using channel keys as there are better ways to keep channel
|
||||||
to keep channel private (such as restricted or +i and +I to authorized
|
private (such as restricted or +i and +I to authorized people) and server
|
||||||
people) and server passwords aren't used anywhere where I would encounter
|
passwords aren't used anywhere where I would encounter them, other than
|
||||||
them, other than forwarding the password to NickServ, but that is depracted
|
forwarding the password to NickServ, but that is depracted by
|
||||||
by [SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).
|
[SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).
|
||||||
|
@ -8,42 +8,41 @@ redirect_from: /english/2015/05/18/life-bot-background.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_More on my life and a little background on bots; also trigger warning
|
_More on my life and a little background on bots; also trigger warning about
|
||||||
about probably everything..._
|
probably everything..._
|
||||||
|
|
||||||
Start with the [previous post on the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
|
Start with the [previous post on
|
||||||
|
the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
|
||||||
|
|
||||||
_Update:
|
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
||||||
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
|
|
||||||
|
|
||||||
So I have been away from school for months now and the fact that I won't
|
So I have been away from school for months now and the fact that I won't
|
||||||
graduate seems very sure. I haven't left home unless I have had too either
|
graduate seems very sure. I haven't left home unless I have had too either and
|
||||||
and after today I might leave home even then.
|
after today I might leave home even then.
|
||||||
|
|
||||||
I don't remember last week so well, so probably nothing happened, I was
|
I don't remember last week so well, so probably nothing happened, I was away
|
||||||
away from home for two events at Helsinki which is tiring as the bus
|
from home for two events at Helsinki which is tiring as the bus trip from
|
||||||
trip from Kotka-Helsinki is two hours, rest of the week I was at home
|
Kotka-Helsinki is two hours, rest of the week I was at home with the exception
|
||||||
with the exception of visiting cottage and replacing elorn (Banana Pi which
|
of visiting cottage and replacing elorn (Banana Pi which didn't like upgrade
|
||||||
didn't like upgrade from Bananian Wheezy to Bananian Jessie) with rbtpzn
|
from Bananian Wheezy to Bananian Jessie) with rbtpzn (a little better system,
|
||||||
(a little better system, Raspberry Pi B+ running Arch Linux ARM), I don't
|
Raspberry Pi B+ running Arch Linux ARM), I don't remember what else happened.
|
||||||
remember what else happened.
|
|
||||||
|
|
||||||
I have also been anxious too much for being healthy and I have talked about
|
I have also been anxious too much for being healthy and I have talked about
|
||||||
suicide probably daily. Last night Doctor [Google] also suggested
|
suicide probably daily. Last night Doctor [Google] also suggested [Avoidant
|
||||||
[Avoidant personality disorder] and I am waiting for seeing "mental
|
personality disorder] and I am waiting for seeing "mental health professional"
|
||||||
health professional" again and asking if that is possible.
|
again and asking if that is possible.
|
||||||
|
|
||||||
[google]: https://encrypted.google.com/
|
[google]: https://encrypted.google.com/
|
||||||
[avoidant personality disorder]: https://en.wikipedia.org/wiki/Avoidant_personality_disorder
|
[avoidant personality disorder]:
|
||||||
|
https://en.wikipedia.org/wiki/Avoidant_personality_disorder
|
||||||
|
|
||||||
And back to today, I had possibly my worst bus trip between Kotka and
|
And back to today, I had possibly my worst bus trip between Kotka and Helsinki.
|
||||||
Helsinki. First there was bully from previous school and even if they
|
First there was bully from previous school and even if they didn't do anything,
|
||||||
didn't do anything, just seeing is enough to trigger heavy anxiety to me.
|
just seeing is enough to trigger heavy anxiety to me. <br/>Then there were two
|
||||||
<br/>Then there were two people sitting in front of me at the bus, small
|
people sitting in front of me at the bus, small child and one adult. The child
|
||||||
child and one adult. The child kept making loud noice for most of the trip
|
kept making loud noice for most of the trip and at some point dropped whatever
|
||||||
and at some point dropped whatever the thing is on bus seats behind your
|
the thing is on bus seats behind your head to me and only stared.<br/> I was too
|
||||||
head to me and only stared.<br/>
|
anxious even without them, so I didn't tell the adult anything and there
|
||||||
I was too anxious even without them, so I didn't tell the adult anything
|
wouldn't have been any use in that as they didn't care about their behaviour
|
||||||
and there wouldn't have been any use in that as they didn't care about
|
anyway and it would have been my fault anyway for sitting there or annoying them
|
||||||
their behaviour anyway and it would have been my fault anyway for sitting
|
just for existing.
|
||||||
there or annoying them just for existing.
|
|
||||||
|
@ -9,25 +9,23 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
As my blog is so full of suicidality and depression and how I won't
|
As my blog is so full of suicidality and depression and how I won't graduate, I
|
||||||
graduate, I probably must inform here that I have graduated according to
|
probably must inform here that I have graduated according to YLE News.
|
||||||
YLE News.
|
|
||||||
|
|
||||||
- [web.archive.org: Etelä-Kymenlaakson ammattiopisto 2015-05-29](https://web.archive.org/web/20150602001658/http://yle.fi/uutiset/etela-kymenlaakson_ammattiopisto/8023952)
|
- [web.archive.org: Etelä-Kymenlaakson ammattiopisto 2015-05-29](https://web.archive.org/web/20150602001658/http://yle.fi/uutiset/etela-kymenlaakson_ammattiopisto/8023952)
|
||||||
- YLE had apparently changed their URL breaking the old link and when
|
- YLE had apparently changed their URL breaking the old link and when I was
|
||||||
I was informed of this, I tried to search the current live version,
|
informed of this, I tried to search the current live version, but was only
|
||||||
but was only able to find it from Waybackmachine.
|
able to find it from Waybackmachine.
|
||||||
- [Google Translated link](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fweb.archive.org%2Fweb%2F20150602001658%2Fhttp%3A%2F%2Fyle.fi%2Fuutiset%2Fetela-kymenlaakson_ammattiopisto%2F8023952&edit-text=)
|
- [Google Translated link](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fweb.archive.org%2Fweb%2F20150602001658%2Fhttp%3A%2F%2Fyle.fi%2Fuutiset%2Fetela-kymenlaakson_ammattiopisto%2F8023952&edit-text=)
|
||||||
- Note that Google Translate changes my name to "Finnish Mikaela" as
|
- Note that Google Translate changes my name to "Finnish Mikaela" as
|
||||||
Suomalainen means a Finn or Finnish or similar.
|
Suomalainen means a Finn or Finnish or similar.
|
||||||
|
|
||||||
What happens next? Nothing until I am legally recognized as a woman which
|
What happens next? Nothing until I am legally recognized as a woman which
|
||||||
currently seems to happen in winter at soonest. As I have told everyone,
|
currently seems to happen in winter at soonest. As I have told everyone, I won't
|
||||||
I won't be applying anywhere with my current person identification number
|
be applying anywhere with my current person identification number as all
|
||||||
as all databases mark me as a man and I don't want to have weird situations
|
databases mark me as a man and I don't want to have weird situations like I
|
||||||
like I currently have e.g. student information system separates by gender
|
currently have e.g. student information system separates by gender and puts
|
||||||
and puts Mikaela Suomalainen in the middle of men which raises questions…
|
Mikaela Suomalainen in the middle of men which raises questions…
|
||||||
|
|
||||||
What is said in previous posts still applies, I am not moving outdoors
|
What is said in previous posts still applies, I am not moving outdoors unless I
|
||||||
unless I have to which means visit to Helsinki where I am able to move more
|
have to which means visit to Helsinki where I am able to move more freely.
|
||||||
freely.
|
|
||||||
|
@ -11,43 +11,41 @@ redirect_from:
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Everyone knows the `/ignore` command, but there is also `/filter` which
|
_Everyone knows the `/ignore` command, but there is also `/filter` which I feel
|
||||||
I feel is superiour._
|
is superiour._
|
||||||
|
|
||||||
First, how do they differ?
|
First, how do they differ?
|
||||||
|
|
||||||
- Ignore removes all lines from the person you are ignoring permanently and
|
- Ignore removes all lines from the person you are ignoring permanently and they
|
||||||
they aren't logged or anything.
|
aren't logged or anything.
|
||||||
- Filter only hides the messages from the person and is very customizable,
|
- Filter only hides the messages from the person and is very customizable, but I
|
||||||
but I am only describing my ignoring here. They are still logged and
|
am only describing my ignoring here. They are still logged and by toggling
|
||||||
by toggling filters they become visible.
|
filters they become visible.
|
||||||
|
|
||||||
And how do you use it?
|
And how do you use it?
|
||||||
|
|
||||||
- `/filter add FILTERNAME * nick_*NICKHERE* *`
|
- `/filter add FILTERNAME * nick_*NICKHERE* *`
|
||||||
- FILTERNAME is the name how you recognize the filter, I usually put
|
- FILTERNAME is the name how you recognize the filter, I usually put the nick
|
||||||
the nick there.
|
there.
|
||||||
- The first `*` is buffer where the filter is used in and means simply
|
- The first `*` is buffer where the filter is used in and means simply "all
|
||||||
"all buffers".
|
buffers".
|
||||||
- `nick_*NICKHERE*` means that you want to filter lines from
|
- `nick_*NICKHERE*` means that you want to filter lines from `*NICKHERE*`, the
|
||||||
`*NICKHERE*`, the asterisks are important as it makes sure that the
|
asterisks are important as it makes sure that the user doesn't change their
|
||||||
user doesn't change their nick to `NICKHERE_` who again wouldn't be
|
nick to `NICKHERE_` who again wouldn't be filtered.
|
||||||
filtered.
|
- And the last `*`, what do you want to filter from that nick? Everything.
|
||||||
- And the last `*`, what do you want to filter from that nick?
|
|
||||||
Everything.
|
|
||||||
|
|
||||||
But doesn't this defeat the whole point of ignoring? That depends on you
|
But doesn't this defeat the whole point of ignoring? That depends on you and do
|
||||||
and do you think you will ever need the ignored content.
|
you think you will ever need the ignored content.
|
||||||
|
|
||||||
One good example where you might want to have the content is when you are
|
One good example where you might want to have the content is when you are
|
||||||
channel op and someone on your ignore list joins the channel and someone
|
channel op and someone on your ignore list joins the channel and someone else
|
||||||
else alerts ops.
|
alerts ops.
|
||||||
|
|
||||||
With ignore you see nothing, with filter you just toggle your filters and
|
With ignore you see nothing, with filter you just toggle your filters and see
|
||||||
see that someone who you had filtered joined on the channel and did
|
that someone who you had filtered joined on the channel and did something
|
||||||
something against the channel rules and you can easily take action.
|
against the channel rules and you can easily take action.
|
||||||
|
|
||||||
Further reading, check `/help filter`, you will enjoy at least
|
Further reading, check `/help filter`, you will enjoy at least the smart filter,
|
||||||
the smart filter, `/filter add irc_smart * irc_smart_filter *` (hides
|
`/filter add irc_smart * irc_smart_filter *` (hides joins/quits/parts/etc.
|
||||||
joins/quits/parts/etc. unless the person has talked in X minutes configured
|
unless the person has talked in X minutes configured in
|
||||||
in `/help irc.look.smart_filter_delay`).
|
`/help irc.look.smart_filter_delay`).
|
||||||
|
@ -9,20 +9,18 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_As I have written more about umodes than I thought, I am breaking the
|
_As I have written more about umodes than I thought, I am breaking the posts
|
||||||
posts setting/unsetting is documented here and I will link here from other
|
setting/unsetting is documented here and I will link here from other posts._
|
||||||
posts._
|
|
||||||
|
|
||||||
Simply use `/umode +mo-des` or if that is unknown command (as it's alias
|
Simply use `/umode +mo-des` or if that is unknown command (as it's alias in most
|
||||||
in most of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo"
|
of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo" and unset
|
||||||
and unset "des". _These might not be real umodes and they are here just as
|
"des". _These might not be real umodes and they are here just as an example._
|
||||||
an example._
|
|
||||||
|
|
||||||
## Automatic umodes
|
## Automatic umodes
|
||||||
|
|
||||||
Umodes aren't remembered across connections so you must configure your
|
Umodes aren't remembered across connections so you must configure your client to
|
||||||
client to (un)set them automatically. **Your umodes won't be change this
|
(un)set them automatically. **Your umodes won't be change this way until you
|
||||||
way until you reconnect!**
|
reconnect!**
|
||||||
|
|
||||||
_These examples use the umodes that I am using at the time of writing._
|
_These examples use the umodes that I am using at the time of writing._
|
||||||
|
|
||||||
@ -31,36 +29,37 @@ _These examples use the umodes that I am using at the time of writing._
|
|||||||
- WeeChat
|
- WeeChat
|
||||||
- Old way: `/set irc.server_default.command /mode $nick -iI+wRQxg`
|
- Old way: `/set irc.server_default.command /mode $nick -iI+wRQxg`
|
||||||
- Modern way (1.7+): `/set irc.server_default.usermode -iI+wRQxg`
|
- Modern way (1.7+): `/set irc.server_default.usermode -iI+wRQxg`
|
||||||
- _For setting umodes only for one network instead of them all
|
- _For setting umodes only for one network instead of them all replace
|
||||||
replace server_default with server.name, e.g._
|
server_default with server.name, e.g._
|
||||||
- `/set irc.server.liberachat.usermode -iI+wRQxg`
|
- `/set irc.server.liberachat.usermode -iI+wRQxg`
|
||||||
- ZNC:
|
- ZNC:
|
||||||
- Traditional way: `/msg *status loadmod perform` and
|
- Traditional way: `/msg *status loadmod perform` and
|
||||||
`/msg *perform add mode %nick% -iI+wRQxg`
|
`/msg *perform add mode %nick% -iI+wRQxg`
|
||||||
- The same can also be done in webadmin and if you load perform for
|
- The same can also be done in webadmin and if you load perform for user
|
||||||
user level, adding the command `mode %nick% -iI+wRQxg` will set
|
level, adding the command `mode %nick% -iI+wRQxg` will set umode -iI+wrqXG
|
||||||
umode -iI+wrqXG on all networks.
|
on all networks.
|
||||||
- The modes will apply to all networks if you load it on user
|
- The modes will apply to all networks if you load it on user level or only
|
||||||
level or only the invidual network on network level.
|
the invidual network on network level.
|
||||||
- Modern way: [ZNC issue #1221](https://github.com/znc/znc/issues/1221)
|
- Modern way: [ZNC issue #1221](https://github.com/znc/znc/issues/1221)
|
||||||
|
|
||||||
### And what these umodes mean
|
### And what these umodes mean
|
||||||
|
|
||||||
This list is what I want the umodes to mean when I set them automatically.
|
This list is what I want the umodes to mean when I set them automatically. For
|
||||||
For what the actual umodes are on your network, try `/quote help umode` or
|
what the actual umodes are on your network, try `/quote help umode` or
|
||||||
`/quote help umodes`.
|
`/quote help umodes`.
|
||||||
|
|
||||||
- i — invisible, hides your channel list from whois with ircd-seven and
|
- i — invisible, hides your channel list from whois with ircd-seven and possibly
|
||||||
possibly some other ircds. Also hides you from /who of people who don't
|
some other ircds. Also hides you from /who of people who don't share channels
|
||||||
share channels with you. [See also why I unset it here.]({% post_url blog/2015-03-26-umode--i %})
|
with you. [See also why I unset
|
||||||
- I — On InspIRCd with [hidechans] module hides your channel list from
|
it here.]({% post_url blog/2015-03-26-umode--i %})
|
||||||
whois.
|
- I — On InspIRCd with [hidechans] module hides your channel list from whois.
|
||||||
- w — receive wallops, less-important announcements from network operators
|
- w — receive wallops, less-important announcements from network operators that
|
||||||
that are only received by those who are curious and have umode +w. More
|
are only received by those who are curious and have umode +w. More important
|
||||||
important announcements are usually global notices.
|
announcements are usually global notices.
|
||||||
- R — block PMs from unidentified users (who tend to be spambots and if
|
- R — block PMs from unidentified users (who tend to be spambots and if they
|
||||||
they aren't, they can identify to services).
|
aren't, they can identify to services).
|
||||||
- Q — block channel redirects on Charybdis (mode +f or banforward).
|
- Q — block channel redirects on Charybdis (mode +f or banforward).
|
||||||
- x — activates IRCd based uncloaking even if it's [not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
|
- x — activates IRCd based uncloaking even if it's
|
||||||
|
[not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
|
||||||
- g — caller-id, people must be `/accepted` or PMed before they can PM you.
|
- g — caller-id, people must be `/accepted` or PMed before they can PM you.
|
||||||
- t — only users using SSL can PM.
|
- t — only users using SSL can PM.
|
||||||
|
@ -9,27 +9,27 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_People often wonder about this and I thought that I could probably write
|
_People often wonder about this and I thought that I could probably write about
|
||||||
about this, how do you make IRC channel secret/private, either hiding it
|
this, how do you make IRC channel secret/private, either hiding it from other
|
||||||
from other people or not letting others in._
|
people or not letting others in._
|
||||||
|
|
||||||
_Modes spbiI are standard and should be the same on all IRCds. I am also
|
_Modes spbiI are standard and should be the same on all IRCds. I am also
|
||||||
assuming that your network uses Atheme IRC Services or fork of it._
|
assuming that your network uses Atheme IRC Services or fork of it._
|
||||||
|
|
||||||
To make channel secret, there are two useful modes. You might also want to
|
To make channel secret, there are two useful modes. You might also want to mlock
|
||||||
mlock them with `/msg chanserv help set mlock`.
|
them with `/msg chanserv help set mlock`.
|
||||||
|
|
||||||
- +s — hides the channel from all channel lists (for non-opers)
|
- +s — hides the channel from all channel lists (for non-opers) -i). Keep in
|
||||||
-i). Keep in mind that you always see channels that you are on or share
|
mind that you always see channels that you are on or share with other people
|
||||||
with other people in whois. +p also prevents `/knock` (which is command
|
in whois. +p also prevents `/knock` (which is command to request invite to the
|
||||||
to request invite to the channel) on some IRCds.
|
channel) on some IRCds.
|
||||||
|
|
||||||
Other nice modes that you may be interested in are:
|
Other nice modes that you may be interested in are:
|
||||||
|
|
||||||
- +b — (ban) depnding on does your network support extbans, try
|
- +b — (ban) depnding on does your network support extbans, try
|
||||||
`/quote help extban`.
|
`/quote help extban`.
|
||||||
- +r — on Charybdis prevents unidentified users from joining the channel,
|
- +r — on Charybdis prevents unidentified users from joining the channel, you
|
||||||
you will want this with RESTRICTED.
|
will want this with RESTRICTED.
|
||||||
- InspIRCd uses +R
|
- InspIRCd uses +R
|
||||||
- - S — on Charybdis prevents users not using SSL/TLS from joining.
|
- - S — on Charybdis prevents users not using SSL/TLS from joining.
|
||||||
- InspIRCd uses +z
|
- InspIRCd uses +z
|
||||||
@ -37,43 +37,43 @@ Other nice modes that you may be interested in are:
|
|||||||
And to make channel private, there are two ways, mode +i/+I and ChanServ
|
And to make channel private, there are two ways, mode +i/+I and ChanServ
|
||||||
RESTRICTED (auto-kban unauthorized users).
|
RESTRICTED (auto-kban unauthorized users).
|
||||||
|
|
||||||
With RESTRICTED you will want to prevent unidentified users from joining
|
With RESTRICTED you will want to prevent unidentified users from joining or you
|
||||||
or you will get people attempting to join while unidentified and then
|
will get people attempting to join while unidentified and then banned
|
||||||
banned immediately and unable to join after identifying.
|
immediately and unable to join after identifying.
|
||||||
|
|
||||||
To use it,
|
To use it,
|
||||||
|
|
||||||
1. Give people who are supposed to be on the channel flags, I use +ViA
|
1. Give people who are supposed to be on the channel flags, I use +ViA which
|
||||||
which means auto-**Voice**, **i**nvite oneself and can see **A**ccess
|
means auto-**Voice**, **i**nvite oneself and can see **A**ccess lists, you
|
||||||
lists, you don't have to use these, but these are probably the most
|
don't have to use these, but these are probably the most safe flags and the
|
||||||
safe flags and the users must have at least one account to not be
|
users must have at least one account to not be kbanned.
|
||||||
kbanned. `/msg ChanServ flags #channel account +ViA`
|
`/msg ChanServ flags #channel account +ViA`
|
||||||
2. `/msg ChanServ set #channel restricted on`
|
2. `/msg ChanServ set #channel restricted on`
|
||||||
3. You are ready, but you might also want to
|
3. You are ready, but you might also want to
|
||||||
`/msg ChanServ set #channel private on`, so people cannot use
|
`/msg ChanServ set #channel private on`, so people cannot use
|
||||||
`/msg chanserv access #channel list` to see who are the secret people
|
`/msg chanserv access #channel list` to see who are the secret people you let
|
||||||
you let in (and who aren't on the channel between auto-kban).
|
in (and who aren't on the channel between auto-kban).
|
||||||
|
|
||||||
And last, mode +i and +I which are the oldest way to do this, but also the
|
And last, mode +i and +I which are the oldest way to do this, but also the most
|
||||||
most difficult.
|
difficult.
|
||||||
|
|
||||||
First you set the mode +i and now everyone must be `/invite`d to the
|
First you set the mode +i and now everyone must be `/invite`d to the channel or
|
||||||
channel or they cannot join. Then you set +I like you would set a ban
|
they cannot join. Then you set +I like you would set a ban (read the `/quote
|
||||||
(read the `/quote help extban), here I assume you use Charybdis.
|
help extban), here I assume you use Charybdis.
|
||||||
|
|
||||||
To allow user with account `friend` you would `/mode +I $a:friend` and
|
To allow user with account `friend` you would `/mode +I $a:friend` and they are
|
||||||
they are able to join freely without needing to be `/invite`d every time.
|
able to join freely without needing to be `/invite`d every time.
|
||||||
|
|
||||||
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful
|
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful as
|
||||||
as they allow everyone to use the `/invite` command.
|
they allow everyone to use the `/invite` command.
|
||||||
|
|
||||||
I said that +iI is difficult and I must probably explain why it's so.
|
I said that +iI is difficult and I must probably explain why it's so.
|
||||||
|
|
||||||
- It doesn't use services and the lists get emptied always when the channel
|
- It doesn't use services and the lists get emptied always when the channel gets
|
||||||
gets empty.
|
empty.
|
||||||
- It's tied to whatever you give it, if you give it hostmask and that
|
- It's tied to whatever you give it, if you give it hostmask and that changes,
|
||||||
changes, the person cannot get in anymore. Also if you gave it extban
|
the person cannot get in anymore. Also if you gave it extban matching to
|
||||||
matching to accountname and the person changes accountname, they are
|
accountname and the person changes accountname, they are again unable to join
|
||||||
again unable to join until the +I is updated.
|
until the +I is updated.
|
||||||
- _These were the reasons that came to mind at first, if you have others,
|
- _These were the reasons that came to mind at first, if you have others, feel
|
||||||
feel free to suggest them._
|
free to suggest them._
|
||||||
|
@ -10,28 +10,26 @@ redirect_from:
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_This post describes my UFW config and is here so I find it from somewhere
|
_This post describes my UFW config and is here so I find it from somewhere and
|
||||||
and with hope that I am told if someone notices something terriby insecure
|
with hope that I am told if someone notices something terriby insecure here and
|
||||||
here and is able to offer suggestions. This probably will never be
|
is able to offer suggestions. This probably will never be perfect._
|
||||||
perfect._
|
|
||||||
|
|
||||||
Having firewall is important as you aren't always in your trusted home
|
Having firewall is important as you aren't always in your trusted home network
|
||||||
network (that can also be broken into especially if you have WLAN) and
|
(that can also be broken into especially if you have WLAN) and with IPv6 your
|
||||||
with IPv6 your devices have public IPv6 addresses. Theoretically your
|
devices have public IPv6 addresses. Theoretically your router should include a
|
||||||
router should include a firewall, but at least the Huawei mobile broadband
|
firewall, but at least the Huawei mobile broadband routers or MiFis don't
|
||||||
routers or MiFis don't include one (and I might be annoyed by it enough
|
include one (and I might be annoyed by it enough to disable it anyway and
|
||||||
to disable it anyway and configure everything on host level if it was
|
configure everything on host level if it was my network).
|
||||||
my network).
|
|
||||||
|
|
||||||
_Threat model: service I am not aware of or that I accidentally make
|
_Threat model: service I am not aware of or that I accidentally make listen
|
||||||
listen wider than intended, with UFW I am aware of what ports are
|
wider than intended, with UFW I am aware of what ports are allowed. I assume any
|
||||||
allowed. I assume any mobile host is going to move randomly and while
|
mobile host is going to move randomly and while some whitelists (especially
|
||||||
some whitelists (especially link-local and IPv4 LANs) will overlap and
|
link-local and IPv4 LANs) will overlap and possibly allow access, it's still
|
||||||
possibly allow access, it's still better than being open to the internet
|
better than being open to the internet and overlay networks that I have
|
||||||
and overlay networks that I have interacted with recently._
|
interacted with recently._
|
||||||
|
|
||||||
This post first has list of commands, then explanations that won't be
|
This post first has list of commands, then explanations that won't be repeated
|
||||||
repeated with IPvX ranges.
|
with IPvX ranges.
|
||||||
|
|
||||||
Fedora/firewalld? [n/firewalld](/n/firewalld)
|
Fedora/firewalld? [n/firewalld](/n/firewalld)
|
||||||
|
|
||||||
@ -55,19 +53,20 @@ ufw allow 60000:61000/udp
|
|||||||
```
|
```
|
||||||
|
|
||||||
- 22 TCP/ssh — Allow acces to SSHd you don't want to lock yourself out.
|
- 22 TCP/ssh — Allow acces to SSHd you don't want to lock yourself out.
|
||||||
- previously I used `ufw limit` but it seems to be too oversensitive,
|
- previously I used `ufw limit` but it seems to be too oversensitive, just use
|
||||||
just use SSHGuard.
|
SSHGuard.
|
||||||
- Deny incoming connections unless the port has been whitelisted.
|
- Deny incoming connections unless the port has been whitelisted.
|
||||||
- Allow all outgoing connections, keeping list of authorized ports would
|
- Allow all outgoing connections, keeping list of authorized ports would be too
|
||||||
be too much for me.
|
much for me.
|
||||||
- Start ufw on boot and now (I am not sure if this step is required, but
|
- Start ufw on boot and now (I am not sure if this step is required, but better
|
||||||
better safe than sorry).
|
safe than sorry).
|
||||||
- Put the firewall in force.
|
- Put the firewall in force.
|
||||||
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113. This makes ident checking IRC servers connect faster as they don't
|
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113.
|
||||||
have to timeout. If you run shell server (for IRC purpouses) you should
|
This makes ident checking IRC servers connect faster as they don't have to
|
||||||
allow this instead. And if you don't use IRC or don't care about having
|
timeout. If you run shell server (for IRC purpouses) you should allow this
|
||||||
to wait for the check to timeout, don't do this as you may leave
|
instead. And if you don't use IRC or don't care about having to wait for the
|
||||||
yourself visible to random port scanners.
|
check to timeout, don't do this as you may leave yourself visible to random
|
||||||
|
port scanners.
|
||||||
- 123 UDP/NTP - syncing time between local hosts
|
- 123 UDP/NTP - syncing time between local hosts
|
||||||
- 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx
|
- 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx
|
||||||
- fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled,
|
- fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled,
|
||||||
@ -75,18 +74,19 @@ ufw allow 60000:61000/udp
|
|||||||
- 5353 UDP/mdns/Avahi — used for `.local` addresses.
|
- 5353 UDP/mdns/Avahi — used for `.local` addresses.
|
||||||
- 5900 — VNC port at least for `krfb kdrc` (KDE Remote Desktop server & client).
|
- 5900 — VNC port at least for `krfb kdrc` (KDE Remote Desktop server & client).
|
||||||
I tend to only allow it from specific Yggdrasil address(es).
|
I tend to only allow it from specific Yggdrasil address(es).
|
||||||
- 6771/udp — [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
- 6771/udp —
|
||||||
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic
|
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||||
peering port only on link-local.
|
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic peering
|
||||||
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this
|
port only on link-local.
|
||||||
setup and there should be something bettter instead of this. As
|
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this setup and
|
||||||
something evil could run and listen on these ports.
|
there should be something bettter instead of this. As something evil could run
|
||||||
|
and listen on these ports.
|
||||||
|
|
||||||
_If some host doesn't run some of the mentioned service, it's not open in
|
_If some host doesn't run some of the mentioned service, it's not open in the
|
||||||
the firewall._
|
firewall._
|
||||||
|
|
||||||
KDE Connect which seems painful enough to list separately and doesn't seem
|
KDE Connect which seems painful enough to list separately and doesn't seem to
|
||||||
to work IPv6-only or I am too impatient.
|
work IPv6-only or I am too impatient.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
#ufw allow from 192.168.8.0/24 to any port 1714:1764 proto tcp
|
#ufw allow from 192.168.8.0/24 to any port 1714:1764 proto tcp
|
||||||
@ -104,11 +104,13 @@ ufw route allow in on enp3s0 out on wlp2s0
|
|||||||
ufw route allow in on wlp2s0 out on enp3s0
|
ufw route allow in on wlp2s0 out on enp3s0
|
||||||
```
|
```
|
||||||
|
|
||||||
I am not sure if both rules are required, enp3s0 is the ethernet interface
|
I am not sure if both rules are required, enp3s0 is the ethernet interface and
|
||||||
and wlp2s0 the wireless one. I think it would make sense for only the first
|
wlp2s0 the wireless one. I think it would make sense for only the first to be
|
||||||
to be required.
|
required.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Last updated: 2020-10-26 | [GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md) |
|
Last updated: 2020-10-26 |
|
||||||
|
[GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md)
|
||||||
|
|
|
||||||
[Blesmrt Gitea changelog](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/_posts/2015-06-12-ufw.md)
|
[Blesmrt Gitea changelog](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/_posts/2015-06-12-ufw.md)
|
||||||
|
@ -9,88 +9,82 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_If you wanted to know about my current life situation, read something else
|
_If you wanted to know about my current life situation, read something else as I
|
||||||
as I have no life and this posts talks only about the haunting past._
|
have no life and this posts talks only about the haunting past._
|
||||||
|
|
||||||
Everyone probably knows that I haven't had very positive experience with
|
Everyone probably knows that I haven't had very positive experience with any
|
||||||
any school, but now I try to bring some events to light from maybe
|
school, but now I try to bring some events to light from maybe seven years ago.
|
||||||
seven years ago.
|
|
||||||
|
|
||||||
There are three event that haunt me the most:
|
There are three event that haunt me the most:
|
||||||
|
|
||||||
- _I am just being at break like I am always, alone and without friends
|
- _I am just being at break like I am always, alone and without friends and I
|
||||||
and I hear one of the bullies talking about me, "that jack pisses me off
|
hear one of the bullies talking about me, "that jack pisses me off so much,
|
||||||
so much, always walking around in kuoma boots and his face is like ass
|
always walking around in kuoma boots and his face is like ass of prey bird."
|
||||||
of prey bird." After that I remember being in physics or chemitry lesson
|
After that I remember being in physics or chemitry lesson and crying and
|
||||||
and crying and trying to get attention of teacher by writing everything
|
trying to get attention of teacher by writing everything very slowly, but
|
||||||
very slowly, but failing and the only thing that happened was my
|
failing and the only thing that happened was my handwriting looking better._
|
||||||
handwriting looking better._
|
- _I don't remember the situation, I think it was a break, but someone from the
|
||||||
- _I don't remember the situation, I think it was a break, but someone from
|
same class said "I know why … is so weird, his grandfathers have had sex with
|
||||||
the same class said "I know why … is so weird, his grandfathers have had
|
monkeys._
|
||||||
sex with monkeys._
|
- _I don't remember where it began, but one group of bullies took the habit of
|
||||||
- _I don't remember where it began, but one group of bullies took the habit
|
calling me as "ubitch". I don't know where they took that word as even I
|
||||||
of calling me as "ubitch". I don't know where they took that word as
|
didn't know about being trans (Asperger's diagnose would also come later), but
|
||||||
even I didn't know about being trans (Asperger's diagnose would also
|
they had issue when I smiled, so I learned to not smile and that is still
|
||||||
come later), but they had issue when I smiled, so I learned to not smile
|
causing me issues to this day includin difficulties in voice training and
|
||||||
and that is still causing me issues to this day includin difficulties in
|
potential
|
||||||
voice training and potential [AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder).
|
[AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder). The
|
||||||
The same group also did worse things that I don't want to talk about._
|
same group also did worse things that I don't want to talk about._
|
||||||
|
|
||||||
What was done? Different appointments with different people, including
|
What was done? Different appointments with different people, including school
|
||||||
school social worker who quite directly said "there is no bullying in our
|
social worker who quite directly said "there is no bullying in our school, you
|
||||||
school, you are scizhophrenic" (don't mind that school social workers
|
are scizhophrenic" (don't mind that school social workers aren't able to write
|
||||||
aren't able to write dignosis) and psychologist who surprised me and my
|
dignosis) and psychologist who surprised me and my mother by knowing everything
|
||||||
mother by knowing everything about my childhood and "just had to start from
|
about my childhood and "just had to start from something (Asperger's syndrome).
|
||||||
something (Asperger's syndrome).
|
|
||||||
|
|
||||||
I ended up ending that school half year before it would have been over and
|
I ended up ending that school half year before it would have been over and at
|
||||||
at some point starting my long visits to psychiatrical hospital (which is
|
some point starting my long visits to psychiatrical hospital (which is horrible
|
||||||
horrible if you happen to be neuroatypial and part of
|
if you happen to be neuroatypial and part of Gender/Romantic/Sexual Minority or
|
||||||
Gender/Romantic/Sexual Minority or multiple of those, but that is for
|
multiple of those, but that is for another post).
|
||||||
another post).
|
|
||||||
|
|
||||||
There were also other issues that I remember, but I don't feel the same
|
There were also other issues that I remember, but I don't feel the same level of
|
||||||
level of pain.
|
pain.
|
||||||
|
|
||||||
- _One person never talked to me and had some issue with me and always got
|
- _One person never talked to me and had some issue with me and always got what
|
||||||
what they wanted ("I don't want to work with that"). Not that I wanted
|
they wanted ("I don't want to work with that"). Not that I wanted to work with
|
||||||
to work with them, but it would have been nice if anyone thought about
|
them, but it would have been nice if anyone thought about asking my opinion._
|
||||||
asking my opinion._
|
- _On home economics lesson, I don't remember what was talked about, but I said
|
||||||
- _On home economics lesson, I don't remember what was talked about, but
|
for some reason that I like tuna over rye crisps and got response that it's
|
||||||
I said for some reason that I like tuna over rye crisps and got response
|
"so poor" and it's unclear to this day what does price of food have to do with
|
||||||
that it's "so poor" and it's unclear to this day what does price of food
|
how does it taste._
|
||||||
have to do with how does it taste._
|
|
||||||
- _There was … Suomalainen fanclub at Facebook and it was also reported to
|
- _There was … Suomalainen fanclub at Facebook and it was also reported to
|
||||||
police, but no action was took as there was nothing offensive there. In
|
police, but no action was took as there was nothing offensive there. In the
|
||||||
the end offensive content got there, but it was removed in agreement
|
end offensive content got there, but it was removed in agreement when
|
||||||
when anti-bullying FB page with name "bully name bunny club" was
|
anti-bullying FB page with name "bully name bunny club" was removed._
|
||||||
removed._
|
- _I was also friends at some point with the person depending on how much
|
||||||
- _I was also friends at some point with the person depending on how
|
friendship it is to perform Windows repair install and as reward get told
|
||||||
much friendship it is to perform Windows repair install and as
|
that we couldn't be friends at school as their reputation would suffer. More
|
||||||
reward get told that we couldn't be friends at school as their
|
bullying came..._
|
||||||
reputation would suffer. More bullying came..._
|
- There was also a lot more that happened there, but I would probably write this
|
||||||
- There was also a lot more that happened there, but I would probably write
|
forever if I wrote about everything and the things that are always on surface
|
||||||
this forever if I wrote about everything and the things that are always
|
are already written.
|
||||||
on surface are already written.
|
|
||||||
|
|
||||||
and as this is titled feelings, I should probably write about those too,
|
and as this is titled feelings, I should probably write about those too, not
|
||||||
not that there was anything new.
|
that there was anything new.
|
||||||
|
|
||||||
- I seem to be always anxious, especially if anyone wants me to go outdoors
|
- I seem to be always anxious, especially if anyone wants me to go outdoors
|
||||||
alone and I am afraid of seeing someone from any school even if they
|
alone and I am afraid of seeing someone from any school even if they didn't
|
||||||
didn't recognize me or did nothing, I have already seen people from there
|
recognize me or did nothing, I have already seen people from there twice with
|
||||||
twice with both times mentally locking me down.
|
both times mentally locking me down.
|
||||||
- I am just horrible person, everyone hates me and no one is honest in any
|
- I am just horrible person, everyone hates me and no one is honest in any good
|
||||||
good thing they say to/about me.
|
thing they say to/about me.
|
||||||
- I am just bothering everyone by being present in same space whether
|
- I am just bothering everyone by being present in same space whether physical
|
||||||
physical or online.
|
or online.
|
||||||
- Most of time I feel I have no friends anywhere even if there are
|
- Most of time I feel I have no friends anywhere even if there are otherwise
|
||||||
otherwise some IRC or IRL, it's just difficult for me to make/maintain
|
some IRC or IRL, it's just difficult for me to make/maintain friendships, but
|
||||||
friendships, but me being horrible person is nothing new anyway.
|
me being horrible person is nothing new anyway.
|
||||||
- I wish that I had a partner, but it's impossible as I am just horrible
|
- I wish that I had a partner, but it's impossible as I am just horrible person
|
||||||
person and autist (in bad way) and asexual (while most of rest of the
|
and autist (in bad way) and asexual (while most of rest of the world wants
|
||||||
world wants only sex) and trans (which is probably the worse as that
|
only sex) and trans (which is probably the worse as that translates to "has or
|
||||||
translates to "has or has had a penis" and makes everyone misinterpred me
|
has had a penis" and makes everyone misinterpred me as being male or being
|
||||||
as being male or being unable to think me as a girl). I don't sleep
|
unable to think me as a girl). I don't sleep propery at nights thinking these
|
||||||
propery at nights thinking these things and I just cannot get out and
|
things and I just cannot get out and as said Kymenlaakso is unable to help.
|
||||||
as said Kymenlaakso is unable to help.
|
|
||||||
|
@ -12,10 +12,11 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_There appears to be a lot of confusion on IPv6 and in this post I try to
|
_There appears to be a lot of confusion on IPv6 and in this post I try to clear
|
||||||
clear it a little._
|
it a little._
|
||||||
|
|
||||||
I am writing this post, because [TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
|
I am writing this post, because
|
||||||
|
[TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
|
||||||
The comments of that post are also totally lost.
|
The comments of that post are also totally lost.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
@ -41,17 +42,16 @@ The comments of that post are also totally lost.
|
|||||||
## IPv4
|
## IPv4
|
||||||
|
|
||||||
It's probably best to start with what is wrong with IPv4 and note that all
|
It's probably best to start with what is wrong with IPv4 and note that all
|
||||||
modern operating systems (including Windows Vista and newer) are designed
|
modern operating systems (including Windows Vista and newer) are designed to
|
||||||
to work with IPv6 and disabling it may break some features.
|
work with IPv6 and disabling it may break some features.
|
||||||
|
|
||||||
There are no IPv4 addresses for everyone and that is why we have NATs in
|
There are no IPv4 addresses for everyone and that is why we have NATs in routers
|
||||||
routers so we only have one IPv4 address facing the internet. That isn't
|
so we only have one IPv4 address facing the internet. That isn't enough either
|
||||||
enough either so ISPs started having their own NATs too known as CGN
|
so ISPs started having their own NATs too known as CGN (Carrier Grade NAT)
|
||||||
(Carrier Grade NAT) putting _a lot_ of customers behind single IPv4
|
putting _a lot_ of customers behind single IPv4 address.
|
||||||
address.
|
|
||||||
|
|
||||||
This means that if someone on the same ISP abused your favourite service
|
This means that if someone on the same ISP abused your favourite service X\*,
|
||||||
X\*, all users behind that IPv4 address get banned.
|
all users behind that IPv4 address get banned.
|
||||||
|
|
||||||
<em>\*X = Wikipedia, your favourite forum or IRC network or whatever</em>.
|
<em>\*X = Wikipedia, your favourite forum or IRC network or whatever</em>.
|
||||||
|
|
||||||
@ -60,59 +60,57 @@ connecting from single address and it can also increase latencies).
|
|||||||
|
|
||||||
## IPv6
|
## IPv6
|
||||||
|
|
||||||
IPv6, again, is next version of the Internet Protocol and has enough
|
IPv6, again, is next version of the Internet Protocol and has enough addresses
|
||||||
addresses for all your devices and you don't need NAT anymore so you don't
|
for all your devices and you don't need NAT anymore so you don't have to do port
|
||||||
have to do port forwards (which didn't help you behind CGN anyway) anymore.
|
forwards (which didn't help you behind CGN anyway) anymore.
|
||||||
|
|
||||||
People have weird worries with it and many misunderstandings on privacy
|
People have weird worries with it and many misunderstandings on privacy
|
||||||
concerns.
|
concerns.
|
||||||
|
|
||||||
### EUI-64-addresses
|
### EUI-64-addresses
|
||||||
|
|
||||||
EUI-64-addresses are based on your MAC-address and a lot of people seem to
|
EUI-64-addresses are based on your MAC-address and a lot of people seem to be
|
||||||
be worried about how they can be used for spying on you as you go through
|
worried about how they can be used for spying on you as you go through different
|
||||||
different networks (phone, laptop).
|
networks (phone, laptop).
|
||||||
|
|
||||||
This is an unrequired concern though as IPv6 privacy extensions should
|
This is an unrequired concern though as IPv6 privacy extensions should exist
|
||||||
exist with all IPv6 capable systems (again including Windows which seems
|
with all IPv6 capable systems (again including Windows which seems to be what
|
||||||
to be what people worry about the most). The privacy extensions generate
|
people worry about the most). The privacy extensions generate a random IPv6
|
||||||
a random IPv6 address which has no MAC-address and is changed over time.
|
address which has no MAC-address and is changed over time.
|
||||||
|
|
||||||
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change
|
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change it
|
||||||
it every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`)
|
every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`) and I
|
||||||
and I believe it also gets changed by reconnecting to network or rebooting
|
believe it also gets changed by reconnecting to network or rebooting the system.
|
||||||
the system.
|
|
||||||
|
|
||||||
On your IPv6-enabled system you should see three addresses:
|
On your IPv6-enabled system you should see three addresses:
|
||||||
|
|
||||||
- EUI-64-address where you see your MAC-address clearly, it just exists and
|
- EUI-64-address where you see your MAC-address clearly, it just exists and
|
||||||
isn't used in outgoing connections so no one knows it unless you decide
|
isn't used in outgoing connections so no one knows it unless you decide to
|
||||||
to tell them.
|
tell them.
|
||||||
- Privacy (extensions) address which is random and used for all outgoing
|
- Privacy (extensions) address which is random and used for all outgoing
|
||||||
connections and it changes every few hours. You might see multiple of
|
connections and it changes every few hours. You might see multiple of these as
|
||||||
these as the old privacy addresses are still kept for some time, but no
|
the old privacy addresses are still kept for some time, but no outgoing
|
||||||
outgoing connections is made with them.
|
connections is made with them.
|
||||||
- Link-local address you see even without global IPv6 connectivity as every
|
- Link-local address you see even without global IPv6 connectivity as every
|
||||||
IPv6-supporting system generates them automatically. They start with
|
IPv6-supporting system generates them automatically. They start with `fe80`
|
||||||
`fe80` and only work in your LAN. It also has your MAC-address visible.
|
and only work in your LAN. It also has your MAC-address visible.
|
||||||
|
|
||||||
If you are still worried about the MAC-address being visible, you can
|
If you are still worried about the MAC-address being visible, you can easily
|
||||||
easily confirm that no one sees it by going to
|
confirm that no one sees it by going to [ipv6-test.com](https://ipv6-test.com),
|
||||||
[ipv6-test.com](https://ipv6-test.com), looking at "IPv6 connectivity" and
|
looking at "IPv6 connectivity" and check the test that says "SLAAC". If it says
|
||||||
check the test that says "SLAAC". If it says "No" your EUI-64-address
|
"No" your EUI-64-address is not used, if it says "Yes" they are used and it
|
||||||
is not used, if it says "Yes" they are used and it should never say "Yes".
|
should never say "Yes". You will probably understand that it's not supposed to
|
||||||
You will probably understand that it's not supposed to say "Yes" as getting
|
say "Yes" as getting "Yes" in that test decreases your score.
|
||||||
"Yes" in that test decreases your score.
|
|
||||||
|
|
||||||
#### Windows IPv6 address randomization
|
#### Windows IPv6 address randomization
|
||||||
|
|
||||||
Windows which you shouldn't worry about makes you worry even less by being
|
Windows which you shouldn't worry about makes you worry even less by being
|
||||||
annoying and randomizing all addresses (even if there is no need because
|
annoying and randomizing all addresses (even if there is no need because you
|
||||||
you have IPv6 privacy extensions) and this probably causes you a headache
|
have IPv6 privacy extensions) and this probably causes you a headache if you are
|
||||||
if you are running Windows Server or dual-booting with some other OS.
|
running Windows Server or dual-booting with some other OS.
|
||||||
|
|
||||||
When you dual-boot, you might wonder why even the EUI-64-address is
|
When you dual-boot, you might wonder why even the EUI-64-address is different on
|
||||||
different on Windows and Linux/OS X/whatever.
|
Windows and Linux/OS X/whatever.
|
||||||
|
|
||||||
This is easy to fix though, open cmd.exe or PowerShell as admin and run:
|
This is easy to fix though, open cmd.exe or PowerShell as admin and run:
|
||||||
|
|
||||||
@ -123,14 +121,13 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
|
|||||||
|
|
||||||
##### Disabling privacy extensions
|
##### Disabling privacy extensions
|
||||||
|
|
||||||
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE
|
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE MOVED
|
||||||
MOVED ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE
|
ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE DOES SEE YOUR
|
||||||
DOES SEE YOUR MAC-ADDRESS.**
|
MAC-ADDRESS.**
|
||||||
|
|
||||||
As I am talking so much about privacy extensions, I must probably tell
|
As I am talking so much about privacy extensions, I must probably tell that you
|
||||||
that you can disable them if you want. I have no idea if that is possible
|
can disable them if you want. I have no idea if that is possible with OS X so I
|
||||||
with OS X so I don't say anything about it, I only know that it uses them
|
don't say anything about it, I only know that it uses them by default.
|
||||||
by default.
|
|
||||||
|
|
||||||
Windows: start by disabling the randomization and then
|
Windows: start by disabling the randomization and then
|
||||||
|
|
||||||
@ -139,18 +136,16 @@ netsh interface ipv6 set privacy state=disabled store=active
|
|||||||
netsh interface ipv6 set privacy state=disabled store=persistent
|
netsh interface ipv6 set privacy state=disabled store=persistent
|
||||||
```
|
```
|
||||||
|
|
||||||
Linux: check NetworkManager connection editor (or config files of whatever
|
Linux: check NetworkManager connection editor (or config files of whatever you
|
||||||
you use) or use the kernel option directly in `/etc/sysctl.conf` or
|
use) or use the kernel option directly in `/etc/sysctl.conf` or preferably
|
||||||
preferably `/etc/sysctl.d/<whatever>.conf`:
|
`/etc/sysctl.d/<whatever>.conf`: `net.ipv6.conf.default.use_tempaddr=0`.
|
||||||
`net.ipv6.conf.default.use_tempaddr=0`.
|
|
||||||
|
|
||||||
The numbers you can use here are:
|
The numbers you can use here are:
|
||||||
|
|
||||||
- 0 — IPv6 Privacy Extensions are disabled.
|
- 0 — IPv6 Privacy Extensions are disabled.
|
||||||
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is
|
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is preferred.**
|
||||||
preferred.**
|
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually the
|
||||||
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually
|
default and what you should use.
|
||||||
the default and what you should use.
|
|
||||||
|
|
||||||
### Getting IPv6
|
### Getting IPv6
|
||||||
|
|
||||||
@ -158,22 +153,22 @@ For native connectivity I only know about Finland (links in the list in
|
|||||||
Finnish)…
|
Finnish)…
|
||||||
|
|
||||||
- [IPv6 in Finnish consumer connections](https://ape3000.com/ipv6/)
|
- [IPv6 in Finnish consumer connections](https://ape3000.com/ipv6/)
|
||||||
- At the time of writing Elisa and DNA which are two of three biggest
|
- At the time of writing Elisa and DNA which are two of three biggest carriers
|
||||||
carriers (Sonera is missing) have IPv6 in all mobile connections, DNA
|
(Sonera is missing) have IPv6 in all mobile connections, DNA has IPv6 also
|
||||||
has IPv6 also in broadband connections and Elisa is working on it
|
in broadband connections and Elisa is working on it and Sonera has 6rd.
|
||||||
and Sonera has 6rd.
|
|
||||||
- [Elisa's page on enabling IPv6](https://asiakastuki.elisa.fi/ohje/541)
|
- [Elisa's page on enabling IPv6](https://asiakastuki.elisa.fi/ohje/541)
|
||||||
- [DNA's page on IPv6](https://www.dna.fi/ipv6)
|
- [DNA's page on IPv6](https://www.dna.fi/ipv6)
|
||||||
- [DNA's instructions for enabling IPv6 on different devices](https://www.dna.fi/ipv6-laitteet)
|
- [DNA's instructions for enabling IPv6 on different devices](https://www.dna.fi/ipv6-laitteet)
|
||||||
- [Sonera's page on IPv6 that is worse than earlier ones](https://www.sonera.fi/etsi+apua+ja+tukea/ohjeet/Soneran-palvelut-IPv6-valmiita?id=c4779f91-dd1c-4e43-b026-b2e6338d0db1)
|
- [Sonera's page on IPv6 that is worse than earlier ones](https://www.sonera.fi/etsi+apua+ja+tukea/ohjeet/Soneran-palvelut-IPv6-valmiita?id=c4779f91-dd1c-4e43-b026-b2e6338d0db1)
|
||||||
|
|
||||||
…but I can suggest searching the web for `yourISP IPv6` and contacting
|
…but I can suggest searching the web for `yourISP IPv6` and contacting their
|
||||||
their customer support asking when they are going to enable IPv6.
|
customer support asking when they are going to enable IPv6.
|
||||||
|
|
||||||
For tunneling there are multiple services for tunneling and the best are
|
For tunneling there are multiple services for tunneling and the best are [SixXS]
|
||||||
[SixXS] and [Tunnelbroker], but I am going to talk more about Teredo which
|
and [Tunnelbroker], but I am going to talk more about Teredo which the protocol
|
||||||
the protocol of last resort for accessing IPv6 sites and Windows comeswith it by default. The easiest way to enable it is probably saving the
|
of last resort for accessing IPv6 sites and Windows comeswith it by default. The
|
||||||
following as `something.reg` and running it:
|
easiest way to enable it is probably saving the following as `something.reg` and
|
||||||
|
running it:
|
||||||
|
|
||||||
[sixxs]: https://www.sixxs.net/
|
[sixxs]: https://www.sixxs.net/
|
||||||
[tunnelbroker]: https://tunnelbroker.net/
|
[tunnelbroker]: https://tunnelbroker.net/
|
||||||
@ -195,25 +190,25 @@ Short explanation:
|
|||||||
- Enable looking up IPv6 records even with Teredo
|
- Enable looking up IPv6 records even with Teredo
|
||||||
- Enable Teredo…
|
- Enable Teredo…
|
||||||
- …even if we are in domain
|
- …even if we are in domain
|
||||||
- use teredo.trex.fi as Teredo server, you might want to use some server
|
- use teredo.trex.fi as Teredo server, you might want to use some server that is
|
||||||
that is [closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
|
[closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
|
||||||
|
|
||||||
Linux: install package `miredo` and edit the server in `/etc/miredo.conf`
|
Linux: install package `miredo` and edit the server in `/etc/miredo.conf` if
|
||||||
if needed.
|
needed.
|
||||||
|
|
||||||
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect
|
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect your
|
||||||
your Teredo connectivity. Some browsers don't even attempt to use it, at
|
Teredo connectivity. Some browsers don't even attempt to use it, at least I
|
||||||
least I think Google Chrome did so.
|
think Google Chrome did so.
|
||||||
|
|
||||||
## Further reading
|
## Further reading
|
||||||
|
|
||||||
- [Wikipedia's page on IPv6](https://en.wikipedia.org/wiki/IPv6)
|
- [Wikipedia's page on IPv6](https://en.wikipedia.org/wiki/IPv6)
|
||||||
- [Wikipedia's page on Teredo](https://en.wikipedia.org/wiki/Teredo_tunneling)
|
- [Wikipedia's page on Teredo](https://en.wikipedia.org/wiki/Teredo_tunneling)
|
||||||
- [Microsoft Technet: A 5 Second Boot Optimization If You’ve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF](https://blogs.technet.com/b/askpfeplat/archive/2014/09/15/a-5-second-boot-optimization-if-you-ve-disabled-ipv6-on-windows-client-and-server-by-setting-disabledcomponents-to-0xffffffff.aspx)
|
- [Microsoft Technet: A 5 Second Boot Optimization If You’ve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF](https://blogs.technet.com/b/askpfeplat/archive/2014/09/15/a-5-second-boot-optimization-if-you-ve-disabled-ipv6-on-windows-client-and-server-by-setting-disabledcomponents-to-0xffffffff.aspx)
|
||||||
- TL;DR: depending on how you disabled IPv6 your boot might be 5
|
- TL;DR: depending on how you disabled IPv6 your boot might be 5 seconds less
|
||||||
seconds less and Microsoft discourages disabling it and they don't
|
and Microsoft discourages disabling it and they don't test working without
|
||||||
test working without IPv6. Disabling IPv6 breaks e.g. HomeGroup.
|
IPv6. Disabling IPv6 breaks e.g. HomeGroup.
|
||||||
|
|
||||||
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking that I
|
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking
|
||||||
don't write total nonsense here and all the fixes made and also @e-ali for
|
that I don't write total nonsense here and all the fixes made and also @e-ali
|
||||||
checking for spelling mistakes._
|
for checking for spelling mistakes._
|
||||||
|
@ -8,9 +8,9 @@ redirect_from: /finnish/2015/06/29/minusta.html
|
|||||||
published: false
|
published: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä
|
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä ja
|
||||||
ja olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista
|
olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista tulen nyt
|
||||||
tulen nyt taas kertoman._
|
taas kertoman._
|
||||||
|
|
||||||
Yritetäämpä kirjoittaa suomeksikin välillä, mutta tuskin tämäkään vaikuttaa
|
Yritetäämpä kirjoittaa suomeksikin välillä, mutta tuskin tämäkään vaikuttaa
|
||||||
mihinkään, tunnen vain kirjoittavani huonommin ja huonovointisuuteni vuoksi
|
mihinkään, tunnen vain kirjoittavani huonommin ja huonovointisuuteni vuoksi
|
||||||
@ -20,83 +20,81 @@ Asun Kotkassa ja olen aina asunut täällä. Olin koulukiusattu tarhasta asti
|
|||||||
johtuen erilaisuudestani ja "terveydenhuollon ammattilaiset" tutkivat
|
johtuen erilaisuudestani ja "terveydenhuollon ammattilaiset" tutkivat
|
||||||
poikkeavuuttani.
|
poikkeavuuttani.
|
||||||
|
|
||||||
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja
|
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja useiden
|
||||||
useiden muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko
|
muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko sanaa silloin) kuulin
|
||||||
sanaa silloin) kuulin vihdoinkin Aspergerin oireyhtymästä ja olevani
|
vihdoinkin Aspergerin oireyhtymästä ja olevani ilmiselvä tapaus ja että tämä
|
||||||
ilmiselvä tapaus ja että tämä olisi pitänyt selvittää ajat sitten ja nämä
|
olisi pitänyt selvittää ajat sitten ja nämä kaikki piirteet olivat tiedossa jo
|
||||||
kaikki piirteet olivat tiedossa jo pikkulapsena, mutta asiantuntijat
|
pikkulapsena, mutta asiantuntijat eivät osanneet yhdistää niitä toisiinsa.
|
||||||
eivät osanneet yhdistää niitä toisiinsa.
|
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt _koulukuraattorin_
|
||||||
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt
|
diagnoosi "skitsofrenia", vaikkei koulukuraattori pysty diagnooseja
|
||||||
_koulukuraattorin_ diagnoosi "skitsofrenia", vaikkei koulukuraattori
|
kirjoittamaan, mutta oppilasta on paljon helpompi sanoa mielisairaaksi, kuin
|
||||||
pysty diagnooseja kirjoittamaan, mutta oppilasta on paljon helpompi sanoa
|
hyväksyä koulussa olevaa kiusaamista.
|
||||||
mielisairaaksi, kuin hyväksyä koulussa olevaa kiusaamista.
|
|
||||||
|
|
||||||
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena
|
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena lukuisien
|
||||||
lukuisien itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin
|
itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin sukupuoli-identiteetin
|
||||||
sukupuoli-identiteetin tutkimuspoliklinikalle.
|
tutkimuspoliklinikalle.
|
||||||
|
|
||||||
Ensin tapaan sairaanhoitajaa kahden viikon välein muutaman kerran, odotan
|
Ensin tapaan sairaanhoitajaa kahden viikon välein muutaman kerran, odotan
|
||||||
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten
|
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten seuraavaa.
|
||||||
seuraavaa. Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman
|
Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman lääkärin valvontaa
|
||||||
lääkärin valvontaa _vuoden_ ennen virallista diagnoosia ja reseptiä.
|
_vuoden_ ennen virallista diagnoosia ja reseptiä.
|
||||||
|
|
||||||
Pelkään kehittäneeni [estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
|
Pelkään kehittäneeni
|
||||||
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen
|
[estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
|
||||||
itsetuhoinen. Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa
|
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen itsetuhoinen.
|
||||||
ellen sitten joudu menemään jollekin sovitulle ajalle tai
|
Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa ellen sitten joudu
|
||||||
vertaistukiryhmään, koska pelkään näkeväni entisiä koulukiusaajia, jotka
|
menemään jollekin sovitulle ajalle tai vertaistukiryhmään, koska pelkään
|
||||||
laukaisevat minulle kovan ahdistuksen.
|
näkeväni entisiä koulukiusaajia, jotka laukaisevat minulle kovan ahdistuksen.
|
||||||
|
|
||||||
Terveydenhuollosta puhuin jo aiemmin, nyt tarkennan sitä lisää. Olen ollut
|
Terveydenhuollosta puhuin jo aiemmin, nyt tarkennan sitä lisää. Olen ollut
|
||||||
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään,
|
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään, olen aina
|
||||||
olen aina vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla
|
vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla kesäloman ja
|
||||||
kesäloman ja vähän enemmän, koska psykologi oli lomalla eikä voinut
|
vähän enemmän, koska psykologi oli lomalla eikä voinut antaa palautettaan
|
||||||
antaa palautettaan tutkimuksestaan ja (perustelemattoman) käytännön vuoksi
|
tutkimuksestaan ja (perustelemattoman) käytännön vuoksi kukaan muu ei sitä
|
||||||
kukaan muu ei sitä voinut tehdä.
|
voinut tehdä.
|
||||||
|
|
||||||
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle
|
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle melko
|
||||||
melko suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
|
suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
|
||||||
|
|
||||||
Tämä ei tosin ole mitään harvinaislaatuista Kotkassa, olen myös ollut
|
Tämä ei tosin ole mitään harvinaislaatuista Kotkassa, olen myös ollut
|
||||||
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin
|
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin selväksi,
|
||||||
selväksi, että valmentaja on _oikea nainen_, minä en, jatkuvasti.
|
että valmentaja on _oikea nainen_, minä en, jatkuvasti.
|
||||||
|
|
||||||
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle
|
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle jokin
|
||||||
jokin lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani.
|
lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani. Olin
|
||||||
Olin pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen
|
pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen kuukauteen
|
||||||
kuukauteen ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi
|
ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi selittämään puhelimeen
|
||||||
selittämään puhelimeen miten "tänne tuli tälläinen 1X-vuotias poika"...
|
miten "tänne tuli tälläinen 1X-vuotias poika"...
|
||||||
|
|
||||||
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan
|
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan pidä
|
||||||
pidä paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella
|
paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella poliklinikalla.
|
||||||
poliklinikalla. Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä
|
Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä höpöttää jotakin omiaan,
|
||||||
höpöttää jotakin omiaan, eikä kiinnitä mitään huomiota minuun tai
|
eikä kiinnitä mitään huomiota minuun tai ongelmiini eikä ole yhtään
|
||||||
ongelmiini eikä ole yhtään kiinnostunutkaan niistä. Asiantuntemus puuttuu
|
kiinnostunutkaan niistä. Asiantuntemus puuttuu täysin. Edellisellä kerralla
|
||||||
täysin. Edellisellä kerralla yritin kysyä onko mahdollista, että minulla
|
yritin kysyä onko mahdollista, että minulla olisi aiemmin mainittu AvPD, mutta
|
||||||
olisi aiemmin mainittu AvPD, mutta siihenkään ei voinut saada minkäänlaista
|
siihenkään ei voinut saada minkäänlaista vastausta, työntekijä vain luki
|
||||||
vastausta, työntekijä vain luki lausuntoja "kuvittelee olevansa tyttö,
|
lausuntoja "kuvittelee olevansa tyttö, psykoottinen"-lääkäriltä ja lähti
|
||||||
psykoottinen"-lääkäriltä ja lähti kesälomalle.
|
kesälomalle.
|
||||||
|
|
||||||
Entä nyt?
|
Entä nyt?
|
||||||
|
|
||||||
Olen valmistunut eli minua ei sitoisi mikään Kotkaan ellen olisi
|
Olen valmistunut eli minua ei sitoisi mikään Kotkaan ellen olisi
|
||||||
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta
|
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta minulla on
|
||||||
minulla on miehen henkilötunnus, joten minut merkittäisiin jokaiseen
|
miehen henkilötunnus, joten minut merkittäisiin jokaiseen tietokantaan miehenä
|
||||||
tietokantaan miehenä ja koulun nimilistat laittaisivat minut miesten
|
ja koulun nimilistat laittaisivat minut miesten keskelle.
|
||||||
keskelle.
|
|
||||||
|
|
||||||
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus
|
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus vanhalla
|
||||||
vanhalla henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
|
henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
|
||||||
henkilötunnuksesta, hän alkaisi ihmettelemään henkilötunnuksen vaihtumista.
|
henkilötunnuksesta, hän alkaisi ihmettelemään henkilötunnuksen vaihtumista.
|
||||||
|
|
||||||
No miksen minä korjaa henkilötunnusta?
|
No miksen minä korjaa henkilötunnusta?
|
||||||
|
|
||||||
- Lyhyt vastaus: minulla ei ole ihmisoikeuksia siihen.
|
- Lyhyt vastaus: minulla ei ole ihmisoikeuksia siihen.
|
||||||
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa,
|
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa, jonne
|
||||||
jonne tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden
|
tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden vastakkaisen
|
||||||
vastakkaisen sukupuolin roolissa</s>vuoden diagnoosista jälkeen.
|
sukupuolin roolissa</s>vuoden diagnoosista jälkeen. Tämän lähetteen
|
||||||
Tämän lähetteen käsittelyyn ja ajan saamiseen *second opinion*iin taas
|
käsittelyyn ja ajan saamiseen *second opinion*iin taas kestää vähintään
|
||||||
kestää vähintään puolivuotta.
|
puolivuotta.
|
||||||
|
|
||||||
Pientä aikajanaa:
|
Pientä aikajanaa:
|
||||||
|
|
||||||
@ -105,19 +103,17 @@ Pientä aikajanaa:
|
|||||||
Facebookissa.
|
Facebookissa.
|
||||||
- 2013-12-30 aloitin hormonikorvaushoidon itse
|
- 2013-12-30 aloitin hormonikorvaushoidon itse
|
||||||
- 2014-03-20 vaihdoin nimeni virallisesti
|
- 2014-03-20 vaihdoin nimeni virallisesti
|
||||||
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain
|
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain todistusta
|
||||||
todistusta sukupuolen tutkimuksessa olemisesta, yleensä tähän
|
sukupuolen tutkimuksessa olemisesta, yleensä tähän vaaditaan diagnoosi.
|
||||||
vaaditaan diagnoosi. Lainasin myös Amnestyn raporttia transihmisten
|
Lainasin myös Amnestyn raporttia transihmisten ihmisoikeuksista.
|
||||||
ihmisoikeuksista.
|
|
||||||
- 2014-12-XX sain diagnoosin ja aloitin hormonit virallisesti
|
- 2014-12-XX sain diagnoosin ja aloitin hormonit virallisesti
|
||||||
|
|
||||||
TL;DR: en pysty liikkuman ulkona Kotkassa, minulle ei tarjota ammattimaista
|
TL;DR: en pysty liikkuman ulkona Kotkassa, minulle ei tarjota ammattimaista
|
||||||
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni
|
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni virallista
|
||||||
virallista vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden
|
vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden 2016 aikana.
|
||||||
2016 aikana.
|
|
||||||
|
|
||||||
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI
|
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI KOVIN
|
||||||
KOVIN TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ
|
TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ LAILLISESTA
|
||||||
LAILLISESTA KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
|
KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
|
||||||
|
|
||||||
_[Katso myös muut kirjoitukseni elämästäni englanniksi]({{ site.url }}/about#life)_
|
_[Katso myös muut kirjoitukseni elämästäni englanniksi]({{ site.url }}/about#life)_
|
||||||
|
@ -8,13 +8,13 @@ redirect_from: /finnish/2015/07/28/stagefright.html
|
|||||||
published: false
|
published: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa
|
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa etänä.
|
||||||
etänä. Lue lisää [Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
|
Lue lisää
|
||||||
|
[Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
|
||||||
|
|
||||||
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa,
|
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa, kuinka
|
||||||
kuinka rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi
|
rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi asia tarkemmin
|
||||||
asia tarkemmin ja se olisi mahdollisesti ollut järkevämpää kirjoittaa
|
ja se olisi mahdollisesti ollut järkevämpää kirjoittaa tänne suoraan.
|
||||||
tänne suoraan.
|
|
||||||
|
|
||||||
Tähän on kaksi minun tuntemaani tapaa
|
Tähän on kaksi minun tuntemaani tapaa
|
||||||
|
|
||||||
@ -22,16 +22,15 @@ Tähän on kaksi minun tuntemaani tapaa
|
|||||||
|
|
||||||
1. Avaa `Viestitys`
|
1. Avaa `Viestitys`
|
||||||
2. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Asetukset.
|
2. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Asetukset.
|
||||||
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta
|
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta "Automaattinouto".
|
||||||
"Automaattinouto".
|
|
||||||
|
|
||||||
## MMS APN-osoitteen poistaminen
|
## MMS APN-osoitteen poistaminen
|
||||||
|
|
||||||
Freenodessa (nykyisin Libera.Chat:issa) kanavalla `#vapaakoodi` mentiin
|
Freenodessa (nykyisin Libera.Chat:issa) kanavalla `#vapaakoodi` mentiin
|
||||||
pidemmälle ja poistettiin koko multimediaviestien APN-osoite.
|
pidemmälle ja poistettiin koko multimediaviestien APN-osoite.
|
||||||
|
|
||||||
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet
|
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet määritä
|
||||||
määritä APN-osoitetta uudelleen.**
|
APN-osoitetta uudelleen.**
|
||||||
|
|
||||||
1. Avaa Asetukset.
|
1. Avaa Asetukset.
|
||||||
2. Verkot välilehdellä valitse "Jakaminen & Verkkoyhteydet".
|
2. Verkot välilehdellä valitse "Jakaminen & Verkkoyhteydet".
|
||||||
@ -41,9 +40,9 @@ määritä APN-osoitetta uudelleen.**
|
|||||||
6. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Poista APN.
|
6. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Poista APN.
|
||||||
|
|
||||||
Samasta paikasta löytyy myös toinen kiinnostava asetus internet-yhteyden
|
Samasta paikasta löytyy myös toinen kiinnostava asetus internet-yhteyden
|
||||||
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6
|
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6 käyttöön.
|
||||||
käyttöön. Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen
|
Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen mobiilidata tulee
|
||||||
mobiilidata tulee katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
|
katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
|
||||||
|
|
||||||
- [Elisan IPv6-ohjeet](https://elisa.fi/ipv6)
|
- [Elisan IPv6-ohjeet](https://elisa.fi/ipv6)
|
||||||
- [DNA:n IPv6-laiteohjeet](https://dna.fi/ipv6-laitteet)
|
- [DNA:n IPv6-laiteohjeet](https://dna.fi/ipv6-laitteet)
|
||||||
@ -60,11 +59,13 @@ Nämä valikot on tarkistettu pikkuveljeni puhelimella.
|
|||||||
- MMS APN: "Sonera MMS"
|
- MMS APN: "Sonera MMS"
|
||||||
- APN-osoite `wap.sonera.fi`
|
- APN-osoite `wap.sonera.fi`
|
||||||
|
|
||||||
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta
|
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta käyttöön ja
|
||||||
käyttöön ja ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii
|
ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii kuitenkin
|
||||||
kuitenkin normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi,
|
normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi, IPv4/IPv6:ksi, koska
|
||||||
IPv4/IPv6:ksi, koska jos se ei ole tuettu, puhelin yrittää APN-protokollaa
|
jos se ei ole tuettu, puhelin yrittää APN-protokollaa IPv4._
|
||||||
IPv4._
|
|
||||||
|
|
||||||
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
|
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin
|
||||||
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta toimintaan ja sama pätee kai Soneraan.
|
APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
|
||||||
|
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele
|
||||||
|
Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta
|
||||||
|
toimintaan ja sama pätee kai Soneraan.
|
||||||
|
@ -14,71 +14,72 @@ redirect_from:
|
|||||||
- /english/2015/09/19/atheme-quickstart.html
|
- /english/2015/09/19/atheme-quickstart.html
|
||||||
---
|
---
|
||||||
|
|
||||||
Atheme IRC Services is the most used IRC service package. However many
|
Atheme IRC Services is the most used IRC service package. However many people
|
||||||
people have difficulties with registering a channel and then managing
|
have difficulties with registering a channel and then managing it, which I
|
||||||
it, which I attempt to help with here. I start by explaining NickServ
|
attempt to help with here. I start by explaining NickServ registration (and as a
|
||||||
registration (and as a bonus HostServ) and then move to channel
|
bonus HostServ) and then move to channel management and you just cannot talk
|
||||||
management and you just cannot talk about that without mentioning
|
about that without mentioning GroupServ too...
|
||||||
GroupServ too...
|
|
||||||
|
|
||||||
## NickServ
|
## NickServ
|
||||||
|
|
||||||
You won't be able to do anything unless you register your nick. This is
|
You won't be able to do anything unless you register your nick. This is as easy
|
||||||
as easy as `/msg nickserv register PASSWORD someone@example.net`.
|
as `/msg nickserv register PASSWORD someone@example.net`.
|
||||||
|
|
||||||
Depending on Atheme configuration on the IRC network you are using, you
|
Depending on Atheme configuration on the IRC network you are using, you must
|
||||||
must verify your email by checking it and copy-pasting the command which
|
verify your email by checking it and copy-pasting the command which starts with
|
||||||
starts with `/msg NickServ verify register` to NickServ.
|
`/msg NickServ verify register` to NickServ.
|
||||||
|
|
||||||
In case you wish to have multiple nicks in the same account, that is also
|
In case you wish to have multiple nicks in the same account, that is also easy,
|
||||||
easy, just `/nick AltNick` and `/msg nickserv group`. You can see nicks
|
just `/nick AltNick` and `/msg nickserv group`. You can see nicks you have by
|
||||||
you have by using `/msg nickserv info yournick` (other people (except IRC
|
using `/msg nickserv info yournick` (other people (except IRC operators) cannot
|
||||||
operators) cannot see that part).
|
see that part).
|
||||||
|
|
||||||
Now you should be successfully identified and should configure automatic
|
Now you should be successfully identified and should configure automatic
|
||||||
identification, I cannot help with it so much, but I can point you to
|
identification, I cannot help with it so much, but I can point you to beginning:
|
||||||
beginning:
|
|
||||||
|
|
||||||
- [liberachat's SASL instructions](https://libera.chat/guides/sasl)
|
- [liberachat's SASL instructions](https://libera.chat/guides/sasl)
|
||||||
- [My instructions for SASL with WeeChat]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
- [My instructions for SASL with WeeChat]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
||||||
- [Searx YOURCLIENTHERE SASL](https://search.disroot.org/?q=YOURCLIENTHERE+SASL)
|
- [Searx YOURCLIENTHERE SASL](https://search.disroot.org/?q=YOURCLIENTHERE+SASL)
|
||||||
- IRCCloud: edit network and go to advanced settings and you will see box
|
- IRCCloud: edit network and go to advanced settings and you will see box for
|
||||||
for NickServ password.
|
NickServ password.
|
||||||
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure
|
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure that
|
||||||
that you specified a nick that is grouped to your account.
|
you specified a nick that is grouped to your account.
|
||||||
- Matrix: in the admin room (direct chat with the appservice-irc), say
|
- Matrix: in the admin room (direct chat with the appservice-irc), say
|
||||||
`!storepass password` to have the password send with PASS on connect.
|
`!storepass password` to have the password send with PASS on connect. In case
|
||||||
In case of liberachat use `!storepass nick:password` and/or see more
|
of liberachat use `!storepass nick:password` and/or see more information at
|
||||||
information at [matrix-appservice-irc wiki].
|
[matrix-appservice-irc wiki].
|
||||||
- [IRC networks with Matrix bridge]
|
- [IRC networks with Matrix bridge]
|
||||||
- [Matrix bridge end-user FAQ register/identify section]
|
- [Matrix bridge end-user FAQ register/identify section]
|
||||||
|
|
||||||
[matrix-appservice-irc wiki]: https://github.com/matrix-org/matrix-appservice-irc/wiki/
|
[matrix-appservice-irc wiki]:
|
||||||
[irc networks with matrix bridge]: https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
|
https://github.com/matrix-org/matrix-appservice-irc/wiki/
|
||||||
[matrix bridge end-user faq register/identify section]: https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
|
[irc networks with matrix bridge]:
|
||||||
|
https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
|
||||||
|
[matrix bridge end-user faq register/identify section]:
|
||||||
|
https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
|
||||||
|
|
||||||
## HostServ
|
## HostServ
|
||||||
|
|
||||||
In case the network you are on has HostServ, you can get vhosts with it.
|
In case the network you are on has HostServ, you can get vhosts with it. Vhosts
|
||||||
Vhosts appear in place of your real host/cloaked host, but
|
appear in place of your real host/cloaked host, but
|
||||||
[won't hide your IP](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c).
|
[won't hide your IP](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c).
|
||||||
|
|
||||||
There are two ways to get a vhost, take one that is offered to everyone or
|
There are two ways to get a vhost, take one that is offered to everyone or
|
||||||
request something.
|
request something.
|
||||||
|
|
||||||
- Check `/msg hostserv offerlist` and if you see something you like, you
|
- Check `/msg hostserv offerlist` and if you see something you like, you can
|
||||||
can enable it with e.g. `/msg hostserv take $user.irc.example.net` and
|
enable it with e.g. `/msg hostserv take $user.irc.example.net` and running
|
||||||
running `/msg hostserv on`.
|
`/msg hostserv on`.
|
||||||
- Use `/msg nickserv request blah` and when you receive message telling you
|
- Use `/msg nickserv request blah` and when you receive message telling you that
|
||||||
that your requested vhost has been approved use `/msg hostserv on`.
|
your requested vhost has been approved use `/msg hostserv on`.
|
||||||
|
|
||||||
## ChanServ
|
## ChanServ
|
||||||
|
|
||||||
And finally to the topic which seems to be the most difficult, channel
|
And finally to the topic which seems to be the most difficult, channel (access)
|
||||||
(access) management.
|
management.
|
||||||
|
|
||||||
First register the channel with `/msg ChanServ register #channel` while
|
First register the channel with `/msg ChanServ register #channel` while you are
|
||||||
you are opped. Now you are free to setup the channel as you wish.
|
opped. Now you are free to setup the channel as you wish.
|
||||||
|
|
||||||
I use the following templates, so I can e.g.
|
I use the following templates, so I can e.g.
|
||||||
`/msg chanserv flags #channel someone op` instead of
|
`/msg chanserv flags #channel someone op` instead of
|
||||||
@ -86,60 +87,60 @@ I use the following templates, so I can e.g.
|
|||||||
network defaults that you can see with `/msg chanserv template`.
|
network defaults that you can see with `/msg chanserv template`.
|
||||||
|
|
||||||
_This is a bash scripts which is ran like `./cstemplate #channel` and
|
_This is a bash scripts which is ran like `./cstemplate #channel` and
|
||||||
copy-pasted to ChanServ. It basically allows ops to do everything they
|
copy-pasted to ChanServ. It basically allows ops to do everything they could do
|
||||||
could do anyway by being opped using services and "trusted users" have
|
anyway by being opped using services and "trusted users" have became regulars on
|
||||||
became regulars on channels I am on. If a flag doesn't exist on the network
|
channels I am on. If a flag doesn't exist on the network you are on, Atheme will
|
||||||
you are on, Atheme will just silently ignore it._
|
just silently ignore it._
|
||||||
|
|
||||||
**You should see my cstemplate script here, but the embedding isn't
|
**You should see my cstemplate script here, but the embedding isn't working, to
|
||||||
working, to see it [please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
|
see it
|
||||||
|
[please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
|
||||||
|
|
||||||
Another example using my templates would be `/msg ChanServ flags #channel !channel-ops op` which would give op permissions above to users in the
|
Another example using my templates would be
|
||||||
!channel-ops group.
|
`/msg ChanServ flags #channel !channel-ops op` which would give op permissions
|
||||||
|
above to users in the !channel-ops group.
|
||||||
|
|
||||||
## GroupServ
|
## GroupServ
|
||||||
|
|
||||||
I mentioned groups a little earlier and now I am returning to them. They
|
I mentioned groups a little earlier and now I am returning to them. They are a
|
||||||
are a way to manage flags of group of users very easily by having
|
way to manage flags of group of users very easily by having all users in the
|
||||||
all users in the group and just setting flags to the group instead of
|
group and just setting flags to the group instead of invidual users.
|
||||||
invidual users.
|
|
||||||
|
|
||||||
_GroupServ is undervalued service and it might not be surprising if it's
|
_GroupServ is undervalued service and it might not be surprising if it's missing
|
||||||
missing from your network :(_
|
from your network :(_
|
||||||
|
|
||||||
Start by creating your group `/msg groupserv register !blah` (you might
|
Start by creating your group `/msg groupserv register !blah` (you might want to
|
||||||
want to register a more descriptive name).
|
register a more descriptive name).
|
||||||
|
|
||||||
Next, as in this example this group is going to be op #somewhere we close
|
Next, as in this example this group is going to be op #somewhere we close the
|
||||||
the group: `/msg groupserv set !group open off`.
|
group: `/msg groupserv set !group open off`.
|
||||||
|
|
||||||
Now there are only two tasks left, making the group op and adding ops
|
Now there are only two tasks left, making the group op and adding ops there:
|
||||||
there:
|
|
||||||
|
|
||||||
- `/msg chanserv flags #channel !blah op`
|
- `/msg chanserv flags #channel !blah op`
|
||||||
- where `op` can still be replaced with `aop` if you are following
|
- where `op` can still be replaced with `aop` if you are following Atheme
|
||||||
Atheme defaults or some other template you created or your own
|
defaults or some other template you created or your own set of flags.
|
||||||
set of flags.
|
|
||||||
- `/msg groupserv flags !blah user +c`
|
- `/msg groupserv flags !blah user +c`
|
||||||
- Repeat as many times as you have ops, to remove ops you simply remove
|
- Repeat as many times as you have ops, to remove ops you simply remove their
|
||||||
their `-c` flag or all flags (`-*`). You will also want to read
|
`-c` flag or all flags (`-*`). You will also want to read
|
||||||
`/msg groupserv help flags` as there is more than I said here.
|
`/msg groupserv help flags` as there is more than I said here.
|
||||||
|
|
||||||
## Futher reading
|
## Futher reading
|
||||||
|
|
||||||
- [Always add opers to access list (this is the $oper in my templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
- [Always add opers to access list (this is the $oper in
|
||||||
|
my
|
||||||
|
templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||||
- oops, did I just repeat previous post
|
- oops, did I just repeat previous post
|
||||||
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||||
- especially read this if you are at liberachat or wondering why you
|
- especially read this if you are at liberachat or wondering why you don't get
|
||||||
don't get automatically opped after registering the channel and
|
automatically opped after registering the channel and cycling while being
|
||||||
cycling while being identified!
|
identified!
|
||||||
- `/msg NickServ help`
|
- `/msg NickServ help`
|
||||||
- `/msg NickServ help set`
|
- `/msg NickServ help set`
|
||||||
- especially worth taking a look at: `emailmemos` & `enforce`
|
- especially worth taking a look at: `emailmemos` & `enforce`
|
||||||
- `/msg ChanServ help`
|
- `/msg ChanServ help`
|
||||||
- `/msg ChanServ help set`
|
- `/msg ChanServ help set`
|
||||||
- especially worth taking a look at: `guard`, `keeptopic`,
|
- especially worth taking a look at: `guard`, `keeptopic`, `verbose`
|
||||||
`verbose`
|
|
||||||
- `/msg ChanServ help flags`
|
- `/msg ChanServ help flags`
|
||||||
- what flags are available, what they do and managing them.
|
- what flags are available, what they do and managing them.
|
||||||
- `/msg ChanServ help template`
|
- `/msg ChanServ help template`
|
||||||
|
@ -12,14 +12,16 @@ redirect_from:
|
|||||||
- /english/2015/10/09/arch-reflector.html
|
- /english/2015/10/09/arch-reflector.html
|
||||||
---
|
---
|
||||||
|
|
||||||
_Reflector is a tool that checks the most recently upgraded Arch Linux
|
_Reflector is a tool that checks the most recently upgraded Arch Linux mirrors
|
||||||
mirrors and ranks them by speed and saves them to your mirrorlist._
|
and ranks them by speed and saves them to your mirrorlist._
|
||||||
|
|
||||||
**This is largely based on [ArchWiki page on reflector] which is licensed
|
**This is largely based on [ArchWiki page on reflector] which is licensed in [GNU
|
||||||
in [GNU Free Documentation License 1.3 or later].**
|
Free
|
||||||
|
Documentation License 1.3 or later].**
|
||||||
|
|
||||||
[archwiki page on reflector]: https://wiki.archlinux.org/index.php/Reflector
|
[archwiki page on reflector]: https://wiki.archlinux.org/index.php/Reflector
|
||||||
[gnu free documentation license 1.3 or later]: https://www.gnu.org/copyleft/fdl.html
|
[gnu free documentation license 1.3 or later]:
|
||||||
|
https://www.gnu.org/copyleft/fdl.html
|
||||||
|
|
||||||
TL;DR commands:
|
TL;DR commands:
|
||||||
|
|
||||||
@ -34,18 +36,19 @@ sudo pacman -Syu
|
|||||||
|
|
||||||
(end of TL;DR and what you actually do)
|
(end of TL;DR and what you actually do)
|
||||||
|
|
||||||
1. Install reflector itself, additional depedency of rsync to rank the
|
1. Install reflector itself, additional depedency of rsync to rank the mirrors
|
||||||
mirrors by speed, and curl which you use in the second command
|
by speed, and curl which you use in the second command
|
||||||
2. to download my reflector.service
|
2. to download my reflector.service
|
||||||
- differences to Arch Wiki version: requires network-online.target
|
- differences to Arch Wiki version: requires network-online.target so you
|
||||||
so you don't have to enable any wait-online services and uses only
|
don't have to enable any wait-online services and uses only https mirrors.
|
||||||
https mirrors.
|
|
||||||
3. enable the service so it's ran on boot
|
3. enable the service so it's ran on boot
|
||||||
4. start it now so it checks the most recently updated mirrors and
|
4. start it now so it checks the most recently updated mirrors and saves them to
|
||||||
saves them to mirrorlist.
|
mirrorlist.
|
||||||
5. Check for updates & install them.
|
5. Check for updates & install them.
|
||||||
|
|
||||||
Do check the service itself at https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service !
|
Do check the service itself at
|
||||||
|
https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service
|
||||||
|
!
|
||||||
|
|
||||||
Bonus: edit `/etc/pacman.conf` and add the line:
|
Bonus: edit `/etc/pacman.conf` and add the line:
|
||||||
|
|
||||||
@ -53,6 +56,6 @@ Bonus: edit `/etc/pacman.conf` and add the line:
|
|||||||
NoExtract = etc/pacman.d/mirrorlist
|
NoExtract = etc/pacman.d/mirrorlist
|
||||||
```
|
```
|
||||||
|
|
||||||
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:**
|
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:** it's
|
||||||
it's intented to be `etc/pacman.d/mirrorlist` without the initial `/`,
|
intented to be `etc/pacman.d/mirrorlist` without the initial `/`, because it's
|
||||||
because it's _relative_, not _absolute_, path.
|
_relative_, not _absolute_, path.
|
||||||
|
@ -11,32 +11,32 @@ redirect_from:
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Also applies to other distributions based on it, how do you change
|
_Also applies to other distributions based on it, how do you change the display
|
||||||
the display manager, aka login screen._
|
manager, aka login screen._
|
||||||
|
|
||||||
- `--needed` makes pacman not install packages that are already installed.
|
- `--needed` makes pacman not install packages that are already installed.
|
||||||
- uncommented line = line that doesn't begin with `#`.
|
- uncommented line = line that doesn't begin with `#`.
|
||||||
- to change DM you don't need to reboot, you can also
|
- to change DM you don't need to reboot, you can also
|
||||||
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this
|
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this logs
|
||||||
logs you out.
|
you out.
|
||||||
- my personal recommendation is using LightDM if it works for you,
|
- my personal recommendation is using LightDM if it works for you, otherwise
|
||||||
otherwise sddm. I personally use LightDM, because sddm is missing
|
sddm. I personally use LightDM, because sddm is missing support for
|
||||||
support for `sudo passwd -de user` [sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
|
`sudo passwd -de user`
|
||||||
|
[sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
|
||||||
|
|
||||||
## LightDM gtk greeter
|
## LightDM gtk greeter
|
||||||
|
|
||||||
- `sudo pacman --needed -S lightdm lightdm-gtk-greeter accountsservice numlockx`
|
- `sudo pacman --needed -S lightdm lightdm-gtk-greeter accountsservice numlockx`
|
||||||
|
|
||||||
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line
|
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line that
|
||||||
that starts with `greeter-session=` and change it to
|
starts with `greeter-session=` and change it to
|
||||||
`greeter-session=lightdm-gtk-greeter`.
|
`greeter-session=lightdm-gtk-greeter`.
|
||||||
|
|
||||||
If you have keyboard with [numpad] you might want to enable Num Lock by
|
If you have keyboard with [numpad] you might want to enable Num Lock by default
|
||||||
default by finding the uncommented line starting with
|
by finding the uncommented line starting with `greeter-setup-script=` and
|
||||||
`greeter-setup-script=` and changing it to
|
changing it to `greeter-setup-script=/usr/bin/numlockx on`. If there isn't
|
||||||
`greeter-setup-script=/usr/bin/numlockx on`. If there isn't uncommented
|
uncommented line anywhere in the file, just uncomment one or add it under the
|
||||||
line anywhere in the file, just uncomment one or add it under the commented
|
commented line.
|
||||||
line.
|
|
||||||
|
|
||||||
Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
|
Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
|
||||||
|
|
||||||
@ -44,8 +44,8 @@ Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
|
|||||||
|
|
||||||
- `sudo pacman --needed -S sddm`
|
- `sudo pacman --needed -S sddm`
|
||||||
|
|
||||||
SDDM is simple display manager for all desktop environments and is
|
SDDM is simple display manager for all desktop environments and is successor of
|
||||||
successor of KDM which is the KDE Display Manager.
|
KDM which is the KDE Display Manager.
|
||||||
|
|
||||||
To create a config file and enable it for next reboot:
|
To create a config file and enable it for next reboot:
|
||||||
|
|
||||||
@ -54,20 +54,20 @@ sddm --example-config | sudo tee /etc/sddm.conf
|
|||||||
sudo systemctl enable -f sddm
|
sudo systemctl enable -f sddm
|
||||||
```
|
```
|
||||||
|
|
||||||
The lines you might want to change are the one starting with `Nucmlock=`
|
The lines you might want to change are the one starting with `Nucmlock=` and I
|
||||||
and I recommend changing it to `Numlock=on` if you have the [numpad]. The
|
recommend changing it to `Numlock=on` if you have the [numpad]. The other line
|
||||||
other line starts with `Current=` and is used to select the current theme.
|
starts with `Current=` and is used to select the current theme. Available themes
|
||||||
Available themes can be seen with `ls /usr/share/sddm/themes`.
|
can be seen with `ls /usr/share/sddm/themes`.
|
||||||
|
|
||||||
KDE users might also want to install `sddm-kcm` which gives GUI
|
KDE users might also want to install `sddm-kcm` which gives GUI for controlling
|
||||||
for controlling sddm.
|
sddm.
|
||||||
|
|
||||||
## gdm
|
## gdm
|
||||||
|
|
||||||
- `sudo pacman --needed -S gdm`
|
- `sudo pacman --needed -S gdm`
|
||||||
|
|
||||||
The last display manager I am mentioning is the Gnome Display Manager and
|
The last display manager I am mentioning is the Gnome Display Manager and is
|
||||||
is only for Gnome users and I am not so familiar with it and I believe
|
only for Gnome users and I am not so familiar with it and I believe using it is
|
||||||
using it is just `sudo systemctl enable -f gdm`.
|
just `sudo systemctl enable -f gdm`.
|
||||||
|
|
||||||
[numpad]: https://en.wikipedia.org/wiki/numpad
|
[numpad]: https://en.wikipedia.org/wiki/numpad
|
||||||
|
@ -8,21 +8,19 @@ redirect_from: /english/2015/11/03/moving.html
|
|||||||
published: false
|
published: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_As this blog is so depressing and full of Kotka, I should mention that I
|
_As this blog is so depressing and full of Kotka, I should mention that I moved
|
||||||
moved to Lauttasaari (~5km from Helsinki centre) a few days ago._
|
to Lauttasaari (~5km from Helsinki centre) a few days ago._
|
||||||
|
|
||||||
I think my biggest problems are now over. I can move outside without
|
I think my biggest problems are now over. I can move outside without issues and
|
||||||
issues and there are groups I can visit like HeSeta's gaymer's night where
|
there are groups I can visit like HeSeta's gaymer's night where I went on the
|
||||||
I went on the first day here to play board games as I got friend with me.
|
first day here to play board games as I got friend with me.
|
||||||
|
|
||||||
Getting to places is just 2€ per hour or using season from travel card and
|
Getting to places is just 2€ per hour or using season from travel card and works
|
||||||
works for all public transport. From Lauttasaari it's hopping to bus and
|
for all public transport. From Lauttasaari it's hopping to bus and then changing
|
||||||
then changing to another bus or metro/train/tram. Metro is also coming
|
to another bus or metro/train/tram. Metro is also coming nearby in August when
|
||||||
nearby in August when [West Metro](https://lansimetro.fi/en/home.html)
|
[West Metro](https://lansimetro.fi/en/home.html) opens.
|
||||||
opens.
|
|
||||||
|
|
||||||
I don't know about psychiatrical health care yet other than there will be
|
I don't know about psychiatrical health care yet other than there will be
|
||||||
appointment on coming weeks about arranging it.
|
appointment on coming weeks about arranging it.
|
||||||
|
|
||||||
_This post is too short for my taste, but so was the previous one about
|
_This post is too short for my taste, but so was the previous one about hau._
|
||||||
hau._
|
|
||||||
|
@ -10,61 +10,129 @@ locale: fi_FI
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut
|
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut vaikea
|
||||||
vaikea kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian
|
kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian myöhäistä
|
||||||
myöhäistä muuttaa._
|
muuttaa._
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Hyvä VASTAANOTTAJA,
|
Hyvä VASTAANOTTAJA,
|
||||||
|
|
||||||
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa ainoastaan naimattomuusvaatimuksen.
|
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain
|
||||||
|
liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa
|
||||||
|
ainoastaan naimattomuusvaatimuksen.
|
||||||
|
|
||||||
Se ei riitä, translain täytyy perustua itsemääräämisoikeuteen.
|
Se ei riitä, translain täytyy perustua itsemääräämisoikeuteen.
|
||||||
|
|
||||||
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se ei ollut virallinen nimeni.
|
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani
|
||||||
|
ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita
|
||||||
|
käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se
|
||||||
|
ei ollut virallinen nimeni.
|
||||||
|
|
||||||
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
|
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin
|
||||||
|
korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen
|
||||||
|
henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
|
||||||
|
|
||||||
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina "Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies. Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
|
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina
|
||||||
|
"Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies.
|
||||||
|
Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun
|
||||||
|
täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani
|
||||||
|
kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien
|
||||||
|
tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
|
||||||
|
|
||||||
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta (jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä kaikki vain tapahtuisi alusta asti uudelleen.
|
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta
|
||||||
|
(jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei
|
||||||
|
kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin
|
||||||
|
päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla
|
||||||
|
hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä
|
||||||
|
kaikki vain tapahtuisi alusta asti uudelleen.
|
||||||
|
|
||||||
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden kärsiä näin.
|
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia
|
||||||
|
itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden
|
||||||
|
kärsiä näin.
|
||||||
|
|
||||||
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista ilman äänestystä.
|
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa
|
||||||
|
pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista
|
||||||
|
ilman äänestystä.
|
||||||
|
|
||||||
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen itsemääräämisoikeudesta uuden translain perusteeksi.
|
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen
|
||||||
|
itsemääräämisoikeudesta uuden translain perusteeksi.
|
||||||
|
|
||||||
16.10.2015
|
16.10.2015
|
||||||
|
|
||||||
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen lähtökohdaksi
|
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen
|
||||||
|
lähtökohdaksi
|
||||||
|
|
||||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen vahvistamiseen riittää henkilön oma ilmoitus.
|
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan
|
||||||
|
avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt
|
||||||
|
vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen
|
||||||
|
vahvistamiseen riittää henkilön oma ilmoitus.
|
||||||
|
|
||||||
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus, lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan ihmisoikeuslähtöiseksi.
|
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus,
|
||||||
|
lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa
|
||||||
|
yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös
|
||||||
|
sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja
|
||||||
|
ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan
|
||||||
|
ihmisoikeuslähtöiseksi.
|
||||||
|
|
||||||
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin riittämätön.
|
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain
|
||||||
|
naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon
|
||||||
|
poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin
|
||||||
|
riittämätön.
|
||||||
|
|
||||||
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
|
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime
|
||||||
|
vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty
|
||||||
|
muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista
|
||||||
|
Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa
|
||||||
|
vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
|
||||||
|
|
||||||
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen. Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
|
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty
|
||||||
|
hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin
|
||||||
|
esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön
|
||||||
|
valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut
|
||||||
|
tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan
|
||||||
|
sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve
|
||||||
|
on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset
|
||||||
|
ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen.
|
||||||
|
Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston
|
||||||
|
ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta
|
||||||
|
valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on
|
||||||
|
vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
|
||||||
|
|
||||||
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla, transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen osaston asiantuntija Pia Puu Oksanen kysyy.
|
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen
|
||||||
|
syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla,
|
||||||
|
transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä
|
||||||
|
ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen
|
||||||
|
oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen
|
||||||
|
osaston asiantuntija Pia Puu Oksanen kysyy.
|
||||||
|
|
||||||
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
|
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset
|
||||||
|
yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta
|
||||||
|
keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen
|
||||||
|
lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava
|
||||||
|
toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja
|
||||||
|
läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
|
||||||
|
|
||||||
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle. Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi vähentää halua hakea koulutukseen.
|
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle.
|
||||||
|
Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta
|
||||||
|
jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa
|
||||||
|
kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi
|
||||||
|
vähentää halua hakea koulutukseen.
|
||||||
|
|
||||||
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu Mäenpää kertoo.
|
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen
|
||||||
|
juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu
|
||||||
|
Mäenpää kertoo.
|
||||||
|
|
||||||
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää, aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle vahvistamiselle.
|
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää,
|
||||||
|
aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle
|
||||||
|
vahvistamiselle.
|
||||||
|
|
||||||
Allekirjoittajat:
|
Allekirjoittajat:
|
||||||
|
|
||||||
Amnesty International, Suomen osasto ry
|
Amnesty International, Suomen osasto ry
|
||||||
|
|
||||||
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän asiantuntija
|
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän
|
||||||
|
asiantuntija
|
||||||
|
|
||||||
Dreamwear Club ry
|
Dreamwear Club ry
|
||||||
|
|
||||||
@ -86,8 +154,6 @@ Trasek ry
|
|||||||
|
|
||||||
Antti Karanki, puheenjohtaja
|
Antti Karanki, puheenjohtaja
|
||||||
|
|
||||||
Ystävällisin terveisin,
|
Ystävällisin terveisin, Mikaela Suomalainen https://mikaela.info
|
||||||
Mikaela Suomalainen
|
|
||||||
https://mikaela.info
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -9,8 +9,8 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_I am typing this, because there is a lot of misinformation on this,
|
_I am typing this, because there is a lot of misinformation on this, especially
|
||||||
especially about the dynamic DNS part._
|
about the dynamic DNS part._
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -48,14 +48,14 @@ Go to the router web panel and IPv6 under advanced settings.
|
|||||||
|
|
||||||
### IPv6 LAN Setting
|
### IPv6 LAN Setting
|
||||||
|
|
||||||
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from
|
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from tunnelbroker.net
|
||||||
tunnelbroker.net tunnel details_
|
tunnel details_
|
||||||
- LAN Prefix Length: 64
|
- LAN Prefix Length: 64
|
||||||
|
|
||||||
### IPv6 DNS Setting
|
### IPv6 DNS Setting
|
||||||
|
|
||||||
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net
|
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net says for
|
||||||
says for me)_
|
me)_
|
||||||
- IPv6 DNS Server 2: 2001:4860:4860::8888 _Google DNS 1_
|
- IPv6 DNS Server 2: 2001:4860:4860::8888 _Google DNS 1_
|
||||||
- IPv6 DNS Server 3: 2001:4860:4860::8844 _Google DNS 2_
|
- IPv6 DNS Server 3: 2001:4860:4860::8844 _Google DNS 2_
|
||||||
|
|
||||||
@ -71,25 +71,24 @@ Go to Advanced Settings, WAN, DDNS
|
|||||||
- Server: WWW.TUNNELBROKER.NET
|
- Server: WWW.TUNNELBROKER.NET
|
||||||
- Host Name: _tunnel ID from tunnelbroker.net tunnel details_
|
- Host Name: _tunnel ID from tunnelbroker.net tunnel details_
|
||||||
- User Name or E-mail address: \*username of tunnelbroker.net
|
- User Name or E-mail address: \*username of tunnelbroker.net
|
||||||
- Password or DDNS Key: _Update Key from tunnel details under the Advanced
|
- Password or DDNS Key: _Update Key from tunnel details under the Advanced tab_
|
||||||
tab_
|
|
||||||
|
|
||||||
All guides I have seen say that username is user ID from index of
|
All guides I have seen say that username is user ID from index of
|
||||||
tunnelbroker.net and password is account password, but that doesn't work
|
tunnelbroker.net and password is account password, but that doesn't work for me.
|
||||||
for me. This is how I got it working guessing the details based on
|
This is how I got it working guessing the details based on _Example Update URL_
|
||||||
_Example Update URL_ at the same place you got the Update Key.
|
at the same place you got the Update Key.
|
||||||
|
|
||||||
Now it should either work or not.
|
Now it should either work or not.
|
||||||
|
|
||||||
- If it gives error saying something about trying again later, you are
|
- If it gives error saying something about trying again later, you are doing
|
||||||
doing something wrong.
|
something wrong.
|
||||||
- If it gives error about endpoint IP not changed since the last update,
|
- If it gives error about endpoint IP not changed since the last update, it
|
||||||
it works.
|
works.
|
||||||
- If you don't get error, it doesn't work.
|
- If you don't get error, it doesn't work.
|
||||||
|
|
||||||
Now I would suggest you to go to Administration and from there
|
Now I would suggest you to go to Administration and from there
|
||||||
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button
|
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button so in
|
||||||
so in case something bad happens you can easily restore the working state.
|
case something bad happens you can easily restore the working state.
|
||||||
|
|
||||||
And I probably shouldn't need to say this, but I will say it
|
And I probably shouldn't need to say this, but I will say it anyway: **don't use
|
||||||
anyway: **don't use admin/admin as username/password combination!**
|
admin/admin as username/password combination!**
|
||||||
|
@ -18,10 +18,9 @@ It's very simple.
|
|||||||
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
|
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
|
||||||
```
|
```
|
||||||
|
|
||||||
And this is the farthest I have gotten before. But today at IRC there
|
And this is the farthest I have gotten before. But today at IRC there was talk
|
||||||
was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq
|
on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq and Fedora
|
||||||
and Fedora unbound. That made me _read the fine manual_ of
|
unbound. That made me _read the fine manual_ of NetworkManager.conf...
|
||||||
NetworkManager.conf...
|
|
||||||
|
|
||||||
```man
|
```man
|
||||||
dns
|
dns
|
||||||
@ -43,12 +42,14 @@ NetworkManager.conf...
|
|||||||
none: NetworkManager will not modify resolv.conf.
|
none: NetworkManager will not modify resolv.conf.
|
||||||
```
|
```
|
||||||
|
|
||||||
And there is the solution, unbound. The third line of NetworkManager.conf
|
And there is the solution, unbound. The third line of NetworkManager.conf is
|
||||||
is usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line
|
usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line if it
|
||||||
if it doesn't exist and restart networkmanager with `sudo systemctl restart NetworkManager.service` and your dnssec-trigger should now work.
|
doesn't exist and restart networkmanager with
|
||||||
|
`sudo systemctl restart NetworkManager.service` and your dnssec-trigger should
|
||||||
|
now work.
|
||||||
|
|
||||||
And when you `sudo reboot` you should see new dnssec-trigger tray icon in
|
And when you `sudo reboot` you should see new dnssec-trigger tray icon in your
|
||||||
your tray bar or whatever it was called as.
|
tray bar or whatever it was called as.
|
||||||
|
|
||||||
_Edit_: Arch users do remember do `systemctl enable dnssec-triggerd` and
|
_Edit_: Arch users do remember do `systemctl enable dnssec-triggerd` and
|
||||||
`systemctl enable unbound`.
|
`systemctl enable unbound`.
|
||||||
|
@ -10,8 +10,8 @@ sitemap: true
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Sometimes you don't have GUI when you need remote support, luckily you
|
_Sometimes you don't have GUI when you need remote support, luckily you don't
|
||||||
don't need it even if you have only one device._
|
need it even if you have only one device._
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -34,17 +34,16 @@ don't need it even if you have only one device._
|
|||||||
|
|
||||||
## What is what?
|
## What is what?
|
||||||
|
|
||||||
- Tmux is terminal multiplexer which allows you to have "multiple
|
- Tmux is terminal multiplexer which allows you to have "multiple terminals" in
|
||||||
terminals" in one terminal. You can also detach it which means returning
|
one terminal. You can also detach it which means returning to the terminal
|
||||||
to the terminal where you ran tmux leaving tmux and everything there
|
where you ran tmux leaving tmux and everything there running and later return
|
||||||
running and later return to it.
|
to it.
|
||||||
- WeeChat is popular text based IRC client.
|
- WeeChat is popular text based IRC client.
|
||||||
|
|
||||||
## Installing things
|
## Installing things
|
||||||
|
|
||||||
_Note: WeeChat has multiple optional depedencies, but I am only listing
|
_Note: WeeChat has multiple optional depedencies, but I am only listing the most
|
||||||
the most important ones (I will return to it later) unless they are all
|
important ones (I will return to it later) unless they are all in one package._
|
||||||
in one package._
|
|
||||||
|
|
||||||
- Arch & deriatives:
|
- Arch & deriatives:
|
||||||
- `sudo pacman --needed -S tmux weechat perl gpm pastebinit`
|
- `sudo pacman --needed -S tmux weechat perl gpm pastebinit`
|
||||||
@ -53,14 +52,14 @@ in one package._
|
|||||||
|
|
||||||
## tmux
|
## tmux
|
||||||
|
|
||||||
Just run `tmux` and you will find yourself in a new shell, but with tmux
|
Just run `tmux` and you will find yourself in a new shell, but with tmux bar on
|
||||||
bar on the bottom where you see open "windows".
|
the bottom where you see open "windows".
|
||||||
|
|
||||||
Basic navigation:
|
Basic navigation:
|
||||||
|
|
||||||
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was
|
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was developed
|
||||||
developed in screen. That can be changed with tmux.conf (check further
|
in screen. That can be changed with tmux.conf (check further reading after
|
||||||
reading after WeeChat).
|
WeeChat).
|
||||||
|
|
||||||
- Ctrl + b + c = new "window"
|
- Ctrl + b + c = new "window"
|
||||||
- Ctrl + b + number = move to "window" number
|
- Ctrl + b + number = move to "window" number
|
||||||
@ -70,14 +69,13 @@ reading after WeeChat).
|
|||||||
|
|
||||||
## WeeChat
|
## WeeChat
|
||||||
|
|
||||||
Time to finally go to IRC. Go to tmux first and there run `weechat` (or
|
Time to finally go to IRC. Go to tmux first and there run `weechat` (or if your
|
||||||
if your distribution has ancient version of WeeChat, `weechat-curses`, but
|
distribution has ancient version of WeeChat, `weechat-curses`, but in that case
|
||||||
in that case you should upgrade (if your distribution is
|
you should upgrade (if your distribution is
|
||||||
[Debian/Ubuntu/Raspbian, use this repository](https://weechat.org/download/debian/))).
|
[Debian/Ubuntu/Raspbian, use this repository](https://weechat.org/download/debian/))).
|
||||||
|
|
||||||
WeeChat welcomes you and suggests you to read at least the quickstart
|
WeeChat welcomes you and suggests you to read at least the quickstart guide and
|
||||||
guide and recommends reading user's guide too, but in this case we
|
recommends reading user's guide too, but in this case we can skip those.
|
||||||
can skip those.
|
|
||||||
|
|
||||||
First we must connect to the network where the support channel of our
|
First we must connect to the network where the support channel of our
|
||||||
distribution is.
|
distribution is.
|
||||||
@ -88,42 +86,43 @@ distribution is.
|
|||||||
- `/connect liberachat`
|
- `/connect liberachat`
|
||||||
3. Join the channel of your distribution.
|
3. Join the channel of your distribution.
|
||||||
- `/join #distribution`
|
- `/join #distribution`
|
||||||
- you can also join multiple channels at once by separating them by
|
- you can also join multiple channels at once by separating them by commas
|
||||||
commas e.g. `/join #channel,#channel2`.
|
e.g. `/join #channel,#channel2`.
|
||||||
|
|
||||||
You might want to have friendly channel listing and be able to click the
|
You might want to have friendly channel listing and be able to click the
|
||||||
channels with mouse? That is why you installed perl and gpm (you might
|
channels with mouse? That is why you installed perl and gpm (you might need to
|
||||||
need to `sudo systemctl start gpm` or whatever init system you use).
|
`sudo systemctl start gpm` or whatever init system you use).
|
||||||
|
|
||||||
1. `/script install buffers.pl`
|
1. `/script install buffers.pl`
|
||||||
2. `/mouse enable`
|
2. `/mouse enable`
|
||||||
|
|
||||||
Now you should see bar with the core buffer (`weechat`), server buffers
|
Now you should see bar with the core buffer (`weechat`), server buffers merged
|
||||||
merged to it (`liberachat`) and `#distribution`. If mouse doesn't work, you
|
to it (`liberachat`) and `#distribution`. If mouse doesn't work, you can
|
||||||
can `/buffer X` where X is the number to move. For moving between merged
|
`/buffer X` where X is the number to move. For moving between merged buffers
|
||||||
buffers move to the buffer and press Ctrl + x.
|
move to the buffer and press Ctrl + x.
|
||||||
|
|
||||||
And the last thing, if you need to see just plain lines without
|
And the last thing, if you need to see just plain lines without sidebars or
|
||||||
sidebars or anything, press `alt + l` (`alt` can be replaced with `esc`).
|
anything, press `alt + l` (`alt` can be replaced with `esc`).
|
||||||
|
|
||||||
## pastebinit
|
## pastebinit
|
||||||
|
|
||||||
You are often wanted to pastebin something which can be difficult without
|
You are often wanted to pastebin something which can be difficult without GUI.
|
||||||
GUI. Luckily there is pastebinit which you can use instead of typing
|
Luckily there is pastebinit which you can use instead of typing everyting by
|
||||||
everyting by hand.
|
hand.
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
|
|
||||||
- `pastebinit file.txt` to pastebin the content of `file.txt`
|
- `pastebinit file.txt` to pastebin the content of `file.txt`
|
||||||
- `dmesg | pastebinit` to pastebin output of `dmesg`
|
- `dmesg | pastebinit` to pastebin output of `dmesg`
|
||||||
|
|
||||||
Pastebinit replies by givig you address to the paste which you can then
|
Pastebinit replies by givig you address to the paste which you can then give to
|
||||||
give to IRC.
|
IRC.
|
||||||
|
|
||||||
Alternatives to pastebinit with some pastebins:
|
Alternatives to pastebinit with some pastebins:
|
||||||
|
|
||||||
- [ix.io](http://ix.io/): `command | curl -F 'f:1=<-' ix.io`
|
- [ix.io](http://ix.io/): `command | curl -F 'f:1=<-' ix.io`
|
||||||
- [sprunge.us](http://sprunge.us/): `command | curl -F 'sprunge=<-' http://sprunge.us`
|
- [sprunge.us](http://sprunge.us/):
|
||||||
|
`command | curl -F 'sprunge=<-' http://sprunge.us`
|
||||||
|
|
||||||
These also answer by giving you link to the paste.
|
These also answer by giving you link to the paste.
|
||||||
|
|
||||||
|
@ -8,11 +8,11 @@ redirect_from: /english/2016/03/14/autostart-tmux-weechat.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_This is another note-to-self post, but I think other people might also
|
_This is another note-to-self post, but I think other people might also be
|
||||||
be wondering this._
|
wondering this._
|
||||||
|
|
||||||
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS
|
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS THE
|
||||||
THE NEXT TIME!**
|
NEXT TIME!**
|
||||||
|
|
||||||
```cron
|
```cron
|
||||||
## Environment
|
## Environment
|
||||||
@ -28,11 +28,10 @@ TZ=Europe/Helsinki
|
|||||||
```
|
```
|
||||||
|
|
||||||
- `@reboot` = tell cron to do this on reboot
|
- `@reboot` = tell cron to do this on reboot
|
||||||
- `sleep 500` = the shell where I intent to use this primarily is using NFS
|
- `sleep 500` = the shell where I intent to use this primarily is using NFS and
|
||||||
and I think it's reasonable to expect everything to be mounted in five
|
I think it's reasonable to expect everything to be mounted in five minutes.
|
||||||
minutes.
|
|
||||||
- `tmux -2u" = force enable 256 colors & UTF-8
|
- `tmux -2u" = force enable 256 colors & UTF-8
|
||||||
- `new-session -s auto -d` = start a new session with name `auto` (as in
|
- `new-session -s auto -d` = start a new session with name `auto` (as in
|
||||||
automatically started) and detach it
|
automatically started) and detach it
|
||||||
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named
|
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named auto
|
||||||
auto and press ENTER to execute it.
|
and press ENTER to execute it.
|
||||||
|
@ -25,36 +25,33 @@ pysyvästi, mutta kirjoittelen siitä nyt kuitenkin._
|
|||||||
Kaikki luultavasti tietävät, että puhelimet siirtelevät kelloja
|
Kaikki luultavasti tietävät, että puhelimet siirtelevät kelloja
|
||||||
aikavyöhyketietokannan mukaan, kuten myös tietokoneet.
|
aikavyöhyketietokannan mukaan, kuten myös tietokoneet.
|
||||||
|
|
||||||
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi
|
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi päivittää
|
||||||
päivittää puhelimista tai ne jatkaisivat kellojen siirtelyä samoina
|
puhelimista tai ne jatkaisivat kellojen siirtelyä samoina päivinä, kuin nytkin.
|
||||||
päivinä, kuin nytkin.
|
|
||||||
|
|
||||||
Ideaalitapauksessa kaikki laitevalmistajat päivittäisivät
|
Ideaalitapauksessa kaikki laitevalmistajat päivittäisivät
|
||||||
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta
|
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta puhelimista.
|
||||||
puhelimista.
|
|
||||||
|
|
||||||
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme
|
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme pysyvästi
|
||||||
pysyvästi Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi
|
Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi niinkin helppoa
|
||||||
niinkin helppoa kuin poistaa asetuksista automaattinen kellojen siirto
|
kuin poistaa asetuksista automaattinen kellojen siirto käytöstä ja asettaa aika
|
||||||
käytöstä ja asettaa aika itse.
|
itse.
|
||||||
|
|
||||||
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös
|
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös kaksi
|
||||||
kaksi muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse
|
muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse (_TimeZone Fixer
|
||||||
(_TimeZone Fixer (ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
|
(ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
|
||||||
|
|
||||||
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla
|
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla pääkäyttäjäoikeudet,
|
||||||
pääkäyttäjäoikeudet, ja sen on sanottu joissakin tapauksessa sekoittavan
|
ja sen on sanottu joissakin tapauksessa sekoittavan puhelimen käyttöjärjestelmän
|
||||||
puhelimen käyttöjärjestelmän niin että se on täytynyt asentaa uudelleen.
|
niin että se on täytynyt asentaa uudelleen. Tällä tavalla puhelin kuitenkin
|
||||||
Tällä tavalla puhelin kuitenkin jatkaa normaalisti toimintaa ulkomailla
|
jatkaa normaalisti toimintaa ulkomailla mukaanlukien maat, jotka ovat vaihtaneet
|
||||||
mukaanlukien maat, jotka ovat vaihtaneet aikavyöhykettä pysyvästi
|
aikavyöhykettä pysyvästi puhelimen aikavyöhyketietokannan tietämättä.
|
||||||
puhelimen aikavyöhyketietokannan tietämättä.
|
|
||||||
|
|
||||||
Ulkoisella aikavyöhyketietokannalla taas tarkoitan esimerkiksi
|
Ulkoisella aikavyöhyketietokannalla taas tarkoitan esimerkiksi
|
||||||
_ClockSync_-sovellusta, joka päivittää laitteen ajan käyttäen internetin
|
_ClockSync_-sovellusta, joka päivittää laitteen ajan käyttäen internetin
|
||||||
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa,
|
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa, jota
|
||||||
jota käytettäessä laitteen omasta aikavyöhyketietokannasta ei
|
käytettäessä laitteen omasta aikavyöhyketietokannasta ei välitetä. Haittapuolena
|
||||||
välitetä. Haittapuolena tosin aikavyöhyke täytyy asettaa ClockSyncin
|
tosin aikavyöhyke täytyy asettaa ClockSyncin asetuksista käsin ja vaihtaa aina
|
||||||
asetuksista käsin ja vaihtaa aina esimerkiksi ulkomaille mennessä.
|
esimerkiksi ulkomaille mennessä.
|
||||||
|
|
||||||
Linkkejä:
|
Linkkejä:
|
||||||
|
|
||||||
|
@ -8,29 +8,28 @@ redirect_from: /english/2016/09/24/on-facebook.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_My wellbeing is more imporant than whatever you do at SOME and I reserve
|
_My wellbeing is more imporant than whatever you do at SOME and I reserve the
|
||||||
the right to ignore you._
|
right to ignore you._
|
||||||
|
|
||||||
I have had my Facebook deactivated for 24 days. However I have started
|
I have had my Facebook deactivated for 24 days. However I have started missing
|
||||||
missing events (as you must be at Facebook to know what is happening)
|
events (as you must be at Facebook to know what is happening) and Nearby friends
|
||||||
and Nearby friends (good luck getting people to other solutions).
|
(good luck getting people to other solutions).
|
||||||
|
|
||||||
During this time I have been mainly at Twitter and Google+ and in the later
|
During this time I have been mainly at Twitter and Google+ and in the later I
|
||||||
I especially like the collections feature which allows me to specify which
|
especially like the collections feature which allows me to specify which larger
|
||||||
larger subject my message is related to. I think I will continue using them
|
subject my message is related to. I think I will continue using them primarily
|
||||||
primarily (even if I should use Diaspora\*).
|
(even if I should use Diaspora\*).
|
||||||
|
|
||||||
I originally left Facebook as it was taking too much of my time in form of
|
I originally left Facebook as it was taking too much of my time in form of idle
|
||||||
idle newsfeed reading and notifications (which I gathered too much from
|
newsfeed reading and notifications (which I gathered too much from all kinds of
|
||||||
all kinds of groups and people I know IRL (_in real life_) and I just
|
groups and people I know IRL (_in real life_) and I just don't like them.
|
||||||
don't like them.
|
|
||||||
|
|
||||||
Now I am returning after I have writing this and as I said on top, I am
|
Now I am returning after I have writing this and as I said on top, I am going to
|
||||||
going to clear notifications aggressively and I will be ignoring you
|
clear notifications aggressively and I will be ignoring you unless there is an
|
||||||
unless there is an emergency in which case you should send me a message
|
emergency in which case you should send me a message and I might take a look at
|
||||||
and I might take a look at whatever it is. It might mean not reading
|
whatever it is. It might mean not reading your posts or newsfeed or replying or
|
||||||
your posts or newsfeed or replying or even liking your comments, as
|
even liking your comments, as I care more about my wellbeing than whatever noise
|
||||||
I care more about my wellbeing than whatever noise you cause burneding me.
|
you cause burneding me.
|
||||||
|
|
||||||
Am I selfish? Note that I am not even obligated to write this post, I
|
Am I selfish? Note that I am not even obligated to write this post, I just felt
|
||||||
just felt like writing this.
|
like writing this.
|
||||||
|
@ -8,42 +8,40 @@ redirect_from: /finnish/2017/04/18/tanssitunti.html
|
|||||||
published: false
|
published: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei
|
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei ole
|
||||||
ole tässä ja nyt, vuodatuskanava kelpaa._
|
tässä ja nyt, vuodatuskanava kelpaa._
|
||||||
|
|
||||||
_Lisätty blogiin muokkaamattomana alkuperäisellä kirjoituspäivämäärällä
|
_Lisätty blogiin muokkaamattomana alkuperäisellä kirjoituspäivämäärällä
|
||||||
2017-04-30._
|
2017-04-30._
|
||||||
|
|
||||||
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti,
|
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti, mahdollisesti
|
||||||
mahdollisesti senhetkiseen opetussuunnitelmaan perustuen.
|
senhetkiseen opetussuunnitelmaan perustuen.
|
||||||
|
|
||||||
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit
|
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit olisivat
|
||||||
olisivat mahdollisesti voineet olla siedettäviä ellei niistä tulisi
|
mahdollisesti voineet olla siedettäviä ellei niistä tulisi traumaattinen
|
||||||
traumaattinen kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän
|
kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän unohduttua.
|
||||||
unohduttua.
|
|
||||||
|
|
||||||
Mitälie tanssia varten täytyy aloittaa ottamalla toista, olisikohan ollut
|
Mitälie tanssia varten täytyy aloittaa ottamalla toista, olisikohan ollut
|
||||||
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun.
|
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun. Tätä
|
||||||
Tätä jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja
|
jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja minut
|
||||||
minut siirretään sivuun liikuntavälineiden taakse nurkkaan.
|
siirretään sivuun liikuntavälineiden taakse nurkkaan.
|
||||||
|
|
||||||
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta
|
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta ajatellen
|
||||||
ajatellen miten kaikki olisi paremmin jos vain tappaisin itseni.
|
miten kaikki olisi paremmin jos vain tappaisin itseni. Näidenkään ajatusten
|
||||||
Näidenkään ajatusten kanssa en saa olla rauhassa vaan kaksi tyttöä tulee
|
kanssa en saa olla rauhassa vaan kaksi tyttöä tulee kyselemään "ootko autisti"
|
||||||
kyselemään "ootko autisti" ja yritän olla reagoimatta mitenkään olon
|
ja yritän olla reagoimatta mitenkään olon pahentuessa lisää.
|
||||||
pahentuessa lisää.
|
|
||||||
|
|
||||||
Opettajat taas eivät tätä koulua käydessäni koskaan kommentoi tapausta.
|
Opettajat taas eivät tätä koulua käydessäni koskaan kommentoi tapausta.
|
||||||
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset
|
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset ja
|
||||||
ja kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli
|
kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli tutkittu
|
||||||
tutkittu jokaista autismin piirrettä erikseen suunnilleen lapsesta
|
jokaista autismin piirrettä erikseen suunnilleen lapsesta asti ajattelematta
|
||||||
asti ajattelematta niitä yhdessä.
|
niitä yhdessä.
|
||||||
|
|
||||||
Lisää aiheesta:
|
Lisää aiheesta:
|
||||||
|
|
||||||
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja
|
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja riippumattoman
|
||||||
riippumattoman muunmoassa domainista ja polusta, mutta nyt en jaksa vaan
|
muunmoassa domainista ja polusta, mutta nyt en jaksa vaan siirryn
|
||||||
siirryn ajankohtaisempaan blogaukseen._
|
ajankohtaisempaan blogaukseen._
|
||||||
|
|
||||||
- https://mikaela.info/blog/english/2015/06/16/feelings.html
|
- https://mikaela.info/blog/english/2015/06/16/feelings.html
|
||||||
- https://mikaela.info/about#life
|
- https://mikaela.info/about#life
|
||||||
|
@ -8,181 +8,177 @@ redirect_from: /english/2017/04/30/post-trans.html
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_A little confusing flood of what my fingers brought up on the last past
|
_A little confusing flood of what my fingers brought up on the last past year
|
||||||
year and a little more._
|
and a little more._
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**_CONTENT WARNINGs: NSFW, genitalia, surgery descriptions_**
|
**_CONTENT WARNINGs: NSFW, genitalia, surgery descriptions_**
|
||||||
|
|
||||||
I don't have any well-laid plan how to type this post, but lets see what
|
I don't have any well-laid plan how to type this post, but lets see what comes
|
||||||
comes out of my fingers. By the way, orchiectomy is surgical removal of
|
out of my fingers. By the way, orchiectomy is surgical removal of testicles,
|
||||||
testicles, even if it's fun to talk about it without explaining it and have
|
even if it's fun to talk about it without explaining it and have people searxing
|
||||||
people searxing what it is...
|
what it is...
|
||||||
|
|
||||||
I don't usually discuss my genitalia, but I feel like I have to make an
|
I don't usually discuss my genitalia, but I feel like I have to make an
|
||||||
exception for this post as the majority of trans people only talk about
|
exception for this post as the majority of trans people only talk about the full
|
||||||
the full genital surgery ("gender-reassignment surgery", but I tend to take
|
genital surgery ("gender-reassignment surgery", but I tend to take the Finnish
|
||||||
the Finnish word and translate it into English, many people don't know
|
word and translate it into English, many people don't know that orchiectomy is
|
||||||
that orchiectomy is an option.
|
an option.
|
||||||
|
|
||||||
_Dear reader, for this part of this post I am assuming that you are trans
|
_Dear reader, for this part of this post I am assuming that you are trans as I
|
||||||
as I am typing this for you in hope that it will help you, not for anyone
|
am typing this for you in hope that it will help you, not for anyone reading
|
||||||
reading this only, because they are curious on what I have between my
|
this only, because they are curious on what I have between my legs or what trans
|
||||||
legs or what trans people have between their legs._
|
people have between their legs._
|
||||||
|
|
||||||
First question would probably be how did I end up to orchiectomy instead of
|
First question would probably be how did I end up to orchiectomy instead of the
|
||||||
the full genital surgery.
|
full genital surgery.
|
||||||
|
|
||||||
If you have been reading this blog, you know that I was having very bad
|
If you have been reading this blog, you know that I was having very bad time
|
||||||
time mentally suffering from depression, AvPD (it was confirmed and I
|
mentally suffering from depression, AvPD (it was confirmed and I healed, but
|
||||||
healed, but that later in this post), anxiety and everything. Thus everyone
|
that later in this post), anxiety and everything. Thus everyone thought that I
|
||||||
thought that I wouldn't have mental resources for the full genital surgery.
|
wouldn't have mental resources for the full genital surgery.
|
||||||
|
|
||||||
If I recall correctly, I was complaining about this at [Transtukipiste](https://transtukipiste.fi/in-english/)
|
If I recall correctly, I was complaining about this at
|
||||||
(Trans support point, runs peer support groups and supports trans people
|
[Transtukipiste](https://transtukipiste.fi/in-english/) (Trans support point,
|
||||||
otherwise) coffee evening and somehow I ended up wondering if I should
|
runs peer support groups and supports trans people otherwise) coffee evening and
|
||||||
try getting orchiectomy and someone encouraged me to ask. Could this have
|
somehow I ended up wondering if I should try getting orchiectomy and someone
|
||||||
even been the last day of 2015...
|
encouraged me to ask. Could this have even been the last day of 2015...
|
||||||
|
|
||||||
Knowing that orchiectomy doesn't prevent having full genital surgery later
|
Knowing that orchiectomy doesn't prevent having full genital surgery later
|
||||||
(confirm from your doctor though, I only know this is the case in Finland
|
(confirm from your doctor though, I only know this is the case in Finland as
|
||||||
as long as you repeat to your doctor that you want to keep the option
|
long as you repeat to your doctor that you want to keep the option open), I
|
||||||
open), I asked about the doctor who asked my therapist and (as this post is
|
asked about the doctor who asked my therapist and (as this post is not about the
|
||||||
not about the process) skipping things a little, I finally got permission
|
process) skipping things a little, I finally got permission for it.
|
||||||
for it.
|
|
||||||
|
|
||||||
At some point before the surgery I started sleeping naked and started becoming very
|
At some point before the surgery I started sleeping naked and started becoming
|
||||||
comfortable with my body and I started feeling that I might be happy with
|
very comfortable with my body and I started feeling that I might be happy with
|
||||||
just orchiectomy, but I decided that I would think about it after the
|
just orchiectomy, but I decided that I would think about it after the surgery if
|
||||||
surgery if I started feeling like it.
|
I started feeling like it.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**_Same content warnings, except that only now is actually the surgery._**
|
**_Same content warnings, except that only now is actually the surgery._**
|
||||||
|
|
||||||
On evening of October 17th I took the last Androcur. It's the
|
On evening of October 17th I took the last Androcur. It's the male-hormone
|
||||||
male-hormone blocker that all trans people are prescribed in Finland by
|
blocker that all trans people are prescribed in Finland by default and the
|
||||||
default and the medicine that appears to make almost everyone depressed
|
medicine that appears to make almost everyone depressed and I was using
|
||||||
and I was using half-dosage as it's strong and if you have read my old
|
half-dosage as it's strong and if you have read my old posts, you have some kind
|
||||||
posts, you have some kind of image on how much I suffered it.
|
of image on how much I suffered it.
|
||||||
|
|
||||||
On the next morning I was at Peijas hospital and had the orchiectomy. I
|
On the next morning I was at Peijas hospital and had the orchiectomy. I remember
|
||||||
remember being there long time before the appointment and getting a little
|
being there long time before the appointment and getting a little lost inside
|
||||||
lost inside the hospital, but when I found there, everything happened
|
the hospital, but when I found there, everything happened easily and I spend
|
||||||
easily and I spend there only a few hours. And there was no depression
|
there only a few hours. And there was no depression anymore.
|
||||||
anymore.
|
|
||||||
|
|
||||||
The recovery period should have been two weeks, but the wound opened so
|
The recovery period should have been two weeks, but the wound opened so it took
|
||||||
it took a little longer, but that isn't what this post is about either.
|
a little longer, but that isn't what this post is about either.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
What this post is about is how I feel.
|
What this post is about is how I feel.
|
||||||
|
|
||||||
I have finished the trans process. I have a penis and empty testicle sack
|
I have finished the trans process. I have a penis and empty testicle sack that
|
||||||
that has decided to rise up so I don't even see it in the mirror.
|
has decided to rise up so I don't even see it in the mirror.
|
||||||
|
|
||||||
I don't feel dysphoria or have any issues looking at my own body, no
|
I don't feel dysphoria or have any issues looking at my own body, no discomfort
|
||||||
discomfort or anything, I am me. I transitioned for me, not other
|
or anything, I am me. I transitioned for me, not other people and if my
|
||||||
people and if my genitalia is something people don't expect, that isn't
|
genitalia is something people don't expect, that isn't my problem.
|
||||||
my problem.
|
|
||||||
|
|
||||||
I can use dirtier toilets easily as I don't have to sit down, it doesn't
|
I can use dirtier toilets easily as I don't have to sit down, it doesn't
|
||||||
necessary even have to be a toilet and in case there is a long queue, I
|
necessary even have to be a toilet and in case there is a long queue, I can also
|
||||||
can also use urinal if I need to.
|
use urinal if I need to.
|
||||||
|
|
||||||
Public saunas and changing areas etc.? I am a woman regardless of what
|
Public saunas and changing areas etc.? I am a woman regardless of what people
|
||||||
people may think about my body parts which aren't their business. I haven't
|
may think about my body parts which aren't their business. I haven't yet visited
|
||||||
yet visited any of those, but as I said whatever people think isn't my
|
any of those, but as I said whatever people think isn't my problem. I actually
|
||||||
problem. I actually even have a temptation to visit such areas, just
|
even have a temptation to visit such areas, just because my body is "sinful" and
|
||||||
because my body is "sinful" and everything, according to whatever you wish
|
everything, according to whatever you wish to call cis beauty standards.
|
||||||
to call cis beauty standards. <!-- This is possibly a little kinky. -->
|
<!-- This is possibly a little kinky. -->
|
||||||
|
|
||||||
How do I know that I don't need the full genital surgery? I haven't even
|
How do I know that I don't need the full genital surgery? I haven't even thought
|
||||||
thought about it recently and I have no feelings of wrongness or thoughts
|
about it recently and I have no feelings of wrongness or thoughts or anything
|
||||||
or anything pointing that I would need it. I even sometimes forget that
|
pointing that I would need it. I even sometimes forget that I am not cis or that
|
||||||
I am not cis or that my body isn't "normal". _Normal doesn't exist by
|
my body isn't "normal". _Normal doesn't exist by the way._
|
||||||
the way._
|
|
||||||
|
|
||||||
Trans people are also often worried about erections, based on my
|
Trans people are also often worried about erections, based on my experience and
|
||||||
experience and what I have heard, I think it depends entirely on your
|
what I have heard, I think it depends entirely on your relationship with your
|
||||||
relationship with your body. I have them sometimes as I am a human
|
body. I have them sometimes as I am a human and asexuality doesn't close them
|
||||||
and asexuality doesn't close them out.
|
out.
|
||||||
|
|
||||||
I feel indifferent about them, but that might be connected to me
|
I feel indifferent about them, but that might be connected to me being asexual
|
||||||
being asexual or also being sex-repulsed which to me means that
|
or also being sex-repulsed which to me means that I feel repulsed seeing
|
||||||
I feel repulsed seeing erections or bodily fluids.
|
erections or bodily fluids.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
_Should I content warning about Esperanto?_
|
_Should I content warning about Esperanto?_
|
||||||
|
|
||||||
After the surgery I have heard that people often have crisis on what to do
|
After the surgery I have heard that people often have crisis on what to do after
|
||||||
after transition. I solved that by becoming insane :D
|
transition. I solved that by becoming insane :D
|
||||||
|
|
||||||
I read about Esperanto, which is the most spoken artificial language in
|
I read about Esperanto, which is the most spoken artificial language in the
|
||||||
the world and then I just had to learn it. I did Duolingo and associated
|
world and then I just had to learn it. I did Duolingo and associated Memrise
|
||||||
Memrise course for three months ... <em lang="eo">kaj mi parolas
|
course for three months ... <em lang="eo">kaj mi parolas Esperanton!</em>
|
||||||
Esperanton!</em>
|
|
||||||
|
|
||||||
Thanks to online-friend I also happened to read about Buddhism and it made
|
Thanks to online-friend I also happened to read about Buddhism and it made a lot
|
||||||
a lot more sense than Christianity that was forced on me ever did. It's
|
more sense than Christianity that was forced on me ever did. It's more on
|
||||||
more on experiencing things than believing blindly and even Buddha said
|
experiencing things than believing blindly and even Buddha said _don't believe
|
||||||
_don't believe me, experience it by yourself_ and I started trying to
|
me, experience it by yourself_ and I started trying to use their methods (you
|
||||||
use their methods (you may have heard _Mindfulness_) or maybe it would be
|
may have heard _Mindfulness_) or maybe it would be more accurate to say that I
|
||||||
more accurate to say that I started practicing it.
|
started practicing it.
|
||||||
|
|
||||||
If individuality is an illusion, how could I be worse than everyone else?
|
If individuality is an illusion, how could I be worse than everyone else? If
|
||||||
If past and future aren't here _now_ and I am finally "given" the
|
past and future aren't here _now_ and I am finally "given" the permission to let
|
||||||
permission to let go of them, why should I be stuck in the past? And the
|
go of them, why should I be stuck in the past? And the future won't be like I
|
||||||
future won't be like I think so why be stuck in imaginary future on my
|
think so why be stuck in imaginary future on my worseness?
|
||||||
worseness?
|
|
||||||
|
|
||||||
The books I read are _How To Be An Adult in Relationships_ by
|
The books I read are _How To Be An Adult in Relationships_ by _David Richo_
|
||||||
_David Richo_ (thanks to [attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
|
(thanks to
|
||||||
|
[attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
|
||||||
which recommends a different book with similar name, so happy accident
|
which recommends a different book with similar name, so happy accident
|
||||||
happened), _The Way Things Are_ by _Lama Ole Nydahl_ and _Living Dharma_ by
|
happened), _The Way Things Are_ by _Lama Ole Nydahl_ and _Living Dharma_ by
|
||||||
_Lama Yeshe Losaf_. I am also reading more books about the subject, those
|
_Lama Yeshe Losaf_. I am also reading more books about the subject, those were
|
||||||
were about Diamond Way Buddhism and now I am reading about Zen
|
about Diamond Way Buddhism and now I am reading about Zen (_Everyday Zen_ by
|
||||||
(_Everyday Zen_ by _Charlotte Joko Beck_ (this seems to be for Zen what
|
_Charlotte Joko Beck_ (this seems to be for Zen what _Living Dharma_ is for
|
||||||
_Living Dharma_ is for Diamond Way.)
|
Diamond Way.)
|
||||||
|
|
||||||
_No one is perfect, including you, everyone makes mistake._
|
_No one is perfect, including you, everyone makes mistake._
|
||||||
|
|
||||||
_Everyone is as capable to hurting you as making you good._
|
_Everyone is as capable to hurting you as making you good._
|
||||||
|
|
||||||
So I have learned Esperanto and according to my mother <em lang="eo">mi diras Esperanto
|
So I have learned Esperanto and according to my mother <em lang="eo">mi diras
|
||||||
duono de tempo</em> and came to religion, can I be more crazy?
|
Esperanto duono de tempo</em> and came to religion, can I be more crazy?
|
||||||
|
|
||||||
Esperanto gave me self-esteem with my capability of learning languages so
|
Esperanto gave me self-esteem with my capability of learning languages so I
|
||||||
I started learning
|
started learning
|
||||||
|
|
||||||
- Swedish, which I regret not learning at junior high school, but I had
|
- Swedish, which I regret not learning at junior high school, but I had
|
||||||
dysphoria, bullying, suicidality, depression and everything and I think
|
dysphoria, bullying, suicidality, depression and everything and I think I hear
|
||||||
I hear it in Helsinki daily and it's also official language in Finland.
|
it in Helsinki daily and it's also official language in Finland.
|
||||||
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like Esperanto so
|
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like
|
||||||
I feel I almost understand everything written in it and it's the second
|
Esperanto so I feel I almost understand everything written in it and it's the
|
||||||
most spoken language in the world, so I have to learn it.
|
second most spoken language in the world, so I have to learn it.
|
||||||
- Lojban thanks to the friend mentioned earlier.
|
- Lojban thanks to the friend mentioned earlier.
|
||||||
|
|
||||||
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas hispanan,
|
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas
|
||||||
la svennan kaj la lojbanon.</em> Entirely sane.
|
hispanan, la svennan kaj la lojbanon.</em> Entirely sane.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
And life otherwise, I haven't gotten to continue studying yet, which I
|
And life otherwise, I haven't gotten to continue studying yet, which I think was
|
||||||
think was mentioned as a goal in the other posts, but I just wasn't able
|
mentioned as a goal in the other posts, but I just wasn't able to. I have
|
||||||
to. I have applied to four places and I think I failed one entrance
|
applied to four places and I think I failed one entrance examination, but that
|
||||||
examination, but that is three left.
|
is three left.
|
||||||
|
|
||||||
I was also local election candidate for Helsinki Pirates (part of Pirate
|
I was also local election candidate for Helsinki Pirates (part of Pirate Party
|
||||||
Party Finland) and I got surprisingly many votes (20 IIRC) and collective
|
Finland) and I got surprisingly many votes (20 IIRC) and collective votes helped
|
||||||
votes helped us get one candidate through to the Helsinki municipal
|
us get one candidate through to the Helsinki municipal council and we also got
|
||||||
council and we also got some other seats and backup seats.
|
some other seats and backup seats.
|
||||||
|
|
||||||
I think I have finished typing this blog post now. However I was supposed
|
I think I have finished typing this blog post now. However I was supposed to
|
||||||
to start this with an apology about some of my old blog posts (which I am not censoring as I don't feel like that would be the right thing either),
|
start this with an apology about some of my old blog posts (which I am not
|
||||||
so I apologise about them now. I don't know if the text says it, but I
|
censoring as I don't feel like that would be the right thing either), so I
|
||||||
feel like I have improved as a person a lot in addition to getting over
|
apologise about them now. I don't know if the text says it, but I feel like I
|
||||||
mental health issues and finishing the trans process.
|
have improved as a person a lot in addition to getting over mental health issues
|
||||||
|
and finishing the trans process.
|
||||||
|
@ -13,31 +13,30 @@ published: false
|
|||||||
|
|
||||||
_FAQ at SailfishOS Fan Club: why everything was made worse for Matrix users?_
|
_FAQ at SailfishOS Fan Club: why everything was made worse for Matrix users?_
|
||||||
|
|
||||||
I am not sure which order should I put the issues with TeleMatrix in and
|
I am not sure which order should I put the issues with TeleMatrix in and the
|
||||||
the first issue is actually multiple interlinked issues and I am just
|
first issue is actually multiple interlinked issues and I am just trying to open
|
||||||
trying to open it somehow.
|
it somehow.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Issue 1: Matrix display names are based on Telegram real name and not
|
Issue 1: Matrix display names are based on Telegram real name and not username.
|
||||||
username. In practive this means that Matrix (and IRC) users won't know
|
In practive this means that Matrix (and IRC) users won't know what is the
|
||||||
what is the username to use in order to ping a Telegram user.
|
username to use in order to ping a Telegram user.
|
||||||
|
|
||||||
This was workaroundable by setting Telegram real name into `@username`, but
|
This was workaroundable by setting Telegram real name into `@username`, but the
|
||||||
the new Riot Web mentions broke this.
|
new Riot Web mentions broke this.
|
||||||
|
|
||||||
And as display names at Telegram don't have any limitations (unlike
|
And as display names at Telegram don't have any limitations (unlike usernames),
|
||||||
usernames), everyone who had only UTF-8 characters as their "real name" at
|
everyone who had only UTF-8 characters as their "real name" at Telegram became
|
||||||
Telegram became "Telegram" at IRC and as there were 5 users named Telegram,
|
"Telegram" at IRC and as there were 5 users named Telegram, the IRC bridge got
|
||||||
the IRC bridge got easily confused on who is who and lost the connection
|
easily confused on who is who and lost the connection between Matrix and IRC
|
||||||
between Matrix and IRC users resulting into the IRC bridge repeating
|
users resulting into the IRC bridge repeating everything the Matrix user said
|
||||||
everything the Matrix user said resulting into duplicated messages at
|
resulting into duplicated messages at Matrix and Telegram.
|
||||||
Matrix and Telegram.
|
|
||||||
|
|
||||||
As requested, I workarounded this by setting quiet on `#jollafanclub` for
|
As requested, I workarounded this by setting quiet on `#jollafanclub` for
|
||||||
`*Telegram*!*@*` preventing anyone whose username nickname included the
|
`*Telegram*!*@*` preventing anyone whose username nickname included the word
|
||||||
word Telegram from saying anything. Thus IRC users were unable to see
|
Telegram from saying anything. Thus IRC users were unable to see parts of
|
||||||
parts of discussion with at least 5 users missing.
|
discussion with at least 5 users missing.
|
||||||
|
|
||||||
- [Telematrix#28: Replying from Matrix to Telegram doesn't ping the user](https://github.com/SijmenSchoon/telematrix/issues/28)
|
- [Telematrix#28: Replying from Matrix to Telegram doesn't ping the user](https://github.com/SijmenSchoon/telematrix/issues/28)
|
||||||
- [Telematrix#33: Allow configuring bridged user display name format](https://github.com/SijmenSchoon/telematrix/issues/33)
|
- [Telematrix#33: Allow configuring bridged user display name format](https://github.com/SijmenSchoon/telematrix/issues/33)
|
||||||
@ -51,83 +50,85 @@ parts of discussion with at least 5 users missing.
|
|||||||
Issue 2: When Telegram users replied to messages, Telematrix sent the whole
|
Issue 2: When Telegram users replied to messages, Telematrix sent the whole
|
||||||
original message to Matrix/IRC.
|
original message to Matrix/IRC.
|
||||||
|
|
||||||
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins
|
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins every
|
||||||
every message that goes over three lines in order to avoid angering IRC ops
|
message that goes over three lines in order to avoid angering IRC ops and
|
||||||
and serverside antispam measures.
|
serverside antispam measures.
|
||||||
|
|
||||||
For example normal message from Telegram user would become this at IRC.
|
For example normal message from Telegram user would become this at IRC.
|
||||||
|
|
||||||
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message: Mikaela-\_2017-09-19_13:30:08.txt <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
|
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message:
|
||||||
|
> Mikaela-\_2017-09-19_13:30:08.txt
|
||||||
|
> <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
|
||||||
|
|
||||||
_Where I said Telegram, I meant TeleMatrix, and only noticed this later._
|
_Where I said Telegram, I meant TeleMatrix, and only noticed this later._
|
||||||
|
|
||||||
Telegram users often reply to each other and when half of the discussion
|
Telegram users often reply to each other and when half of the discussion is like
|
||||||
is like this and requires clicking all the time, IRC users simply cannot
|
this and requires clicking all the time, IRC users simply cannot follow the
|
||||||
follow the discussion. For some reason I got the impression that Matrix
|
discussion. For some reason I got the impression that Matrix users don't mind if
|
||||||
users don't mind if their messages get unreadable for IRC and Telegram
|
their messages get unreadable for IRC and Telegram users.
|
||||||
users.
|
|
||||||
|
|
||||||
For comparsion, here is how TeleIRC with the current configuration looks
|
For comparsion, here is how TeleIRC with the current configuration looks like, a
|
||||||
like, a little ugly, but no need to switch apps or click dozens of links.
|
little ugly, but no need to switch apps or click dozens of links.
|
||||||
|
|
||||||
```
|
```
|
||||||
2017-09-19 16:28:03+0300 <#@M1kaela> Typing an example message for my blog post. This is the first line. … This is the second line. … This is the third line.
|
2017-09-19 16:28:03+0300 <#@M1kaela> Typing an example message for my blog post. This is the first line. … This is the second line. … This is the third line.
|
||||||
2017-09-19 16:28:56+0300 <#@oldandwise> @@M1kaela [Typing an example message …], typing an example of reply for your blog, … you haven't asked but i assumed it may be helpful. … would it be?
|
2017-09-19 16:28:56+0300 <#@oldandwise> @@M1kaela [Typing an example message …], typing an example of reply for your blog, … you haven't asked but i assumed it may be helpful. … would it be?
|
||||||
```
|
```
|
||||||
|
|
||||||
_I am using WeeChat script parse_relayed_msg.pl, normal users would see
|
_I am using WeeChat script parse_relayed_msg.pl, normal users would see the
|
||||||
the message in the following format:_
|
message in the following format:_
|
||||||
|
|
||||||
- `<T4> <@TelegramUserName> @@OriginalAuthor [Snippet of original message]`
|
- `<T4> <@TelegramUserName> @@OriginalAuthor [Snippet of original message]`
|
||||||
|
|
||||||
_The double @ is caused by setting username format in TeleIRC config.js to
|
_The double @ is caused by setting username format in TeleIRC config.js to start
|
||||||
start with @ in order to remind users that the @ is necessary to ping
|
with @ in order to remind users that the @ is necessary to ping Telegram users._
|
||||||
Telegram users._
|
|
||||||
|
|
||||||
_This is technically not an issue in either associated project, so I cannot
|
_This is technically not an issue in either associated project, so I cannot add
|
||||||
add issue links._
|
issue links._
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Minor(?) technical(?) issues:
|
Minor(?) technical(?) issues:
|
||||||
|
|
||||||
- Telegram users appear as separate IRC connections draining resources
|
- Telegram users appear as separate IRC connections draining resources on both
|
||||||
on both matrix.org (running the bridge) and IRC server and freenode
|
matrix.org (running the bridge) and IRC server and freenode has expressed
|
||||||
has expressed being unhappy about idle connections. In case of SailfishOS
|
being unhappy about idle connections. In case of SailfishOS Fan Club this
|
||||||
Fan Club this meant 300 additional connections.
|
meant 300 additional connections.
|
||||||
- The Telegram users also cannot be sent private messages and all
|
- The Telegram users also cannot be sent private messages and all Matrix/IRC
|
||||||
Matrix/IRC users appear as single bot at Telegram, so I don't think
|
users appear as single bot at Telegram, so I don't think it's worth it.
|
||||||
it's worth it.
|
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot more
|
||||||
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot
|
maintained, but it doesn't have this many/serious issues).
|
||||||
more maintained, but it doesn't have this many/serious issues).
|
|
||||||
|
|
||||||
Links:
|
Links:
|
||||||
|
|
||||||
- Freenode's unhappiness:
|
- Freenode's unhappiness:
|
||||||
- [matrix-appservice-irc#388: Please can we regularly and automatically reap idle-presence connections on all networks](https://github.com/matrix-org/matrix-appservice-irc/issues/388)
|
- [matrix-appservice-irc#388: Please can we regularly and automatically reap idle-presence connections on all networks](https://github.com/matrix-org/matrix-appservice-irc/issues/388)
|
||||||
- [matrix-appservice-irc#450: Channels on IRC that contain only matrix users should not be bridged to IRC](https://github.com/matrix-org/matrix-appservice-irc/issues/450)
|
- [matrix-appservice-irc#450: Channels on IRC that contain only matrix users should not be bridged to IRC](https://github.com/matrix-org/matrix-appservice-irc/issues/450)
|
||||||
- BONUS: [TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
|
- BONUS:
|
||||||
- tchncs.de instance is running modified code with this behaviour
|
[TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
|
||||||
disabled, I had originally forgotten it from this post.
|
- tchncs.de instance is running modified code with this behaviour disabled, I
|
||||||
|
had originally forgotten it from this post.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Proposed solution: Changing the middle protocol from IRC to Telegram as
|
Proposed solution: Changing the middle protocol from IRC to Telegram as Matrix
|
||||||
Matrix didn't work as can be read from this article, so everyone is happy.
|
didn't work as can be read from this article, so everyone is happy.
|
||||||
|
|
||||||
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users
|
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users wouldn't
|
||||||
wouldn't suffer any worse experience than before and I wouldn't need to
|
suffer any worse experience than before and I wouldn't need to type this
|
||||||
type this article.
|
article.
|
||||||
|
|
||||||
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram
|
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram would
|
||||||
would see everyone and IRC and Matrix wouldn't see each other.
|
see everyone and IRC and Matrix wouldn't see each other.
|
||||||
|
|
||||||
> 2. Bot admins and bots with privacy mode disabled will receive all
|
> 2. Bot admins and bots with privacy mode disabled will receive all messages
|
||||||
> messages except messages sent by other bots.
|
> except messages sent by other bots.
|
||||||
|
|
||||||
> Bots talking to each other could potentially get stuck in unwelcome
|
> Bots talking to each other could potentially get stuck in unwelcome loops. To
|
||||||
> loops. To avoid this, we decided that bots will not be able to see
|
> avoid this, we decided that bots will not be able to see messages from other
|
||||||
> messages from other bots regardless of mode.
|
> bots regardless of mode.
|
||||||
|
|
||||||
via [Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get) "What messages will my bot get?" and "Why doesn't my bot see
|
via
|
||||||
messages from other bots?" on 2017-09-19.
|
[Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get)
|
||||||
|
"What messages will my bot get?" and "Why doesn't my bot see messages from other
|
||||||
|
bots?" on 2017-09-19.
|
||||||
|
@ -8,22 +8,22 @@ redirect_from: /english/2017/09/29/as-hsp-sensory-stimulus-stress.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
---
|
---
|
||||||
|
|
||||||
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from
|
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from me
|
||||||
me often if we are any closer. I have been planning typing this for some
|
often if we are any closer. I have been planning typing this for some time now,
|
||||||
time now, so people would hopefully understand me better._
|
so people would hopefully understand me better._
|
||||||
|
|
||||||
I have no idea how I should type this post, so I will just go to how I feel
|
I have no idea how I should type this post, so I will just go to how I feel like
|
||||||
like typing this, so I will start from my events of 19th, continue to 20th
|
typing this, so I will start from my events of 19th, continue to 20th and jump
|
||||||
and jump to today before trying to explain what is sensory stimulus stress
|
to today before trying to explain what is sensory stimulus stress without
|
||||||
without examples.
|
examples.
|
||||||
|
|
||||||
I guess that before I do that, I should explain the beginning of the title.
|
I guess that before I do that, I should explain the beginning of the title.
|
||||||
|
|
||||||
I am an autist (I have diagnosed Asperger's syndrome) and a highly
|
I am an autist (I have diagnosed Asperger's syndrome) and a highly sensitive
|
||||||
sensitive person (HSP) and while over (and under) sensitive senses are
|
person (HSP) and while over (and under) sensitive senses are associated mainly
|
||||||
associated mainly with autism, they are also part of high sensitivity
|
with autism, they are also part of high sensitivity and I cannot separate what
|
||||||
and I cannot separate what causes which trait for me. They have some
|
causes which trait for me. They have some overlap and some conflicts that are
|
||||||
overlap and some conflicts that are interesting to me.
|
interesting to me.
|
||||||
|
|
||||||
_UPDATE: Asperger's Syndrome is being removed from the diagnostics manuals
|
_UPDATE: Asperger's Syndrome is being removed from the diagnostics manuals
|
||||||
leaving only Autism Spectrum Disorder._
|
leaving only Autism Spectrum Disorder._
|
||||||
@ -33,209 +33,200 @@ leaving only Autism Spectrum Disorder._
|
|||||||
2017-09-19
|
2017-09-19
|
||||||
|
|
||||||
There isn't much to say of that day, I had a dental operation under local
|
There isn't much to say of that day, I had a dental operation under local
|
||||||
anesthesia. In the evening I was somewhat ill and had to disable some
|
anesthesia. In the evening I was somewhat ill and had to disable some lights and
|
||||||
lights and even then fridge light hurt my eyes. Interestingly after
|
even then fridge light hurt my eyes. Interestingly after vomiting my senses were
|
||||||
vomiting my senses were like they usually are.
|
like they usually are.
|
||||||
|
|
||||||
2017-09-20
|
2017-09-20
|
||||||
|
|
||||||
Regardless of being ill on the previous night, I found myself from my
|
Regardless of being ill on the previous night, I found myself from my politics
|
||||||
politics hobby and agreed to be someone from Young Pirates at Metropolia
|
hobby and agreed to be someone from Young Pirates at Metropolia University of
|
||||||
University of Applied Sciences term starting sports party MetroSport.
|
Applied Sciences term starting sports party MetroSport.
|
||||||
|
|
||||||
I started by quickly visiting our office to fetch Pirate vests by taking a
|
I started by quickly visiting our office to fetch Pirate vests by taking a bus
|
||||||
bus and hopping onto metro. From there I continued unfamiliar route using
|
and hopping onto metro. From there I continued unfamiliar route using [Moovit]
|
||||||
[Moovit] to reach tram and then to bus stop where I would reach the bus
|
to reach tram and then to bus stop where I would reach the bus taking me to
|
||||||
taking me to Vantaa and the event.
|
Vantaa and the event.
|
||||||
|
|
||||||
[moovit]: https://moovitapp.com/
|
[moovit]: https://moovitapp.com/
|
||||||
|
|
||||||
Being a sports event it naturally happened at sports hall where I had to
|
Being a sports event it naturally happened at sports hall where I had to start
|
||||||
start by wearing ear fillers and sun glasses as it was so loud, because
|
by wearing ear fillers and sun glasses as it was so loud, because of the amount
|
||||||
of the amount of people and different music from multiple sources and there
|
of people and different music from multiple sources and there were bright
|
||||||
were bright lights.
|
lights.
|
||||||
|
|
||||||
I spent a few hours there with another Pirate activist before leaving for
|
I spent a few hours there with another Pirate activist before leaving for open
|
||||||
open doors of Helsinki Pirates which later turned out to be a mistake.
|
doors of Helsinki Pirates which later turned out to be a mistake.
|
||||||
|
|
||||||
We walked to train station from where I took a train and later a metro to
|
We walked to train station from where I took a train and later a metro to the
|
||||||
the office again. At first there were only a few of us activists before
|
office again. At first there were only a few of us activists before other people
|
||||||
other people started appearing and then we possibly had a record on the
|
started appearing and then we possibly had a record on the amount of new people
|
||||||
amount of new people who were interested about the party.
|
who were interested about the party.
|
||||||
|
|
||||||
I had had too much of draining events, so at some point I left quietly
|
I had had too much of draining events, so at some point I left quietly
|
||||||
explaining to activist outside how I was leaving as I had had too much
|
explaining to activist outside how I was leaving as I had had too much of
|
||||||
of sensory stimuluss stress and I possibly started crying at that point, I
|
sensory stimuluss stress and I possibly started crying at that point, I am not
|
||||||
am not sure.
|
sure.
|
||||||
|
|
||||||
I am sure that I was crying when I encountered another activist going to
|
I am sure that I was crying when I encountered another activist going to the
|
||||||
the open doors at metro station where I said the same things.
|
open doors at metro station where I said the same things.
|
||||||
|
|
||||||
_I don't know how much it would be OK for me to say, so I am saying barely
|
_I don't know how much it would be OK for me to say, so I am saying barely
|
||||||
anything about the people involved. I don't know if anyone of them
|
anything about the people involved. I don't know if anyone of them understood
|
||||||
understood what I meant, but at home I thought more about finally typing
|
what I meant, but at home I thought more about finally typing this and wrote it
|
||||||
this and wrote it down onto a piece of paper._
|
down onto a piece of paper._
|
||||||
|
|
||||||
2017-09-29 (today)
|
2017-09-29 (today)
|
||||||
|
|
||||||
Last night I slept a little worse than usually and I have been tired and
|
Last night I slept a little worse than usually and I have been tired and my
|
||||||
my senses more sensitive than usually, but not as sensitive as if I was
|
senses more sensitive than usually, but not as sensitive as if I was ill.
|
||||||
ill.
|
|
||||||
|
|
||||||
My mother was visiting me and that made me be affected by the world more
|
My mother was visiting me and that made me be affected by the world more than
|
||||||
than usually.
|
usually.
|
||||||
|
|
||||||
First I took a bus to the nearest _open_ metro station and went to
|
First I took a bus to the nearest _open_ metro station and went to Central
|
||||||
Central Railway Station to fetch her, we visited library and returned to
|
Railway Station to fetch her, we visited library and returned to my apartment.
|
||||||
my apartment. Later we ate at nearby salad bar and I escorted her to
|
Later we ate at nearby salad bar and I escorted her to tram stop where she
|
||||||
tram stop where she continued elsewhere with my grandmother.
|
continued elsewhere with my grandmother.
|
||||||
|
|
||||||
Returning home I had again had too much, this time I didn't cry, but I
|
Returning home I had again had too much, this time I didn't cry, but I think
|
||||||
think panic attack was close as I was using a full bus which I reached
|
panic attack was close as I was using a full bus which I reached through full
|
||||||
through full shopping centre that was having some sort of a shopping party.
|
shopping centre that was having some sort of a shopping party.
|
||||||
|
|
||||||
I survived by focusing on my breathing and listening to music with
|
I survived by focusing on my breathing and listening to music with wireless
|
||||||
wireless earbud/microphone as it wasn't so long bus trip. And then it's
|
earbud/microphone as it wasn't so long bus trip. And then it's typing this blog
|
||||||
typing this blog with some distractions.
|
with some distractions.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Now I have typed some sort of a introduction to this post and some events
|
Now I have typed some sort of a introduction to this post and some events on
|
||||||
on three days, I think it's the time to say why, which I think might
|
three days, I think it's the time to say why, which I think might be the most
|
||||||
be the most difficult part of this post.
|
difficult part of this post.
|
||||||
|
|
||||||
_I think I should disclaim that I am not a mental health professional or
|
_I think I should disclaim that I am not a mental health professional or
|
||||||
researcher or neurologist or anything (I do have vocational qualification
|
researcher or neurologist or anything (I do have vocational qualification on
|
||||||
on business information technology though) and this is based on my lived
|
business information technology though) and this is based on my lived experience
|
||||||
experience (even if I only heard of highly sensitive people this year and
|
(even if I only heard of highly sensitive people this year and was told that I
|
||||||
was told that I am one by my therapist) and what I have understood from
|
am one by my therapist) and what I have understood from talking with
|
||||||
talking with professionals, reading books, watching documentaries etc._
|
professionals, reading books, watching documentaries etc._
|
||||||
|
|
||||||
When I previously talked with my therapist on the subject, I explained that
|
When I previously talked with my therapist on the subject, I explained that it's
|
||||||
it's like there is a battery that is drained by sensory stimulus stress
|
like there is a battery that is drained by sensory stimulus stress and breaking
|
||||||
and breaking down crying is one sign of it being critically low and
|
down crying is one sign of it being critically low and requiring recharge.
|
||||||
requiring recharge. Typing this I guess that panic attack might be
|
Typing this I guess that panic attack might be short-circuiting the battery?
|
||||||
short-circuiting the battery?
|
|
||||||
|
|
||||||
And now I finally get to the point (if I wasn't in the point all the
|
And now I finally get to the point (if I wasn't in the point all the time?),
|
||||||
time?), what is that _sensory stimulus stress_? It's everything that is
|
what is that _sensory stimulus stress_? It's everything that is sensed,
|
||||||
sensed, regardless of whether it's positive, neutral or negative. I think
|
regardless of whether it's positive, neutral or negative. I think positive might
|
||||||
positive might drain the battery slower than negative would, but it will
|
drain the battery slower than negative would, but it will drain regardless.
|
||||||
drain regardless.
|
|
||||||
|
|
||||||
If you have any knowledge about autism, you probably know that people on
|
If you have any knowledge about autism, you probably know that people on the
|
||||||
the spectrum need time to recover from social interactions. Do you know
|
spectrum need time to recover from social interactions. Do you know why? Yes,
|
||||||
why? Yes, sensory stimulus stress is behind it too, hearing other people,
|
sensory stimulus stress is behind it too, hearing other people, hearing own
|
||||||
hearing own talking, background noise, looking anywhere, colours.
|
talking, background noise, looking anywhere, colours. Especially maintaining eye
|
||||||
Especially maintaining eye contact is a good way of draining.
|
contact is a good way of draining.
|
||||||
|
|
||||||
If I return to the first day/night that I talked about, I was ill, so my
|
If I return to the first day/night that I talked about, I was ill, so my senses
|
||||||
senses were a lot more sensitive than usually so even the fridge light
|
were a lot more sensitive than usually so even the fridge light hurt my eyes
|
||||||
hurt my eyes while often I might not be mindful about it being there.
|
while often I might not be mindful about it being there.
|
||||||
|
|
||||||
On the second day, there were the people, the buses, the trams, PA systems,
|
On the second day, there were the people, the buses, the trams, PA systems,
|
||||||
escalators, metros, music (that I listened during transport to drain more
|
escalators, metros, music (that I listened during transport to drain more
|
||||||
slowly), lights and everything. As with illness, stress also causes faster
|
slowly), lights and everything. As with illness, stress also causes faster
|
||||||
draining and stress is easy to get by going into a new situation at new
|
draining and stress is easy to get by going into a new situation at new place
|
||||||
place with new people and being hungry makes highly sensitive people
|
with new people and being hungry makes highly sensitive people horrible.
|
||||||
horrible.
|
|
||||||
|
|
||||||
On the third day, today, there were other people (naturally, I live in the
|
On the third day, today, there were other people (naturally, I live in the
|
||||||
capital of Finland), bus, escalators, metro, musician between central
|
capital of Finland), bus, escalators, metro, musician between central railway
|
||||||
railway station and the metro station, PA systems, talking with mother,
|
station and the metro station, PA systems, talking with mother, grocery store
|
||||||
grocery store noises, being at my apartment with mother having tea and
|
noises, being at my apartment with mother having tea and talking, during lunch
|
||||||
talking, during lunch there was also some machine keeping noise etc.
|
there was also some machine keeping noise etc.
|
||||||
|
|
||||||
I think this is the place for the _do you hear sounds that other people
|
I think this is the place for the _do you hear sounds that other people don't
|
||||||
don't hear_ joke. _Yes, I do, as my family is half-deaf and we have family
|
hear_ joke. _Yes, I do, as my family is half-deaf and we have family joke on how
|
||||||
joke on how I should share some of my hearing_ even if how good and how
|
I should share some of my hearing_ even if how good and how sensitive hearing is
|
||||||
sensitive hearing is are two separate things.
|
are two separate things.
|
||||||
|
|
||||||
I think this post is finished with the exception of one thing which I am
|
I think this post is finished with the exception of one thing which I am not
|
||||||
not sure if I wish to type. However I feel that my typing finally started
|
sure if I wish to type. However I feel that my typing finally started flowing
|
||||||
flowing well after hours of trying to get this into words and I think
|
well after hours of trying to get this into words and I think it would be unfair
|
||||||
it would be unfair from me to say that everything is draining, so I think
|
from me to say that everything is draining, so I think I should type some of the
|
||||||
I should type some of the methods that I discussed with my previous
|
methods that I discussed with my previous therapist to ease the situation.
|
||||||
therapist to ease the situation.
|
|
||||||
|
|
||||||
_I must again disclaim that this might only apply to me and not to you
|
_I must again disclaim that this might only apply to me and not to you (when did
|
||||||
(when did I make the reader another aspie or HSP?), and I should
|
I make the reader another aspie or HSP?), and I should probably say that my
|
||||||
probably say that my senses are mostly oversensitive except that my
|
senses are mostly oversensitive except that my sense of touch defies logic and
|
||||||
sense of touch defies logic and can either make me feel "hug deprived" and
|
can either make me feel "hug deprived" and wishing that someone would touch me
|
||||||
wishing that someone would touch me or send me into panic attack from
|
or send me into panic attack from someone accidentally touching me from
|
||||||
someone accidentally touching me from behind..._
|
behind..._
|
||||||
|
|
||||||
- General: Pushing the wall with strength for around 15 to 30 seconds.
|
- General: Pushing the wall with strength for around 15 to 30 seconds.
|
||||||
- Hearing: Music that you like from earbuds or similar, preferably
|
- Hearing: Music that you like from earbuds or similar, preferably something
|
||||||
something that reminds you of some very good experience.
|
that reminds you of some very good experience.
|
||||||
- Seeing: pastel/pale colours.
|
- Seeing: pastel/pale colours.
|
||||||
- I would like to add that bright colours are especially bad and I hate
|
- I would like to add that bright colours are especially bad and I hate
|
||||||
stripes and balls and dots and prefer my clothing to be single colour
|
stripes and balls and dots and prefer my clothing to be single colour while
|
||||||
while I might wear clothes that I would dislike seeing.
|
I might wear clothes that I would dislike seeing.
|
||||||
- I think we talked something about black being a neutral colour that
|
- I think we talked something about black being a neutral colour that isn't
|
||||||
isn't draining while it might not help easing sensory stimulus stress
|
draining while it might not help easing sensory stimulus stress either. I
|
||||||
either. I recommend using dark themes on phones and everything that
|
recommend using dark themes on phones and everything that has the option for
|
||||||
has the option for it.
|
it.
|
||||||
- Smell: leaving the situation or avoiding, but it might also help to
|
- Smell: leaving the situation or avoiding, but it might also help to get a
|
||||||
get a pleasant smelling lip balm that could be stealthily smelled
|
pleasant smelling lip balm that could be stealthily smelled while applying
|
||||||
while applying it.
|
it.
|
||||||
- Sense: massaging with a (stress) ball.
|
- Sense: massaging with a (stress) ball.
|
||||||
- I would very often like a hug or to be touched, but when I am
|
- I would very often like a hug or to be touched, but when I am asked if
|
||||||
asked if anyone can do anything to help me, I will lie and say
|
anyone can do anything to help me, I will lie and say nothing as I am
|
||||||
nothing as I am often ashamed of having undersensitive sense of
|
often ashamed of having undersensitive sense of touch (if I can say that,
|
||||||
touch (if I can say that, as I said before, it defies logic and
|
as I said before, it defies logic and all rules that I try to put on it to
|
||||||
all rules that I try to put on it to explain how it works). I
|
explain how it works). I think it's this Finnish culture.
|
||||||
think it's this Finnish culture.
|
- I think sense of touch might be some kind of a inbuild recovery method
|
||||||
- I think sense of touch might be some kind of a inbuild
|
andchoring me to this moment or giving me strength to continue from
|
||||||
recovery method andchoring me to this moment or giving me
|
overwhelming.
|
||||||
strength to continue from overwhelming.
|
- And I naturally forgot something important, overwhelming is how _The
|
||||||
- And I naturally forgot something important, overwhelming
|
Highly Sensitive Person_ calls the situation with too much sensory
|
||||||
is how _The Highly Sensitive Person_ calls the situation
|
stimulus stress ane need for recharging. Before encountering _high
|
||||||
with too much sensory stimulus stress ane need for
|
sensitivity_, I used words "soft limit" where warning signals started
|
||||||
recharging. Before encountering _high sensitivity_, I
|
appearing about coming panic attack or having had too much sensory
|
||||||
used words "soft limit" where warning signals started
|
stimulus stress and needing rest and if I borrow the term from ICT,
|
||||||
appearing about coming panic attack or having had too
|
why I wouldn't call panic attacks as hard limit?
|
||||||
much sensory stimulus stress and needing rest and if I
|
- Finns, this overwhelming is the same thing as _ylivirittyneisyys_.
|
||||||
borrow the term from ICT, why I wouldn't call panic
|
- and now I probably said more than I wondered if I wanted to say
|
||||||
attacks as hard limit?
|
above. I wonder how horrible will this post look at on the blog
|
||||||
- Finns, this overwhelming is the same thing as
|
while this looks this funny in Vim which I am using to type
|
||||||
_ylivirittyneisyys_.
|
|
||||||
- and now I probably said more than I wondered if
|
|
||||||
I wanted to say above. I wonder how horrible will
|
|
||||||
this post look at on the blog while this looks
|
|
||||||
this funny in Vim which I am using to type
|
|
||||||
this...
|
this...
|
||||||
- Motion: calm/slow moves
|
- Motion: calm/slow moves
|
||||||
- If I recall correctly, there was some reason why the previous
|
- If I recall correctly, there was some reason why the previous therapist
|
||||||
therapist wanted to put motion as a sense, but I cannot remember
|
wanted to put motion as a sense, but I cannot remember what the actual
|
||||||
what the actual reason was. I think I haven't ever had an issue
|
reason was. I think I haven't ever had an issue with motion other than
|
||||||
with motion other than having the motorical clumsiness that I think
|
having the motorical clumsiness that I think is part of diagnostic criteria
|
||||||
is part of diagnostic criteria from autism.
|
from autism.
|
||||||
|
|
||||||
_Addition: the TL;DR of the above list could probably be put into one word.
|
_Addition: the TL;DR of the above list could probably be put into one word.
|
||||||
Stim!_
|
Stim!_
|
||||||
|
|
||||||
And now I think I am actually finished with a few hours spend typing this
|
And now I think I am actually finished with a few hours spend typing this and
|
||||||
and just moving onto the 209th line in Vim. In the end I only want to say
|
just moving onto the 209th line in Vim. In the end I only want to say that
|
||||||
that remember that you aren't alone, 20% of the population are estimated
|
remember that you aren't alone, 20% of the population are estimated to be highly
|
||||||
to be highly sensitive people and while I don't know the percent for
|
sensitive people and while I don't know the percent for people on autism
|
||||||
people on autism spectrum, there is at least one of us in mostly every
|
spectrum, there is at least one of us in mostly every IRC channel that you can
|
||||||
IRC channel that you can find.
|
find.
|
||||||
|
|
||||||
I think I should also link to
|
I think I should also link to
|
||||||
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity) and [HSPerson.com](https://hsperson.com/) and
|
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity)
|
||||||
why not to [their self/tests](https://www.hsperson.com/test/highly-sensitive-test/)
|
and [HSPerson.com](https://hsperson.com/) and why not to
|
||||||
in case you are like me and haven't encountered it before or haven't
|
[their self/tests](https://www.hsperson.com/test/highly-sensitive-test/) in case
|
||||||
thought that it has anything to do with you.
|
you are like me and haven't encountered it before or haven't thought that it has
|
||||||
|
anything to do with you.
|
||||||
|
|
||||||
I trust that you have heard something of autism or that you are able to
|
I trust that you have heard something of autism or that you are able to find
|
||||||
find information about it easily while High Sensitivity is very unknown.
|
information about it easily while High Sensitivity is very unknown.
|
||||||
|
|
||||||
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism
|
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism or that
|
||||||
or that one person might be both, so I want to link you to their blog
|
one person might be both, so I want to link you to their blog
|
||||||
[About High Sensitivity, Autism, and Neurodiversity](https://hsperson.com/about-high-sensitivity-autism-and-neurodiversity/).
|
[About High Sensitivity, Autism, and Neurodiversity](https://hsperson.com/about-high-sensitivity-autism-and-neurodiversity/).
|
||||||
|
|
||||||
And now I am finally going to end typing this at 230 lines, I hope that
|
And now I am finally going to end typing this at 230 lines, I hope that this
|
||||||
this post was any help or at least not negative or including misinformation
|
post was any help or at least not negative or including misinformation or
|
||||||
or anything, but if that would happen to be the case, please do tell
|
anything, but if that would happen to be the case, please do tell me
|
||||||
me [by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)
|
[by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)
|
||||||
|
@ -12,64 +12,61 @@ sitemap: false
|
|||||||
---
|
---
|
||||||
|
|
||||||
_DNSCrypt-proxy encrypts DNS queries that would otherwise go in plaintext
|
_DNSCrypt-proxy encrypts DNS queries that would otherwise go in plaintext
|
||||||
ensuring that they won't be seen or modified by anyone in the middle. It
|
ensuring that they won't be seen or modified by anyone in the middle. It works
|
||||||
works as a localhost DNS server sending queries to configured DNS
|
as a localhost DNS server sending queries to configured DNS resolvers._
|
||||||
resolvers._
|
|
||||||
|
|
||||||
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which
|
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which is in
|
||||||
is in most of repos currently uses broken resolver by default and only
|
most of repos currently uses broken resolver by default and only supports one
|
||||||
supports one resolver at a time, while v2 can use multiple of them while
|
resolver at a time, while v2 can use multiple of them while comparing them for
|
||||||
comparing them for the best ones.
|
the best ones.
|
||||||
|
|
||||||
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which
|
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which contain
|
||||||
contain v1 and I (sadly) don't know a better way to do this.
|
v1 and I (sadly) don't know a better way to do this.
|
||||||
|
|
||||||
In order to check which version your distro has available, check the
|
In order to check which version your distro has available, check the
|
||||||
dnscrypt-proxy search page for your distribution:
|
dnscrypt-proxy search page for your distribution:
|
||||||
|
|
||||||
- [Debian](https://packages.debian.org/dnscrypt-proxy)
|
- [Debian](https://packages.debian.org/dnscrypt-proxy)
|
||||||
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has
|
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has the
|
||||||
the issues why I wrote this post.
|
issues why I wrote this post.
|
||||||
- [Ubuntu](https://packages.ubuntu.com/dnscrypt-proxy)
|
- [Ubuntu](https://packages.ubuntu.com/dnscrypt-proxy)
|
||||||
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I
|
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I am sure
|
||||||
am sure it previously had the Debian version 1.
|
it previously had the Debian version 1.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
1. Update your local apt cache `sudo apt update` and install curl that will
|
1. Update your local apt cache `sudo apt update` and install curl that will be
|
||||||
be used for downloading the package from Debian `sudo apt-get install curl`
|
used for downloading the package from Debian `sudo apt-get install curl`
|
||||||
|
|
||||||
Check the version number at [Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download) and fix it
|
Check the version number at
|
||||||
below:
|
[Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download)
|
||||||
|
and fix it below:
|
||||||
|
|
||||||
2: download the package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
|
2: download the
|
||||||
|
package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
|
||||||
|
|
||||||
**WARNING: This part is not supported by either Debian or Ubuntu, you are
|
**WARNING: This part is not supported by either Debian or Ubuntu, you are taking
|
||||||
taking a package from another distribution and attempting to install it
|
a package from another distribution and attempting to install it on another.**
|
||||||
on another.**
|
|
||||||
|
|
||||||
**WARNING: Usually when you use apt, it will verify package signatures and
|
**WARNING: Usually when you use apt, it will verify package signatures and
|
||||||
ensure that the package hasn't been tampered with. I have no idea how to
|
ensure that the package hasn't been tampered with. I have no idea how to do that
|
||||||
do that with direct downloads (if it's even possible) so you will be
|
with direct downloads (if it's even possible) so you will be trusting the Debian
|
||||||
trusting the Debian repository mirror or CDN blindly.**
|
repository mirror or CDN blindly.**
|
||||||
|
|
||||||
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>`
|
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>` (TAB
|
||||||
(TAB (above capslock) automatically completes rest of the filename for
|
(above capslock) automatically completes rest of the filename for you).
|
||||||
you).
|
|
||||||
1. In case there was a problem, attmept `sudo apt-get install -f` to fix
|
1. In case there was a problem, attmept `sudo apt-get install -f` to fix
|
||||||
broken package depedencies. **Remember to check that what it suggests
|
broken package depedencies. **Remember to check that what it suggests
|
||||||
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out
|
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out of
|
||||||
of luck and should do that instead of attempting to replace important
|
luck and should do that instead of attempting to replace important system
|
||||||
system components from another distribution (creating
|
components from another distribution (creating "Frankendebian").
|
||||||
"Frankendebian").
|
|
||||||
|
|
||||||
Hopefully dnscrypt-proxy is now running, check
|
Hopefully dnscrypt-proxy is now running, check `journalctl -u dnscrypt-proxy`,
|
||||||
`journalctl -u dnscrypt-proxy`, there should be a line saying
|
there should be a line saying
|
||||||
`[NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53`
|
`[NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53`
|
||||||
|
|
||||||
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping
|
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping resolvers
|
||||||
resolvers breaking each other, it should say say `dns=none`
|
breaking each other, it should say say `dns=none` e.g.:
|
||||||
e.g.:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
[main]
|
[main]
|
||||||
@ -100,15 +97,15 @@ options edns0 single-request-reopen
|
|||||||
|
|
||||||
Nameserver is the host where dnscrypt-proxy said to be listening on in
|
Nameserver is the host where dnscrypt-proxy said to be listening on in
|
||||||
journalctl, options are from dnscrypt-proxy documentation and search means
|
journalctl, options are from dnscrypt-proxy documentation and search means
|
||||||
domains that are automatically searched for if you don't use fully
|
domains that are automatically searched for if you don't use fully qualified
|
||||||
qualified domain names, e.g. `ssh machine` in my (uncommented) config
|
domain names, e.g. `ssh machine` in my (uncommented) config would turn into
|
||||||
would turn into `ssh machine.mikaela.info`. Update: I find this a privacy
|
`ssh machine.mikaela.info`. Update: I find this a privacy leakage (whenever
|
||||||
leakage (whenever NXDOMAIN happens), which is why I nowadays have it commented.
|
NXDOMAIN happens), which is why I nowadays have it commented.
|
||||||
|
|
||||||
You should also tell dhclient to not touch resolv.conf or you may get many
|
You should also tell dhclient to not touch resolv.conf or you may get many files
|
||||||
files into `/etc` beginning with names `resolv.conf.dhclient-new.`
|
into `/etc` beginning with names `resolv.conf.dhclient-new.` according to
|
||||||
according to
|
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf)
|
||||||
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf) which gives the following two commands and
|
which gives the following two commands and
|
||||||
[Debian bug 860928](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860928):
|
[Debian bug 860928](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860928):
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -118,9 +115,9 @@ chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**WARNING from 2018-10-21!** It appears that the cache and log directories
|
**WARNING from 2018-10-21!** It appears that the cache and log directories of
|
||||||
of dnscrypt-proxy don't sometimes get created automatically (at least on
|
dnscrypt-proxy don't sometimes get created automatically (at least on Debian
|
||||||
Debian GNU/Linux 9.6 (stretch).
|
GNU/Linux 9.6 (stretch).
|
||||||
|
|
||||||
If this happens to you or you would like to be sure to get them:
|
If this happens to you or you would like to be sure to get them:
|
||||||
|
|
||||||
@ -131,14 +128,16 @@ sudo chown -R _dnscrypt-proxy:nogroup /var/cache/dnscrypt-proxy /var/log/dnscryp
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
For the curious my dnscrypt-proxy config [is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy) [mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
|
For the curious my dnscrypt-proxy config
|
||||||
|
[is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy)
|
||||||
|
[mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 2019-07-22 update
|
## 2019-07-22 update
|
||||||
|
|
||||||
I have also started performing local DNSSEC validation by running Unbound
|
I have also started performing local DNSSEC validation by running Unbound in
|
||||||
in front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
|
front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
|
||||||
dnscrypt-proxy -> configured resolvers. This has the advantage that if the
|
dnscrypt-proxy -> configured resolvers. This has the advantage that if the
|
||||||
resolver didn't perform DNSSEC validation or lied about performing it, the
|
resolver didn't perform DNSSEC validation or lied about performing it, the
|
||||||
protection by DNSSEC would still be received.
|
protection by DNSSEC would still be received.
|
||||||
@ -146,11 +145,12 @@ protection by DNSSEC would still be received.
|
|||||||
The steps are simple:
|
The steps are simple:
|
||||||
|
|
||||||
1. `sudo apt install unbound`
|
1. `sudo apt install unbound`
|
||||||
- You should see a file `/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf`
|
- You should see a file
|
||||||
which simply says `server:` and on another line after intending
|
`/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf` which simply
|
||||||
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies
|
says `server:` and on another line after intending
|
||||||
by distribution) which means it's performing DNSSEC validation with
|
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies by
|
||||||
those trust anchors.
|
distribution) which means it's performing DNSSEC validation with those
|
||||||
|
trust anchors.
|
||||||
2. `sudo nano /etc/unbound/unbound.conf.d/dnscrypt-proxy.conf`
|
2. `sudo nano /etc/unbound/unbound.conf.d/dnscrypt-proxy.conf`
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -161,6 +161,6 @@ forward-zone:
|
|||||||
```
|
```
|
||||||
|
|
||||||
3. `sudo systemctl restart unbound`
|
3. `sudo systemctl restart unbound`
|
||||||
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1`
|
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1` instead
|
||||||
instead of `127.0.2.1` where dnscrypt-proxy runs by default. For more
|
of `127.0.2.1` where dnscrypt-proxy runs by default. For more details, CTRL +
|
||||||
details, CTRL + F for resolv.conf or chattr.
|
F for resolv.conf or chattr.
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
comments: true
|
comments: true
|
||||||
title: "Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
|
title:
|
||||||
|
"Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
|
||||||
category: [english]
|
category: [english]
|
||||||
tags: [english, Android, DNS-over-TLS, DNS, security, privacy]
|
tags: [english, Android, DNS-over-TLS, DNS, security, privacy]
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -11,10 +12,10 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_Since I first heard of Android 9 Private DNS I wondered how it will work
|
_Since I first heard of Android 9 Private DNS I wondered how it will work when
|
||||||
when the port is blocked or there is a captive portal. I didn't find this
|
the port is blocked or there is a captive portal. I didn't find this information
|
||||||
information anywhere and now that I have gotten the Android 9 Go update on
|
anywhere and now that I have gotten the Android 9 Go update on my Nokia 1, I am
|
||||||
my Nokia 1, I am able to type my own blog post about it._
|
able to type my own blog post about it._
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -36,78 +37,94 @@ my Nokia 1, I am able to type my own blog post about it._
|
|||||||
|
|
||||||
- Phone: Nokia 1 (TA-1047) running Android 9 (Go Edition)
|
- Phone: Nokia 1 (TA-1047) running Android 9 (Go Edition)
|
||||||
- I think I got the update on 9th of July
|
- I think I got the update on 9th of July
|
||||||
- Language: Finnish (and as I am typing in English I may accidentally
|
- Language: Finnish (and as I am typing in English I may accidentally invent
|
||||||
invent my own words)
|
my own words)
|
||||||
- In all tests mobile data was disabled to not cause confusing results.
|
- In all tests mobile data was disabled to not cause confusing results.
|
||||||
- As Private DNS is technically DNS over TLS, I am calling it as DoT.
|
- As Private DNS is technically DNS over TLS, I am calling it as DoT.
|
||||||
- In Android 9 it's enabled from Settings, Network & Internet, Advanced settings, Private DNS
|
- In Android 9 it's enabled from Settings, Network & Internet, Advanced
|
||||||
|
settings, Private DNS
|
||||||
- I am using [dns.quad9.net](https://quad9.net/) as hostname.
|
- I am using [dns.quad9.net](https://quad9.net/) as hostname.
|
||||||
- Automatic mode connects to the DNS server port 853 without validating
|
- Automatic mode connects to the DNS server port 853 without validating
|
||||||
certificate, "Hostname of private DNS provider" (which I call as the
|
certificate, "Hostname of private DNS provider" (which I call as the manual
|
||||||
manual mode) also validates the certificate and disallows downgrading.
|
mode) also validates the certificate and disallows downgrading.
|
||||||
- [Google's documentation](https://support.google.com/android/answer/9089903?hl=en).
|
- [Google's documentation](https://support.google.com/android/answer/9089903?hl=en).
|
||||||
- [Intra](https://getintra.org/) detects when private DNS is enabled and
|
- [Intra](https://getintra.org/) detects when private DNS is enabled and says
|
||||||
says that it doesn't have to be enabled at those times. However it gets
|
that it doesn't have to be enabled at those times. However it gets confused
|
||||||
confused easily as between the metro and DHCP offering Quad9 it claimed
|
easily as between the metro and DHCP offering Quad9 it claimed secure DNS was
|
||||||
secure DNS was disabled. Later before the captive portal test Intra again
|
disabled. Later before the captive portal test Intra again claimed DoT was
|
||||||
claimed DoT was disabled when there was no connectivity to DoT server, so
|
disabled when there was no connectivity to DoT server, so I guess it's only
|
||||||
I guess it's only able to detect when Android is actually connected to the
|
able to detect when Android is actually connected to the DoT server.
|
||||||
DoT server.
|
|
||||||
- [My messy notes for making this post](https://github.com/Mikaela/mikaela.github.io/issues/149)
|
- [My messy notes for making this post](https://github.com/Mikaela/mikaela.github.io/issues/149)
|
||||||
|
|
||||||
## The tests
|
## The tests
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Test: _automatic mode without DoT capable server from DHCP_; the setting
|
Test: _automatic mode without DoT capable server from DHCP_; the setting says
|
||||||
says "automatic".
|
"automatic".
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has
|
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has no
|
||||||
no internet connectivity until I disable private DNS and toggle WLAN. I
|
internet connectivity until I disable private DNS and toggle WLAN. I tested this
|
||||||
tested this in Helsinki metro.
|
in Helsinki metro.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Test: _automatic mode with DoT capable server from DHCP_; Android says that
|
Test: _automatic mode with DoT capable server from DHCP_; Android says that DoT
|
||||||
DoT is "enabled". For this test I configured a WLAN AP to use [Quad9](https://quad9.net/)
|
is "enabled". For this test I configured a WLAN AP to use
|
||||||
DNS servers `149.112.112.112` and `9.9.9.9`.
|
[Quad9](https://quad9.net/) DNS servers `149.112.112.112` and `9.9.9.9`.
|
||||||
|
|
||||||
I would also have configured
|
I would also have configured the IPv6 addresses `2620:fe::9` and `2620:fe::fe`
|
||||||
the IPv6 addresses `2620:fe::9` and `2620:fe::fe` as the network was dualstack,
|
as the network was dualstack, but naturally the router was missing ability to
|
||||||
but naturally the router was missing ability to configure IPv6 DNS servers
|
configure IPv6 DNS servers and forced using the ISP ones. At least the Android 9
|
||||||
and forced using the ISP ones. At least the Android 9 was happy with the IPv4
|
was happy with the IPv4 servers.
|
||||||
servers.
|
|
||||||
|
|
||||||
I didn't do this at home as my main network connectivity is a MiFi
|
I didn't do this at home as my main network connectivity is a MiFi "box" that
|
||||||
"box" that doesn't allow me to specify a DNS server and I tend to avoid it anyway
|
doesn't allow me to specify a DNS server and I tend to avoid it anyway by using
|
||||||
by using [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with [this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml) and Intra. Sadly I have some
|
[dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with
|
||||||
little used devices that have no way to encrypt DNS and they either use the
|
[this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml)
|
||||||
ISP DNS or in case of Chromecasts I am under impression that they are
|
and Intra. Sadly I have some little used devices that have no way to encrypt DNS
|
||||||
hardcoded to use Google DNS. I don't use them much though.
|
and they either use the ISP DNS or in case of Chromecasts I am under impression
|
||||||
|
that they are hardcoded to use Google DNS. I don't use them much though.
|
||||||
|
|
||||||
Why do I care about encrypted DNS so much? Encrypt everything! And to quote
|
Why do I care about encrypted DNS so much? Encrypt everything! And to quote my
|
||||||
my index:
|
index:
|
||||||
|
|
||||||
> The only traffic I am not encrypting is probably my WLAN. For some reason my router requires a reboot once per hour with WPA2 encryption while on open network I only have to reboot it once per day (I have asked about this confusing behaviour from wiser people on IRC and they weren't able to explain it either). I support the <a href="https://openwireless.org/">Open Wireless Movement</a> and think that if someone really wanted to cause me harm, they could break into the network anyway and that would be more difficult to prove on consumer grade device than the network being open. There are firewalls on all networks and while a passerby would be able to observe unencrypted SNIs, isn't that also <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by international security agencies already</a> while even <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland has given permission to monitor traffic crossing our borders</a> ((TODO: better link in English as the situation develops)and how much of traffic doesn't do that?). I also don't like being somewhere where the only available WLANs are printers and smart thermostats :)
|
> The only traffic I am not encrypting is probably my WLAN. For some reason my
|
||||||
|
> router requires a reboot once per hour with WPA2 encryption while on open
|
||||||
|
> network I only have to reboot it once per day (I have asked about this
|
||||||
|
> confusing behaviour from wiser people on IRC and they weren't able to explain
|
||||||
|
> it either). I support the <a href="https://openwireless.org/">Open Wireless
|
||||||
|
> Movement</a> and think that if someone really wanted to cause me harm, they
|
||||||
|
> could break into the network anyway and that would be more difficult to prove
|
||||||
|
> on consumer grade device than the network being open. There are firewalls on
|
||||||
|
> all networks and while a passerby would be able to observe unencrypted SNIs,
|
||||||
|
> isn't that also
|
||||||
|
> <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by
|
||||||
|
> international security agencies already</a> while even
|
||||||
|
> <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland
|
||||||
|
> has given permission to monitor traffic crossing our borders</a> ((TODO:
|
||||||
|
> better link in English as the situation develops)and how much of traffic
|
||||||
|
> doesn't do that?). I also don't like being somewhere where the only available
|
||||||
|
> WLANs are printers and smart thermostats :)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_
|
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_ configured to
|
||||||
configured to use server `https://149.112.112.112/dns-query` in Helsinki
|
use server `https://149.112.112.112/dns-query` in Helsinki metro; Android claims
|
||||||
metro; Android claims that the network has no connectivity and shows the x
|
that the network has no connectivity and shows the x on the WLAN symbol in the
|
||||||
on the WLAN symbol in the statusbar, but everything works regardless.
|
statusbar, but everything works regardless. My hypothesis that I am not enough
|
||||||
My hypothesis that I am not enough interested in confirming is that if I was
|
interested in confirming is that if I was using
|
||||||
using `https://dns.quad9.net/dns-query` nothing would work as the Intra app
|
`https://dns.quad9.net/dns-query` nothing would work as the Intra app would have
|
||||||
would have been unable to resolve that name due to DoT being blocked.
|
been unable to resolve that name due to DoT being blocked.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to
|
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to login
|
||||||
login to the network as usual, so I guess Android handles captive portal
|
to the network as usual, so I guess Android handles captive portal separately
|
||||||
separately from DoT which is a good thing in my opinion as otherwise that
|
from DoT which is a good thing in my opinion as otherwise that feature would
|
||||||
feature would likely be too confusing or difficult for many people to use.
|
likely be too confusing or difficult for many people to use.
|
||||||
|
|
||||||
I performed this test next to a closed Espresso House, which luckily hadn't
|
I performed this test next to a closed Espresso House, which luckily hadn't
|
||||||
turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
|
turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
|
||||||
@ -116,36 +133,37 @@ turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
|
|||||||
|
|
||||||
## Why I use Quad9?
|
## Why I use Quad9?
|
||||||
|
|
||||||
I had an idea of blogging about this separately long before I got Android 9
|
I had an idea of blogging about this separately long before I got Android 9 and
|
||||||
and was able to perform this testing, but as I mention it so much I guess
|
was able to perform this testing, but as I mention it so much I guess it's
|
||||||
it's better to merge the posts.
|
better to merge the posts.
|
||||||
|
|
||||||
What I wish from a DNS server is privacy/security (including DoT), [DNSSEC],
|
What I wish from a DNS server is privacy/security (including DoT), [DNSSEC],
|
||||||
being stable (or unlikely to go
|
being stable (or unlikely to go away without warning in near future) and thus
|
||||||
away without warning in near future) and thus being able to recommend it to
|
being able to recommend it to my family members (read as: configure it on their
|
||||||
my family members (read as: configure it on their routers while being tech
|
routers while being tech support).
|
||||||
support).
|
|
||||||
|
|
||||||
[dnssec]: https://www.dnssec.net/
|
[dnssec]: https://www.dnssec.net/
|
||||||
|
|
||||||
The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>) are the following:
|
The options
|
||||||
|
[judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>)
|
||||||
|
are the following:
|
||||||
|
|
||||||
- Quad9 (I am only talking about the secure variant as the insecure disables
|
- Quad9 (I am only talking about the secure variant as the insecure disables
|
||||||
DNSSEC)
|
DNSSEC)
|
||||||
- non-profit
|
- non-profit
|
||||||
- [privacy policy](https://quad9.net/privacy/) (I seem to have too much
|
- [privacy policy](https://quad9.net/privacy/) (I seem to have too much
|
||||||
problems with the others to even look at their policies)
|
problems with the others to even look at their policies)
|
||||||
- same malicious domain filtering for everyone (I was going to compare it
|
- same malicious domain filtering for everyone (I was going to compare it to
|
||||||
to Cisco/OpenDNS without realizing that the DoT requirement dropped them out
|
Cisco/OpenDNS without realizing that the DoT requirement dropped them out
|
||||||
already) that I haven't yet encountered
|
already) that I haven't yet encountered
|
||||||
- [FAQ](https://quad9.net/faq/)
|
- [FAQ](https://quad9.net/faq/)
|
||||||
- supports DNS over HTTPS (I need it for Firefox which at the time of typing requires
|
- supports DNS over HTTPS (I need it for Firefox which at the time of typing
|
||||||
DoH for ESNI support)
|
requires DoH for ESNI support)
|
||||||
- has a node in Finland (see TREX under regional providers)
|
- has a node in Finland (see TREX under regional providers)
|
||||||
- I have heard that they plan a network map (Adguard on the bottom has it)
|
- I have heard that they plan a network map (Adguard on the bottom has it) and
|
||||||
and I hope to see it soon, because I would have no idea they have a node
|
I hope to see it soon, because I would have no idea they have a node in
|
||||||
in Finland without knowing about TREX and having performed DNS leak test
|
Finland without knowing about TREX and having performed DNS leak test (see
|
||||||
(see TREX under regional providers for more details on both).
|
TREX under regional providers for more details on both).
|
||||||
- Cloudflare
|
- Cloudflare
|
||||||
- for-profit company
|
- for-profit company
|
||||||
- too big for my taste and possibly getting even bigger if Firefox starts
|
- too big for my taste and possibly getting even bigger if Firefox starts
|
||||||
@ -156,19 +174,18 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
|
|||||||
queries too.
|
queries too.
|
||||||
- CleanBrowsing
|
- CleanBrowsing
|
||||||
- I never looked it before, but it appears to be for-profit
|
- I never looked it before, but it appears to be for-profit
|
||||||
- allows custom filters? What prevents filters from another user from
|
- allows custom filters? What prevents filters from another user from being
|
||||||
being applied to me? This was a problem with Cisco OpenDNS.
|
applied to me? This was a problem with Cisco OpenDNS.
|
||||||
- Adguard
|
- Adguard
|
||||||
- I never looked at them before either, but they look surprisingly good
|
- I never looked at them before either, but they look surprisingly good and I
|
||||||
and I could consider using them with the short reading I did for this
|
could consider using them with the short reading I did for this post.
|
||||||
post.
|
|
||||||
- for-profit (even though they claim to make money by their other products
|
- for-profit (even though they claim to make money by their other products
|
||||||
than DNS, but so do Cloudflare and Google?)
|
than DNS, but so do Cloudflare and Google?)
|
||||||
- I worry they could block something more than ads/malware by accident
|
- I worry they could block something more than ads/malware by accident
|
||||||
- and I think they are more likely to do that than Quad9 due to blocking
|
- and I think they are more likely to do that than Quad9 due to blocking so
|
||||||
so much more.
|
much more.
|
||||||
- and this could be painful to start troubleshooting over the phone
|
- and this could be painful to start troubleshooting over the phone with
|
||||||
with family members.
|
family members.
|
||||||
- [privacy policy](https://adguard.com/en/privacy.html)
|
- [privacy policy](https://adguard.com/en/privacy.html)
|
||||||
- based in Cyprus (EU)
|
- based in Cyprus (EU)
|
||||||
- [Adguard DNS page including FAQ](https://adguard.com/en/adguard-dns/overview.html)
|
- [Adguard DNS page including FAQ](https://adguard.com/en/adguard-dns/overview.html)
|
||||||
@ -177,38 +194,41 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
|
|||||||
|
|
||||||
Then there are regional providers like:
|
Then there are regional providers like:
|
||||||
|
|
||||||
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for Finnish users
|
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for
|
||||||
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But TREX hosts a Quad9 node, which offers a secure service with those features."
|
Finnish users
|
||||||
- this can be confirmed by running a [DNS leak test](https://dnsleaktest.com/)
|
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But
|
||||||
which in Finland replies "TREX Regional Exchanges Oy" and being hosted
|
TREX hosts a Quad9 node, which offers a secure service with those features."
|
||||||
by TREX is a plus for Quad9 in my eyes as it's
|
- this can be confirmed by running a
|
||||||
- often recommended for Finnish users instead of Google DNS by people in
|
[DNS leak test](https://dnsleaktest.com/) which in Finland replies "TREX
|
||||||
my circles
|
Regional Exchanges Oy" and being hosted by TREX is a plus for Quad9 in my
|
||||||
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech users
|
eyes as it's
|
||||||
(English readers: enable cookies and click "English")
|
- often recommended for Finnish users instead of Google DNS by people in my
|
||||||
|
circles
|
||||||
|
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech
|
||||||
|
users (English readers: enable cookies and click "English")
|
||||||
- has DNSSEC, DoT & DoH
|
- has DNSSEC, DoT & DoH
|
||||||
- probably wouldn't make much sense to use from Finland (or anywhere
|
- probably wouldn't make much sense to use from Finland (or anywhere else far
|
||||||
else far from Czech Republic, I imagine all the neighbouring countries would also have their
|
from Czech Republic, I imagine all the neighbouring countries would also
|
||||||
own equivalent regardless of CZ.NIC being so big name (you have heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
|
have their own equivalent regardless of CZ.NIC being so big name (you have
|
||||||
- (thus I promote centralization, but) a regional not-anycasted DNS server
|
heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
|
||||||
may be impractical while traveling as your DNS would always go through
|
- (thus I promote centralization, but) a regional not-anycasted DNS server may
|
||||||
home and possibly be slower than it could be. As a counter argument it
|
be impractical while traveling as your DNS would always go through home and
|
||||||
wouldn't hurt that much or be difficult to change, but would you
|
possibly be slower than it could be. As a counter argument it wouldn't hurt
|
||||||
remember to do it while traveling (I guess I would) and would your
|
that much or be difficult to change, but would you remember to do it while
|
||||||
family members remember that?
|
traveling (I guess I would) and would your family members remember that?
|
||||||
|
|
||||||
And the golden option of hosting your own DNS. (It's actually easy with
|
And the golden option of hosting your own DNS. (It's actually easy with Unbound,
|
||||||
Unbound, I haven't tried DoH/DoT hosting though!)
|
I haven't tried DoH/DoT hosting though!)
|
||||||
|
|
||||||
- Hosting where?
|
- Hosting where?
|
||||||
- Hosting with what money?
|
- Hosting with what money?
|
||||||
- On my laptop? What about when it goes down?
|
- On my laptop? What about when it goes down?
|
||||||
- On three of my active devices separately? I don't think the root
|
- On three of my active devices separately? I don't think the root nameserver
|
||||||
nameserver admins would be very happy if everyone did that.
|
admins would be very happy if everyone did that.
|
||||||
- On my VPS? What if it went down due to being so cheap? What to say when
|
- On my VPS? What if it went down due to being so cheap? What to say when my
|
||||||
my family called that "the internet is broken"? How to provide the additional
|
family called that "the internet is broken"? How to provide the additional
|
||||||
line of defence against malware and phishing as well as Quad9 does it with
|
line of defence against malware and phishing as well as Quad9 does it with all
|
||||||
all their information sources and partners?
|
their information sources and partners?
|
||||||
|
|
||||||
To me Quad9 seems the least bad (or the least scary?) option with all these
|
To me Quad9 seems the least bad (or the least scary?) option with all these
|
||||||
things considered, but some other provider may seem better to you.
|
things considered, but some other provider may seem better to you.
|
||||||
|
@ -32,172 +32,217 @@ administrating experience due to not having any with Matrix personally._
|
|||||||
|
|
||||||
## Element, what Element?
|
## Element, what Element?
|
||||||
|
|
||||||
Element is the defacto Matrix client. If you wish to get into Matrix, you
|
Element is the defacto Matrix client. If you wish to get into Matrix, you will
|
||||||
will likely hear the advice to install Element or use it on the web.
|
likely hear the advice to install Element or use it on the web.
|
||||||
|
|
||||||
It comes with two problems:
|
It comes with two problems:
|
||||||
|
|
||||||
- you will likely register your account on the `matrix.org` homeserver and
|
- you will likely register your account on the `matrix.org` homeserver and later
|
||||||
later hear that you made a mistake in using it as it's overloaded and you
|
hear that you made a mistake in using it as it's overloaded and you should
|
||||||
should instead use some other homeserver which would also be good for
|
instead use some other homeserver which would also be good for healthy
|
||||||
healthy federation, but the interface doesn't suggest or offer you any
|
federation, but the interface doesn't suggest or offer you any other servers.
|
||||||
other servers.
|
- maybe in the future
|
||||||
- maybe in the future [your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
|
[your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
|
||||||
- if you happen to be like me and use both Element Web and Element iOS, you
|
- if you happen to be like me and use both Element Web and Element iOS, you will
|
||||||
will notice they are wildly inconsistent. I cannot comment on Element
|
notice they are wildly inconsistent. I cannot comment on Element Android as my
|
||||||
Android as my phone (Nokia 1 / TA-1047) is too weak powered for pleasant
|
phone (Nokia 1 / TA-1047) is too weak powered for pleasant Matrix experience
|
||||||
Matrix experience and I don't use it much.
|
and I don't use it much.
|
||||||
|
|
||||||
Comparing the later two platforms, I imagine you will hit some of these
|
Comparing the later two platforms, I imagine you will hit some of these problems
|
||||||
problems sooner or later:
|
sooner or later:
|
||||||
|
|
||||||
- <s>You see a link in the channel. If you were using Element Web or
|
- <s>You see a link in the channel. If you were using Element Web or possibly
|
||||||
possibly even Element Android you would immediately know what it was
|
even Element Android you would immediately know what it was about. However you
|
||||||
about. However you use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS that never got URL preview support!</a></s>
|
use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS
|
||||||
|
that never got URL preview support!</a></s>
|
||||||
- You hear of interesting room on another room and you wish to join it. You
|
- You hear of interesting room on another room and you wish to join it. You
|
||||||
touch the name wishing to get into there? What happens instead? You will get
|
touch the name wishing to get into there? What happens instead? You will get
|
||||||
an error message [cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
|
an error message
|
||||||
- I hope that doesn't annoy you and you wish to hear the workaround of
|
[cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
|
||||||
running `/join #room:example.net` by hand instead.
|
- I hope that doesn't annoy you and you wish to hear the workaround of running
|
||||||
|
`/join #room:example.net` by hand instead.
|
||||||
- This may be a bit more rare one, but if you share rooms with bots, you may
|
- This may be a bit more rare one, but if you share rooms with bots, you may
|
||||||
notice that on Element Web they are more gray than people. [Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
|
notice that on Element Web they are more gray than people.
|
||||||
- I may again be a bit weird, but I wish to have [timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
|
[Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
|
||||||
but Element says no. They exist on Web, not on iOS. Same if you [wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
|
- I may again be a bit weird, but I wish to have
|
||||||
- <s>I almost forgot, but the <a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
|
[timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
|
||||||
just <a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't exist on iOS</a>,
|
but Element says no. They exist on Web, not on iOS. Same if you
|
||||||
should you attempt to join or be invited to one, you will get a banner
|
[wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
|
||||||
saying that they aren't implemented yet and you cannot accept or reject
|
- <s>I almost forgot, but the
|
||||||
the invite unless you open Element Web to do that.</s>
|
<a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
|
||||||
|
just
|
||||||
|
<a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't
|
||||||
|
exist on iOS</a>, should you attempt to join or be invited to one, you will
|
||||||
|
get a banner saying that they aren't implemented yet and you cannot accept or
|
||||||
|
reject the invite unless you open Element Web to do that.</s>
|
||||||
- <s>Another issue I am editing in hours later is pills, when you mention
|
- <s>Another issue I am editing in hours later is pills, when you mention
|
||||||
someone on Element (Web), or someone else mentions someone, there is a clear
|
someone on Element (Web), or someone else mentions someone, there is a clear
|
||||||
pill shape around their name and it can be clicked to get to their profile,
|
pill shape around their name and it can be clicked to get to their profile,
|
||||||
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on Element (iOS)</a></s>
|
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on
|
||||||
|
Element (iOS)</a></s>
|
||||||
|
|
||||||
And that is probably enough of annoyances with Element iOS, I hope the
|
And that is probably enough of annoyances with Element iOS, I hope the situation
|
||||||
situation will improve in foreseeable future there due to
|
will improve in foreseeable future there due to
|
||||||
[Matrix exploding with Element securing $30M funding to revolutionise the app’s usability, build out major new features, expand in the enterprise market and take Matrix fully mainstream!](https://element.io/blog/element-raises-30m-as-matrix-explodes/)
|
[Matrix exploding with Element securing $30M funding to revolutionise the app’s usability, build out major new features, expand in the enterprise market and take Matrix fully mainstream!](https://element.io/blog/element-raises-30m-as-matrix-explodes/)
|
||||||
|
|
||||||
2022-01-29: As seen from the strikethrough, two of six points on my list have
|
2022-01-29: As seen from the strikethrough, two of six points on my list have
|
||||||
been resolved, however today [FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
|
been resolved, however today
|
||||||
At the time of writing [stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
|
[FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
|
||||||
|
At the time of writing
|
||||||
|
[stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
|
||||||
that in incompatible clients (such as Element Web and Element Android) appear as
|
that in incompatible clients (such as Element Web and Element Android) appear as
|
||||||
read-only rooms, however [Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
|
read-only rooms, however
|
||||||
|
[Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
|
||||||
|
|
||||||
## You mentioned privacy?
|
## You mentioned privacy?
|
||||||
|
|
||||||
Yes, privacy is a big reason why Matrix is advertised and the lack of it is
|
Yes, privacy is a big reason why Matrix is advertised and the lack of it is a
|
||||||
a fact you agree to by using Matrix or getting bridged to Matrix (which is
|
fact you agree to by using Matrix or getting bridged to Matrix (which is out of
|
||||||
out of scope for this blog post as it involves other protocols too much,
|
scope for this blog post as it involves other protocols too much, whether you
|
||||||
whether you know Matrix or not).
|
know Matrix or not).
|
||||||
|
|
||||||
As with the internet in general, the most safe assumption is that once you
|
As with the internet in general, the most safe assumption is that once you post
|
||||||
post something it's there forever. It may be encrypted in a private Matrix
|
something it's there forever. It may be encrypted in a private Matrix room or it
|
||||||
room or it may be public in a public room, but it will most likely be there
|
may be public in a public room, but it will most likely be there forever.
|
||||||
forever.
|
|
||||||
|
|
||||||
Matrix does support [history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
|
Matrix does support
|
||||||
this assumes [your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
|
[history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
|
||||||
and as your room is hosted on every homeserver that has users in your room,
|
this assumes
|
||||||
have a single homeserver that hasn't explicitly enabled it, or doesn't otherwise support it, and the room
|
[your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
|
||||||
history never goes away. Executing `/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version [will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
|
and as your room is hosted on every homeserver that has users in your room, have
|
||||||
|
a single homeserver that hasn't explicitly enabled it, or doesn't otherwise
|
||||||
|
support it, and the room history never goes away. Executing
|
||||||
|
`/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version
|
||||||
|
[will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
|
||||||
|
|
||||||
**_WARNING!_** [Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
|
**_WARNING!_**
|
||||||
and [will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
|
[Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
|
||||||
Upgrading the room will fix that, but it's just a fancy
|
and
|
||||||
way of saying "discontinue the old room and add a note saying where the new
|
[will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
|
||||||
room is".
|
Upgrading the room will fix that, but it's just a fancy way of saying
|
||||||
|
"discontinue the old room and add a note saying where the new room is".
|
||||||
|
|
||||||
**_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
|
**_WARNING! Always before executing `/upgraderoom` check that everyone in your
|
||||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
room has a recent Matrix server that supports your target room version,
|
||||||
|
otherwise you may lock some of your users out._** For example
|
||||||
|
`/invite @version:maunium.net` and once it joins, say
|
||||||
|
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
|
||||||
|
that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||||
|
|
||||||
In case there isn't enough confusion, retention shouldn't be confused with actual [self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
In case there isn't enough confusion, retention shouldn't be confused with
|
||||||
|
actual
|
||||||
|
[self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
||||||
|
|
||||||
_Technical note: sorry about calling <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd issue
|
_Technical note: sorry about calling <s>reference</s> homeserver implementation
|
||||||
as a Matrix protocol issue._
|
by the <s>matrix.org team</s> New Vector Ltd issue as a Matrix protocol issue._
|
||||||
|
|
||||||
You may say that this requires you to trust the homeserver admin anyway and
|
You may say that this requires you to trust the homeserver admin anyway and that
|
||||||
that is true, I wish people could trust each other and even if someone
|
is true, I wish people could trust each other and even if someone modified their
|
||||||
modified their Synapse to never remove anything or had a client logging
|
Synapse to never remove anything or had a client logging everything, they
|
||||||
everything, they wouldn't throw that history to people who don't want to see it.
|
wouldn't throw that history to people who don't want to see it.
|
||||||
|
|
||||||
Speaking of removals, once you remove a message [it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461) which is fine for me, but if [this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263) and should you have copied link to the media, it would keep on working
|
Speaking of removals, once you remove a message
|
||||||
and if you changed the homeserver address in your copied link, it would still
|
[it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461)
|
||||||
keep on working. Is this something you expect from a private protocol? I don't, or I didn't before getting familiar with Matrix. There is also an [alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
|
which is fine for me, but if
|
||||||
|
[this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263)
|
||||||
|
and should you have copied link to the media, it would keep on working and if
|
||||||
|
you changed the homeserver address in your copied link, it would still keep on
|
||||||
|
working. Is this something you expect from a private protocol? I don't, or I
|
||||||
|
didn't before getting familiar with Matrix. There is also an
|
||||||
|
[alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
|
||||||
|
|
||||||
_By the way Synapse is still a <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd and not
|
_By the way Synapse is still a <s>reference</s> homeserver implementation by the
|
||||||
Matrix protocol itself, so sorry about that for anyone technical reading this._
|
<s>matrix.org team</s> New Vector Ltd and not Matrix protocol itself, so sorry
|
||||||
|
about that for anyone technical reading this._
|
||||||
|
|
||||||
Do you use different names in different contexts? Like your Full Name in
|
Do you use different names in different contexts? Like your Full Name in
|
||||||
professional context, a nickname somewhere else and maybe what will be your
|
professional context, a nickname somewhere else and maybe what will be your real
|
||||||
real name after gender transitioning or even have a diffferent name in direct
|
name after gender transitioning or even have a diffferent name in direct chat
|
||||||
chat with your partner? [Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
|
with your partner?
|
||||||
|
[Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
|
||||||
|
|
||||||
_Synapse didn't become Matrix protocol itself by the way, there are still other implementations!_
|
_Synapse didn't become Matrix protocol itself by the way, there are still other
|
||||||
|
implementations!_
|
||||||
|
|
||||||
This issue does have a potential solution [an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
|
This issue does have a potential solution
|
||||||
and what I am hopeful about in the future <a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open pull request specification for space specific profiles</a>,
|
[an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
|
||||||
unless it just moves the issue to a different level. Which is [cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
|
and what I am hopeful about in the future
|
||||||
|
<a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open
|
||||||
|
pull request specification for space specific profiles</a>, unless it just moves
|
||||||
|
the issue to a different level. Which is
|
||||||
|
[cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
|
||||||
["until extensible profiles and sync v3 become more concrete"](https://github.com/matrix-org/matrix-spec-proposals/pull/1769)
|
["until extensible profiles and sync v3 become more concrete"](https://github.com/matrix-org/matrix-spec-proposals/pull/1769)
|
||||||
|
|
||||||
2021-08-27: I don't know how serious issue this may be for you, but any emoji/
|
2021-08-27: I don't know how serious issue this may be for you, but any emoji/
|
||||||
[reactions made on end-to-end-encrypted messages aren't encrypted](https://github.com/matrix-org/matrix-spec/issues/660).
|
[reactions made on end-to-end-encrypted messages aren't encrypted](https://github.com/matrix-org/matrix-spec/issues/660).
|
||||||
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you cannot read the other party, but
|
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you
|
||||||
regardless see their reactions on your messages.
|
cannot read the other party, but regardless see their reactions on your
|
||||||
|
messages.
|
||||||
|
|
||||||
2022-01-10: In E2EE features, when you are invited to E2EE rooms, you generally
|
2022-01-10: In E2EE features, when you are invited to E2EE rooms, you generally
|
||||||
cannot see the previously encrypted messages. However when those are encrypted,
|
cannot see the previously encrypted messages. However when those are encrypted,
|
||||||
viewing [message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
|
viewing
|
||||||
which [have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
|
[message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
|
||||||
|
which
|
||||||
|
[have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
|
||||||
|
|
||||||
I think that was my biggest complaints on Matrix (or Synapse itself), that
|
I think that was my biggest complaints on Matrix (or Synapse itself), that don't
|
||||||
don't involve other protocols and I have personally experienced. My notes
|
involve other protocols and I have personally experienced. My notes for this
|
||||||
for this blog post include [Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
|
blog post include
|
||||||
or in other words [Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
|
[Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
|
||||||
|
or in other words
|
||||||
|
[Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
|
||||||
but they didn't occur to me and I guess it has been doing fine enough without
|
but they didn't occur to me and I guess it has been doing fine enough without
|
||||||
implementing those.
|
implementing those.
|
||||||
|
|
||||||
If any of these issues is a dealbreaker for you or you don't want to hear
|
If any of these issues is a dealbreaker for you or you don't want to hear a bad
|
||||||
a bad word about Matrix, you may be wondering what is the perfect flawless
|
word about Matrix, you may be wondering what is the perfect flawless solution? I
|
||||||
solution? I don't know, personally I don't think it may not exist and I don't
|
don't know, personally I don't think it may not exist and I don't want to enter
|
||||||
want to enter discussing compromise solutions or other protocols in this post
|
discussing compromise solutions or other protocols in this post at all. This
|
||||||
at all. This list also wasn't complete on what issues I have with Matrix
|
list also wasn't complete on what issues I have with Matrix (and so close to the
|
||||||
(and so close to the end I don't want to dig for references) and I have
|
end I don't want to dig for references) and I have specific wishes that no
|
||||||
specific wishes that no protocol offers (at least not consistently,
|
protocol offers (at least not consistently, such as using multiple names and
|
||||||
such as using multiple names and knowing which name I am using where or managing
|
knowing which name I am using where or managing 50 different rooms with same
|
||||||
50 different rooms with same operators everywhere, but [that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
|
operators everywhere, but
|
||||||
|
[that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
|
||||||
|
|
||||||
You may wonder was it nice of me to write so negative blog post. I find it
|
You may wonder was it nice of me to write so negative blog post. I find it
|
||||||
therapeutic as [I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
|
therapeutic as
|
||||||
and now I have finally done it, a bit over half an year late,
|
[I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
|
||||||
spending a bit over an hour to it and I feel better after getting these problems
|
and now I have finally done it, a bit over half an year late, spending a bit
|
||||||
out of my head and maybe they weren't so big after all. Up to you.
|
over an hour to it and I feel better after getting these problems out of my head
|
||||||
|
and maybe they weren't so big after all. Up to you.
|
||||||
|
|
||||||
Lastly I apologise to you-know-who-you-are for not titling this post "undefined",
|
Lastly I apologise to you-know-who-you-are for not titling this post
|
||||||
or even M.UNKNOWN (which I would have imagined to be one of the issues for me to write about, but
|
"undefined", or even M.UNKNOWN (which I would have imagined to be one of the
|
||||||
I don't remember seeing it in a long time, so maybe the situation is improving.
|
issues for me to write about, but I don't remember seeing it in a long time, so
|
||||||
|
maybe the situation is improving.
|
||||||
|
|
||||||
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss),
|
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss), or
|
||||||
or you can find me from a lot of the linked issues and there is also [issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
|
you can find me from a lot of the linked issues and there is also
|
||||||
|
[issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
|
||||||
|
|
||||||
- [Changelog, also known as git commit history](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md)
|
- [Changelog, also known as git commit history](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md)
|
||||||
- Clicksaver for edits done on day of publishing: I have fixed a typo resulting one
|
- Clicksaver for edits done on day of publishing: I have fixed a typo
|
||||||
link being a 404 error, added mention on Element (iOS) not doing URL previews
|
resulting one link being a 404 error, added mention on Element (iOS) not
|
||||||
and later added pills not being supported by it either. I didn't consider
|
doing URL previews and later added pills not being supported by it either. I
|
||||||
|
didn't consider
|
||||||
[outdated emoji picker](https://github.com/vector-im/element-ios/issues/4654)
|
[outdated emoji picker](https://github.com/vector-im/element-ios/issues/4654)
|
||||||
worth mentioning here, but it came up in the same context as URL previews
|
worth mentioning here, but it came up in the same context as URL previews
|
||||||
and wasn't reported to upstream, so I might as well mention it in this part.
|
and wasn't reported to upstream, so I might as well mention it in this part.
|
||||||
- 2021-08-27: Noted cancellation/delay of space-specific profiles,
|
- 2021-08-27: Noted cancellation/delay of space-specific profiles, mention
|
||||||
mention emoji/reactions not being encrypted at all, added link to E2EE
|
emoji/reactions not being encrypted at all, added link to E2EE test room and
|
||||||
test room and this list item.
|
this list item.
|
||||||
- 2021-09-09: It's brought to my attention that URL previews exist on Element
|
- 2021-09-09: It's brought to my attention that URL previews exist on Element
|
||||||
iOS! It's 23.15 in Finland so I only strikethrough this issue.
|
iOS! It's 23.15 in Finland so I only strikethrough this issue.
|
||||||
- 2022-01-10: I am told that [Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
|
- 2022-01-10: I am told that
|
||||||
|
[Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
|
||||||
so I have strikethrouged that and changed it to "by the matrix.org team".
|
so I have strikethrouged that and changed it to "by the matrix.org team".
|
||||||
- Typing this it looks like this blogpost predates the demote of Synapse, but
|
- Typing this it looks like this blogpost predates the demote of Synapse,
|
||||||
I wish to stay up-to-date with this post.
|
but I wish to stay up-to-date with this post.
|
||||||
- I am also noting that `m.room.retention` doesn't persist across room upgrades
|
- I am also noting that `m.room.retention` doesn't persist across room
|
||||||
and linking to the Element-meta issue on self-destructing/disappearing messages
|
upgrades and linking to the Element-meta issue on
|
||||||
to not be confused with retention.
|
self-destructing/disappearing messages to not be confused with retention.
|
||||||
- Oh and reply fallbacks leaking previously encrypted messages too.
|
- Oh and reply fallbacks leaking previously encrypted messages too.
|
||||||
- 2022-05-31: I noticed that Element iOS has gotten pills. Strikethrough time.
|
- 2022-05-31: I noticed that Element iOS has gotten pills. Strikethrough time.
|
||||||
- 2023-07-05: I added warning that room retention may cause database
|
- 2023-07-05: I added warning that room retention may cause database
|
||||||
|
@ -7,36 +7,35 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io
|
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io based
|
||||||
based on transparency/openess, actually reviewing recommendations and having
|
on transparency/openess, actually reviewing recommendations and having at least
|
||||||
at least two reviews by team members before un/recommending anything. That
|
two reviews by team members before un/recommending anything. That is no longer
|
||||||
is no longer the case._
|
the case._
|
||||||
|
|
||||||
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so
|
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so I was
|
||||||
I was less available online. During that time, on 2021-11-18 9.30 UTC+2
|
less available online. During that time, on 2021-11-18 9.30 UTC+2 a pull request
|
||||||
a pull request was force-merged by a team member listing three new projects
|
was force-merged by a team member listing three new projects and removing two.
|
||||||
and removing two.
|
|
||||||
|
|
||||||
- [privacyguides/privacyguides.org#274](https://github.com/privacyguides/privacyguides.org/pull/274)
|
- [privacyguides/privacyguides.org#274](https://github.com/privacyguides/privacyguides.org/pull/274)
|
||||||
|
|
||||||
This was mentioned in the team room and reviews were asked during one hour
|
This was mentioned in the team room and reviews were asked during one hour
|
||||||
period before the force-merge, but no one was online to review before it was
|
period before the force-merge, but no one was online to review before it was
|
||||||
already merged. I didn't realize what had happened, until another PR came in
|
already merged. I didn't realize what had happened, until another PR came in on
|
||||||
on 2021-11-21.
|
2021-11-21.
|
||||||
|
|
||||||
I believe this change violates what Privacy Guides stands for and as no one
|
I believe this change violates what Privacy Guides stands for and as no one has
|
||||||
has any interest making an announcement (this may be the first one) or
|
any interest making an announcement (this may be the first one) or reverting the
|
||||||
reverting the pull request until proper process, I consider that the team
|
pull request until proper process, I consider that the team has no purpose and
|
||||||
has no purpose and isn't needed for reviewing anything as opinions of an
|
isn't needed for reviewing anything as opinions of an individual can be
|
||||||
individual can be force-pushed through like that.
|
force-pushed through like that.
|
||||||
|
|
||||||
This has brought me enough anxiety and stress to distract me from other
|
This has brought me enough anxiety and stress to distract me from other aspects
|
||||||
aspects of my life and I consider my departure to be healthy in general.
|
of my life and I consider my departure to be healthy in general.
|
||||||
|
|
||||||
The way things appear to be going is that there will be a change of criteria
|
The way things appear to be going is that there will be a change of criteria
|
||||||
that will then justify the change. To me this is just the other side of the
|
that will then justify the change. To me this is just the other side of the coin
|
||||||
coin from changing a law to ban something and then punishing people for it
|
from changing a law to ban something and then punishing people for it and not
|
||||||
and not the way a transparent project should work.
|
the way a transparent project should work.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -60,49 +59,50 @@ and not the way a transparent project should work.
|
|||||||
|
|
||||||
## Previous leaving
|
## Previous leaving
|
||||||
|
|
||||||
I previously left Privacy Guides team, then known as Privacy Tools due to
|
I previously left Privacy Guides team, then known as Privacy Tools due to there
|
||||||
there having been an issue I viewed as conflict of interest, someone in the
|
having been an issue I viewed as conflict of interest, someone in the then-team
|
||||||
then-team being offered work or gig by a software/service that was willing to
|
being offered work or gig by a software/service that was willing to be listed,
|
||||||
be listed, which the rest of the team didn't consider as one or worth mentioning,
|
which the rest of the team didn't consider as one or worth mentioning, but you
|
||||||
but you can find more information about that online.
|
can find more information about that online.
|
||||||
|
|
||||||
Maybe I am just incapable of working in teams that claim to be something
|
Maybe I am just incapable of working in teams that claim to be something they
|
||||||
they are not, while I personally aspire to stand for my values and be openly
|
are not, while I personally aspire to stand for my values and be openly and
|
||||||
and honestly myself.
|
honestly myself.
|
||||||
|
|
||||||
## Other issues
|
## Other issues
|
||||||
|
|
||||||
### Cleanup older solutions now, instruct on new ones later
|
### Cleanup older solutions now, instruct on new ones later
|
||||||
|
|
||||||
Like everything else in tech, privacy field changes fast and it can be hard
|
Like everything else in tech, privacy field changes fast and it can be hard to
|
||||||
to keep up. Privacy Guides appear to have adapted a policy to get rid of old
|
keep up. Privacy Guides appear to have adapted a policy to get rid of old
|
||||||
recommendations such as HTTPS Everywhere as soon as possible.
|
recommendations such as HTTPS Everywhere as soon as possible.
|
||||||
|
|
||||||
HTTPS Everywhere is deprecated and going away as web browsers are rapidly
|
HTTPS Everywhere is deprecated and going away as web browsers are rapidly
|
||||||
gaining an option for enforcing HTTPS connections everywhere. However it is
|
gaining an option for enforcing HTTPS connections everywhere. However it is not
|
||||||
not enabled by default in most of web browsers and Privacy Guides has delisted
|
enabled by default in most of web browsers and Privacy Guides has delisted the
|
||||||
the extension without instructions on how to enable the HTTPS-only mode.
|
extension without instructions on how to enable the HTTPS-only mode.
|
||||||
|
|
||||||
In my opinion the issue is even worse when considering that the option doesn't
|
In my opinion the issue is even worse when considering that the option doesn't
|
||||||
even sync in some web browsers such as Microsoft Edge.
|
even sync in some web browsers such as Microsoft Edge.
|
||||||
|
|
||||||
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy Guides recommends\>.
|
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy
|
||||||
|
Guides recommends\>.
|
||||||
|
|
||||||
I hope that helps tech/privacy support people using Privacy Guides as material,
|
I hope that helps tech/privacy support people using Privacy Guides as material,
|
||||||
less techy people may have difficulties even installing extensions.
|
less techy people may have difficulties even installing extensions.
|
||||||
|
|
||||||
### Community communication
|
### Community communication
|
||||||
|
|
||||||
I haven't been in the Matrix rooms of Privacy Guides in a long time outside
|
I haven't been in the Matrix rooms of Privacy Guides in a long time outside of
|
||||||
of the team, as I find them very draining. I think I have an issue with how
|
the team, as I find them very draining. I think I have an issue with how
|
||||||
multiple people communicate and there are ongoing discussions on improving the
|
multiple people communicate and there are ongoing discussions on improving the
|
||||||
Code of Conduct.
|
Code of Conduct.
|
||||||
|
|
||||||
### Privacy, is it one size fits all, what can be sacrificed for it?
|
### Privacy, is it one size fits all, what can be sacrificed for it?
|
||||||
|
|
||||||
As may be clear from this writing, I have multiple values and while privacy
|
As may be clear from this writing, I have multiple values and while privacy is
|
||||||
is one of them, I don't consider privacy to be above everything else. For
|
one of them, I don't consider privacy to be above everything else. For example I
|
||||||
example I care about climate change and diversity of the internet.
|
care about climate change and diversity of the internet.
|
||||||
|
|
||||||
I get the impression that Privacy Guides is going towards a direction where, to
|
I get the impression that Privacy Guides is going towards a direction where, to
|
||||||
exaggregate a bit, only VPN providers and internet giants alongside big enough
|
exaggregate a bit, only VPN providers and internet giants alongside big enough
|
||||||
@ -110,109 +110,127 @@ organizations exist. And by VPN, I don't mean a service that connects two
|
|||||||
networks together letting you access private network resources, I mean a service
|
networks together letting you access private network resources, I mean a service
|
||||||
that everyone in ICT field appears to tell you to get to be private and secure
|
that everyone in ICT field appears to tell you to get to be private and secure
|
||||||
online, commonly without explaining why you need one, or which one, which
|
online, commonly without explaining why you need one, or which one, which
|
||||||
results into a risk of getting one that may be a bit shady or paying it's
|
results into a risk of getting one that may be a bit shady or paying it's way
|
||||||
way into rankings (Privacy Guides doesn't take money to my knowledge, but who
|
into rankings (Privacy Guides doesn't take money to my knowledge, but who can
|
||||||
can know if force-merges will make that the norm in the future).
|
know if force-merges will make that the norm in the future).
|
||||||
|
|
||||||
I disagree and wish to see a connected world where anyone can host a server
|
I disagree and wish to see a connected world where anyone can host a server even
|
||||||
even at their home or even host on P2P networks without caring about NAT or
|
at their home or even host on P2P networks without caring about NAT or
|
||||||
port-forwarding, while that goes to firewalls versus NAT territory and brings
|
port-forwarding, while that goes to firewalls versus NAT territory and brings in
|
||||||
in the dark side of Internet of Things which likely call home, don't interoperate
|
the dark side of Internet of Things which likely call home, don't interoperate
|
||||||
with each other, and never get updates or may just stop working should the
|
with each other, and never get updates or may just stop working should the
|
||||||
manufacturer go out of business, but that would be something for another blog post.
|
manufacturer go out of business, but that would be something for another blog
|
||||||
|
post.
|
||||||
|
|
||||||
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough
|
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough for
|
||||||
for majority of people and in case of family tech-administrators can go
|
majority of people and in case of family tech-administrators can go a long way
|
||||||
a long way in upkeeping security in form of malicious domain filtering without
|
in upkeeping security in form of malicious domain filtering without drawbacks of
|
||||||
drawbacks of VPNs (increased latencies, captchas, connectivity problems in
|
VPNs (increased latencies, captchas, connectivity problems in poor network
|
||||||
poor network connections).
|
connections).
|
||||||
|
|
||||||
- _Before following any of this, please see [Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether it suits for you_
|
- _Before following any of this, please see
|
||||||
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about diverse internet, has less bloat on it
|
[Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether
|
||||||
and due to separate port is likely choice of your network admin. However **_DoH actually works everywhere_**
|
it suits for you_
|
||||||
due to using the same port, so as someone who just wants to use the internet, it should be preferred.
|
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about
|
||||||
If you are implementing encrypted DNS somewhere, I would request support
|
diverse internet, has less bloat on it and due to separate port is likely
|
||||||
for both for the [DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
|
choice of your network admin. However **_DoH actually works everywhere_**
|
||||||
|
due to using the same port, so as someone who just wants to use the
|
||||||
|
internet, it should be preferred. If you are implementing encrypted DNS
|
||||||
|
somewhere, I would request support for both for the
|
||||||
|
[DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
|
||||||
- Android9+: Settings -> Advanced -> Private DNS: `dns.quad9.net`
|
- Android9+: Settings -> Advanced -> Private DNS: `dns.quad9.net`
|
||||||
- Apple: [encrypted-dns.party](https://encrypted-dns.party/)
|
- Apple: [encrypted-dns.party](https://encrypted-dns.party/)
|
||||||
- SailfishOS: [feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
|
- SailfishOS:
|
||||||
- Linux: [systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS) [Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
|
[feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
|
||||||
- Windows 11: [proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support) or (read first: [Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users)) [improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg) and in any case network settings
|
- Linux:
|
||||||
|
[systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS)
|
||||||
|
[Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
|
||||||
|
- Windows 11:
|
||||||
|
[proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support)
|
||||||
|
or (read first:
|
||||||
|
[Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users))
|
||||||
|
[improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg)
|
||||||
|
and in any case network settings
|
||||||
|
|
||||||
Counter-argument: encrypted DNS doesn't encrypt the IP address you are connecting
|
Counter-argument: encrypted DNS doesn't encrypt the IP address you are
|
||||||
to which often maps back to the plaintext domain, and SNI is still visible so
|
connecting to which often maps back to the plaintext domain, and SNI is still
|
||||||
the sites you visit are still visible.
|
visible so the sites you visit are still visible.
|
||||||
|
|
||||||
Counter-counter-argument: do people around you really care if the ISP and
|
Counter-counter-argument: do people around you really care if the ISP and
|
||||||
encrypted DNS provider know they are visiting sites like `facebook.com` and
|
encrypted DNS provider know they are visiting sites like `facebook.com` and
|
||||||
`youtube.com` as they still cannot see what you are doing there?
|
`youtube.com` as they still cannot see what you are doing there?
|
||||||
|
|
||||||
In case encrypting what is being done on sites (https) and encrypting DNS
|
In case encrypting what is being done on sites (https) and encrypting DNS (to
|
||||||
(to protect from DNS hijacking) is not enough, I would advice using [Tor](https://torproject.org/) instead
|
protect from DNS hijacking) is not enough, I would advice using
|
||||||
and becoming familiar with their website.
|
[Tor](https://torproject.org/) instead and becoming familiar with their website.
|
||||||
|
|
||||||
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally or not? DNSSEC
|
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally
|
||||||
and certificate authorities. Also out of scope for this post, but if your
|
or not? DNSSEC and certificate authorities. Also out of scope for this post, but
|
||||||
interest is piqued, please do use your favourite search engine to learn more,
|
if your interest is piqued, please do use your favourite search engine to learn
|
||||||
I already wrote too much about encrypted DNS...
|
more, I already wrote too much about encrypted DNS...
|
||||||
|
|
||||||
### Real time communication platforms
|
### Real time communication platforms
|
||||||
|
|
||||||
If you look into Privacy Guides instant messaging platforms, at the time
|
If you look into Privacy Guides instant messaging platforms, at the time of
|
||||||
of writing it will suggest you to use Element. That means nothing,
|
writing it will suggest you to use Element. That means nothing, [there are three
|
||||||
[there are three different apps called as Element on three different platforms, the only thing in common is the name and if you are looking for privacy, you should look into it deeper or look entirely elsewhere, but that is my previous blog post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at the time of writing)
|
different apps called as Element on three different platforms, the only thing
|
||||||
your room specific display names may leak and media files are never actually
|
in common is the name and if you are looking for privacy, you should look into
|
||||||
removed. If that is fine for you, great. If your issue is just with
|
it deeper or look entirely elsewhere, but that is my previous blog
|
||||||
room specific display names, I would suggest a Matrix client that allows
|
post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at
|
||||||
using multiple different accounts such as [FluffyChat](https://fluffychat.im/) (note:
|
the time of writing) your room specific display names may leak and media files are
|
||||||
I am a contributor).
|
never actually removed. If that is fine for you, great. If your issue is just with
|
||||||
|
room specific display names, I would suggest a Matrix client that allows using multiple
|
||||||
|
different accounts such as [FluffyChat](https://fluffychat.im/) (note: I am a contributor).
|
||||||
|
|
||||||
Privacy Guides not warning about Matrix may be partially my fault
|
Privacy Guides not warning about Matrix may be partially my fault as
|
||||||
as [I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50) though.
|
[I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50)
|
||||||
|
though.
|
||||||
|
|
||||||
XMPP? Privacy Guides doesn't mention it, because there is no single app
|
XMPP? Privacy Guides doesn't mention it, because there is no single app to
|
||||||
to recommend across all platforms (and I am grateful about that
|
recommend across all platforms (and I am grateful about that as opposed to
|
||||||
as opposed to Element not being Element not being Element) and the protocol
|
Element not being Element not being Element) and the protocol doesn't enforce
|
||||||
doesn't enforce end-to-end encryption. I am not sure if being under control
|
end-to-end encryption. I am not sure if being under control of the server admin
|
||||||
of the server admin counts as Matrix also allows server admin to perform takeover
|
counts as Matrix also allows server admin to perform takeover and other
|
||||||
and other hostilities. [Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
|
hostilities.
|
||||||
|
[Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
|
||||||
they don't care.
|
they don't care.
|
||||||
|
|
||||||
Speaking of end-to-end encryption, another rejected solution especially for
|
Speaking of end-to-end encryption, another rejected solution especially for
|
||||||
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going
|
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going to blog in
|
||||||
to blog in the future about) as end-to-end encryption
|
the future about) as end-to-end encryption isn't useful in public channels, it
|
||||||
isn't useful in public channels, it can easily be used in internal network
|
can easily be used in internal network (maybe accessed by not-misnomer-VPN I
|
||||||
(maybe accessed by not-misnomer-VPN I wrote about above) or ran in public
|
wrote about above) or ran in public allowing Tor access without requiring
|
||||||
allowing Tor access without requiring registration, at the time neither Slack
|
registration, at the time neither Slack or Discord provides end-to-end
|
||||||
or Discord provides end-to-end encryption and neither Slack or Element provides
|
encryption and neither Slack or Element provides guest access to my knowledge.
|
||||||
guest access to my knowledge. (The toggle in room settings? It was removed
|
(The toggle in room settings? It was removed accidentally without never getting
|
||||||
accidentally without never getting reimplemented).
|
reimplemented).
|
||||||
|
|
||||||
Anyway, there may be a time and place for every communication platform,
|
Anyway, there may be a time and place for every communication platform,
|
||||||
personally I perform a lot of mix-and-matching as that is what people I
|
personally I perform a lot of mix-and-matching as that is what people I actually
|
||||||
actually do want to communicate with do, I haven't been able to talk my
|
do want to communicate with do, I haven't been able to talk my family from
|
||||||
family from WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave
|
WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave it pre-pandemic and
|
||||||
it pre-pandemic and thus lost access to many people and peer support groups),
|
thus lost access to many people and peer support groups), I have several Signal
|
||||||
I have several Signal contacts, Matrix and IRC are in my daily use and I
|
contacts, Matrix and IRC are in my daily use and I don't see XMPP going away any
|
||||||
don't see XMPP going away any time soon either.
|
time soon either.
|
||||||
|
|
||||||
## What now
|
## What now
|
||||||
|
|
||||||
I hope leaving Privacy Guides will leave me more time to do things that matter
|
I hope leaving Privacy Guides will leave me more time to do things that matter
|
||||||
to me and my hobbies and other things taking time. For example, I am at work
|
to me and my hobbies and other things taking time. For example, I am at work
|
||||||
try-out practice, seeking for employment and I have recently agreed to contribute
|
try-out practice, seeking for employment and I have recently agreed to
|
||||||
into [FluffyChat's](https://fluffychat.im/) Finnish translations (while I feel
|
contribute into [FluffyChat's](https://fluffychat.im/) Finnish translations
|
||||||
a bit guilty about the state of Finnish translations in KISS Launcher and Onion Share
|
(while I feel a bit guilty about the state of Finnish translations in KISS
|
||||||
that I haven't looked into in ages). Language learning also takes a lot of time
|
Launcher and Onion Share that I haven't looked into in ages). Language learning
|
||||||
and stubborness to not give up. And then there is this website where I currently
|
also takes a lot of time and stubborness to not give up. And then there is this
|
||||||
have 49 issues/ideas open (26 of them labeled as blog)
|
website where I currently have 49 issues/ideas open (26 of them labeled as blog)
|
||||||
|
|
||||||
Obligatory: should I be believed on this over Privacy Guides? Neither
|
Obligatory: should I be believed on this over Privacy Guides? Neither should be
|
||||||
should be believed in, take everything with a grain of salt, use your
|
believed in, take everything with a grain of salt, use your favourite search
|
||||||
favourite search engine and reach your own answers. Do also check whether
|
engine and reach your own answers. Do also check whether there is money
|
||||||
there is money involved, does the service/app have affiliate programme? I think
|
involved, does the service/app have affiliate programme? I think a lot of what I
|
||||||
a lot of what I am saying is my opinions and privacy sites reflect opinions
|
am saying is my opinions and privacy sites reflect opinions of their writers, so
|
||||||
of their writers, so I wish you good luck trying to find any absolute fact
|
I wish you good luck trying to find any absolute fact that works in every
|
||||||
that works in every situation should you attempt that venture.
|
situation should you attempt that venture.
|
||||||
|
|
||||||
See also [Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).
|
See also
|
||||||
|
[Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).
|
||||||
|
@ -1,22 +1,25 @@
|
|||||||
---
|
---
|
||||||
layout: post
|
layout: post
|
||||||
title: "Matrix abuse protection model for community maintainers: security by obscurity"
|
title:
|
||||||
|
"Matrix abuse protection model for community maintainers: security by
|
||||||
|
obscurity"
|
||||||
category: [english]
|
category: [english]
|
||||||
tags: [matrix]
|
tags: [matrix]
|
||||||
lang: en
|
lang: en
|
||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_I am administrator or moderator in multiple communities in Matrix, the most sizable
|
_I am administrator or moderator in multiple communities in Matrix, the most
|
||||||
being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir. And I am tired._
|
sizable being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir.
|
||||||
|
And I am tired._
|
||||||
|
|
||||||
If I was using Discord, I would make a guild, make roles within it and then
|
If I was using Discord, I would make a guild, make roles within it and then
|
||||||
right click people and assign them roles and they would be able to manage all
|
right click people and assign them roles and they would be able to manage all
|
||||||
channels those roles let them. Time estimate less than 15 minutes.
|
channels those roles let them. Time estimate less than 15 minutes.
|
||||||
|
|
||||||
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
|
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
|
||||||
it feels like no one has thought of the case where a community with more than
|
it feels like no one has thought of the case where a community with more than a
|
||||||
a couple of rooms wants to use Matrix.
|
couple of rooms wants to use Matrix.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -46,93 +49,107 @@ smaller steps:
|
|||||||
1. Use https://develop.element.io/ (or have a config.json allowing you to use
|
1. Use https://develop.element.io/ (or have a config.json allowing you to use
|
||||||
labs)
|
labs)
|
||||||
2. Create a space.
|
2. Create a space.
|
||||||
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2. **_WARNING_** You should check [the Matrix spec](https://spec.matrix.org/latest/rooms/)
|
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2.
|
||||||
for the latest stable room version. Or maybe the [unstable spec](https://spec.matrix.org/unstable/rooms/)?
|
**_WARNING_** You should check
|
||||||
Or maybe you should just [search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3. **_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
|
[the Matrix spec](https://spec.matrix.org/latest/rooms/) for the latest
|
||||||
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
stable room version. Or maybe the
|
||||||
|
[unstable spec](https://spec.matrix.org/unstable/rooms/)? Or maybe you should
|
||||||
|
just
|
||||||
|
[search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3.
|
||||||
|
**_WARNING! Always before executing `/upgraderoom` check that everyone in
|
||||||
|
your room has a recent Matrix server that supports your target room version,
|
||||||
|
otherwise you may lock some of your users out._** For example
|
||||||
|
`/invite @version:maunium.net` and once it joins, say
|
||||||
|
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
|
||||||
|
that don't support room version {{site.matrixLatestRoomVersion}} yet.
|
||||||
4. Clear cache and reload so the old space maybe disappears.
|
4. Clear cache and reload so the old space maybe disappears.
|
||||||
5. See also [Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
|
5. See also
|
||||||
|
[Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
|
||||||
6. Now that there is a space, right click it to create a new room under it and
|
6. Now that there is a space, right click it to create a new room under it and
|
||||||
select that it can only be joined by space members. You will hopefully end up
|
select that it can only be joined by space members. You will hopefully end up
|
||||||
with room version 9 (the default at time of writing is 6 and has even worse
|
with room version 9 (the default at time of writing is 6 and has even worse
|
||||||
situation with abuse pretention).
|
situation with abuse pretention).
|
||||||
7. Go to room settings and set the room to public join assuming it's supposed
|
7. Go to room settings and set the room to public join assuming it's supposed to
|
||||||
to be public (14 of this worst case scenario are)
|
be public (14 of this worst case scenario are)
|
||||||
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how
|
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how to
|
||||||
to handle a private space (9 rooms in this case).
|
handle a private space (9 rooms in this case).
|
||||||
|
|
||||||
### Bus factor
|
### Bus factor
|
||||||
|
|
||||||
As we are a serious organisation using Matrix here, even if we have no money
|
As we are a serious organisation using Matrix here, even if we have no money or
|
||||||
or people or homeserver or Mjolnir, what happens if you somehow become unable
|
people or homeserver or Mjolnir, what happens if you somehow become unable to
|
||||||
to access your account or are asleep or something when you are needed? You add
|
access your account or are asleep or something when you are needed? You add more
|
||||||
more people with power and also register yourself on multiple homeservers, so
|
people with power and also register yourself on multiple homeservers, so if your
|
||||||
if your main account goes down, you have power somewhere else.
|
main account goes down, you have power somewhere else.
|
||||||
|
|
||||||
Let's say you have 20 rooms (you get it a bit more easy than I do), I think
|
Let's say you have 20 rooms (you get it a bit more easy than I do), I think you
|
||||||
you have three methods to promote your other accounts:
|
have three methods to promote your other accounts:
|
||||||
|
|
||||||
**_WARNING: administrator status cannot be removed by others._**
|
**_WARNING: administrator status cannot be removed by others._**
|
||||||
|
|
||||||
- A. Using the graphical user interface, invite the other administrators to
|
- A. Using the graphical user interface, invite the other administrators to the
|
||||||
the room and click the buttons to make them administrators. I am too tired
|
room and click the buttons to make them administrators. I am too tired to
|
||||||
to check how to do this, but it's a graphical user interface, good luck!
|
check how to do this, but it's a graphical user interface, good luck! Remember
|
||||||
Remember you will do this twenty times, once for every room/administrator.
|
you will do this twenty times, once for every room/administrator.
|
||||||
- B. You can type `/invite @user:example.org` and then `/op @user:example.org 100`
|
- B. You can type `/invite @user:example.org` and then
|
||||||
and copy-paste it all the time!
|
`/op @user:example.org 100` and copy-paste it all the time!
|
||||||
- C. My favourite, you can have a pre-formatted power-level event in json in
|
- C. My favourite, you can have a pre-formatted power-level event in json in a
|
||||||
a git repository from which you can copy-paste it to all rooms, first `/devtools`,
|
git repository from which you can copy-paste it to all rooms, first
|
||||||
then "room state", "m.room.power_levels", "edit" and you can paste your new
|
`/devtools`, then "room state", "m.room.power_levels", "edit" and you can
|
||||||
administrators there and press "send"! This is the only mass option you have,
|
paste your new administrators there and press "send"! This is the only mass
|
||||||
and you will have to do this in each twenty rooms.
|
option you have, and you will have to do this in each twenty rooms.
|
||||||
|
|
||||||
Remember you will have to do this every time you add a new moderator (or they
|
Remember you will have to do this every time you add a new moderator (or they
|
||||||
will be unable to act in the room when they are needed)!
|
will be unable to act in the room when they are needed)!
|
||||||
|
|
||||||
We also have a matterbridge (which has it's own configuration for every room, but
|
We also have a matterbridge (which has it's own configuration for every room,
|
||||||
offtopic here) which has administrator / power level 100 in every room, so if
|
but offtopic here) which has administrator / power level 100 in every room, so
|
||||||
I am not available the administrator team can login as it and take care of
|
if I am not available the administrator team can login as it and take care of
|
||||||
the situation.
|
the situation.
|
||||||
|
|
||||||
## Abuse finds you!
|
## Abuse finds you!
|
||||||
|
|
||||||
Congratulations, if abuse has found you, the security through obscurity model
|
Congratulations, if abuse has found you, the security through obscurity model
|
||||||
has failed and now you get to deal with it! That is very simple, you just check
|
has failed and now you get to deal with it! That is very simple, you just check
|
||||||
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all twenty
|
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all
|
||||||
rooms.
|
twenty rooms.
|
||||||
|
|
||||||
Did you find out that you have a lot of abuse from a single server and Matrix
|
Did you find out that you have a lot of abuse from a single server and Matrix
|
||||||
doesn't support wildcards in bans? No problem, [Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
|
doesn't support wildcards in bans? No problem,
|
||||||
you simply use `/devtools` and ban the entire server by sending a completely new event
|
[Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
|
||||||
`m.room.server_acl`, luckily you are a professional `/devtools` user at this point
|
you simply use `/devtools` and ban the entire server by sending a completely new
|
||||||
so having to do this 20 times is nothing to you.
|
event `m.room.server_acl`, luckily you are a professional `/devtools` user at
|
||||||
|
this point so having to do this 20 times is nothing to you.
|
||||||
|
|
||||||
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside [the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
|
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside
|
||||||
so as per the guide, you will have to acl those servers too (or the ACL might as well not exist).
|
[the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
|
||||||
|
so as per the guide, you will have to acl those servers too (or the ACL might as
|
||||||
|
well not exist).
|
||||||
|
|
||||||
### Icing on the cake
|
### Icing on the cake
|
||||||
|
|
||||||
Could this get any better? Yes, the abuse could happen when you are sleeping
|
Could this get any better? Yes, the abuse could happen when you are sleeping or
|
||||||
or otherwise out of the picture, so your fellow ICT team member (who has no interest
|
otherwise out of the picture, so your fellow ICT team member (who has no
|
||||||
in touching this mess with a long stick) has to step in for you and resolve the issue.
|
interest in touching this mess with a long stick) has to step in for you and
|
||||||
|
resolve the issue.
|
||||||
|
|
||||||
It's a stress situation for them, will the ICT team be able to find the shared
|
It's a stress situation for them, will the ICT team be able to find the shared
|
||||||
password for the Matrix administrator account you hopefully have and speedlearn
|
password for the Matrix administrator account you hopefully have and speedlearn
|
||||||
to be a `/devtools` professional or able to handle even easier forms of spamming
|
to be a `/devtools` professional or able to handle even easier forms of spamming
|
||||||
or flooding without you present? My money is on the spammer. Good luck, high-five
|
or flooding without you present? My money is on the spammer. Good luck,
|
||||||
for the next team meeting where you wonder what happened, how to prevent it from
|
high-five for the next team meeting where you wonder what happened, how to
|
||||||
happening again and will you even support Matrix in the future?
|
prevent it from happening again and will you even support Matrix in the future?
|
||||||
|
|
||||||
I hope someone thanked you for ever having your organization there, I know
|
I hope someone thanked you for ever having your organization there, I know that
|
||||||
that I have only gotten complaints about matterbridge looking ugly and not
|
I have only gotten complaints about matterbridge looking ugly and not using
|
||||||
using matrix-appservice-irc, \<redacted-for-similar-trouble\>, matrix-whatever-discord,
|
matrix-appservice-irc, \<redacted-for-similar-trouble\>,
|
||||||
etc.
|
matrix-whatever-discord, etc.
|
||||||
|
|
||||||
## Aminda, are you ok, has this happened to you?
|
## Aminda, are you ok, has this happened to you?
|
||||||
|
|
||||||
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
|
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
|
||||||
in general, and this whole issue is ridiculous, someone could have thought of
|
in general, and this whole issue is ridiculous, someone could have thought of it
|
||||||
it since 2014, everything I am saying is public knowledge, but no one cares.
|
since 2014, everything I am saying is public knowledge, but no one cares.
|
||||||
|
|
||||||
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
|
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
|
||||||
(which brings all reasonable management for organizations) who is at fault (me).
|
(which brings all reasonable management for organizations) who is at fault (me).
|
||||||
@ -143,13 +160,14 @@ it off the internet before beginning.
|
|||||||
|
|
||||||
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
|
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
|
||||||
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
|
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
|
||||||
painted in this blog post, but as I am the only administrator at Matrix, I
|
painted in this blog post, but as I am the only administrator at Matrix, I have
|
||||||
have locked it down so the rest of the ICT team can continue not touching Matrix
|
locked it down so the rest of the ICT team can continue not touching Matrix or
|
||||||
or practicing `/devtools` first without a stressful situation.
|
practicing `/devtools` first without a stressful situation.
|
||||||
|
|
||||||
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
|
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
|
||||||
knocking before it can be joined. Don't ask me what Matrix clients support
|
knocking before it can be joined. Don't ask me what Matrix clients support
|
||||||
knocking, it's part of [Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
|
knocking, it's part of
|
||||||
|
[Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
|
||||||
don't even ask me what Matrix servers support it.
|
don't even ask me what Matrix servers support it.
|
||||||
|
|
||||||
Our public rooms within that space require being a member of that space.
|
Our public rooms within that space require being a member of that space.
|
||||||
@ -157,19 +175,20 @@ Our public rooms within that space require being a member of that space.
|
|||||||
Our more sensitive rooms that desire working peace from spammers are in a
|
Our more sensitive rooms that desire working peace from spammers are in a
|
||||||
subspace, which again require belonging to it, and which requires knocking too.
|
subspace, which again require belonging to it, and which requires knocking too.
|
||||||
We have similar system in place at Discord where we just grant people a role
|
We have similar system in place at Discord where we just grant people a role
|
||||||
once they have talked a bit and shown themselves to not be malicious and this
|
once they have talked a bit and shown themselves to not be malicious and this is
|
||||||
is the best <s>we</s> I can do at Matrix.
|
the best <s>we</s> I can do at Matrix.
|
||||||
|
|
||||||
The above looks a bit weird as I was going to put the actual json events
|
The above looks a bit weird as I was going to put the actual json events there,
|
||||||
there, but I am too tired to bother with that.
|
but I am too tired to bother with that.
|
||||||
|
|
||||||
## Afterword
|
## Afterword
|
||||||
|
|
||||||
If I am wrong at anything I said, please contact me instantly either in [my discussion channels](/discuss),
|
If I am wrong at anything I said, please contact me instantly either in
|
||||||
|
[my discussion channels](/discuss),
|
||||||
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
|
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
|
||||||
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my email actively though)
|
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my
|
||||||
as if I am wrong and there is a reasonable Discord-style interface for this
|
email actively though) as if I am wrong and there is a reasonable Discord-style
|
||||||
without additional money, you are improving my life greatly as I am not just
|
interface for this without additional money, you are improving my life greatly
|
||||||
going to stop using Matrix.
|
as I am not just going to stop using Matrix.
|
||||||
|
|
||||||
- [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md)
|
- [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md)
|
||||||
|
@ -6,26 +6,33 @@ tags: [ssh]
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_I have been using SSH signed git commits from 8 months and started signing things with my SSH key instead of PGP keys and thought to share how to do that more easily_
|
_I have been using SSH signed git commits from 8 months and started signing
|
||||||
|
things with my SSH key instead of PGP keys and thought to share how to do that
|
||||||
|
more easily_
|
||||||
|
|
||||||
If you didn't know that SSH can be used for this, I suggest reading
|
If you didn't know that SSH can be used for this, I suggest reading
|
||||||
|
|
||||||
- [Andrew Ayer: It's Now Possible To Sign Arbitrary Data With Your SSH Keys](https://www.agwa.name/blog/post/ssh_signatures)
|
- [Andrew Ayer: It's Now Possible To Sign Arbitrary Data With Your SSH Keys](https://www.agwa.name/blog/post/ssh_signatures)
|
||||||
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh) ([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
|
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh)
|
||||||
|
([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
|
||||||
|
|
||||||
## Signing
|
## Signing
|
||||||
|
|
||||||
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is a bit of effort, why not make an alias for it? In my shellrc's I have:
|
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is
|
||||||
|
a bit of effort, why not make an alias for it? In my shellrc's I have:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
alias ssh-sign-file="ssh-keygen -Y sign -f ~/.ssh/signingkey.pub -n file"
|
alias ssh-sign-file="ssh-keygen -Y sign -f ~/.ssh/signingkey.pub -n file"
|
||||||
```
|
```
|
||||||
|
|
||||||
As I don't change which key I use so often, I can export my public key to `~/.ssh/signingkey.pub`
|
As I don't change which key I use so often, I can export my public key to
|
||||||
or symlink it to the right place and now when I need to sign something, I can just `ssh-sign-file file.txt`
|
`~/.ssh/signingkey.pub` or symlink it to the right place and now when I need to
|
||||||
to generate a `file.txt.sig`. Of course this assumes that I always sign files, but I don't remember signing other things as git handles the commits for me.
|
sign something, I can just `ssh-sign-file file.txt` to generate a
|
||||||
|
`file.txt.sig`. Of course this assumes that I always sign files, but I don't
|
||||||
|
remember signing other things as git handles the commits for me.
|
||||||
|
|
||||||
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive `hello.txt.sig` containing my signature.
|
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive
|
||||||
|
`hello.txt.sig` containing my signature.
|
||||||
|
|
||||||
```
|
```
|
||||||
Signing file hello.txt
|
Signing file hello.txt
|
||||||
@ -34,7 +41,11 @@ Write signature to hello.txt.sig
|
|||||||
|
|
||||||
## Verifying
|
## Verifying
|
||||||
|
|
||||||
There isn't much point in signing things, unless you are able to verify them. The command for this is `ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`, isn't that a bit much to keep in mind? In my opinion it is and thus the function gets a bit more complicated:
|
There isn't much point in signing things, unless you are able to verify them.
|
||||||
|
The command for this is
|
||||||
|
`ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`,
|
||||||
|
isn't that a bit much to keep in mind? In my opinion it is and thus the function
|
||||||
|
gets a bit more complicated:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sshAllowedSigners=$HOME/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers/allowed_signers
|
sshAllowedSigners=$HOME/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers/allowed_signers
|
||||||
@ -44,16 +55,19 @@ ssh-verify-file() {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
First I specify where is my `allowed_signers` file so I don't have to repeat it and in case I misuse the function, it reminds me how to use it:
|
First I specify where is my `allowed_signers` file so I don't have to repeat it
|
||||||
|
and in case I misuse the function, it reminds me how to use it:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
% ssh-verify-file hello.txt
|
% ssh-verify-file hello.txt
|
||||||
ssh-verify-file:1: 2: Usage: ssh-verify-file <email> <file-to-verify>
|
ssh-verify-file:1: 2: Usage: ssh-verify-file <email> <file-to-verify>
|
||||||
```
|
```
|
||||||
|
|
||||||
I again don't remember verifying other types of files as git handles it for me and I think it's a safe assumption that the signature ends to `.sig`.
|
I again don't remember verifying other types of files as git handles it for me
|
||||||
|
and I think it's a safe assumption that the signature ends to `.sig`.
|
||||||
|
|
||||||
So to use it properly and verify the previously signed file `ssh-verify-file noreply@aminda.eu hello.txt`
|
So to use it properly and verify the previously signed file
|
||||||
|
`ssh-verify-file noreply@aminda.eu hello.txt`
|
||||||
|
|
||||||
```
|
```
|
||||||
Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3Fqn8XFrP0X4mWfCVKf4rWkxERzqPY81U
|
Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3Fqn8XFrP0X4mWfCVKf4rWkxERzqPY81U
|
||||||
@ -61,11 +75,13 @@ Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3F
|
|||||||
|
|
||||||
## Extra: having git handle it for me
|
## Extra: having git handle it for me
|
||||||
|
|
||||||
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git verification commands work with SSH as well:
|
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git
|
||||||
|
verification commands work with SSH as well:
|
||||||
|
|
||||||
- `git log --show-signature` for the usual git log with signatures visbile
|
- `git log --show-signature` for the usual git log with signatures visbile
|
||||||
- `git verify-tag 1.0` for verifying a specific tag signature.
|
- `git verify-tag 1.0` for verifying a specific tag signature.
|
||||||
- `git verify-commit HEAD` to verify the latest commit signature or just to see that git signing is working.
|
- `git verify-commit HEAD` to verify the latest commit signature or just to see
|
||||||
|
that git signing is working.
|
||||||
|
|
||||||
Isn't the last command again effort? What if I could just say `git verify`?
|
Isn't the last command again effort? What if I could just say `git verify`?
|
||||||
|
|
||||||
|
@ -11,16 +11,23 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since the setting often didn't sync and it only applied to me as opposed to everyone using a shared computer. However since I have dived into browser policies, this is no longer an issue for me._
|
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since
|
||||||
|
the setting often didn't sync and it only applied to me as opposed to everyone
|
||||||
|
using a shared computer. However since I have dived into browser policies, this
|
||||||
|
is no longer an issue for me._
|
||||||
|
|
||||||
I will be referring to my [shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a lot, particularly
|
I will be referring to my
|
||||||
`etc/`, in case the link rots in the future, chances are my git forges still
|
[shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a
|
||||||
have that available. I also have [a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash) that creates the directories, symlinks for Chromium-based browsers and sets the permissions properly (if something won't work for you, check the permissions!),
|
lot, particularly `etc/`, in case the link rots in the future, chances are my
|
||||||
so I only need to manage Chromium to also manage Brave, Google Chrome,
|
git forges still have that available. I also have
|
||||||
Microsoft Edge, Vivaldi etc.
|
[a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash)
|
||||||
|
that creates the directories, symlinks for Chromium-based browsers and sets the
|
||||||
|
permissions properly (if something won't work for you, check the permissions!),
|
||||||
|
so I only need to manage Chromium to also manage Brave, Google Chrome, Microsoft
|
||||||
|
Edge, Vivaldi etc.
|
||||||
|
|
||||||
Please note that I don't have a Windows or macOS at paw and my only advice
|
Please note that I don't have a Windows or macOS at paw and my only advice for
|
||||||
for those is the official documentation (bottom of the page).
|
those is the official documentation (bottom of the page).
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -44,11 +51,11 @@ for those is the official documentation (bottom of the page).
|
|||||||
|
|
||||||
I love Chromium policies as I can just throw them in the directories
|
I love Chromium policies as I can just throw them in the directories
|
||||||
`/etc/opt/chromium/policies/{managed,recommended}/` in different `.json` files
|
`/etc/opt/chromium/policies/{managed,recommended}/` in different `.json` files
|
||||||
and then just copy what I need instead of... Now I am going ahead of myself
|
and then just copy what I need instead of... Now I am going ahead of myself with
|
||||||
with Firefox. Managed means that the setting will be locked for the user
|
Firefox. Managed means that the setting will be locked for the user and that is
|
||||||
and that is what I am using here, recommended will change the default and
|
what I am using here, recommended will change the default and show an indicator
|
||||||
show an indicator for the user about it being recommended while still allowing
|
for the user about it being recommended while still allowing it to be changed by
|
||||||
it to be changed by the way.
|
the way.
|
||||||
|
|
||||||
The case of HTTPS Everywhere is simple. I will copy a bit of my script:
|
The case of HTTPS Everywhere is simple. I will copy a bit of my script:
|
||||||
|
|
||||||
@ -63,8 +70,8 @@ sudo chmod -v a+rx /etc/opt/chromium/policies/{managed,recommended}/
|
|||||||
|
|
||||||
If you don't speak \*nix, `mkdir -vp` creates the directories verbosely
|
If you don't speak \*nix, `mkdir -vp` creates the directories verbosely
|
||||||
including their parent directories if those don't exist already and
|
including their parent directories if those don't exist already and
|
||||||
`chmod -v a+rx` verbosely allows everyone to read and execute, which is
|
`chmod -v a+rx` verbosely allows everyone to read and execute, which is required
|
||||||
required for listing directory contents.
|
for listing directory contents.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# An example, without the -p there would be error about the parent directory
|
# An example, without the -p there would be error about the parent directory
|
||||||
@ -78,8 +85,8 @@ mode of '/tmp/meow' retained as 0755 (rwxr-xr-x)
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just
|
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just a
|
||||||
a matter of creating a json file there, e.g.
|
matter of creating a json file there, e.g.
|
||||||
`/etc/opt/chromium/policies/managed/https-everywhere.json`:
|
`/etc/opt/chromium/policies/managed/https-everywhere.json`:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
@ -94,28 +101,28 @@ Now visit `about:policy` and see the policy appear (or if Chromium was already
|
|||||||
running, click `Update policies`) and you are done. Try visiting
|
running, click `Update policies`) and you are done. Try visiting
|
||||||
[http.badssl.com](https://http.badssl.com) to see it in action.
|
[http.badssl.com](https://http.badssl.com) to see it in action.
|
||||||
|
|
||||||
Of course the user can still navigate there, but HTTPS Everywhere the
|
Of course the user can still navigate there, but HTTPS Everywhere the extension
|
||||||
extension had that behaviour too and there is likely a separate policy for
|
had that behaviour too and there is likely a separate policy for that.
|
||||||
that.
|
|
||||||
|
|
||||||
_EncryptedClientHello was added here some hours after publishing the article
|
_EncryptedClientHello was added here some hours after publishing the article
|
||||||
alongside with Firefox DNS-over-HTTPS. See the bottom of page for changelog
|
alongside with Firefox DNS-over-HTTPS. See the bottom of page for changelog
|
||||||
link._
|
link._
|
||||||
|
|
||||||
To put `EncryptedClientHello` simply, it will hide which domain you are
|
To put `EncryptedClientHello` simply, it will hide which domain you are
|
||||||
requesting from https capable web server, which may be serving multiple
|
requesting from https capable web server, which may be serving multiple domains
|
||||||
domains when DNS-Over-HTTPS is used ([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
|
when DNS-Over-HTTPS is used
|
||||||
|
([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
|
||||||
generally the query for `example.net` would go in plaintext alongside _Server
|
generally the query for `example.net` would go in plaintext alongside _Server
|
||||||
Name Indication_.
|
Name Indication_.
|
||||||
|
|
||||||
It's good for your privacy, bad for enterprise network admin or those willing
|
It's good for your privacy, bad for enterprise network admin or those willing to
|
||||||
to perform censorship.
|
perform censorship.
|
||||||
|
|
||||||
### DNS-over-HTTPS
|
### DNS-over-HTTPS
|
||||||
|
|
||||||
You might have noticed that Chromium no longer allows you to use DNS over
|
You might have noticed that Chromium no longer allows you to use DNS over HTTPS
|
||||||
HTTPS since the browser is now "managed by an organization". This will require
|
since the browser is now "managed by an organization". This will require another
|
||||||
another policy that either unlocks it or forces everyone to use it.
|
policy that either unlocks it or forces everyone to use it.
|
||||||
|
|
||||||
`/etc/opt/chromium/policies/managed/doh-unlocked-unset.json`:
|
`/etc/opt/chromium/policies/managed/doh-unlocked-unset.json`:
|
||||||
|
|
||||||
@ -136,27 +143,28 @@ and the user is once again free to use their preferred DoH provider.
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
And the user is using DNS-over-HTTPS from Quad9 with fallback to system
|
And the user is using DNS-over-HTTPS from Quad9 with fallback to system resolver
|
||||||
resolver allowed (which for me is encrypted anyway). The `automatic` could be
|
allowed (which for me is encrypted anyway). The `automatic` could be replaced
|
||||||
replaced with `secure` to not allow downgrade, but I had issues with Chromium
|
with `secure` to not allow downgrade, but I had issues with Chromium losing
|
||||||
losing connectivity entirely.
|
connectivity entirely.
|
||||||
|
|
||||||
You may notice that multiple DoH providers are allowed, however I don't know
|
You may notice that multiple DoH providers are allowed, however I don't know
|
||||||
what logic is used for choosing between them. Oh and the weird https port
|
what logic is used for choosing between them. Oh and the weird https port 5053?
|
||||||
5053? It comes from
|
It comes from
|
||||||
[docs.quad9.net/services](https://docs.quad9.net/services/#alternate-ports).
|
[docs.quad9.net/services](https://docs.quad9.net/services/#alternate-ports).
|
||||||
|
|
||||||
## Firefox
|
## Firefox
|
||||||
|
|
||||||
Firefox is a bit more complicated in the sense that everything belongs to one
|
Firefox is a bit more complicated in the sense that everything belongs to one
|
||||||
`policies.json` file, so there is no separating different policies to
|
`policies.json` file, so there is no separating different policies to different
|
||||||
different files _and_ there is no direct policy for HTTPS-only mode.
|
files _and_ there is no direct policy for HTTPS-only mode.
|
||||||
|
|
||||||
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_! [This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
|
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_!
|
||||||
|
[This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
|
||||||
(`/usr/share/librewolf/distribution/policies.json`,
|
(`/usr/share/librewolf/distribution/policies.json`,
|
||||||
[codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)),
|
[codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)),
|
||||||
so make sure to copy the parts you wish to use before applying this (although
|
so make sure to copy the parts you wish to use before applying this (although I
|
||||||
I think it might have this out of the box).
|
think it might have this out of the box).
|
||||||
|
|
||||||
Hoping you read the Chromium section above, you may know the drill with the
|
Hoping you read the Chromium section above, you may know the drill with the
|
||||||
commands and flags:
|
commands and flags:
|
||||||
@ -198,20 +206,20 @@ editor and have contents similar to:
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
After saving and restarting Firefox, `about:policies` should display the
|
After saving and restarting Firefox, `about:policies` should display the change,
|
||||||
change, `about:config` should display the two preferences as grayed out and
|
`about:config` should display the two preferences as grayed out and within
|
||||||
within settings HTTPS-Only mode is used in all windows and grayed out.
|
settings HTTPS-Only mode is used in all windows and grayed out.
|
||||||
|
|
||||||
An easy test is again [http.badssl.com](http://http.badssl.com).
|
An easy test is again [http.badssl.com](http://http.badssl.com).
|
||||||
|
|
||||||
### DNS-over-HTTPS
|
### DNS-over-HTTPS
|
||||||
|
|
||||||
_This section was edited in afterwards some hours after the publishing. Refer
|
_This section was edited in afterwards some hours after the publishing. Refer to
|
||||||
to the log link on the bottom for more information._
|
the log link on the bottom for more information._
|
||||||
|
|
||||||
Like Chromium, Firefox also supports DoH, although here it must be in the
|
Like Chromium, Firefox also supports DoH, although here it must be in the same
|
||||||
same `/etc/firefox/policies/policies.json` file as before. It's simply appended
|
`/etc/firefox/policies/policies.json` file as before. It's simply appended (or
|
||||||
(or prepended) a bit:
|
prepended) a bit:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@ -243,24 +251,25 @@ The new sections are also quite self-explanatory with boolean `true` or `false`
|
|||||||
values.
|
values.
|
||||||
|
|
||||||
- Is DoH enabled by default?
|
- Is DoH enabled by default?
|
||||||
- Is it OK to automatically use system resolver if the DoH server doesn't
|
- Is it OK to automatically use system resolver if the DoH server doesn't work?
|
||||||
work? (There is a similar warning as with HTTPS only mode even if this was
|
(There is a similar warning as with HTTPS only mode even if this was `false`
|
||||||
`false` like in the example.)
|
like in the example.)
|
||||||
- Is the user allowed to change these options (including which DoH server (if
|
- Is the user allowed to change these options (including which DoH server (if
|
||||||
any) they want to use) or are they grayed out? I like locking it so I don't
|
any) they want to use) or are they grayed out? I like locking it so I don't
|
||||||
have to worry where else I may have configured it.
|
have to worry where else I may have configured it.
|
||||||
- Which URL is used for queries? I am under impression that unlike with
|
- Which URL is used for queries? I am under impression that unlike with
|
||||||
Chromium, multiple addresses aren't allowed here.
|
Chromium, multiple addresses aren't allowed here.
|
||||||
|
|
||||||
_Have you seen a note about temptation to write about IPv6 here? Perhaps you
|
_Have you seen a note about temptation to write about IPv6 here? Perhaps you are
|
||||||
are looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
|
looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
|
||||||
|
|
||||||
**Updated note on Firefox ECH:** DNS-Over-HTTPS is no longer required for ECH,
|
**Updated note on Firefox ECH:** DNS-Over-HTTPS is no longer required for ECH,
|
||||||
since `network.dns.native_https_query` exists (if you aren't using ESR
|
since `network.dns.native_https_query` exists (if you aren't using ESR branch on
|
||||||
branch on version 115). You should already know how to enable it if you have
|
version 115). You should already know how to enable it if you have read this far
|
||||||
read this far 😼
|
😼
|
||||||
|
|
||||||
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
|
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger
|
||||||
|
and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
|
||||||
|
|
||||||
## Documentation and other policies
|
## Documentation and other policies
|
||||||
|
|
||||||
@ -277,14 +286,18 @@ complaining about all the nice settings being hidden in browser policy.
|
|||||||
- The official documentation:
|
- The official documentation:
|
||||||
- [mozilla.github.io/policy-templates](https://mozilla.github.io/policy-templates/)
|
- [mozilla.github.io/policy-templates](https://mozilla.github.io/policy-templates/)
|
||||||
- [LibreAwoo policies.json could be mentioned here as well](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)
|
- [LibreAwoo policies.json could be mentioned here as well](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)
|
||||||
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/) mostly also applies to Chromium based browsers, who may have their own additions:
|
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/)
|
||||||
|
mostly also applies to Chromium based browsers, who may have their own
|
||||||
|
additions:
|
||||||
- [Brave group policy](https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy)
|
- [Brave group policy](https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy)
|
||||||
- [Microsoft Edge policy documentation](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies)
|
- [Microsoft Edge policy documentation](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies)
|
||||||
- Other documentation that may be interesting:
|
- Other documentation that may be interesting:
|
||||||
- [Ecosia as default search engine through Group Policy](https://ecosia.helpscoutdocs.com/article/487-windows-group-policy-guides)
|
- [Ecosia as default search engine through Group Policy](https://ecosia.helpscoutdocs.com/article/487-windows-group-policy-guides)
|
||||||
- [Privacy Badger enterprise deployment and configuration](https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md)
|
- [Privacy Badger enterprise deployment and configuration](https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md)
|
||||||
- [I maybe got involved there too a bit](https://github.com/EFForg/privacybadger/discussions/2947)
|
- [I maybe got involved there too a bit](https://github.com/EFForg/privacybadger/discussions/2947)
|
||||||
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin) and [deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
|
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin)
|
||||||
|
and
|
||||||
|
[deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
|
||||||
- These also apply to [AdNauseam](https://adnauseam.io/), just change the
|
- These also apply to [AdNauseam](https://adnauseam.io/), just change the
|
||||||
extension ID in your policy.
|
extension ID in your policy.
|
||||||
- Possibly helpful Wikipedia articles:
|
- Possibly helpful Wikipedia articles:
|
||||||
|
@ -11,9 +11,15 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
_I previously wrote about enforcing HTTPS for all users/profiles through browser policy receiving some positive feedback and I felt like continuing on the subject by instructing with extension installation. This barely scratches the surface of what browser policy can do for you either though._
|
_I previously wrote about enforcing HTTPS for all users/profiles through browser
|
||||||
|
policy receiving some positive feedback and I felt like continuing on the
|
||||||
|
subject by instructing with extension installation. This barely scratches the
|
||||||
|
surface of what browser policy can do for you either though._
|
||||||
|
|
||||||
I recommend reading the [browser policy part Ⅰ on enforcing HTTPS only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the Firefox part will continue building on it and I will try to not repeat myself, although that is unavoidable.
|
I recommend reading the [browser policy part Ⅰ on enforcing HTTPS
|
||||||
|
only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the
|
||||||
|
Firefox part will continue building on it and I will try to not repeat myself,
|
||||||
|
although that is unavoidable.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -42,48 +48,105 @@ I recommend reading the [browser policy part Ⅰ on enforcing HTTPS only mode]({
|
|||||||
|
|
||||||
## Chromium
|
## Chromium
|
||||||
|
|
||||||
[I previously instructed with the directory creation and permissions in the part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I also mentioned loving how I can create separate files
|
[I previously instructed with the directory creation and permissions in the
|
||||||
there as opposed to messing everything together. I tend to use the filename
|
part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I
|
||||||
`aminda-extensions.json` for all extension related as Chromium isn't perfect
|
also mentioned loving how I can create separate files there as opposed to
|
||||||
either and only lets the options appear once.
|
messing everything together. I tend to use the filename `aminda-extensions.json`
|
||||||
|
for all extension related as Chromium isn't perfect either and only lets the
|
||||||
|
options appear once.
|
||||||
|
|
||||||
So the file may look a bit scary, but it's actually quite simple (and the difficulty comes from getting json formatted correctly, which I am leaving for `pretty-format-json` pre-commit hook), so I am going to explain everything before the actual json:
|
So the file may look a bit scary, but it's actually quite simple (and the
|
||||||
|
difficulty comes from getting json formatted correctly, which I am leaving for
|
||||||
|
`pretty-format-json` pre-commit hook), so I am going to explain everything
|
||||||
|
before the actual json:
|
||||||
|
|
||||||
The `3rdparty` and `extensions` let us configure extensions in advance.
|
The `3rdparty` and `extensions` let us configure extensions in advance.
|
||||||
|
|
||||||
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web store which can be seen from its URL: `https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm` and everything specified here will become a part of it's configuration.`trustedSiteDirective` means the sites it will be disabld on, the extension pages are recommended in the documentation and I don't mind Ecosia displaying ads since they go to planting trees. Note that the user can add their own sites or remove these from the extension settings.
|
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web
|
||||||
|
store which can be seen from its URL:
|
||||||
|
`https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm`
|
||||||
|
and everything specified here will become a part of it's
|
||||||
|
configuration.`trustedSiteDirective` means the sites it will be disabld on, the
|
||||||
|
extension pages are recommended in the documentation and I don't mind Ecosia
|
||||||
|
displaying ads since they go to planting trees. Note that the user can add their
|
||||||
|
own sites or remove these from the extension settings.
|
||||||
|
|
||||||
`toOverwrite` says clearly it will overwrite user settings, so the lists everyone on your system wishes to use should be specified here. In this case, this contains the default lists, the Finnish adblocking list and the quick fixes list, which updates more rapidly in cases such as the cat-and-mouse with YouTube and adblockers.
|
`toOverwrite` says clearly it will overwrite user settings, so the lists
|
||||||
|
everyone on your system wishes to use should be specified here. In this case,
|
||||||
|
this contains the default lists, the Finnish adblocking list and the quick fixes
|
||||||
|
list, which updates more rapidly in cases such as the cat-and-mouse with YouTube
|
||||||
|
and adblockers.
|
||||||
|
|
||||||
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam]. You have most likely heard of how ads let content to be free and supports content creators and all that, I don't want to take away their revenue, but I don't want to risk targeted malvertising or manipulation either, so this is my compromise. Respect my privacy, and I will see your ads, or be blocked.
|
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam].
|
||||||
|
You have most likely heard of how ads let content to be free and supports
|
||||||
|
content creators and all that, I don't want to take away their revenue, but I
|
||||||
|
don't want to risk targeted malvertising or manipulation either, so this is my
|
||||||
|
compromise. Respect my privacy, and I will see your ads, or be blocked.
|
||||||
|
|
||||||
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL `https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp` and the settings are clear on what they do. If they are removed, it's up to the default value or user configuration what will happen.
|
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL
|
||||||
|
`https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
|
||||||
|
and the settings are clear on what they do. If they are removed, it's up to the
|
||||||
|
default value or user configuration what will happen.
|
||||||
|
|
||||||
This [PrivacyBadger] configuration will simply always set these options on browser start:
|
This [PrivacyBadger] configuration will simply always set these options on
|
||||||
|
browser start:
|
||||||
|
|
||||||
- `"checkForDNTPolicy": true` check if the domain has a [`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so, won't block it.
|
- `"checkForDNTPolicy": true` check if the domain has a
|
||||||
- `"disabledSites": []` configures the domains that are allowed to perform tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my actual policies I allowlist domains more freely in uBlock Origin than [PrivacyBadger].
|
[`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so,
|
||||||
- `"learnInIncognito": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) Same as below, but in incognito mode.
|
won't block it.
|
||||||
- `"learnLocally": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) [PrivacyBadger] has rare ability to learn who tracks you without having to ask anywhere else, so with this enabled, it may block something before it gets added to either the premade list or something uBlock Origin has.
|
- `"disabledSites": []` configures the domains that are allowed to perform
|
||||||
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do Not Track and Global Privacy Control signals.
|
tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my
|
||||||
- `"showCounter": true` Whether to display the number of blocked trackers in the [PrivacyBadger] icon.
|
actual policies I allowlist domains more freely in uBlock Origin than
|
||||||
- `"showIntroPage": false` Whether or not to display the welcome to PrivacyBadger screen on start. In general having less displayed automatically on browser start is a good thing, and if you set this to `true`, [PrivacyBadger] would greet you every browser start and I bet you would get annoyed quickly.
|
[PrivacyBadger].
|
||||||
- `"socialWidgetReplacementEnabled": true` Whether to display social media embeds directly or replace them with a notice on how [PrivacyBadger] has blocked them from tracking you with the menu options on what to do.
|
- `"learnInIncognito": true`
|
||||||
|
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
|
||||||
|
Same as below, but in incognito mode.
|
||||||
|
- `"learnLocally": true`
|
||||||
|
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
|
||||||
|
[PrivacyBadger] has rare ability to learn who tracks you without having to ask
|
||||||
|
anywhere else, so with this enabled, it may block something before it gets
|
||||||
|
added to either the premade list or something uBlock Origin has.
|
||||||
|
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do
|
||||||
|
Not Track and Global Privacy Control signals.
|
||||||
|
- `"showCounter": true` Whether to display the number of blocked trackers in the
|
||||||
|
[PrivacyBadger] icon.
|
||||||
|
- `"showIntroPage": false` Whether or not to display the welcome to
|
||||||
|
PrivacyBadger screen on start. In general having less displayed automatically
|
||||||
|
on browser start is a good thing, and if you set this to `true`,
|
||||||
|
[PrivacyBadger] would greet you every browser start and I bet you would get
|
||||||
|
annoyed quickly.
|
||||||
|
- `"socialWidgetReplacementEnabled": true` Whether to display social media
|
||||||
|
embeds directly or replace them with a notice on how [PrivacyBadger] has
|
||||||
|
blocked them from tracking you with the menu options on what to do.
|
||||||
|
|
||||||
Now the only thing to do remains actually installing the extension.
|
Now the only thing to do remains actually installing the extension.
|
||||||
|
|
||||||
**_BONUS!_** [`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability) will extend the time how long until ManifestV3 gets forced (and Google kills content filters).
|
**_BONUS!_**
|
||||||
|
[`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability)
|
||||||
|
will extend the time how long until ManifestV3 gets forced (and Google kills
|
||||||
|
content filters).
|
||||||
|
|
||||||
Anyway there is the same extension ID as before and four new options:
|
Anyway there is the same extension ID as before and four new options:
|
||||||
|
|
||||||
- `installation_mode` has options `normal_installed`, `force_installed` and `blocked`. The first means it's installed by default, but the user can choose to unload it, the second used here will prevent unloading the extension and the third prevents installing and loading it entirely.
|
- `installation_mode` has options `normal_installed`, `force_installed` and
|
||||||
|
`blocked`. The first means it's installed by default, but the user can choose
|
||||||
|
to unload it, the second used here will prevent unloading the extension and
|
||||||
|
the third prevents installing and loading it entirely.
|
||||||
- Typing this I am not sure if `override_update_url` is actually required.
|
- Typing this I am not sure if `override_update_url` is actually required.
|
||||||
- `force_pinned` will pin the extension to Chromium toolbar by default and not allow unpinning and moving it to the extension menu. I strongly recommend it with content blockers, especially when there is site breakage as it makes it so much easier to see at a glance when something is blocked. The other option would be `default_unpinned`.
|
- `force_pinned` will pin the extension to Chromium toolbar by default and not
|
||||||
- `update_url` is required for automatically installed extensions and while here it's the Chrome Web Store, it could as well be `https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs are different there, they are again visible in the URL bar.
|
allow unpinning and moving it to the extension menu. I strongly recommend it
|
||||||
|
with content blockers, especially when there is site breakage as it makes it
|
||||||
|
so much easier to see at a glance when something is blocked. The other option
|
||||||
|
would be `default_unpinned`.
|
||||||
|
- `update_url` is required for automatically installed extensions and while here
|
||||||
|
it's the Chrome Web Store, it could as well be
|
||||||
|
`https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs
|
||||||
|
are different there, they are again visible in the URL bar.
|
||||||
|
|
||||||
### `/etc/opt/chromium/policies/managed/aminda-extensions.json`
|
### `/etc/opt/chromium/policies/managed/aminda-extensions.json`
|
||||||
|
|
||||||
I hope I didn't scare you too badly by saying this isn't scary, but it's all explained above.
|
I hope I didn't scare you too badly by saying this isn't scary, but it's all
|
||||||
|
explained above.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@ -160,14 +223,22 @@ _2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
|
|||||||
|
|
||||||
## Firefox
|
## Firefox
|
||||||
|
|
||||||
If you haven't read the previous blog post yet, please do that now as Firefox forces everything to be in `/etc/firefox/policies.json` and thus this file will begin by expanding the end result from there. And to not repeat myself, please also read the Chromium section above as due to everything being webextensions, the new part within extension configuration is the same.
|
If you haven't read the previous blog post yet, please do that now as Firefox
|
||||||
|
forces everything to be in `/etc/firefox/policies.json` and thus this file will
|
||||||
|
begin by expanding the end result from there. And to not repeat myself, please
|
||||||
|
also read the Chromium section above as due to everything being webextensions,
|
||||||
|
the new part within extension configuration is the same.
|
||||||
|
|
||||||
Let's begin by what differs from Chromium:
|
Let's begin by what differs from Chromium:
|
||||||
|
|
||||||
- The extension ID is most easily readable from `about:support` instead of addon URL.
|
- The extension ID is most easily readable from `about:support` instead of addon
|
||||||
|
URL.
|
||||||
- We can sideload the extension, although that won't affect Firefox sync.
|
- We can sideload the extension, although that won't affect Firefox sync.
|
||||||
- It's a lot easier to figure out what extension a block belongs to as the names appear here.
|
- It's a lot easier to figure out what extension a block belongs to as the names
|
||||||
- While there is no `ExtensionManifestV2Availability`, there are domains protected by default (`extensions.webextensions.restrictedDomains`) that we could unset.
|
appear here.
|
||||||
|
- While there is no `ExtensionManifestV2Availability`, there are domains
|
||||||
|
protected by default (`extensions.webextensions.restrictedDomains`) that we
|
||||||
|
could unset.
|
||||||
|
|
||||||
_Oh meow, no more json!_ I am sorry.
|
_Oh meow, no more json!_ I am sorry.
|
||||||
|
|
||||||
@ -267,52 +338,97 @@ _Oh meow, no more json!_ I am sorry.
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Doesn't that look familiar? Yes, it's practically the same file [from part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and the extensions took the exact same values as Chromium, only the IDs and download locations changed and some Chromium extras disappeared.
|
Doesn't that look familiar? Yes, it's practically the same file [from
|
||||||
|
part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and
|
||||||
|
the extensions took the exact same values as Chromium, only the IDs and download
|
||||||
|
locations changed and some Chromium extras disappeared.
|
||||||
|
|
||||||
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage and in the end I removed the extra protection those sites would have from extensions which would permit tracking by Mozilla. However, [PrivacyBadger] would still protect from that while being less likely to break.
|
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage
|
||||||
|
and in the end I removed the extra protection those sites would have from
|
||||||
|
extensions which would permit tracking by Mozilla. However, [PrivacyBadger]
|
||||||
|
would still protect from that while being less likely to break.
|
||||||
|
|
||||||
_Would you like to restore the protection for Mozilla pages? Replace the `user` in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so it will be restored to default value while `user` persists even if the lines are removed as they appear as if the user had changed them in `about:config`._
|
_Would you like to restore the protection for Mozilla pages? Replace the `user`
|
||||||
|
in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so
|
||||||
|
it will be restored to default value while `user` persists even if the lines are
|
||||||
|
removed as they appear as if the user had changed them in `about:config`._
|
||||||
|
|
||||||
_2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
|
_2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
|
||||||
|
|
||||||
## Answers to potential questions
|
## Answers to potential questions
|
||||||
|
|
||||||
As I sometimes tend to be a bit controversial when balancing security,
|
As I sometimes tend to be a bit controversial when balancing security, privacy,
|
||||||
privacy, digital carbon footprint and all, there are going to be questions
|
digital carbon footprint and all, there are going to be questions and I keep
|
||||||
and I keep answering them otherwise too.
|
answering them otherwise too.
|
||||||
|
|
||||||
## Where can I see what policies extensions can take?
|
## Where can I see what policies extensions can take?
|
||||||
|
|
||||||
In Chromium `about:policies` has a checkbox "show unset policies" which will bring a long list including the extensions. It also has a lovely search box.
|
In Chromium `about:policies` has a checkbox "show unset policies" which will
|
||||||
|
bring a long list including the extensions. It also has a lovely search box.
|
||||||
|
|
||||||
### Why both PrivacyBadger and uBlock Origin?
|
### Why both PrivacyBadger and uBlock Origin?
|
||||||
|
|
||||||
I admit they have some overlap, but uBlock Origin relies on human made lists instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't even try to block ads, it happens by accident).
|
I admit they have some overlap, but uBlock Origin relies on human made lists
|
||||||
|
instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't
|
||||||
|
even try to block ads, it happens by accident).
|
||||||
|
|
||||||
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I could block JavaScript (which I do), but sometimes I will allow it to a website anyway and then the widget learns I am there even if I had no interest in seeing comments in that case. And if I wanted to allow them somewhere, I could click "always allow this widget on this site".
|
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I
|
||||||
|
could block JavaScript (which I do), but sometimes I will allow it to a website
|
||||||
|
anyway and then the widget learns I am there even if I had no interest in seeing
|
||||||
|
comments in that case. And if I wanted to allow them somewhere, I could click
|
||||||
|
"always allow this widget on this site".
|
||||||
|
|
||||||
I also love its ability to self-learn trackers, even if that may make me more trackable. I think there are easier methods to track me (like my HTTP user-agent saying I am on Windows, while my `navigator.useragent or `navigator.platform` say something different) and Firefox Nightly is newer than most people use and there are a countless of small things in browser fingerprinting, which could be it's own blog post.
|
I also love its ability to self-learn trackers, even if that may make me more
|
||||||
|
trackable. I think there are easier methods to track me (like my HTTP user-agent
|
||||||
|
saying I am on Windows, while my `navigator.useragent or `navigator.platform`
|
||||||
|
say something different) and Firefox Nightly is newer than most people use and
|
||||||
|
there are a countless of small things in browser fingerprinting, which could be
|
||||||
|
it's own blog post.
|
||||||
|
|
||||||
### Why EFF DNT allowlist?
|
### Why EFF DNT allowlist?
|
||||||
|
|
||||||
I think I already answered this in the Chromium section, but I don't hate ads. They may be important source of money to creators and I wouldn't mind some financial support as well (if that wasn't practically illegal in Finland).
|
I think I already answered this in the Chromium section, but I don't hate ads.
|
||||||
|
They may be important source of money to creators and I wouldn't mind some
|
||||||
|
financial support as well (if that wasn't practically illegal in Finland).
|
||||||
|
|
||||||
What I mind is targeted advertising, tracking, the potential for targeted malvertising without it affecting anyone else and how they are used for manipulation especially politically and with elections on discouraging some people from voting.
|
What I mind is targeted advertising, tracking, the potential for targeted
|
||||||
|
malvertising without it affecting anyone else and how they are used for
|
||||||
|
manipulation especially politically and with elections on discouraging some
|
||||||
|
people from voting.
|
||||||
|
|
||||||
### Where did uBlock Origin Lite come from?
|
### Where did uBlock Origin Lite come from?
|
||||||
|
|
||||||
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed` instead of `force_installed`, because I am worried about ManifestV2 extensions not syncing as the majority probably won't have the policy to allow it configured.
|
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed`
|
||||||
|
instead of `force_installed`, because I am worried about ManifestV2 extensions
|
||||||
|
not syncing as the majority probably won't have the policy to allow it
|
||||||
|
configured.
|
||||||
|
|
||||||
This gives the users the choice to use either of the two, both (which may be discouraged) or neither, while PrivacyBadger is forced on and I think it may perform better with ManifestV3 anyway considering the local learning feature, which I consider essential for non-English content anyway.
|
This gives the users the choice to use either of the two, both (which may be
|
||||||
|
discouraged) or neither, while PrivacyBadger is forced on and I think it may
|
||||||
|
perform better with ManifestV3 anyway considering the local learning feature,
|
||||||
|
which I consider essential for non-English content anyway.
|
||||||
|
|
||||||
Speaking of PrivacyBadger, other concerns I have with uBlock Origin Lite are:
|
Speaking of PrivacyBadger, other concerns I have with uBlock Origin Lite are:
|
||||||
|
|
||||||
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I would need to convince the developer to add it, which I am not even going to try, as it would go against the principle of the extension.
|
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I
|
||||||
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working, so I cannot pre-emptively handle broken captchas or allow Ecosia to show me tracking ads in exchange of them planting trees.</del>. A day later I got `"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock Origin, so any edits outside of the policy will reset upon restart. Then again that may also be a feature, please do send your best regards to Google...
|
would need to convince the developer to add it, which I am not even going to
|
||||||
|
try, as it would go against the principle of the extension.
|
||||||
|
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working,
|
||||||
|
so I cannot pre-emptively handle broken captchas or allow Ecosia to show me
|
||||||
|
tracking ads in exchange of them planting trees.</del>. A day later I got
|
||||||
|
`"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock
|
||||||
|
Origin, so any edits outside of the policy will reset upon restart. Then
|
||||||
|
again that may also be a feature, please do send your best regards to
|
||||||
|
Google...
|
||||||
|
|
||||||
Google only has themselves to blame for not thinking of the scenario where their users might be ok with non-tracking ads and now have no option to allow them due to being more concerned about malvertising than how advertising businesses are doing, since they they ruined the compromise solution that tried to account both.
|
Google only has themselves to blame for not thinking of the scenario where their
|
||||||
|
users might be ok with non-tracking ads and now have no option to allow them due
|
||||||
|
to being more concerned about malvertising than how advertising businesses are
|
||||||
|
doing, since they they ruined the compromise solution that tried to account
|
||||||
|
both.
|
||||||
|
|
||||||
I may trust myself to avoid malicious content online or that DNS filtering will catch it, but I don't have such trust on my less technical family members.
|
I may trust myself to avoid malicious content online or that DNS filtering will
|
||||||
|
catch it, but I don't have such trust on my less technical family members.
|
||||||
|
|
||||||
I should also say that ManifestV3 and uBlock Origin Lite have good sides as
|
I should also say that ManifestV3 and uBlock Origin Lite have good sides as
|
||||||
well, considering it not needing or requesting access to all pages visited out
|
well, considering it not needing or requesting access to all pages visited out
|
||||||
@ -321,23 +437,39 @@ actually get installed through policy.
|
|||||||
|
|
||||||
### How do I enable more default lists in uBlock Origin?
|
### How do I enable more default lists in uBlock Origin?
|
||||||
|
|
||||||
As you saw, external blocklists are just matter of entering the URL into the policy, but integrated ones are a bit more challenging. See the eye icon in uBlock Origin dashboard? I have been pointing it and looking at the URL which ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be the list name.
|
As you saw, external blocklists are just matter of entering the URL into the
|
||||||
|
policy, but integrated ones are a bit more challenging. See the eye icon in
|
||||||
|
uBlock Origin dashboard? I have been pointing it and looking at the URL which
|
||||||
|
ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be
|
||||||
|
the list name.
|
||||||
|
|
||||||
More technical solution would be looking into the [`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json) where the same names appear.
|
More technical solution would be looking into the
|
||||||
|
[`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json)
|
||||||
|
where the same names appear.
|
||||||
|
|
||||||
Remember that [more filter lists make you more identifiable](https://browserleaks.com/proxy) and _do as I say, not as I do_.
|
Remember that
|
||||||
|
[more filter lists make you more identifiable](https://browserleaks.com/proxy)
|
||||||
|
and _do as I say, not as I do_.
|
||||||
|
|
||||||
## What do you think about this blog post?
|
## What do you think about this blog post?
|
||||||
|
|
||||||
I feel a bit disappointed with it, I felt the previous one was more meaningful and did everything better, but I hope this will be some benefit to someone regardless or be something I can link to when I inevitably get asked these questions again.
|
I feel a bit disappointed with it, I felt the previous one was more meaningful
|
||||||
|
and did everything better, but I hope this will be some benefit to someone
|
||||||
|
regardless or be something I can link to when I inevitably get asked these
|
||||||
|
questions again.
|
||||||
|
|
||||||
## Will there be browser policies part Ⅲ?
|
## Will there be browser policies part Ⅲ?
|
||||||
|
|
||||||
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also just scratching the tip of the iceberg and there is really a lot you can do with browser policies.
|
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also
|
||||||
|
just scratching the tip of the iceberg and there is really a lot you can do with
|
||||||
|
browser policies.
|
||||||
|
|
||||||
### Where is all the futher reading?
|
### Where is all the futher reading?
|
||||||
|
|
||||||
If you have read both blog posts carefully, this one didn't actually say anything new, it's all linked [from part Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
|
If you have read both blog posts carefully, this one didn't actually say
|
||||||
|
anything new, it's all linked [from
|
||||||
|
part
|
||||||
|
Ⅰ]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
|
||||||
|
|
||||||
_[Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2024-05-22-policy-contentblocker.md)_
|
_[Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2024-05-22-policy-contentblocker.md)_
|
||||||
|
|
||||||
|
@ -3,14 +3,26 @@ layout: page
|
|||||||
title: Blog
|
title: Blog
|
||||||
navigation: true
|
navigation: true
|
||||||
permalink: /blog/
|
permalink: /blog/
|
||||||
excerpt: "Blog index, posts in English and posts in Finnish — Blogin etusivu, postaukset englanniksi ja postaukset suomeksi."
|
excerpt:
|
||||||
|
"Blog index, posts in English and posts in Finnish — Blogin etusivu,
|
||||||
|
postaukset englanniksi ja postaukset suomeksi."
|
||||||
lang: en
|
lang: en
|
||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Posts <a lang="en" href="#in-english">in English here</a> &
|
Posts
|
||||||
<a lang="fi" href="#suomeksi">suomeksi täällä</a>.
|
<a
|
||||||
|
lang="en"
|
||||||
|
href="#in-english"
|
||||||
|
>in English here</a
|
||||||
|
>
|
||||||
|
&
|
||||||
|
<a
|
||||||
|
lang="fi"
|
||||||
|
href="#suomeksi"
|
||||||
|
>suomeksi täällä</a
|
||||||
|
>.
|
||||||
</p>
|
</p>
|
||||||
<hr />
|
<hr />
|
||||||
<div lang="en">
|
<div lang="en">
|
||||||
|
61
index.html
61
index.html
@ -1,16 +1,26 @@
|
|||||||
---
|
---
|
||||||
layout: index
|
layout: index
|
||||||
title: Index
|
title: Index
|
||||||
excerpt: "I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment."
|
excerpt:
|
||||||
|
"I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I
|
||||||
|
am familiar with git and looking for employment."
|
||||||
robots: noai, nofollow
|
robots: noai, nofollow
|
||||||
---
|
---
|
||||||
|
|
||||||
<p id="avatar">
|
<p id="avatar">
|
||||||
<a class="h-card" href="https://aminda.eu/">
|
<a
|
||||||
<img src="{{site.avatar}}" alt="Photo of me" /><br />Aminda Suomalainen</a
|
class="h-card"
|
||||||
|
href="https://aminda.eu/"
|
||||||
|
>
|
||||||
|
<img
|
||||||
|
src="{{site.avatar}}"
|
||||||
|
alt="Photo of me"
|
||||||
|
/><br />Aminda Suomalainen</a
|
||||||
><br />
|
><br />
|
||||||
<small
|
<small
|
||||||
><a rel="prefetch me" href="https://cv.aminda.eu/"
|
><a
|
||||||
|
rel="prefetch me"
|
||||||
|
href="https://cv.aminda.eu/"
|
||||||
>Curriculum Vitae</a
|
>Curriculum Vitae</a
|
||||||
></small
|
></small
|
||||||
>
|
>
|
||||||
@ -96,20 +106,34 @@ robots: noai, nofollow
|
|||||||
<li id="some">
|
<li id="some">
|
||||||
<span class="monospaced">SOME:</span>
|
<span class="monospaced">SOME:</span>
|
||||||
<em
|
<em
|
||||||
><a href="https://gitea.blesmrt.net/mikaela" rel="me"
|
><a
|
||||||
|
href="https://gitea.blesmrt.net/mikaela"
|
||||||
|
rel="me"
|
||||||
>gitea.blesmrt.net</a
|
>gitea.blesmrt.net</a
|
||||||
></em
|
></em
|
||||||
>
|
>
|
||||||
<a href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2" rel="me"
|
<a
|
||||||
|
href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2"
|
||||||
|
rel="me"
|
||||||
>bsky</a
|
>bsky</a
|
||||||
>
|
>
|
||||||
<em
|
<em
|
||||||
><a href="https://github.com/{{ site.github_username }}" rel="me"
|
><a
|
||||||
|
href="https://github.com/{{ site.github_username }}"
|
||||||
|
rel="me"
|
||||||
>GitHub.com</a
|
>GitHub.com</a
|
||||||
></em
|
></em
|
||||||
>
|
>
|
||||||
<a href="https://gitlab.com/Mikaela" rel="me">GitLab.com</a>
|
<a
|
||||||
<a href="https://git.com.de/mikaela" rel="me">git.com.de</a> (<a
|
href="https://gitlab.com/Mikaela"
|
||||||
|
rel="me"
|
||||||
|
>GitLab.com</a
|
||||||
|
>
|
||||||
|
<a
|
||||||
|
href="https://git.com.de/mikaela"
|
||||||
|
rel="me"
|
||||||
|
>git.com.de</a
|
||||||
|
> (<a
|
||||||
href="http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela"
|
href="http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela"
|
||||||
rel="me"
|
rel="me"
|
||||||
>🧅︎</a
|
>🧅︎</a
|
||||||
@ -119,11 +143,19 @@ robots: noai, nofollow
|
|||||||
href="{{site.keyoxide}}/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY"
|
href="{{site.keyoxide}}/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY"
|
||||||
>Keyoxide</a
|
>Keyoxide</a
|
||||||
>
|
>
|
||||||
<a rel="me" href="https://liberapay.com/Mikaela">LiberaPay.com</a>
|
<a
|
||||||
<a rel="me" href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
|
rel="me"
|
||||||
|
href="https://liberapay.com/Mikaela"
|
||||||
|
>LiberaPay.com</a
|
||||||
|
>
|
||||||
|
<a
|
||||||
|
rel="me"
|
||||||
|
href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
|
||||||
>LinkedIn.com</a
|
>LinkedIn.com</a
|
||||||
>
|
>
|
||||||
<a href="https://git.piraattipuolue.fi/mikaela.suomalainen" rel="me"
|
<a
|
||||||
|
href="https://git.piraattipuolue.fi/mikaela.suomalainen"
|
||||||
|
rel="me"
|
||||||
>git.piraattipuolue.fi</a
|
>git.piraattipuolue.fi</a
|
||||||
>
|
>
|
||||||
<a
|
<a
|
||||||
@ -139,7 +171,10 @@ robots: noai, nofollow
|
|||||||
>sauna.social</a
|
>sauna.social</a
|
||||||
>
|
>
|
||||||
</li>
|
</li>
|
||||||
<li class="monospaced" id="ssh">
|
<li
|
||||||
|
class="monospaced"
|
||||||
|
id="ssh"
|
||||||
|
>
|
||||||
SSH:
|
SSH:
|
||||||
<a
|
<a
|
||||||
href="https://gitea.blesmrt.net/mikaela/ssh-allowed_signers/src/branch/cxefa/aminda/aminda.pub"
|
href="https://gitea.blesmrt.net/mikaela/ssh-allowed_signers/src/branch/cxefa/aminda/aminda.pub"
|
||||||
|
@ -4,5 +4,5 @@ published: false
|
|||||||
|
|
||||||
[IPFS](https://ipfs.io) related files
|
[IPFS](https://ipfs.io) related files
|
||||||
|
|
||||||
The directory isn't called IPFS in case it would cause confusion to IPFS
|
The directory isn't called IPFS in case it would cause confusion to IPFS capable
|
||||||
capable software.
|
software.
|
||||||
|
4
n/3g.md
4
n/3g.md
@ -7,8 +7,8 @@ sitemap: false
|
|||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
Finland will mostly discontinue 3G networks by end of 2023. Suomen
|
Finland will mostly discontinue 3G networks by end of 2023. Suomen yhteisverkko
|
||||||
yhteisverkko will begins 3G shutdown early 2024.
|
will begins 3G shutdown early 2024.
|
||||||
|
|
||||||
- [DNA.fi/3g]
|
- [DNA.fi/3g]
|
||||||
- [Elisa.fi/3g]
|
- [Elisa.fi/3g]
|
||||||
|
4
n/5g.md
4
n/5g.md
@ -6,7 +6,9 @@ redirect_from:
|
|||||||
- /r/5G.html
|
- /r/5G.html
|
||||||
sitemap: false
|
sitemap: false
|
||||||
lang: en
|
lang: en
|
||||||
excerpt: List of carrier/WISP maps in Finland for quickly finding whether a place has 5G or not. Carriers eagerly sell it to people who don't have signal.
|
excerpt:
|
||||||
|
List of carrier/WISP maps in Finland for quickly finding whether a place has
|
||||||
|
5G or not. Carriers eagerly sell it to people who don't have signal.
|
||||||
---
|
---
|
||||||
|
|
||||||
_{{ page.excerpt }}_
|
_{{ page.excerpt }}_
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Co-authoring and private emails with Git Forges
|
title: Co-authoring and private emails with Git Forges
|
||||||
excerpt: This note tells how to mark me as a git commit coauthor and my privatized email addresses.
|
excerpt:
|
||||||
|
This note tells how to mark me as a git commit coauthor and my privatized
|
||||||
|
email addresses.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/coauthor.html
|
permalink: /n/coauthor.html
|
||||||
sitemap: true
|
sitemap: true
|
||||||
@ -10,11 +12,11 @@ robots: noai
|
|||||||
|
|
||||||
# Git forge private emails
|
# Git forge private emails
|
||||||
|
|
||||||
**_WARNING! These are vendor lock-in and contribution activity will not
|
**_WARNING! These are vendor lock-in and contribution activity will not pass on
|
||||||
pass on to other platrforms._** It may not matter much with sign-offs though.
|
to other platrforms._** It may not matter much with sign-offs though.
|
||||||
|
|
||||||
Forges generally have a feature for private email addresses and it can be
|
Forges generally have a feature for private email addresses and it can be used
|
||||||
used at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
|
at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
|
||||||
|
|
||||||
> `Co-authored-by: NAME <NAME@EXAMPLE.COM>`
|
> `Co-authored-by: NAME <NAME@EXAMPLE.COM>`
|
||||||
|
|
||||||
|
@ -9,7 +9,8 @@ lang: en
|
|||||||
|
|
||||||
# Do copyright years need yearly updates?
|
# Do copyright years need yearly updates?
|
||||||
|
|
||||||
Apparently it depends on whether you care about when the project enters public domain.
|
Apparently it depends on whether you care about when the project enters public
|
||||||
|
domain.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -35,7 +36,8 @@ Apparently it depends on whether you care about when the project enters public d
|
|||||||
## Yes
|
## Yes
|
||||||
|
|
||||||
- [Information for maintainers of GNU software, 6.5: copyright notices](https://www.gnu.org/prep/maintain/maintain.html#Copyright-Notices)
|
- [Information for maintainers of GNU software, 6.5: copyright notices](https://www.gnu.org/prep/maintain/maintain.html#Copyright-Notices)
|
||||||
- At the time of writing they practically say to update every file that has more than 10 lines.
|
- At the time of writing they practically say to update every file that has
|
||||||
|
more than 10 lines.
|
||||||
|
|
||||||
## Other links
|
## Other links
|
||||||
|
|
||||||
|
265
n/dns.md
265
n/dns.md
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Philosophical pondering on DNS and its features and usage
|
title: Philosophical pondering on DNS and its features and usage
|
||||||
excerpt: What DNS server is used, does it support ECS, is that threat or possibility, and everything that doesn't have a better place?
|
excerpt:
|
||||||
|
What DNS server is used, does it support ECS, is that threat or possibility,
|
||||||
|
and everything that doesn't have a better place?
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/dns.html
|
permalink: /n/dns.html
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -49,7 +51,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
|
|||||||
|
|
||||||
## Identifying DNS resolver
|
## Identifying DNS resolver
|
||||||
|
|
||||||
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under "Network".
|
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under
|
||||||
|
"Network".
|
||||||
- [dnsleaktest](https://dnsleaktest.com)
|
- [dnsleaktest](https://dnsleaktest.com)
|
||||||
- [whatsmydnsserver](https://www.whatsmydnsserver.com)
|
- [whatsmydnsserver](https://www.whatsmydnsserver.com)
|
||||||
- [ipleak.net](https://ipleak.net)
|
- [ipleak.net](https://ipleak.net)
|
||||||
@ -57,7 +60,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
|
|||||||
- [browserleaks.net/dns](https://browserleaks.net/dns)
|
- [browserleaks.net/dns](https://browserleaks.net/dns)
|
||||||
- [dnscheck.tools](https://www.dnscheck.tools)
|
- [dnscheck.tools](https://www.dnscheck.tools)
|
||||||
|
|
||||||
The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
|
The above list is based on
|
||||||
|
[redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -65,8 +69,8 @@ The above list is based on [redirect2me/which-dns README alternatives section](h
|
|||||||
|
|
||||||
At it's current state of implementation, Encrypted Client-Hello requires
|
At it's current state of implementation, Encrypted Client-Hello requires
|
||||||
DNS-over-HTTPS in the browser level or it won't be used. If downgrade from
|
DNS-over-HTTPS in the browser level or it won't be used. If downgrade from
|
||||||
application level DoH to OS resolver is allowed, ECH will get disabled at
|
application level DoH to OS resolver is allowed, ECH will get disabled at least
|
||||||
least temporary. Thus I think this list belongs here close enough.
|
temporary. Thus I think this list belongs here close enough.
|
||||||
|
|
||||||
- [Cloudflare Browser Check](https://www.cloudflare.com/ssl/encrypted-sni/)
|
- [Cloudflare Browser Check](https://www.cloudflare.com/ssl/encrypted-sni/)
|
||||||
which still speaks of ESNI, while ECH replaced Encrypted Server Name
|
which still speaks of ESNI, while ECH replaced Encrypted Server Name
|
||||||
@ -80,32 +84,37 @@ least temporary. Thus I think this list belongs here close enough.
|
|||||||
|
|
||||||
## What is ECS?
|
## What is ECS?
|
||||||
|
|
||||||
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS) [Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS extension letting the authoritative nameserver
|
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS)
|
||||||
know your subnet, generally a `/24` (IPv4) or a `/56` (IPv6), but the revealed
|
[Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS
|
||||||
subnet size is up to your DNS resolver configuration.
|
extension letting the authoritative nameserver know your subnet, generally a
|
||||||
|
`/24` (IPv4) or a `/56` (IPv6), but the revealed subnet size is up to your DNS
|
||||||
|
resolver configuration.
|
||||||
|
|
||||||
_See also simpler explanation at [PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
|
_See also simpler explanation at
|
||||||
|
[PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
|
||||||
|
|
||||||
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx.
|
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx. The last
|
||||||
The last part of your IP address (the xxx) again is a number between 1
|
part of your IP address (the xxx) again is a number between 1 to 254 (since 0
|
||||||
to 254 (since 0 is reserved for the network itself and 255 is the
|
is reserved for the network itself and 255 is the broadcast address).
|
||||||
broadcast address).
|
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider) follows
|
||||||
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider)
|
[RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177), it's assigned
|
||||||
follows [RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177),
|
solely to you meaning the authoritative nameserver will know the request
|
||||||
it's assigned solely to you meaning the authoritative nameserver will know
|
originated from your network.
|
||||||
the request originated from your network.
|
- However many ISPs, especially wireless ones, will just assign you a `64`
|
||||||
- However many ISPs, especially wireless ones,
|
which is required for
|
||||||
will just assign you a `64` which is required for
|
|
||||||
[stateless address autoconfiguration](<https://en.m.wikipedia.org/wiki/SLAAC#Stateless_address_autoconfiguration_(SLAAC)>)
|
[stateless address autoconfiguration](<https://en.m.wikipedia.org/wiki/SLAAC#Stateless_address_autoconfiguration_(SLAAC)>)
|
||||||
which is the most common way of getting IPv6 address in your local area
|
which is the most common way of getting IPv6 address in your local area
|
||||||
network as opposed to IPv4 where you would have
|
network as opposed to IPv4 where you would have
|
||||||
[Dynamic Host Configuration Protocol (DHCP)](https://en.m.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
|
[Dynamic Host Configuration Protocol (DHCP)](https://en.m.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
|
||||||
- Your router does get the IPv6 subnet assignment for LAN distribution by means of [DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation) which is also common on mobile networks.
|
- Your router does get the IPv6 subnet assignment for LAN distribution by
|
||||||
|
means of
|
||||||
|
[DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation)
|
||||||
|
which is also common on mobile networks.
|
||||||
|
|
||||||
If you are reading my personal notes (that being useful for you would bring me
|
If you are reading my personal notes (that being useful for you would bring me a
|
||||||
a bit of happiness), please note that **_I am somewhat indecisive and change
|
bit of happiness), please note that **_I am somewhat indecisive and change the
|
||||||
the DNS resolver a lot (at least daily judging by my feelings), but do check
|
DNS resolver a lot (at least daily judging by my feelings), but do check the git
|
||||||
the git log._**
|
log._**
|
||||||
|
|
||||||
- [History of this page at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/n/dns.md)
|
- [History of this page at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/n/dns.md)
|
||||||
|
|
||||||
@ -113,78 +122,120 @@ the git log._**
|
|||||||
|
|
||||||
_Android DoH3 option:_ `dns.google`
|
_Android DoH3 option:_ `dns.google`
|
||||||
|
|
||||||
> [...] The longer the distance the data must travel from the data centre to
|
> [...] The longer the distance the data must travel from the data centre to the
|
||||||
> the end-user device, the more energy the transmission consumes –
|
> end-user device, the more energy the transmission consumes – regardless of the
|
||||||
> regardless of the transmission path used. Intercontinental transmission
|
> transmission path used. Intercontinental transmission networks are
|
||||||
> networks are fundamentally very efficient. Transferring data from the
|
> fundamentally very efficient. Transferring data from the United States to
|
||||||
> United States to Europe may consume a fraction of the energy compared to
|
> Europe may consume a fraction of the energy compared to the last kilometre
|
||||||
> the last kilometre from the base station to the mobile phone.
|
> from the base station to the mobile phone.
|
||||||
|
|
||||||
- [Green Code](https://www.exove.com/green-code/) ([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf) [txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
|
- [Green Code](https://www.exove.com/green-code/)
|
||||||
|
([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf)
|
||||||
|
[txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
|
||||||
|
|
||||||
If you utilize services of internet giants or content delivery networks, ECS will likely give you [the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing) and may help with decreasing your _digital carbon footprint_.
|
If you utilize services of internet giants or content delivery networks, ECS
|
||||||
|
will likely give you
|
||||||
|
[the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing)
|
||||||
|
and may help with decreasing your _digital carbon footprint_.
|
||||||
|
|
||||||
_The above means GAFAM, if you don't use them in any form, there may not be a
|
_The above means GAFAM, if you don't use them in any form, there may not be a
|
||||||
need for ECS._
|
need for ECS._
|
||||||
|
|
||||||
If those matter to you, you may also like to consider [increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
|
If those matter to you, you may also like to consider
|
||||||
|
[increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
|
||||||
|
|
||||||
### Why to not use ECS?
|
### Why to not use ECS?
|
||||||
|
|
||||||
_Android DoH3 option:_ `cloudflare-dns.com`
|
_Android DoH3 option:_ `cloudflare-dns.com`
|
||||||
|
|
||||||
> [...] we [Cloudflare] don’t pass along the EDNS subnet information. This information leaks information about a requester’s IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. **_We’re aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals,_** which was part of the motivation for the privacy and security policies of 1.1.1.1.
|
> [...] we [Cloudflare] don’t pass along the EDNS subnet information. This
|
||||||
|
> information leaks information about a requester’s IP and, in turn, sacrifices
|
||||||
|
> the privacy of users. This is especially problematic as we work to encrypt
|
||||||
|
> more DNS traffic since the request from Resolver to Authoritative DNS is
|
||||||
|
> typically unencrypted. **_We’re aware of real world examples where nationstate
|
||||||
|
> actors have monitored EDNS subnet information to track individuals,_** which
|
||||||
|
> was part of the motivation for the privacy and security policies of 1.1.1.1.
|
||||||
>
|
>
|
||||||
> [...]
|
> [...]
|
||||||
>
|
>
|
||||||
> We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. [...]
|
> We are working with the small number of networks with a higher network/ISP
|
||||||
|
> density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up
|
||||||
|
> with an EDNS IP Subnet alternative that gets them the information they need
|
||||||
|
> for geolocation targeting without risking user privacy and security. Those
|
||||||
|
> conversations have been productive and are ongoing. [...]
|
||||||
|
|
||||||
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702), emphasis mine.
|
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702),
|
||||||
|
emphasis mine.
|
||||||
|
|
||||||
ECS will decrease the cost of mass surveillance as instead of having to surveill everything happening on the network, anyone between your DNS server and the authoritative nameserver can see which IP addresses access the site with a reasonable accuracy.
|
ECS will decrease the cost of mass surveillance as instead of having to surveill
|
||||||
|
everything happening on the network, anyone between your DNS server and the
|
||||||
|
authoritative nameserver can see which IP addresses access the site with a
|
||||||
|
reasonable accuracy.
|
||||||
|
|
||||||
Then there are those with commercial interests, particularly outside of
|
Then there are those with commercial interests, particularly outside of Europe,
|
||||||
Europe, advertisers may be interested in making money out of the additional
|
advertisers may be interested in making money out of the additional metadata.
|
||||||
metadata. There may also be adblockers which don't block the DNS request,
|
There may also be adblockers which don't block the DNS request, causing the
|
||||||
causing the advertising company to receive your IP address (or close enough to
|
advertising company to receive your IP address (or close enough to it) even if
|
||||||
it) even if you didn't see the advertisement itself.
|
you didn't see the advertisement itself.
|
||||||
|
|
||||||
Some say _the less metadata is produced, the smaller incentive there is for
|
Some say _the less metadata is produced, the smaller incentive there is for
|
||||||
starting collecting and monetizing it._
|
starting collecting and monetizing it._
|
||||||
|
|
||||||
This isn't even mentioning that the internet isn't a nice place or foreign
|
This isn't even mentioning that the internet isn't a nice place or foreign
|
||||||
advanced persistent threats or threat actors, who may not need a reason to
|
advanced persistent threats or threat actors, who may not need a reason to
|
||||||
attack you. [_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
|
attack you.
|
||||||
|
[_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
|
||||||
|
|
||||||
Additionally researchers (below) have used it to perform cache poisoning against an individual target directing them to a wrong location and with low TTL making it near impossible to audit later.
|
Additionally researchers (below) have used it to perform cache poisoning against
|
||||||
|
an individual target directing them to a wrong location and with low TTL making
|
||||||
|
it near impossible to audit later.
|
||||||
|
|
||||||
What domains do you use? What if someone far above you knew regardless of Encrypted Client-Hello?
|
What domains do you use? What if someone far above you knew regardless of
|
||||||
|
Encrypted Client-Hello?
|
||||||
|
|
||||||
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use HTTPS everywhere? Do you know to not accept warnings about certificate issues? Do the other (less technical) users of your network? Would you or them be a delicious target? Do you even use GAFAM services?
|
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use
|
||||||
|
HTTPS everywhere? Do you know to not accept warnings about certificate issues?
|
||||||
|
Do the other (less technical) users of your network? Would you or them be a
|
||||||
|
delicious target? Do you even use GAFAM services?
|
||||||
|
|
||||||
See also:
|
See also:
|
||||||
|
|
||||||
- [_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf)
|
- [_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf)
|
||||||
|
|
||||||
<del>_Later I have been torn on whether the quote above is correct and helps
|
<del>_Later I have been torn on whether the quote above is correct and helps
|
||||||
decrease my digital climate footprint more or less than adblocking on DNS
|
decrease my digital climate footprint more or less than adblocking on DNS level,
|
||||||
level, but what really put the scales towards ECS for me was late night GApple
|
but what really put the scales towards ECS for me was late night GApple update
|
||||||
update that was keeping me from sleeping. So ECS is for busy people who want
|
that was keeping me from sleeping. So ECS is for busy people who want to
|
||||||
to sleep?_</del> _The CISA link above makes me question this the very next day
|
sleep?_</del> _The CISA link above makes me question this the very next day
|
||||||
considering I belong to gender and sexual minorities, Pirate Party of Finland,
|
considering I belong to gender and sexual minorities, Pirate Party of Finland,
|
||||||
and everything..._
|
and everything..._
|
||||||
|
|
||||||
### Why to use private ECS?
|
### Why to use private ECS?
|
||||||
|
|
||||||
_Android DoH3 option:_ [?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
_Android DoH3 option:_
|
||||||
|
[?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
||||||
|
|
||||||
Do you want the benefits of ECS with the privacy and security of not having ECS? Private ECS is a compromise solution in the middle, although not without its own issues.
|
Do you want the benefits of ECS with the privacy and security of not having ECS?
|
||||||
|
Private ECS is a compromise solution in the middle, although not without its own
|
||||||
|
issues.
|
||||||
|
|
||||||
Your private DNS provider will lie for you and say that your IP address is somewhere else where it will also place many others from your ISP. However what if it says you are a customer of another ISP, possibly even located in another country? It tends to have greater accuracy with IPv4 than IPv6, [see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html). What if no one else uses the same DNS server as you, especially from your ISP? I guess you can always advocate your DNS provider so it could be someone else too (I couldn't)? If it works most of time, does that outweight the times it won't work? Is perfect the enemy of good enough?
|
Your private DNS provider will lie for you and say that your IP address is
|
||||||
|
somewhere else where it will also place many others from your ISP. However what
|
||||||
|
if it says you are a customer of another ISP, possibly even located in another
|
||||||
|
country? It tends to have greater accuracy with IPv4 than IPv6,
|
||||||
|
[see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html).
|
||||||
|
What if no one else uses the same DNS server as you, especially from your ISP? I
|
||||||
|
guess you can always advocate your DNS provider so it could be someone else too
|
||||||
|
(I couldn't)? If it works most of time, does that outweight the times it won't
|
||||||
|
work? Is perfect the enemy of good enough?
|
||||||
|
|
||||||
In that case you may <del>get even worse performance</del> be in even worse situation than without ECS. Then again if everything works properly, you will get the benefit of ECS without the privacy impact and lessened security impact.
|
In that case you may <del>get even worse performance</del> be in even worse
|
||||||
|
situation than without ECS. Then again if everything works properly, you will
|
||||||
|
get the benefit of ECS without the privacy impact and lessened security impact.
|
||||||
|
|
||||||
See the next section for testing "where you are." Consider also what is important for you if you had to pick one or two from privacy, performance and climate.
|
See the next section for testing "where you are." Consider also what is
|
||||||
|
important for you if you had to pick one or two from privacy, performance and
|
||||||
|
climate.
|
||||||
|
|
||||||
See also:
|
See also:
|
||||||
|
|
||||||
@ -197,8 +248,8 @@ See also:
|
|||||||
It's likely greener to just use adblocking DNS no matter where it is located,
|
It's likely greener to just use adblocking DNS no matter where it is located,
|
||||||
preferably on router level. I don't trust router/DHCP provided DNS and encrypt
|
preferably on router level. I don't trust router/DHCP provided DNS and encrypt
|
||||||
it on the end device anyway. And if something needs unfiltered access
|
it on the end device anyway. And if something needs unfiltered access
|
||||||
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the
|
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the ability
|
||||||
ability nowadays.
|
nowadays.
|
||||||
|
|
||||||
Are you someone whom someone might want bad things to just for existing?
|
Are you someone whom someone might want bad things to just for existing?
|
||||||
|
|
||||||
@ -219,26 +270,38 @@ dig +short TXT whoami-ecs.v6.powerdns.org.
|
|||||||
dig +short TXT whoami-ecs.v4.powerdns.org.
|
dig +short TXT whoami-ecs.v4.powerdns.org.
|
||||||
```
|
```
|
||||||
|
|
||||||
- Note: [Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
|
- Note:
|
||||||
|
[Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## [DNS0.eu] or [Quad9]?
|
## [DNS0.eu] or [Quad9]?
|
||||||
|
|
||||||
In my experience [DNS0.eu] tends to have better filtering and
|
In my experience [DNS0.eu] tends to have better filtering and
|
||||||
[reporting options](https://www.dns0.eu/report) than [Quad9], while [servers being located only in](https://www.dns0.eu/network) the
|
[reporting options](https://www.dns0.eu/report) than [Quad9], while
|
||||||
[European Union](https://european-union.europa.eu) is mildly problematic when your users start traveling
|
[servers being located only in](https://www.dns0.eu/network) the
|
||||||
outside it either for work or leisure, which across continents tends to bring
|
[European Union](https://european-union.europa.eu) is mildly problematic when
|
||||||
round-trips overseas. Additionally private ECS (see above) tends to be bad
|
your users start traveling outside it either for work or leisure, which across
|
||||||
poor for IPv6 and for very small AS like a school, it directs to another side
|
continents tends to bring round-trips overseas. Additionally private ECS (see
|
||||||
of the country, but that is a very minor issue.
|
above) tends to be bad poor for IPv6 and for very small AS like a school, it
|
||||||
|
directs to another side of the country, but that is a very minor issue.
|
||||||
|
|
||||||
Meanwhile [Quad9] blocking seems almost as good in [tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/) and they give me impression [of more transparency](https://quad9.net/about/transparency-report) (as opposed to [DNS0.eu only
|
Meanwhile [Quad9] blocking seems almost as good in
|
||||||
having a <del>Twitter</del> X account](https://twitter.com/dns0eu)). [Quad9] also has more options on whether to ECS or not (see above).
|
[tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/)
|
||||||
|
and they give me impression
|
||||||
|
[of more transparency](https://quad9.net/about/transparency-report) (as opposed
|
||||||
|
to
|
||||||
|
[DNS0.eu only having a <del>Twitter</del> X account](https://twitter.com/dns0eu)).
|
||||||
|
[Quad9] also has more options on whether to ECS or not (see above).
|
||||||
|
|
||||||
The end-users traveling outside of the EU is also solved as they [have servers all around the world](https://quad9.net/service/locations/).
|
The end-users traveling outside of the EU is also solved as they
|
||||||
|
[have servers all around the world](https://quad9.net/service/locations/).
|
||||||
|
|
||||||
Back to [DNS0.eu], while disabling private ECS is not an option, they do have other options; [default filters](https://www.dns0.eu), [no filters](https://www.dns0.eu/open), [heavier filtering (zero)](https://www.dns0.eu/zero) and [kids](https://www.dns0.eu/kids).
|
Back to [DNS0.eu], while disabling private ECS is not an option, they do have
|
||||||
|
other options; [default filters](https://www.dns0.eu),
|
||||||
|
[no filters](https://www.dns0.eu/open),
|
||||||
|
[heavier filtering (zero)](https://www.dns0.eu/zero) and
|
||||||
|
[kids](https://www.dns0.eu/kids).
|
||||||
|
|
||||||
[DNS0.eu]: https://www.dns0.eu
|
[DNS0.eu]: https://www.dns0.eu
|
||||||
[Quad9]: https://quad9.net
|
[Quad9]: https://quad9.net
|
||||||
@ -284,18 +347,19 @@ with desktop versions etc._
|
|||||||
|
|
||||||
### Android
|
### Android
|
||||||
|
|
||||||
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google`
|
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google` (which
|
||||||
(which has ECS) as the (Settings → Network & Internet → Advanced →)
|
has ECS) as the (Settings → Network & Internet → Advanced →) _Private DNS_
|
||||||
_Private DNS_ server as [they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h) and are thus DNS over
|
server as
|
||||||
HTTPS3 instead of the usual DNS over TLS. This can be confirmed with
|
[they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
|
||||||
[`https://1.1.1.1/help`](https://one.one.one.one/help) (when using
|
and are thus DNS over HTTPS3 instead of the usual DNS over TLS. This can be
|
||||||
`cloudflare-dns.com`). **_However is connectivity in limited networks and
|
confirmed with [`https://1.1.1.1/help`](https://one.one.one.one/help) (when
|
||||||
maybe a bit faster speed in bad network more important than a level of
|
using `cloudflare-dns.com`). **_However is connectivity in limited networks and
|
||||||
security reached by a filtering resolver?_**
|
maybe a bit faster speed in bad network more important than a level of security
|
||||||
|
reached by a filtering resolver?_**
|
||||||
|
|
||||||
Then setup your web browser (including Firefox (other than stable which
|
Then setup your web browser (including Firefox (other than stable which disables
|
||||||
disables `about:config`) and Chrome) to use DNS over HTTPS with your preferred
|
`about:config`) and Chrome) to use DNS over HTTPS with your preferred server and
|
||||||
server and while at it enabling HTTPS only mode.
|
while at it enabling HTTPS only mode.
|
||||||
|
|
||||||
At least `https://security.cloudflare-dns.com/dns-query` won't downgrade to
|
At least `https://security.cloudflare-dns.com/dns-query` won't downgrade to
|
||||||
system DNS resolver so
|
system DNS resolver so
|
||||||
@ -317,7 +381,8 @@ If testing Cloudflare, see also:
|
|||||||
Do other Android based OSes contain the special handling of specific _Private
|
Do other Android based OSes contain the special handling of specific _Private
|
||||||
DNS_ domains turning into DNS-over-HTTP/3?
|
DNS_ domains turning into DNS-over-HTTP/3?
|
||||||
|
|
||||||
- GrapheneOS: [yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
|
- GrapheneOS:
|
||||||
|
[yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
|
||||||
- LineageOS:
|
- LineageOS:
|
||||||
[yes](https://github.com/LineageOS/android_packages_modules_DnsResolver/blob/lineage-20.0/PrivateDnsConfiguration.h)
|
[yes](https://github.com/LineageOS/android_packages_modules_DnsResolver/blob/lineage-20.0/PrivateDnsConfiguration.h)
|
||||||
- /e/OS:
|
- /e/OS:
|
||||||
@ -325,14 +390,13 @@ DNS_ domains turning into DNS-over-HTTP/3?
|
|||||||
|
|
||||||
### [Rethink](https://github.com/celzero/rethink-app)
|
### [Rethink](https://github.com/celzero/rethink-app)
|
||||||
|
|
||||||
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on
|
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on seeing
|
||||||
seeing the IP directly such as wireless debugging LAN IP, Briar LAN
|
the IP directly such as wireless debugging LAN IP, Briar LAN connections, cause
|
||||||
connections, cause warnings in Ooni Probe and disable automatic testing,
|
warnings in Ooni Probe and disable automatic testing, Syncthing Fork will not
|
||||||
Syncthing Fork will not autostart due to detecting the network as metered,
|
autostart due to detecting the network as metered, unless it's given permission
|
||||||
unless it's given permission to run in metered networks.
|
to run in metered networks.
|
||||||
|
|
||||||
1. Use either GitHub or F-Droid release as Google Play doesn't have
|
1. Use either GitHub or F-Droid release as Google Play doesn't have blocklists.
|
||||||
blocklists.
|
|
||||||
1. Enable it.
|
1. Enable it.
|
||||||
1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it
|
1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it
|
||||||
always-on and block connections not using it.
|
always-on and block connections not using it.
|
||||||
@ -350,19 +414,17 @@ unless it's given permission to run in metered networks.
|
|||||||
- Network: _Perform connectivity checks_
|
- Network: _Perform connectivity checks_
|
||||||
|
|
||||||
1. Remember to also visit Android app details for Rethink, in battery menu
|
1. Remember to also visit Android app details for Rethink, in battery menu
|
||||||
select unrestricted and in network allow unlimited data even with data
|
select unrestricted and in network allow unlimited data even with data saver.
|
||||||
saver.
|
1. I also have a suspicion that Android _Developer_ Setting
|
||||||
1. I also have a suspicion that Android _Developer_ Setting `Always keep
|
`Always keep mobile data active` is interfering with Rethink as always-on VPN
|
||||||
mobile data active` is interfering with Rethink as always-on VPN causing
|
causing connectivity issues or it not being sure whether "metered" or
|
||||||
connectivity issues or it not being sure whether "metered" or unmetered
|
unmetered network is being used.
|
||||||
network is being used.
|
|
||||||
1. The setting is enabled by default nowadays, to access it, go to about
|
1. The setting is enabled by default nowadays, to access it, go to about
|
||||||
phone and rapidly tap `Software build number`
|
phone and rapidly tap `Software build number` (backtranslated to English
|
||||||
(backtranslated to English from Finnish (like everything else (TODO:
|
from Finnish (like everything else (TODO: check in English)).
|
||||||
check in English)).
|
|
||||||
1. Once you are a developer, `System Settings` (within `Settings`) should
|
1. Once you are a developer, `System Settings` (within `Settings`) should
|
||||||
have a new `Developer Settings` menu `Mobile data always active` is
|
have a new `Developer Settings` menu `Mobile data always active` is under
|
||||||
under `Connection properties` section (which is above `Input`)
|
`Connection properties` section (which is above `Input`)
|
||||||
|
|
||||||
Hopefully there is no situation where Rethink stops working and thinks it's
|
Hopefully there is no situation where Rethink stops working and thinks it's
|
||||||
still working. As can be deduced from this section, sometimes Rethink and I
|
still working. As can be deduced from this section, sometimes Rethink and I
|
||||||
@ -374,10 +436,9 @@ I think a few of the blocklists in Rethink are blocking apkpure's domain
|
|||||||
breaking Obtainium and their official app and the steps to fix that are:
|
breaking Obtainium and their official app and the steps to fix that are:
|
||||||
|
|
||||||
1. Use a DNS server that doesn't have the block (`https://open.dns0.eu/` or
|
1. Use a DNS server that doesn't have the block (`https://open.dns0.eu/` or
|
||||||
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is
|
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is desirable?)
|
||||||
desirable?)
|
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy` and
|
||||||
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy`
|
`Logs`.
|
||||||
and `Logs`.
|
|
||||||
1. Search for `Obtainium` or `APKPure` and select it.
|
1. Search for `Obtainium` or `APKPure` and select it.
|
||||||
1. Select `Domain Rules`.
|
1. Select `Domain Rules`.
|
||||||
1. Select the floating `+` from bottom right.
|
1. Select the floating `+` from bottom right.
|
||||||
|
27
n/emoji.md
27
n/emoji.md
@ -11,10 +11,8 @@ lang: en
|
|||||||
|
|
||||||
# Unemojied emojis
|
# Unemojied emojis
|
||||||
|
|
||||||
[John D. Cook shares a nice trick to prevent emojis from being displayed as
|
[John D. Cook shares a nice trick to prevent emojis from being displayed as emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/)
|
||||||
emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/) and I
|
and I want to store it here alongside the more personally relevant symbols.
|
||||||
want to store it here alongside the more personally
|
|
||||||
relevant symbols.
|
|
||||||
|
|
||||||
So to make something not an emoji, `U+FE0E` or `︎` and to use emoji,
|
So to make something not an emoji, `U+FE0E` or `︎` and to use emoji,
|
||||||
`FE0F` or (`️`).
|
`FE0F` or (`️`).
|
||||||
@ -49,7 +47,8 @@ _My shellrc has some reminders for me and these are the sequences there._
|
|||||||
## aminda.eu
|
## aminda.eu
|
||||||
|
|
||||||
- 🧅︎ Onion: `\u1f9c5` `🧅︎`
|
- 🧅︎ Onion: `\u1f9c5` `🧅︎`
|
||||||
- I guess it just doesn't have a non-emoji variant at least on my system at the time of writing?
|
- I guess it just doesn't have a non-emoji variant at least on my system at
|
||||||
|
the time of writing?
|
||||||
|
|
||||||
### friends
|
### friends
|
||||||
|
|
||||||
@ -58,20 +57,26 @@ _My shellrc has some reminders for me and these are the sequences there._
|
|||||||
|
|
||||||
## Flags
|
## Flags
|
||||||
|
|
||||||
- 🏴‍☠︎ Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e` or `🏴‍☠︎`
|
- 🏴‍☠︎ Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e`
|
||||||
- 🏳️‍🌈︎ Pride Flag: `🏳️‍🌈`
|
or `🏴‍☠︎`
|
||||||
- 🏳️‍⚧️‍︎ Trans Pride Flag: `🏳️‍⚧️‍︎`
|
- 🏳️‍🌈︎ Pride Flag:
|
||||||
|
`🏳️‍🌈`
|
||||||
|
- 🏳️‍⚧️‍︎ Trans Pride Flag:
|
||||||
|
`🏳️‍⚧️‍︎`
|
||||||
|
|
||||||
## Kingdom Hearts
|
## Kingdom Hearts
|
||||||
|
|
||||||
Well, one must be prepared to discuss the clash between Light and Darkness and the χ-blade, in case someone resurrects it?
|
Well, one must be prepared to discuss the clash between Light and Darkness and
|
||||||
|
the χ-blade, in case someone resurrects it?
|
||||||
|
|
||||||
- χ can be expressed as `\U03C7`, `χ` or neatly `χ`.
|
- χ can be expressed as `\U03C7`, `χ` or neatly `χ`.
|
||||||
- In case of `&Chi` making it a capital letter turns it into Χ, but can you even distinguish that from X?
|
- In case of `&Chi` making it a capital letter turns it into Χ, but can
|
||||||
|
you even distinguish that from X?
|
||||||
|
|
||||||
### Roman Numerals
|
### Roman Numerals
|
||||||
|
|
||||||
_You have no idea how often I miss these. And I don't even mean to discuss the_ Organization ⅫⅠ.
|
_You have no idea how often I miss these. And I don't even mean to discuss the_
|
||||||
|
Organization ⅫⅠ.
|
||||||
|
|
||||||
**_WARNING: The first syntax may be incorrect._**
|
**_WARNING: The first syntax may be incorrect._**
|
||||||
|
|
||||||
|
@ -32,27 +32,39 @@ _{{ page.excerpt }}_
|
|||||||
|
|
||||||
## Security
|
## Security
|
||||||
|
|
||||||
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open. Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
|
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open.
|
||||||
|
Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
|
||||||
- Debian calls this as `amd64-microcode` or `intel-microcode`
|
- Debian calls this as `amd64-microcode` or `intel-microcode`
|
||||||
- `ufw` for Deb-based or `firewalld` on Fedora
|
- `ufw` for Deb-based or `firewalld` on Fedora
|
||||||
- `sshguard` for mitigating shared systems where others refuse to use keys
|
- `sshguard` for mitigating shared systems where others refuse to use keys
|
||||||
- `needrestart` for knowing when updates actually require services to be restarted or a kernel upgrade happens and requires reboot
|
- `needrestart` for knowing when updates actually require services to be
|
||||||
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production rather than local machine.
|
restarted or a kernel upgrade happens and requires reboot
|
||||||
|
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production
|
||||||
|
rather than local machine.
|
||||||
- `apt-listchanges` changelogs are worth knowing when updating.
|
- `apt-listchanges` changelogs are worth knowing when updating.
|
||||||
- `apt-listbugs` known bugs are especially nice when performing bigger updates.
|
- `apt-listbugs` known bugs are especially nice when performing bigger updates.
|
||||||
- `chrony` - security demands the time to be correct, Chrony supports NTS and is proper NTP server instead of just SNTP like systemd-timesyncd.
|
- `chrony` - security demands the time to be correct, Chrony supports NTS and is
|
||||||
|
proper NTP server instead of just SNTP like systemd-timesyncd.
|
||||||
- alternatively configure `systemd-timesyncd`
|
- alternatively configure `systemd-timesyncd`
|
||||||
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I had it connect to upstream dns\[crypt\]proxy
|
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I
|
||||||
- alternatively configure `systemd-resolved`. Simultaneously `systemd-networkd` may be a good idea.
|
had it connect to upstream dns\[crypt\]proxy
|
||||||
- `unattended-upgrades` or `dnf-automatic` so security updates are at least downloaded if not even directly installed (see configuration and systemd units!)
|
- alternatively configure `systemd-resolved`. Simultaneously
|
||||||
- if `dnf-automatic`, consider `sudo systemctl enable dnf-automatic-install.{timer,service}`
|
`systemd-networkd` may be a good idea.
|
||||||
or at least `sudo systemctl enable dnf-automatic-download.{timer,service}`
|
- `unattended-upgrades` or `dnf-automatic` so security updates are at least
|
||||||
|
downloaded if not even directly installed (see configuration and systemd
|
||||||
|
units!)
|
||||||
|
- if `dnf-automatic`, consider
|
||||||
|
`sudo systemctl enable dnf-automatic-install.{timer,service}` or at least
|
||||||
|
`sudo systemctl enable dnf-automatic-download.{timer,service}`
|
||||||
|
|
||||||
## Usability
|
## Usability
|
||||||
|
|
||||||
- `nvim git tmux zsh` - good luck without these
|
- `nvim git tmux zsh` - good luck without these
|
||||||
- if cryptographic operations are taking ages, consider something like `haveged`. It's controversial, so if there are no issues, don't install a random number generator.
|
- if cryptographic operations are taking ages, consider something like
|
||||||
- userspace oom killer, may avoid frozen systems, much more pleasant than actually having to deal with a frozen system.
|
`haveged`. It's controversial, so if there are no issues, don't install a
|
||||||
|
random number generator.
|
||||||
|
- userspace oom killer, may avoid frozen systems, much more pleasant than
|
||||||
|
actually having to deal with a frozen system.
|
||||||
- `earlyoom`
|
- `earlyoom`
|
||||||
- remember to `sudo systemctl enable --now earlyoom`
|
- remember to `sudo systemctl enable --now earlyoom`
|
||||||
- `systemd-oomd`
|
- `systemd-oomd`
|
||||||
@ -63,14 +75,16 @@ _{{ page.excerpt }}_
|
|||||||
- `thermald` for additional help keeping system cool, especially intel
|
- `thermald` for additional help keeping system cool, especially intel
|
||||||
- `sudo systemctl enable --now thermald`
|
- `sudo systemctl enable --now thermald`
|
||||||
- `vnstat` - help for observing bandwidth usage
|
- `vnstat` - help for observing bandwidth usage
|
||||||
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
|
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is
|
||||||
|
IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
|
||||||
- `tlp` - for laptop power management, especially ThinkPad.
|
- `tlp` - for laptop power management, especially ThinkPad.
|
||||||
- `sudo tlp-stat | less`
|
- `sudo tlp-stat | less`
|
||||||
- `sudo systemctl enable --now tlp`
|
- `sudo systemctl enable --now tlp`
|
||||||
|
|
||||||
## Offtopic system configuration
|
## Offtopic system configuration
|
||||||
|
|
||||||
This is just too close to not mention here (and was besides in my planning issue):
|
This is just too close to not mention here (and was besides in my planning
|
||||||
|
issue):
|
||||||
|
|
||||||
### Debian-based
|
### Debian-based
|
||||||
|
|
||||||
@ -82,4 +96,5 @@ This is just too close to not mention here (and was besides in my planning issue
|
|||||||
### SSD
|
### SSD
|
||||||
|
|
||||||
- `sudo systemctl enable --now fstrim.timer`
|
- `sudo systemctl enable --now fstrim.timer`
|
||||||
- check that `/etc/fstab` has `noatime` so every file access isn't written to the disk. BTRFS filesystems should also have `ssd` flag.
|
- check that `/etc/fstab` has `noatime` so every file access isn't written to
|
||||||
|
the disk. BTRFS filesystems should also have `ssd` flag.
|
||||||
|
51
n/f-droid.md
51
n/f-droid.md
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: F-Droid repository list
|
title: F-Droid repository list
|
||||||
excerpt: F-Droid is kind of apt for Android with multiple repositories available. This is my note to self on which repositories I tend to have configured.
|
excerpt:
|
||||||
|
F-Droid is kind of apt for Android with multiple repositories available. This
|
||||||
|
is my note to self on which repositories I tend to have configured.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/f-droid.html
|
permalink: /n/f-droid.html
|
||||||
redirect_from: /n/fdroid.html
|
redirect_from: /n/fdroid.html
|
||||||
@ -11,7 +13,8 @@ robots: noai
|
|||||||
|
|
||||||
_{{ page.excerpt }}_
|
_{{ page.excerpt }}_
|
||||||
|
|
||||||
Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
|
Remember to prefer the
|
||||||
|
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -31,32 +34,46 @@ Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.b
|
|||||||
|
|
||||||
## Official F-Droid repositories
|
## Official F-Droid repositories
|
||||||
|
|
||||||
F-Droid and GuardianProject are configured by default, however cloudflare
|
F-Droid and GuardianProject are configured by default, however cloudflare isn't
|
||||||
isn't enabled by default. And for some reason my Yeul decided that it
|
enabled by default. And for some reason my Yeul decided that it needs 0
|
||||||
needs 0 repositories out of the box, so time to add them too.
|
repositories out of the box, so time to add them too.
|
||||||
|
|
||||||
- [cloudflare.f-droid.org/repo](fdroidrepos://cloudflare.f-droid.org/repo?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)
|
- [cloudflare.f-droid.org/repo](fdroidrepos://cloudflare.f-droid.org/repo?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)
|
||||||
- <s>[cloudflare.f-droid.org/archive](fdroidrepos://cloudflare.f-droid.org/archive?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)</s>
|
- <s>[cloudflare.f-droid.org/archive](fdroidrepos://cloudflare.f-droid.org/archive?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)</s>
|
||||||
|
|
||||||
## Additional F-Droid repositories
|
## Additional F-Droid repositories
|
||||||
|
|
||||||
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a) is a less strictly foss repository by an F-Droid maintainer.
|
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a)
|
||||||
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26) contains Frostnerd's apps, mainly Nebulo.
|
is a less strictly foss repository by an F-Droid maintainer.
|
||||||
|
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26)
|
||||||
|
contains Frostnerd's apps, mainly Nebulo.
|
||||||
- [guardianproject.info/fdroid/repo](fdroidrepos://guardianproject.info/fdroid/repo?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)
|
- [guardianproject.info/fdroid/repo](fdroidrepos://guardianproject.info/fdroid/repo?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)
|
||||||
- <s>[guardianproject.info/fdroid/archive](fdroidrepos://guardianproject.info/fdroid/archive?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)</s>
|
- <s>[guardianproject.info/fdroid/archive](fdroidrepos://guardianproject.info/fdroid/archive?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)</s>
|
||||||
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242) contains SpiritCroc's apps, mainly SchildiChat.
|
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242)
|
||||||
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225) contains testing versions of SpiritCroc's apps, mainly SchildiChat.
|
contains SpiritCroc's apps, mainly SchildiChat.
|
||||||
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) contains the DivestOS apps such as Hypatia and Mull Browser (not to be confused with Mullvad Browser).
|
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225)
|
||||||
|
contains testing versions of SpiritCroc's apps, mainly SchildiChat.
|
||||||
|
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467)
|
||||||
|
contains the DivestOS apps such as Hypatia and Mull Browser (not to be
|
||||||
|
confused with Mullvad Browser).
|
||||||
|
|
||||||
## Official repositories for a single project
|
## Official repositories for a single project
|
||||||
|
|
||||||
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c) is Bitwarden password manager.
|
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c)
|
||||||
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6) is Briar local mesh/Tor messenger.
|
is Bitwarden password manager.
|
||||||
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165) is an open implementation of Play Services and used just for devices without them.
|
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6)
|
||||||
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D) is the Goguma IRC client nightly repository.
|
is Briar local mesh/Tor messenger.
|
||||||
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba) is the SimpleX messenger repository.
|
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165)
|
||||||
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A) is Molly the Signal fork's repo.
|
is an open implementation of Play Services and used just for devices without
|
||||||
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74) is Molly FOSS the Signal fork's repo without propietary components.
|
them.
|
||||||
|
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D)
|
||||||
|
is the Goguma IRC client nightly repository.
|
||||||
|
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba)
|
||||||
|
is the SimpleX messenger repository.
|
||||||
|
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A)
|
||||||
|
is Molly the Signal fork's repo.
|
||||||
|
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74)
|
||||||
|
is Molly FOSS the Signal fork's repo without propietary components.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Fairbuds XL and the equalizer settings
|
title: Fairbuds XL and the equalizer settings
|
||||||
excerpt: I have the misnamed XL and while it's clear, even with factory reset by pushing the joystick to the right until it says "factory reset complete", but the studio eq may not be so clear.
|
excerpt:
|
||||||
|
I have the misnamed XL and while it's clear, even with factory reset by
|
||||||
|
pushing the joystick to the right until it says "factory reset complete", but
|
||||||
|
the studio eq may not be so clear.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/fairbuds.html
|
permalink: /n/fairbuds.html
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -35,7 +38,15 @@ Shamelessly copied from Matrix.
|
|||||||
|
|
||||||
### 2024-04-11
|
### 2024-04-11
|
||||||
|
|
||||||
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db, 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and 10khz levels depending on their taste and "head related transfer function" (rabbit hole, not worth digging into). I could go for one more db on those myself since I tend to prefer that BUT that can also lead to some sharpness for my ears on some tracks. This is a better comfortable level for me. Also those settings don't assume the Fairbuds XL are flat because they're not, instead these settings aim to "correct" the issues I feel they have with the tools given in the app without being silly. :)
|
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db,
|
||||||
|
> 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and
|
||||||
|
> 10khz levels depending on their taste and "head related transfer function"
|
||||||
|
> (rabbit hole, not worth digging into). I could go for one more db on those
|
||||||
|
> myself since I tend to prefer that BUT that can also lead to some sharpness
|
||||||
|
> for my ears on some tracks. This is a better comfortable level for me. Also
|
||||||
|
> those settings don't assume the Fairbuds XL are flat because they're not,
|
||||||
|
> instead these settings aim to "correct" the issues I feel they have with the
|
||||||
|
> tools given in the app without being silly. :)
|
||||||
|
|
||||||
In clearer words, in the app drag the four sliders to
|
In clearer words, in the app drag the four sliders to
|
||||||
|
|
||||||
|
@ -12,8 +12,8 @@ robots: noai
|
|||||||
|
|
||||||
# Quick note on firewalld usage
|
# Quick note on firewalld usage
|
||||||
|
|
||||||
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with.
|
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with. The
|
||||||
The blog post also predates me having a /n directory here.
|
blog post also predates me having a /n directory here.
|
||||||
|
|
||||||
**_After done, run `sudo firewall-cmd --reload`_**
|
**_After done, run `sudo firewall-cmd --reload`_**
|
||||||
|
|
||||||
@ -36,12 +36,12 @@ The blog post also predates me having a /n directory here.
|
|||||||
|
|
||||||
## Zones
|
## Zones
|
||||||
|
|
||||||
firewalld zones are privilege of NetworkManager users, this tends to be
|
firewalld zones are privilege of NetworkManager users, this tends to be a
|
||||||
a systemd-networkd household. Then again I don't believe in absolutely trusted
|
systemd-networkd household. Then again I don't believe in absolutely trusted
|
||||||
zones.
|
zones.
|
||||||
|
|
||||||
Zone would be specified by `--zone=home` in the commands. The other zone I
|
Zone would be specified by `--zone=home` in the commands. The other zone I could
|
||||||
could imagine using is `public`.
|
imagine using is `public`.
|
||||||
|
|
||||||
## Protocols
|
## Protocols
|
||||||
|
|
||||||
@ -49,8 +49,10 @@ could imagine using is `public`.
|
|||||||
sudo firewall-cmd --add-protocol=ipv6-icmp --permanent
|
sudo firewall-cmd --add-protocol=ipv6-icmp --permanent
|
||||||
```
|
```
|
||||||
|
|
||||||
- Tells computers when things go wrong with IPv6 network. See also [Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
|
- Tells computers when things go wrong with IPv6 network. See also
|
||||||
- _Motivation for being here is [20/20 in IPv6-test.com](https://ipv6-test.com)._
|
[Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
|
||||||
|
- _Motivation for being here is
|
||||||
|
[20/20 in IPv6-test.com](https://ipv6-test.com)._
|
||||||
|
|
||||||
## Services
|
## Services
|
||||||
|
|
||||||
@ -62,11 +64,10 @@ sudo firewall-cmd --add-service=syncthing --permanent
|
|||||||
sudo firewall-cmd --add-service=mdns --permanent
|
sudo firewall-cmd --add-service=mdns --permanent
|
||||||
```
|
```
|
||||||
|
|
||||||
- I trust Chrony (ntp) to not allow it to be used from outside of LAN
|
- I trust Chrony (ntp) to not allow it to be used from outside of LAN as
|
||||||
as `firewalld` is apparently not designed with limiting source
|
`firewalld` is apparently not designed with limiting source addresses in mind.
|
||||||
addresses in mind.
|
- `syncthing` is the client, not to be confused with `syncthing-gui` or
|
||||||
- `syncthing` is the client, not to be confused with `syncthing-gui`
|
`syncthing-relay`.
|
||||||
or `syncthing-relay`.
|
|
||||||
|
|
||||||
## Ports
|
## Ports
|
||||||
|
|
||||||
@ -75,6 +76,7 @@ sudo firewall-cmd --permanent --add-port=9001/udp
|
|||||||
sudo firewall-cmd --permanent --add-port=6771/udp
|
sudo firewall-cmd --permanent --add-port=6771/udp
|
||||||
```
|
```
|
||||||
|
|
||||||
- `9001/udp` is Yggdrasil automatic peering, although link-local and
|
- `9001/udp` is Yggdrasil automatic peering, although link-local and unlikely to
|
||||||
unlikely to be recognised by predefined rules.
|
be recognised by predefined rules.
|
||||||
- `6771/udp` is [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
- `6771/udp` is
|
||||||
|
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
|
||||||
|
50
n/gpg.md
50
n/gpg.md
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: GPG notes without a better place
|
title: GPG notes without a better place
|
||||||
excerpt: Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on Keybase.
|
excerpt:
|
||||||
|
Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on
|
||||||
|
Keybase.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/gpg.html
|
permalink: /n/gpg.html
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -42,8 +44,8 @@ robots: noai
|
|||||||
|
|
||||||
## Ed25519 (or future default) key creation
|
## Ed25519 (or future default) key creation
|
||||||
|
|
||||||
To create an Ed25519 key, or whatever will be the default version in the
|
To create an Ed25519 key, or whatever will be the default version in the future
|
||||||
future as defined by your GPG version:
|
as defined by your GPG version:
|
||||||
|
|
||||||
```
|
```
|
||||||
gpg2 --quick-gen-key address@domain.example future-default
|
gpg2 --quick-gen-key address@domain.example future-default
|
||||||
@ -59,26 +61,28 @@ deluid # to delete the uid which doesn't contain your name
|
|||||||
save
|
save
|
||||||
```
|
```
|
||||||
|
|
||||||
\* [OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
|
\*
|
||||||
|
[OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
|
||||||
|
|
||||||
Then you are ready to publish the public key however you generally publish
|
Then you are ready to publish the public key however you generally publish it,
|
||||||
it, preferably in multiple places from where some recognise revokation
|
preferably in multiple places from where some recognise revokation certificates
|
||||||
certificates if the time ever comes.
|
if the time ever comes.
|
||||||
|
|
||||||
NOTE: You can extend the expiry time of an expired gpg signature by issuing
|
NOTE: You can extend the expiry time of an expired gpg signature by issuing the
|
||||||
the `expire` command in `--edit-key` and the key is valid again when the
|
`expire` command in `--edit-key` and the key is valid again when the update is
|
||||||
update is reimported to gpg keyrings by other people.
|
reimported to gpg keyrings by other people.
|
||||||
|
|
||||||
## Keybase
|
## Keybase
|
||||||
|
|
||||||
To publish the key `keybase pgp select --multi` (where multi
|
To publish the key `keybase pgp select --multi` (where multi is required for
|
||||||
is required for multiple PGP keys per account) and to submit changes to it,
|
multiple PGP keys per account) and to submit changes to it,
|
||||||
`keybase pgp update --all` (where --all is again necessary only if you have
|
`keybase pgp update --all` (where --all is again necessary only if you have
|
||||||
multiple keys).
|
multiple keys).
|
||||||
|
|
||||||
## Claws-mail note that is somewhat related.
|
## Claws-mail note that is somewhat related.
|
||||||
|
|
||||||
Debian: `sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
|
Debian:
|
||||||
|
`sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
|
||||||
|
|
||||||
Load plugins from Configuration (menu) --> Plugins --> Load, they are all
|
Load plugins from Configuration (menu) --> Plugins --> Load, they are all
|
||||||
somewhere in `/usr/lib/x86_64-linux-gnu/claws-mail/plugins` or similar path.
|
somewhere in `/usr/lib/x86_64-linux-gnu/claws-mail/plugins` or similar path.
|
||||||
@ -103,17 +107,19 @@ xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
|
|||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Note the empty line in the end, as PGP/INLINE is the way to sign emails,
|
Note the empty line in the end, as PGP/INLINE is the way to sign emails, it the
|
||||||
it the PGP signature comes after it and in my opinion looks a bit cleaner
|
PGP signature comes after it and in my opinion looks a bit cleaner with the
|
||||||
with the signature ending to an empty line.
|
signature ending to an empty line.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## WKD
|
## WKD
|
||||||
|
|
||||||
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from
|
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from Matt Rude
|
||||||
Matt Rude whose page is NXDOMAIN and not in Wayback Machine. [What I find is](https://openpgpkey.mattrude.com/)
|
whose page is NXDOMAIN and not in Wayback Machine.
|
||||||
pointers to [1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS) [3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
|
[What I find is](https://openpgpkey.mattrude.com/) pointers to
|
||||||
|
[1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS)
|
||||||
|
[3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
|
||||||
|
|
||||||
Requires a control over domain/.well-known and email under that domain.
|
Requires a control over domain/.well-known and email under that domain.
|
||||||
|
|
||||||
@ -126,7 +132,8 @@ Requires a control over domain/.well-known and email under that domain.
|
|||||||
7. in Jekyll `_config.yml` ensure existence of `include: [.well-known]` if
|
7. in Jekyll `_config.yml` ensure existence of `include: [.well-known]` if
|
||||||
applicable.
|
applicable.
|
||||||
8. deploy
|
8. deploy
|
||||||
9. test with `gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
|
9. test with
|
||||||
|
`gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
|
||||||
|
|
||||||
NOTE: The empty `policy` goes to the `openpgpkey` directory, not `hu` (I
|
NOTE: The empty `policy` goes to the `openpgpkey` directory, not `hu` (I
|
||||||
initially failed at this part)
|
initially failed at this part)
|
||||||
@ -144,7 +151,8 @@ commands in `gpg --edit-key "key fingerprint here"`:
|
|||||||
- Add notations: `notation`
|
- Add notations: `notation`
|
||||||
- Remove notations: `notation` from `showpref` with a `-` in the beginning
|
- Remove notations: `notation` from `showpref` with a `-` in the beginning
|
||||||
|
|
||||||
Don't forget to `gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
|
Don't forget to
|
||||||
|
`gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
|
||||||
|
|
||||||
### Keyoxide docs
|
### Keyoxide docs
|
||||||
|
|
||||||
|
94
n/helen.md
94
n/helen.md
@ -15,7 +15,9 @@ hattiwattlowprice: "10 c/kWh"
|
|||||||
lang: fi
|
lang: fi
|
||||||
---
|
---
|
||||||
|
|
||||||
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
Tuntihinta @
|
||||||
|
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
|
||||||
|
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -40,28 +42,49 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
|
|||||||
|
|
||||||
Helen markkinahintasähkö kuukaudelle {{ page.month }} on {{ page.monthly }}.
|
Helen markkinahintasähkö kuukaudelle {{ page.month }} on {{ page.monthly }}.
|
||||||
|
|
||||||
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }}, siirron marginaali {{ page.distributionmargin }}.
|
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }},
|
||||||
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
|
siirron marginaali {{ page.distributionmargin }}.
|
||||||
|
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali
|
||||||
|
{{ page.stockmargin }}.
|
||||||
|
|
||||||
## Yhtälöt Tuntihinnalle
|
## Yhtälöt Tuntihinnalle
|
||||||
|
|
||||||
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
||||||
|
|
||||||
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helenin markkinasähköhinta + siirtohinta kWh)
|
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
|
||||||
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2), **_pyöristettynä alaspäin_**
|
(Helenin markkinasähköhinta + siirtohinta kWh)
|
||||||
- Marginaali: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh + pörssisähkön marginaali).
|
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
|
||||||
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli {{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
|
2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2),
|
||||||
- Kallis: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin korkea hinta + Marginaali)
|
**_pyöristettynä alaspäin_**
|
||||||
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
|
- Marginaali: <strong>{{ page.distributionmargin }} +
|
||||||
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli {{ page.hattiwatthighprice }} ja halvan olevan alle {{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
|
{{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh +
|
||||||
- Halpa: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin matala hinta + Marginaali)
|
pörssisähkön marginaali).
|
||||||
- Kallis: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin korkea hinta + Marginaali)
|
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli
|
||||||
|
{{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
|
||||||
|
- Kallis: <strong>{{ page.omahelenhighprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin
|
||||||
|
korkea hinta + Marginaali)
|
||||||
|
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
|
||||||
|
{{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
|
||||||
|
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli
|
||||||
|
{{ page.hattiwatthighprice }} ja halvan olevan alle
|
||||||
|
{{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
|
||||||
|
- Halpa: <strong>{{ page.hattiwattlowprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
|
||||||
|
matala hinta + Marginaali)
|
||||||
|
- Kallis: <strong>{{ page.hattiwatthighprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
|
||||||
|
korkea hinta + Marginaali)
|
||||||
|
|
||||||
## Lähteet
|
## Lähteet
|
||||||
|
|
||||||
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta) määrittää kalliin hinnan.
|
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta)
|
||||||
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
|
määrittää kalliin hinnan.
|
||||||
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin asiakaslehdessä.
|
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii
|
||||||
|
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
|
||||||
|
edullisesti.
|
||||||
|
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin
|
||||||
|
asiakaslehdessä.
|
||||||
|
|
||||||
<div lang="en">
|
<div lang="en">
|
||||||
|
|
||||||
@ -69,27 +92,44 @@ _Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
|||||||
|
|
||||||
Helen's monthly market price for month {{ page.month }} is {{ page.monthly }}.
|
Helen's monthly market price for month {{ page.month }} is {{ page.monthly }}.
|
||||||
|
|
||||||
- Distribution price: {{ page.basicdistribution }} and {{ page.distributionmargin }}.
|
- Distribution price: {{ page.basicdistribution }} and
|
||||||
|
{{ page.distributionmargin }}.
|
||||||
- Stock price: {{ page.basicstock }} and {{ page.stockmargin }}.
|
- Stock price: {{ page.basicstock }} and {{ page.stockmargin }}.
|
||||||
|
|
||||||
## Equations for Tuntihinta
|
## Equations for Tuntihinta
|
||||||
|
|
||||||
_Jekyll doesn't allow maths directly for infosec reasons._
|
_Jekyll doesn't allow maths directly for infosec reasons._
|
||||||
|
|
||||||
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helen's Market Price Electricity + distribution margin)
|
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
|
||||||
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helen's Market Price Electricity + distribution margin / 2), **_round down_**
|
(Helen's Market Price Electricity + distribution margin)
|
||||||
- Margin: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Distribution fee + stock margin)
|
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
|
||||||
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over {{ page.omahelenhighprice }} as expensive, so alternative equations are:
|
2</strong> (Helen's Market Price Electricity + distribution margin / 2),
|
||||||
- Expensive: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's high price + Margin)
|
**_round down_**
|
||||||
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
|
- Margin: <strong>{{ page.distributionmargin }} +
|
||||||
- [HattiWatt](https://hattiwatt.com/) again treats over {{ page.hattiwatthighprice }} as high price with low price being {{ page.hattiwattlowprice }}. It however shows price in traffic lights.
|
{{ page.stockmargin }}</strong> (Distribution fee + stock margin)
|
||||||
- Cheap: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's low price + Margin))
|
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over
|
||||||
- Expensive: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's high price + Margin)
|
{{ page.omahelenhighprice }} as expensive, so alternative equations are:
|
||||||
|
- Expensive: <strong>{{ page.omahelenhighprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's
|
||||||
|
high price + Margin)
|
||||||
|
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
|
||||||
|
{{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
|
||||||
|
- [HattiWatt](https://hattiwatt.com/) again treats over
|
||||||
|
{{ page.hattiwatthighprice }} as high price with low price being
|
||||||
|
{{ page.hattiwattlowprice }}. It however shows price in traffic lights.
|
||||||
|
- Cheap: <strong>{{ page.hattiwattlowprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
|
||||||
|
low price + Margin))
|
||||||
|
- Expensive: <strong>{{ page.hattiwatthighprice }} +
|
||||||
|
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
|
||||||
|
high price + Margin)
|
||||||
|
|
||||||
## Sources
|
## Sources
|
||||||
|
|
||||||
- Definition of monthly plan price: [Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
|
- Definition of monthly plan price:
|
||||||
- They use it all month following stock market price and trying to get their own citation.
|
[Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
|
||||||
|
- They use it all month following stock market price and trying to get their
|
||||||
|
own citation.
|
||||||
- Distribution is in _Oma Helen_ and changes are announced in their newspaper.
|
- Distribution is in _Oma Helen_ and changes are announced in their newspaper.
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,7 +1,11 @@
|
|||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Notes
|
title: Notes
|
||||||
excerpt: You have discovered my notes listing, where I ramble about random subjects for future me, so I don't have to rediscover the things again. I tend to access these with direct link, but for your benefit, they are also listed here. It is not without realm of possibility for you to be reading this page already.
|
excerpt:
|
||||||
|
You have discovered my notes listing, where I ramble about random subjects for
|
||||||
|
future me, so I don't have to rediscover the things again. I tend to access
|
||||||
|
these with direct link, but for your benefit, they are also listed here. It is
|
||||||
|
not without realm of possibility for you to be reading this page already.
|
||||||
permalink: /n/index.html
|
permalink: /n/index.html
|
||||||
redirect_from: /n/n.html
|
redirect_from: /n/n.html
|
||||||
navigation: true
|
navigation: true
|
||||||
|
@ -9,10 +9,12 @@ lang: en
|
|||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
> Keyoxide is a decentralized tool to create and verify decentralized online identities.
|
> Keyoxide is a decentralized tool to create and verify decentralized online
|
||||||
|
> identities.
|
||||||
|
|
||||||
- For painful OpenPGP proofs using notations refer to [n/gpg](/n/gpg.html).
|
- For painful OpenPGP proofs using notations refer to [n/gpg](/n/gpg.html).
|
||||||
- For ASP profiles [Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
|
- For ASP profiles
|
||||||
|
[Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
|
||||||
- [n/obtainium](/n/obtainium.html) is that way.
|
- [n/obtainium](/n/obtainium.html) is that way.
|
||||||
|
|
||||||
## My ASP profile
|
## My ASP profile
|
||||||
@ -21,6 +23,8 @@ robots: noai
|
|||||||
|
|
||||||
### Proofs
|
### Proofs
|
||||||
|
|
||||||
- Plain: [`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
|
- Plain:
|
||||||
|
[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
|
||||||
- <code>[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)</code>
|
- <code>[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)</code>
|
||||||
- Hashed: `$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`
|
- Hashed:
|
||||||
|
`$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`
|
||||||
|
23
n/ksoy.md
23
n/ksoy.md
@ -11,7 +11,9 @@ stockmargin: "0.23 c/kWh"
|
|||||||
lang: fi
|
lang: fi
|
||||||
---
|
---
|
||||||
|
|
||||||
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
Tuntihinta @
|
||||||
|
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
|
||||||
|
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -33,19 +35,26 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
|
|||||||
|
|
||||||
_Siirtohinnasto ei tiedossa, joten se ei ole mukana yhtälöissä._
|
_Siirtohinnasto ei tiedossa, joten se ei ole mukana yhtälöissä._
|
||||||
|
|
||||||
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on {{ page.monthly }}.
|
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on
|
||||||
|
{{ page.monthly }}.
|
||||||
|
|
||||||
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
|
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali
|
||||||
|
{{ page.stockmargin }}.
|
||||||
|
|
||||||
## Yhtälöt Tuntihinnalle
|
## Yhtälöt Tuntihinnalle
|
||||||
|
|
||||||
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
|
||||||
|
|
||||||
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen hinta)
|
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen
|
||||||
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen hinta / 2), **_pyöristettynä alaspäin_**
|
hinta)
|
||||||
|
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen
|
||||||
|
hinta / 2), **_pyöristettynä alaspäin_**
|
||||||
- Marginaali: <strong>{{ page.stockmargin }}</strong> (pörssisähkön marginaali).
|
- Marginaali: <strong>{{ page.stockmargin }}</strong> (pörssisähkön marginaali).
|
||||||
|
|
||||||
## Lähteet
|
## Lähteet
|
||||||
|
|
||||||
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/) määrittää kalliin hinnan.
|
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/)
|
||||||
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
|
määrittää kalliin hinnan.
|
||||||
|
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii
|
||||||
|
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
|
||||||
|
edullisesti.
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Quick localectl config
|
title: Quick localectl config
|
||||||
excerpt: Reminder on systemd keyboard and language settings, also including more regionally tailored ones.
|
excerpt:
|
||||||
|
Reminder on systemd keyboard and language settings, also including more
|
||||||
|
regionally tailored ones.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/localectl.html
|
permalink: /n/localectl.html
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -49,22 +51,24 @@ sudo localectl set-x11-locale fi
|
|||||||
sudo localectl set-locale LANG=en_IE.UTF-8 LC_TIME=en_DK.UTF-8 LC_MONETARY=fi_FI.UTF-8 LC_NAME=fi_FI.UTF-8 LC_TELEPHONE=fi_FI.UTF-8
|
sudo localectl set-locale LANG=en_IE.UTF-8 LC_TIME=en_DK.UTF-8 LC_MONETARY=fi_FI.UTF-8 LC_NAME=fi_FI.UTF-8 LC_TELEPHONE=fi_FI.UTF-8
|
||||||
```
|
```
|
||||||
|
|
||||||
- Everything will be in English, but time will be in ISO 8601, financial units use Finnish separators, names are sorted according to Finnish alphabet (a, …, x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
|
- Everything will be in English, but time will be in ISO 8601, financial units
|
||||||
|
use Finnish separators, names are sorted according to Finnish alphabet (a, …,
|
||||||
|
x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
|
||||||
|
|
||||||
## Explanations
|
## Explanations
|
||||||
|
|
||||||
- LANG is the language and defaults for other variables if they are unset.
|
- LANG is the language and defaults for other variables if they are unset. en_DK
|
||||||
en_DK gives ISO 8601 date format for everything respecting LC_TIME.
|
gives ISO 8601 date format for everything respecting LC_TIME.
|
||||||
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`,
|
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`, while
|
||||||
while `LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
|
`LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
|
||||||
- LC_MONETARY sets the currency and how sums of it are managed.
|
- LC_MONETARY sets the currency and how sums of it are managed.
|
||||||
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish
|
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish which
|
||||||
which probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
|
probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
|
||||||
understands Mx.
|
understands Mx.
|
||||||
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it
|
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it defaults
|
||||||
defaults international numbers to +358 and I am more likely to be typing
|
international numbers to +358 and I am more likely to be typing Finnish
|
||||||
Finnish numbers than Irish. I imagine it can affect office tools, and
|
numbers than Irish. I imagine it can affect office tools, and it's here more
|
||||||
it's here more of just in case.
|
of just in case.
|
||||||
|
|
||||||
And naturally to use these locales, they must be compiled.
|
And naturally to use these locales, they must be compiled.
|
||||||
|
|
||||||
@ -78,13 +82,12 @@ fi_FI.UTF-8 UTF-8
|
|||||||
|
|
||||||
and as always, after editing that file, you must run `sudo locale-gen`.
|
and as always, after editing that file, you must run `sudo locale-gen`.
|
||||||
|
|
||||||
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges
|
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges the
|
||||||
the editing and locale-gen and that is probably what you are supposed to
|
editing and locale-gen and that is probably what you are supposed to use.)
|
||||||
use.)
|
|
||||||
|
|
||||||
It seems like I didn't even say anything about that UTF-8 part, but
|
It seems like I didn't even say anything about that UTF-8 part, but it's 2024
|
||||||
it's 2024 and everything is UTF-8 (or your things are horribly broken
|
and everything is UTF-8 (or your things are horribly broken and the rest of the
|
||||||
and the rest of the world hates you).
|
world hates you).
|
||||||
|
|
||||||
Sources/thanks:
|
Sources/thanks:
|
||||||
|
|
||||||
@ -92,32 +95,37 @@ Sources/thanks:
|
|||||||
- [Locale Helper: en_IE](https://lh.2xlibre.net/locale/en_IE/)
|
- [Locale Helper: en_IE](https://lh.2xlibre.net/locale/en_IE/)
|
||||||
- [Locale Helper: fi_FI](https://lh.2xlibre.net/locale/fi_FI/)
|
- [Locale Helper: fi_FI](https://lh.2xlibre.net/locale/fi_FI/)
|
||||||
- [Wikipedia: UTF-8](https://en.wikipedia.org/wiki/UTF-8)
|
- [Wikipedia: UTF-8](https://en.wikipedia.org/wiki/UTF-8)
|
||||||
- Random misplaced advice: disable charset fallback in your
|
- Random misplaced advice: disable charset fallback in your IRC client and be
|
||||||
IRC client and be UTF-8 only! You will see when someone is not
|
UTF-8 only! You will see when someone is not using UTF-8 and won't submit
|
||||||
using UTF-8 and won't submit useless bug reports to
|
useless bug reports to bots/bridges/whatever that are UTF-8 only (as
|
||||||
bots/bridges/whatever that are UTF-8 only (as supporting every
|
supporting every charset is impossible, since IRC has nothing to declare
|
||||||
charset is impossible, since IRC has nothing to declare character
|
character set, and there is zero reason why you wouln't be using UTF-8! Well
|
||||||
set, and there is zero reason why you wouln't be using UTF-8! Well nowadays
|
nowadays some have
|
||||||
some have [IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
|
[IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
|
||||||
- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)
|
- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)
|
||||||
- You should read it or at least be aware of it especially if you are
|
- You should read it or at least be aware of it especially if you are in
|
||||||
in contact with people from other countries and even more if you
|
contact with people from other countries and even more if you are in
|
||||||
are in international communities trying to get anything done with
|
international communities trying to get anything done with anything that has
|
||||||
anything that has to do with time or date!
|
to do with time or date!
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me
|
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me from
|
||||||
from changing language of GNOME and `sudo dpkg-reconfigure locales` in the
|
changing language of GNOME and `sudo dpkg-reconfigure locales` in the end gave
|
||||||
end gave me `*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
|
me
|
||||||
|
`*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
|
||||||
|
|
||||||
Either I was wrong on it being list of fallback languages I wish to use, or
|
Either I was wrong on it being list of fallback languages I wish to use, or
|
||||||
GNOME has different view on it, but as I think I have seen errors related
|
GNOME has different view on it, but as I think I have seen errors related to it
|
||||||
to it before, I will drop `LANGUAGE` from the variables I set.
|
before, I will drop `LANGUAGE` from the variables I set.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my [`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc) works fine as it gets read before my [`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway) anyway.
|
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my
|
||||||
|
[`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc)
|
||||||
|
works fine as it gets read before my
|
||||||
|
[`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway)
|
||||||
|
anyway.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Spoilers on Matrix protocol
|
title: Spoilers on Matrix protocol
|
||||||
excerpt: Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element Web.
|
excerpt:
|
||||||
|
Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element
|
||||||
|
Web.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/matrixspoilers.html
|
permalink: /n/matrixspoilers.html
|
||||||
redirect_from:
|
redirect_from:
|
||||||
@ -15,10 +17,10 @@ The Matrix specification supports spoilers since version 1.1:
|
|||||||
|
|
||||||
- [Spoiler messages at Client-Server API of Matrix Specification](https://spec.matrix.org/latest/client-server-api/#spoiler-messages)
|
- [Spoiler messages at Client-Server API of Matrix Specification](https://spec.matrix.org/latest/client-server-api/#spoiler-messages)
|
||||||
|
|
||||||
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when
|
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when the
|
||||||
the spoiler is in the following format; `||Reason why this is a spoiler|Actually
|
spoiler is in the following format;
|
||||||
spoilered text.||` It can also be in-line and a spoiler without reason is just
|
`||Reason why this is a spoiler|Actually spoilered text.||` It can also be
|
||||||
`||spoiler goes here||`.
|
in-line and a spoiler without reason is just `||spoiler goes here||`.
|
||||||
|
|
||||||
Element Web supports whole message spoilers through the `/spoiler` command.
|
Element Web supports whole message spoilers through the `/spoiler` command.
|
||||||
|
|
||||||
@ -28,9 +30,8 @@ Other clients supporting formatting may have to enter the HTML directly e.g.:
|
|||||||
<span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
<span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
||||||
```
|
```
|
||||||
|
|
||||||
Some clients, like Nheko, have a `/plain` command to disable formatting for
|
Some clients, like Nheko, have a `/plain` command to disable formatting for that
|
||||||
that message which allows sending this message in plain text to help someone
|
message which allows sending this message in plain text to help someone else.
|
||||||
else.
|
|
||||||
|
|
||||||
```html
|
```html
|
||||||
/plain <span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
/plain <span data-mx-spoiler="REASON HERE">Spoilered text</span>
|
||||||
|
14
n/nomap.md
14
n/nomap.md
@ -19,10 +19,11 @@ excerpt: Previously a blog post, now a note on _nomap in SSID.
|
|||||||
|
|
||||||
_{{ page.excerpt }}_
|
_{{ page.excerpt }}_
|
||||||
|
|
||||||
`_nomap` in the end of your SSID will exclude your network from Google, Apple, WiGLE etc.
|
`_nomap` in the end of your SSID will exclude your network from Google, Apple,
|
||||||
|
WiGLE etc.
|
||||||
|
|
||||||
Microsoft has a separate [location services
|
Microsoft has a separate
|
||||||
opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
|
[location services opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
|
||||||
which uses MAC addresses instead.
|
which uses MAC addresses instead.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
@ -42,10 +43,13 @@ which uses MAC addresses instead.
|
|||||||
|
|
||||||
## Why?
|
## Why?
|
||||||
|
|
||||||
Privacy. WiGLE.net may point your home directly just by entering the SSID and who knows how many similar services there are. While I have been thinking of this since 2015, there is at least one case where this has been used:
|
Privacy. WiGLE.net may point your home directly just by entering the SSID and
|
||||||
|
who knows how many similar services there are. While I have been thinking of
|
||||||
|
this since 2015, there is at least one case where this has been used:
|
||||||
|
|
||||||
- [Christian Haschek: The curious case of the Raspberry Pi in the network closet](https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html)
|
- [Christian Haschek: The curious case of the Raspberry Pi in the network closet](https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html)
|
||||||
|
|
||||||
## `_optout`
|
## `_optout`
|
||||||
|
|
||||||
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi networks and passwords to all contacts.
|
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi
|
||||||
|
networks and passwords to all contacts.
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Obtainiun
|
title: Obtainiun
|
||||||
excerpt: Obtainium downloads apps directly from forge/whatever without need for app stores and theoretically I can bootstrap it by copy-pasting the txt linked below into it, especially on devices that Google doesn't smile upon.
|
excerpt:
|
||||||
|
Obtainium downloads apps directly from forge/whatever without need for app
|
||||||
|
stores and theoretically I can bootstrap it by copy-pasting the txt linked
|
||||||
|
below into it, especially on devices that Google doesn't smile upon.
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/obtainium.html
|
permalink: /n/obtainium.html
|
||||||
sitemap: true
|
sitemap: true
|
||||||
@ -10,18 +13,20 @@ robots: noai
|
|||||||
|
|
||||||
_{{ page.excerpt }}_
|
_{{ page.excerpt }}_
|
||||||
|
|
||||||
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from forge/whatever without need for app
|
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from
|
||||||
stores and theoretically I can bootstrap it by copy-pasting the txt linked
|
forge/whatever without need for app stores and theoretically I can bootstrap it
|
||||||
below into it, especially on devices that Google doesn't smile upon.
|
by copy-pasting the txt linked below into it, especially on devices that Google
|
||||||
|
doesn't smile upon.
|
||||||
|
|
||||||
- [Obtainium's latest release](https://github.com/ImranR98/Obtainium/releases/latest)
|
- [Obtainium's latest release](https://github.com/ImranR98/Obtainium/releases/latest)
|
||||||
|
|
||||||
See also [2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
|
See also
|
||||||
|
[2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
|
||||||
regardless of my list containing F-Droids. Regarding that, **prefer
|
regardless of my list containing F-Droids. Regarding that, **prefer
|
||||||
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over
|
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over F-Droid**
|
||||||
F-Droid** whenever possible (if nearby features aren't required)
|
whenever possible (if nearby features aren't required) as it addesses some
|
||||||
as it addesses some issues such as targeting higher API version and having
|
issues such as targeting higher API version and having automatic updates on
|
||||||
automatic updates on Android 12+.
|
Android 12+.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -43,8 +48,10 @@ automatic updates on Android 12+.
|
|||||||
|
|
||||||
## Importable app list
|
## Importable app list
|
||||||
|
|
||||||
- For apps that don't require API keys to be entered into Obtainium, see [txt/obtainium.txt](/txt/obtainium.txt).
|
- For apps that don't require API keys to be entered into Obtainium, see
|
||||||
- For apps that require GitHub or GitLab API key to be entered into Obtainium, see [txt/obtainium2.txt](/txt/obtainium2.txt)
|
[txt/obtainium.txt](/txt/obtainium.txt).
|
||||||
|
- For apps that require GitHub or GitLab API key to be entered into Obtainium,
|
||||||
|
see [txt/obtainium2.txt](/txt/obtainium2.txt)
|
||||||
|
|
||||||
## Third party F-Droid repositories
|
## Third party F-Droid repositories
|
||||||
|
|
||||||
@ -67,34 +74,57 @@ _However I would use [the F-Droid repositories directly](/n/f-droid.html)._
|
|||||||
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.malwarescanner`
|
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.malwarescanner`
|
||||||
- Hypatia malware scanner. Third party F-Droid repo.
|
- Hypatia malware scanner. Third party F-Droid repo.
|
||||||
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.fennec_dos`
|
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.fennec_dos`
|
||||||
- Mull Browser (not to be confused with Mullvad). Often suggested as the closest to [LibreWolf](https://librewolf.net)
|
- Mull Browser (not to be confused with Mullvad). Often suggested as the
|
||||||
on Android. Third party F-Droid repo.
|
closest to [LibreWolf](https://librewolf.net) on Android. Third party
|
||||||
|
F-Droid repo.
|
||||||
|
|
||||||
## App Stores
|
## App Stores
|
||||||
|
|
||||||
_Always exercise caution when installing apps, even from Google Play Store!_
|
_Always exercise caution when installing apps, even from Google Play Store!_
|
||||||
|
|
||||||
- `https://github.com/accrescent/accrescent`
|
- `https://github.com/accrescent/accrescent`
|
||||||
- Accrescent is a recent App Store which I have seen recommended especially in privacy circles, while it's a bit plain and doesn't have much selection yet.
|
- Accrescent is a recent App Store which I have seen recommended especially in
|
||||||
|
privacy circles, while it's a bit plain and doesn't have much selection yet.
|
||||||
- `https://apkpure.net/apkpure/com.apkpure.aegon`
|
- `https://apkpure.net/apkpure/com.apkpure.aegon`
|
||||||
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker and even then would keep my family away from it.
|
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker
|
||||||
|
and even then would keep my family away from it.
|
||||||
- `https://gitlab.com/AuroraOSS/AuroraStore`
|
- `https://gitlab.com/AuroraOSS/AuroraStore`
|
||||||
- Open source and anonymous interface for Google Play Store. Google doesn't like it, so the accounts often don't work, which is the reason this section has so many apps regardless of the common advice to install nothing outside of Play Store (that I obviously disagree with as there are dangerous and unwanted apps there too).
|
- Open source and anonymous interface for Google Play Store. Google doesn't
|
||||||
|
like it, so the accounts often don't work, which is the reason this section
|
||||||
|
has so many apps regardless of the common advice to install nothing outside
|
||||||
|
of Play Store (that I obviously disagree with as there are dangerous and
|
||||||
|
unwanted apps there too).
|
||||||
- `https://f-droid.org/packages/org.fdroid.fdroid`
|
- `https://f-droid.org/packages/org.fdroid.fdroid`
|
||||||
- FOSS-only app store with support for additional [repositories](/n/f-droid.html). I prefer the Basic version though, see below.
|
- FOSS-only app store with support for additional
|
||||||
|
[repositories](/n/f-droid.html). I prefer the Basic version though, see
|
||||||
|
below.
|
||||||
- `https://f-droid.org/packages/org.fdroid.basic`
|
- `https://f-droid.org/packages/org.fdroid.basic`
|
||||||
- F-Droid without local application sharing. Used to target higher API level than the main app allowing automatic updates for apps targeting recent enough app version. This is what I recommend and have installed for family for years.
|
- F-Droid without local application sharing. Used to target higher API level
|
||||||
|
than the main app allowing automatic updates for apps targeting recent
|
||||||
|
enough app version. This is what I recommend and have installed for family
|
||||||
|
for years.
|
||||||
- `https://github.com/Tobi823/ffupdater`
|
- `https://github.com/Tobi823/ffupdater`
|
||||||
- Installer and updater for privacy friendly browsers (and itself), including, but not limited to Firefox, Chromium and other browsers based on them (except obviously not Google Chrome). Would install for family, if they didn't have Google Play Store.
|
- Installer and updater for privacy friendly browsers (and itself), including,
|
||||||
|
but not limited to Firefox, Chromium and other browsers based on them
|
||||||
|
(except obviously not Google Chrome). Would install for family, if they
|
||||||
|
didn't have Google Play Store.
|
||||||
- `https://appgallery.huawei.com/app/C27162`
|
- `https://appgallery.huawei.com/app/C27162`
|
||||||
- Huawei App Gallery. I don't think I recommend it, unless it comes with your phone, but it's nice to know it exists and can be installed?
|
- Huawei App Gallery. I don't think I recommend it, unless it comes with your
|
||||||
|
phone, but it's nice to know it exists and can be installed?
|
||||||
- `https://github.com/ImranR98/Obtainium`
|
- `https://github.com/ImranR98/Obtainium`
|
||||||
- An app downloader that can install apps directly from the publishers, a few other app stores and F-Droid repositories (see an earlier section on this page). But you should know that already considering this page is of no interest to anyone else than Obtainium users (and mainly only me).
|
- An app downloader that can install apps directly from the publishers, a few
|
||||||
|
other app stores and F-Droid repositories (see an earlier section on this
|
||||||
|
page). But you should know that already considering this page is of no
|
||||||
|
interest to anyone else than Obtainium users (and mainly only me).
|
||||||
- `https://uptodown-android.en.uptodown.com/android`
|
- `https://uptodown-android.en.uptodown.com/android`
|
||||||
- Uptodown app store, pleasant interface and not so intrusive advertising
|
- Uptodown app store, pleasant interface and not so intrusive advertising as
|
||||||
as opposed to APK Pure. I would consider installing it for a family member, should they reach ??? apps outside of Play Store that it offers (such as AdGuard (which Google again dislikes), Telegram.org/Android...)
|
opposed to APK Pure. I would consider installing it for a family member,
|
||||||
|
should they reach ??? apps outside of Play Store that it offers (such as
|
||||||
|
AdGuard (which Google again dislikes), Telegram.org/Android...)
|
||||||
- `https://lite-uptodown-app-store.en.uptodown.com/android`
|
- `https://lite-uptodown-app-store.en.uptodown.com/android`
|
||||||
- Lighter version for less powerful phones, thinking of you Android Go Edition, or certain other 8 GB memory phones. Additionally Google is stripped out of it.
|
- Lighter version for less powerful phones, thinking of you Android Go
|
||||||
|
Edition, or certain other 8 GB memory phones. Additionally Google is
|
||||||
|
stripped out of it.
|
||||||
|
|
||||||
## Other noteworthy apps:
|
## Other noteworthy apps:
|
||||||
|
|
||||||
|
@ -41,13 +41,16 @@ _{{ page.excerpt }}_
|
|||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0` or probably just `pnpm install -D` if it's not your project.
|
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0`
|
||||||
1. If they don't exist already `echo "{}" > .prettierrc && touch .prettierignore`
|
or probably just `pnpm install -D` if it's not your project.
|
||||||
|
1. If they don't exist already
|
||||||
|
`echo "{}" > .prettierrc && touch .prettierignore`
|
||||||
1. `pnpm exec prettier . --write` or `pnpm exec prettier . --check`
|
1. `pnpm exec prettier . --write` or `pnpm exec prettier . --check`
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
I do with `.editorconfig` what I can, but for example my template `.prettierrc` looks like:
|
I do with `.editorconfig` what I can, but for example my template `.prettierrc`
|
||||||
|
looks like:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@ -68,7 +71,8 @@ I do with `.editorconfig` what I can, but for example my template `.prettierrc`
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
at the time of writing. It's directly from documentation excluding the plugin names, but I will want it everywhere.
|
at the time of writing. It's directly from documentation excluding the plugin
|
||||||
|
names, but I will want it everywhere.
|
||||||
|
|
||||||
## `.pre-commit-config.yaml`
|
## `.pre-commit-config.yaml`
|
||||||
|
|
||||||
@ -76,7 +80,11 @@ This is the file that controls [`pre-commit`]s behaviour.
|
|||||||
|
|
||||||
### Offline
|
### Offline
|
||||||
|
|
||||||
I accidentally wrote this while updating this page to reflect me using prettier outside of [`pre-commit`] too nowadays. This has the advantage that the same local environment gets reused and dependencies are managed centrally, but assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues I am not thinking of as a not-coder myself.
|
I accidentally wrote this while updating this page to reflect me using prettier
|
||||||
|
outside of [`pre-commit`] too nowadays. This has the advantage that the same
|
||||||
|
local environment gets reused and dependencies are managed centrally, but
|
||||||
|
assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues
|
||||||
|
I am not thinking of as a not-coder myself.
|
||||||
|
|
||||||
[`pre-commit`]: https://pre-commit.com
|
[`pre-commit`]: https://pre-commit.com
|
||||||
[`pre-commit` ci]: https://pre-commit.ci
|
[`pre-commit` ci]: https://pre-commit.ci
|
||||||
|
@ -13,8 +13,8 @@ sitemap: false
|
|||||||
lang: fi
|
lang: fi
|
||||||
---
|
---
|
||||||
|
|
||||||
Uudet puhelimet: https://android.com/one
|
Uudet puhelimet: https://android.com/one LineageOS-yhteensopivuus:
|
||||||
LineageOS-yhteensopivuus: https://wiki.lineageos.org/devices/
|
https://wiki.lineageos.org/devices/
|
||||||
|
|
||||||
Käytettyjä puhelimia suomalaisilta tai suomenkielisiltä yrityksiltä:
|
Käytettyjä puhelimia suomalaisilta tai suomenkielisiltä yrityksiltä:
|
||||||
|
|
||||||
|
11
n/reuse.md
11
n/reuse.md
@ -35,12 +35,13 @@ SPDX-License-Identifier: CC-BY-SA-4.0
|
|||||||
|
|
||||||
> reuse is a tool for compliance with the REUSE recommendations.
|
> reuse is a tool for compliance with the REUSE recommendations.
|
||||||
|
|
||||||
says [their GitHub description](https://github.com/fsfe/reuse-tool) and
|
says [their GitHub description](https://github.com/fsfe/reuse-tool) and in
|
||||||
in practice this means having a license header in all files or alternatively
|
practice this means having a license header in all files or alternatively a
|
||||||
a `file.license` file. The tool can generate these, but I never remember
|
`file.license` file. The tool can generate these, but I never remember the
|
||||||
the commands.
|
commands.
|
||||||
|
|
||||||
For more detailed explanation, consult [reuse.software/tutorial](https://reuse.software/tutorial/)
|
For more detailed explanation, consult
|
||||||
|
[reuse.software/tutorial](https://reuse.software/tutorial/)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -11,9 +11,10 @@ sitemap: false
|
|||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
This is mostly based on [kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/) which also tells
|
This is mostly based on
|
||||||
more clearly what to do. These are my notes on what I have done on top of it
|
[kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/)
|
||||||
and probably not very much comprehensible by others than me.
|
which also tells more clearly what to do. These are my notes on what I have done
|
||||||
|
on top of it and probably not very much comprehensible by others than me.
|
||||||
|
|
||||||
<!-- editorconfig-checker-disable -->
|
<!-- editorconfig-checker-disable -->
|
||||||
<!-- prettier-ignore-start -->
|
<!-- prettier-ignore-start -->
|
||||||
@ -43,17 +44,17 @@ later.
|
|||||||
1. `sudo mkdir $(cat /etc/machine-id)` also note the machine-id, it's used a
|
1. `sudo mkdir $(cat /etc/machine-id)` also note the machine-id, it's used a
|
||||||
lot.
|
lot.
|
||||||
1. `sudo dnf install systemd-boot-unsigned sdubby -y`
|
1. `sudo dnf install systemd-boot-unsigned sdubby -y`
|
||||||
1. `cat /proc/cmdline` noting it, it will become included in
|
1. `cat /proc/cmdline` noting it, it will become included in `kernel_cmdline=""`
|
||||||
`kernel_cmdline=""` in `/etc/dracut.conf.d/99-cmdline.conf` (or other
|
in `/etc/dracut.conf.d/99-cmdline.conf` (or other freeform name as long as it
|
||||||
freeform name as long as it ends to .conf?) Might also be worth it to note
|
ends to .conf?) Might also be worth it to note other dracut configuration
|
||||||
other dracut configuration files including defaults
|
files including defaults `/usr/lib/dracut/dracut.conf.d`
|
||||||
`/usr/lib/dracut/dracut.conf.d`
|
|
||||||
1. TODO BOOTCTL INSTALL FROM ARCH WIKI?
|
1. TODO BOOTCTL INSTALL FROM ARCH WIKI?
|
||||||
1. TODO `printf "\tsudo mkdir /boot/%b/%b\n" "$MACHINEID" "$EXPECTEDKERNEL"`
|
1. TODO `printf "\tsudo mkdir /boot/%b/%b\n" "$MACHINEID" "$EXPECTEDKERNEL"`
|
||||||
1. TODO `printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
|
1. TODO
|
||||||
1. The original instructions said to `sudo dnf reinstall kernel-core`, but
|
`printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
|
||||||
this has deviated with systemd-uki. They also said to `sudo bootctl` to
|
1. The original instructions said to `sudo dnf reinstall kernel-core`, but this
|
||||||
see if it got installed properly before...
|
has deviated with systemd-uki. They also said to `sudo bootctl` to see if it
|
||||||
|
got installed properly before...
|
||||||
1. `sudo reboot`
|
1. `sudo reboot`
|
||||||
1. TODO: PROTECTED PACKAGES SHELL-THINGS!
|
1. TODO: PROTECTED PACKAGES SHELL-THINGS!
|
||||||
|
|
||||||
@ -64,9 +65,9 @@ the image, but that doesn't seem to be the case for UKI. TODO!
|
|||||||
|
|
||||||
# REMOVE ME UPON CONFIRMING THE ABOVE IS CORRECT
|
# REMOVE ME UPON CONFIRMING THE ABOVE IS CORRECT
|
||||||
|
|
||||||
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and base of this
|
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and
|
||||||
2. Anaconda inst.sdboot
|
base of this
|
||||||
3.efi mounttaus /efi, fstab
|
2. Anaconda inst.sdboot 3.efi mounttaus /efi, fstab
|
||||||
3. Mkdir /efi/machine-id
|
3. Mkdir /efi/machine-id
|
||||||
4. systemd-boot-unsigned sdubby
|
4. systemd-boot-unsigned sdubby
|
||||||
5. cat /proc/cmdline
|
5. cat /proc/cmdline
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Telegram language links
|
title: Telegram language links
|
||||||
excerpt: You have ended up to my note-to-self on languages of Telegram that I care about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
|
excerpt:
|
||||||
|
You have ended up to my note-to-self on languages of Telegram that I care
|
||||||
|
about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
|
||||||
layout: mini
|
layout: mini
|
||||||
permalink: /n/telegram.html
|
permalink: /n/telegram.html
|
||||||
redirect_from: /r/telegram.html
|
redirect_from: /r/telegram.html
|
||||||
|
18
n/telia.md
18
n/telia.md
@ -5,20 +5,24 @@ redirect_from: /r/telia.html
|
|||||||
sitemap: false
|
sitemap: false
|
||||||
lang: fi
|
lang: fi
|
||||||
locale: fi_FI
|
locale: fi_FI
|
||||||
excerpt: Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan häiriön tapahtumista.
|
excerpt:
|
||||||
|
Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän
|
||||||
|
verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan
|
||||||
|
häiriön tapahtumista.
|
||||||
---
|
---
|
||||||
|
|
||||||
_{{ page.excerpt }}_
|
_{{ page.excerpt }}_
|
||||||
|
|
||||||
Telian IPv6: https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
|
Telian IPv6:
|
||||||
|
https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
|
||||||
|
|
||||||
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon
|
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon vikatilanteesta
|
||||||
vikatilanteesta johtuen koko Suomessa hätäpuhelujen soittamisessa Telian
|
johtuen koko Suomessa hätäpuhelujen soittamisessa Telian liittymistä on
|
||||||
liittymistä on ilmennyt häiriöitä."
|
ilmennyt häiriöitä."
|
||||||
- https://yle.fi/uutiset/3-11083175 vaaratiedote ohi
|
- https://yle.fi/uutiset/3-11083175 vaaratiedote ohi
|
||||||
- 2020-02-12: https://yle.fi/uutiset/3-11205636 "Telian mobiiliverkossa oli
|
- 2020-02-12: https://yle.fi/uutiset/3-11205636 "Telian mobiiliverkossa oli
|
||||||
laaja vikatilanne "
|
laaja vikatilanne "
|
||||||
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia
|
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia yhteyksissä –
|
||||||
yhteyksissä – vikaa selvitellään parhaillaan, syy ei vielä selvillä"
|
vikaa selvitellään parhaillaan, syy ei vielä selvillä"
|
||||||
- 2020-09-21: https://yle.fi/uutiset/3-11554861 "Telian liittymissä oli
|
- 2020-09-21: https://yle.fi/uutiset/3-11554861 "Telian liittymissä oli
|
||||||
häiriöitä hätäpuheluiden soittamisessa – Vika on korjattu"
|
häiriöitä hätäpuheluiden soittamisessa – Vika on korjattu"
|
||||||
|
@ -9,9 +9,7 @@ lang: fi
|
|||||||
<div lang="fi">Käytettyjä enimmäkseen yrityskoneita suomalaisilta tai suomenkielisiltä
|
<div lang="fi">Käytettyjä enimmäkseen yrityskoneita suomalaisilta tai suomenkielisiltä
|
||||||
yrityksiltä:
|
yrityksiltä:
|
||||||
|
|
||||||
https://cimos.fi/
|
https://cimos.fi/ https://taitonetti.fi/ https://www.inrego.fi/
|
||||||
https://taitonetti.fi/
|
|
||||||
https://www.inrego.fi/
|
|
||||||
|
|
||||||
Katso myös /n/puhelin
|
Katso myös /n/puhelin
|
||||||
|
|
||||||
@ -19,13 +17,11 @@ Katso myös /n/puhelin
|
|||||||
|
|
||||||
<div lang="en">
|
<div lang="en">
|
||||||
|
|
||||||
International used devices (the goal of this note is business devices, but
|
International used devices (the goal of this note is business devices, but I am
|
||||||
I am unsure whether all here are):
|
unsure whether all here are):
|
||||||
|
|
||||||
Hungary:
|
Hungary: https://www.marseus.com/
|
||||||
https://www.marseus.com/
|
|
||||||
|
|
||||||
Czech Republic in Czech
|
Czech Republic in Czech https://www.gigacomputer.cz/
|
||||||
https://www.gigacomputer.cz/
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
@ -6,4 +6,5 @@ excerpt: "404, not found, don't bother clicking..."
|
|||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
Sorry, whatever you were looking for, is not here. Maybe the navigation bar above or on the top right on smaller displays will help you?
|
Sorry, whatever you were looking for, is not here. Maybe the navigation bar
|
||||||
|
above or on the top right on smaller displays will help you?
|
||||||
|
@ -2,100 +2,100 @@
|
|||||||
title: About me
|
title: About me
|
||||||
layout: page
|
layout: page
|
||||||
permalink: /about.html
|
permalink: /about.html
|
||||||
excerpt: "A little about me on transness, Asperger's syndrome/autism, feminism, asexuality & using Linux."
|
excerpt:
|
||||||
|
"A little about me on transness, Asperger's syndrome/autism, feminism,
|
||||||
|
asexuality & using Linux."
|
||||||
published: false
|
published: false
|
||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
<em>Even if I talk about these things openly here, I prefer that
|
<em>Even if I talk about these things openly here, I prefer that <strong>you
|
||||||
<strong>you don't talk about me being these minorities to anyone</strong>
|
don't talk about me being these minorities to anyone</strong> and <strong>let me
|
||||||
and <strong>let me tell by myself</strong> if I see reason to do it.
|
tell by myself</strong> if I see reason to do it. People interested enough can
|
||||||
People interested enough can put my name to any search engine and find here sooner or later.</em>
|
put my name to any search engine and find here sooner or later.</em>
|
||||||
|
|
||||||
<em>If you did out me, you would risk me being treated differently and
|
<em>If you did out me, you would risk me being treated differently and possibly
|
||||||
possibly cause dangerous concequences.</em>
|
cause dangerous concequences.</em>
|
||||||
|
|
||||||
On this page I am trying to explain myself more or those things that you
|
On this page I am trying to explain myself more or those things that you might
|
||||||
might wonder in my self-description. Some things that I explain here may
|
wonder in my self-description. Some things that I explain here may overlap with
|
||||||
overlap with different features.
|
different features.
|
||||||
|
|
||||||
_For more material about these things, please see [GRSM links](/links2)._
|
_For more material about these things, please see [GRSM links](/links2)._
|
||||||
|
|
||||||
## GirlsLikeUs — I am a trans woman
|
## GirlsLikeUs — I am a trans woman
|
||||||
|
|
||||||
It simply means that I was incorrectly defined as boy at birth which I
|
It simply means that I was incorrectly defined as boy at birth which I never
|
||||||
never was. I didn't always know it, but around 14-15 Dysphoria really hit
|
was. I didn't always know it, but around 14-15 Dysphoria really hit me.
|
||||||
me.
|
|
||||||
|
|
||||||
I was always different from boys and I have been always bullied and I
|
I was always different from boys and I have been always bullied and I became
|
||||||
became suicidal and depressed. I was diagnosed with AS which didn't so
|
suicidal and depressed. I was diagnosed with AS which didn't so much, but
|
||||||
much, but finally I came to realization on who I am and started the
|
finally I came to realization on who I am and started the progress to be
|
||||||
progress to be recognized as myself.
|
recognized as myself.
|
||||||
|
|
||||||
As the progress is too slow in Finland I ended up starting HRT
|
As the progress is too slow in Finland I ended up starting HRT
|
||||||
([Hormone Replacement Therapy](https://en.wikipedia.org/wiki/Hormone_replacement_therapy))
|
([Hormone Replacement Therapy](https://en.wikipedia.org/wiki/Hormone_replacement_therapy))
|
||||||
by myself (like many (if not most) of us here do) and was on it for year
|
by myself (like many (if not most) of us here do) and was on it for year before
|
||||||
before getting diagnosed and getting HRT officially.
|
getting diagnosed and getting HRT officially.
|
||||||
|
|
||||||
Many people have said that I am nowadays happier and smile more and other
|
Many people have said that I am nowadays happier and smile more and other things
|
||||||
things like that and I know this is who I am.
|
like that and I know this is who I am.
|
||||||
|
|
||||||
It's also not very nice when you separate sex and gender by saying "your
|
It's also not very nice when you separate sex and gender by saying "your gender
|
||||||
gender can be female, but you are always biologically male" and it has
|
can be female, but you are always biologically male" and it has been noted
|
||||||
been noted multiple times that gender is biological.
|
multiple times that gender is biological. _[GRSM links](/links2)_
|
||||||
_[GRSM links](/links2)_
|
|
||||||
|
|
||||||
- [How to respect a Transgender person at WikiHow](http://www.wikihow.com/Respect-a-Transgender-Person)
|
- [How to respect a Transgender person at WikiHow](http://www.wikihow.com/Respect-a-Transgender-Person)
|
||||||
|
|
||||||
_I feel this part doesn't transmit how being trans feels and some things
|
_I feel this part doesn't transmit how being trans feels and some things should
|
||||||
should possibly be mentioned here..._
|
possibly be mentioned here..._
|
||||||
|
|
||||||
## AS - Asperger's Syndrome
|
## AS - Asperger's Syndrome
|
||||||
|
|
||||||
I am AS-person and you might see it from the way I write and speak. I have
|
I am AS-person and you might see it from the way I write and speak. I have some
|
||||||
some over-sensitive senses like sense of hearing and it becomes difficult
|
over-sensitive senses like sense of hearing and it becomes difficult for me to
|
||||||
for me to speak if I try to look into your eyes at the same time, so I am
|
speak if I try to look into your eyes at the same time, so I am not trying to be
|
||||||
not trying to be impolite or anything, it's just easier to not look at you
|
impolite or anything, it's just easier to not look at you while I speak. Same
|
||||||
while I speak. Same applies to understanding your speaking.
|
applies to understanding your speaking.
|
||||||
|
|
||||||
_This paragraph is stub -.-_
|
_This paragraph is stub -.-_
|
||||||
|
|
||||||
- [How to understand Autism at WikiHow](http://www.wikihow.com/Understand-Autism)
|
- [How to understand Autism at WikiHow](http://www.wikihow.com/Understand-Autism)
|
||||||
- Might apply more to children, but it's a feature so one won't simply
|
- Might apply more to children, but it's a feature so one won't simply get
|
||||||
get healed from it.
|
healed from it.
|
||||||
|
|
||||||
_I have afterwards learned that I am also a [Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity), but it
|
_I have afterwards learned that I am also a
|
||||||
overlaps with autism a little and I don't know what to start typing it and
|
[Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity),
|
||||||
it's piece of information that would mainly interest another HSP like
|
but it overlaps with autism a little and I don't know what to start typing it
|
||||||
many other things on this page, so I am just leaving it here._
|
and it's piece of information that would mainly interest another HSP like many
|
||||||
|
other things on this page, so I am just leaving it here._
|
||||||
|
|
||||||
## Ace & Relationship Anarchist
|
## Ace & Relationship Anarchist
|
||||||
|
|
||||||
_I am asexual and possibly relationship anarchist, but it will be seen..._
|
_I am asexual and possibly relationship anarchist, but it will be seen..._
|
||||||
|
|
||||||
I used to define myself as poly-curiuos (wondering if I am poly (capable
|
I used to define myself as poly-curiuos (wondering if I am poly (capable of
|
||||||
of having simultaneous close romantic relationships with two or more
|
having simultaneous close romantic relationships with two or more people or not)
|
||||||
people or not) and demiromantic (the ace of diamonds playing card is their
|
and demiromantic (the ace of diamonds playing card is their symbol shared by
|
||||||
symbol shared by demisexuals) which means only forming romantic attraction
|
demisexuals) which means only forming romantic attraction after forming close
|
||||||
after forming close emotional bond with the person
|
emotional bond with the person
|
||||||
|
|
||||||
At some point I started wondering does touching and caring have to be
|
At some point I started wondering does touching and caring have to be limited
|
||||||
limited into relationship and found
|
into relationship and found
|
||||||
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?) which made sense and made
|
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?)
|
||||||
me think that there is no romanticity, just sensuality and in the bottom
|
which made sense and made me think that there is no romanticity, just sensuality
|
||||||
relationship anarchy. As what is the difference between friend and partner,
|
and in the bottom relationship anarchy. As what is the difference between friend
|
||||||
what prevents you from (consentually) cuddling or having sex with friends?
|
and partner, what prevents you from (consentually) cuddling or having sex with
|
||||||
What prevents you from loving your friends and is loving so different from
|
friends? What prevents you from loving your friends and is loving so different
|
||||||
liking and don't you sometimes use the words interchangeably? What prevents
|
from liking and don't you sometimes use the words interchangeably? What prevents
|
||||||
you from doing all the things you wish to do with your partner with some
|
you from doing all the things you wish to do with your partner with some friend?
|
||||||
friend? What if love comes after you stop for especially looking for one
|
What if love comes after you stop for especially looking for one or multiple
|
||||||
or multiple people to call as partner(s)?
|
people to call as partner(s)?
|
||||||
|
|
||||||
I have found a word for this, _quoiromantic_ (aka _wtfromantic_ or
|
I have found a word for this, _quoiromantic_ (aka _wtfromantic_ or
|
||||||
_whatromantic_) and I think I can still use the ace of diamonds symbol
|
_whatromantic_) and I think I can still use the ace of diamonds symbol as
|
||||||
as _demisensual_ is the closest to describe my relationship with
|
_demisensual_ is the closest to describe my relationship with touch (meaning
|
||||||
touch (meaning that I might like it after there is some sort of a emotional
|
that I might like it after there is some sort of a emotional bond).
|
||||||
bond).
|
|
||||||
|
|
||||||
However labels such as partner still appear to be necessary with unique
|
However labels such as partner still appear to be necessary with unique
|
||||||
relationships based on their development or otherwise I am not understood.
|
relationships based on their development or otherwise I am not understood.
|
||||||
@ -108,24 +108,22 @@ happen will be seen when it happens._
|
|||||||
|
|
||||||
## Feminist
|
## Feminist
|
||||||
|
|
||||||
I support equal rights for everyone and the right of self-definition (or
|
I support equal rights for everyone and the right of self-definition (or not
|
||||||
not requiring anyone to define themselves). Everyone should also be the one
|
requiring anyone to define themselves). Everyone should also be the one to
|
||||||
to choose what they do with their body (abortion, gender transition etc.)
|
choose what they do with their body (abortion, gender transition etc.) freely
|
||||||
freely without complicated researchs and other people or society judging
|
without complicated researchs and other people or society judging them.
|
||||||
them.
|
|
||||||
|
|
||||||
_This is basicaly everything, but shouldn't I also say something more?_
|
_This is basicaly everything, but shouldn't I also say something more?_
|
||||||
|
|
||||||
## Linux user
|
## Linux user
|
||||||
|
|
||||||
I have been used Linux since 2008, I started with [Ubuntu] \(8.04).
|
I have been used Linux since 2008, I started with [Ubuntu] \(8.04). My preferred
|
||||||
My preferred distribution is [Ubuntu MATE] or [Arch Linux] or with servers
|
distribution is [Ubuntu MATE] or [Arch Linux] or with servers [Debian], but I am
|
||||||
[Debian], but I am also familiar with other distributions, mainly
|
also familiar with other distributions, mainly [Debian]-deriatives.
|
||||||
[Debian]-deriatives.
|
|
||||||
|
|
||||||
I have experience with [Fedora] and other distributions from that side too
|
I have experience with [Fedora] and other distributions from that side too and I
|
||||||
and I am not entirely lost while using them, but somehow I have always
|
am not entirely lost while using them, but somehow I have always preferred
|
||||||
preferred Debian side. Maybe it's just that I have learned to use it.
|
Debian side. Maybe it's just that I have learned to use it.
|
||||||
|
|
||||||
[ubuntu]: http://www.ubuntu.com/desktop
|
[ubuntu]: http://www.ubuntu.com/desktop
|
||||||
[ubuntu mate]: https://ubuntu-mate.org/
|
[ubuntu mate]: https://ubuntu-mate.org/
|
||||||
@ -143,26 +141,30 @@ getting removed entirely sometime._
|
|||||||
|
|
||||||
## Life
|
## Life
|
||||||
|
|
||||||
This link list to life post on my blog shouldn't be here, but it has no
|
This link list to life post on my blog shouldn't be here, but it has no better
|
||||||
better place, so where else should it be?
|
place, so where else should it be?
|
||||||
|
|
||||||
_Time of writing in YYYY-MM-DD (ISO 8601): title or what it's about._
|
_Time of writing in YYYY-MM-DD (ISO 8601): title or what it's about._
|
||||||
|
|
||||||
- [2015-03-25: Leaving bot communities & a little on my life]({% post_url 2015-03-25-leaving-bots-life %})
|
- [2015-03-25: Leaving bot communities & a little on my life]({% post_url 2015-03-25-leaving-bots-life %})
|
||||||
- [2015-04-03: Scum]({% post_url 2015-04-03-scum %})
|
- [2015-04-03: Scum]({% post_url 2015-04-03-scum %})
|
||||||
- [2015-04-01: Saasta (same in Finnish)]({% post_url 2015-04-01-saasta %})
|
- [2015-04-01: Saasta (same in Finnish)]({% post_url 2015-04-01-saasta %})
|
||||||
- [2015-05-18: Somewhat more on my life & untold background of bots]({% post_url 2015-05-18-life-bot-background %})
|
- [2015-05-18: Somewhat more on my life & untold background
|
||||||
- [2015-06-16: Feelings and wounds of school bullying]({% post_url 2015-06-16-feelings %})
|
of bots]({% post_url 2015-05-18-life-bot-background %})
|
||||||
|
- [2015-06-16: Feelings and wounds of
|
||||||
|
school bullying]({% post_url 2015-06-16-feelings %})
|
||||||
- [2015-06-29: Google translated "suicide post"](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=fi&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F06%2F29%2Fminusta.html&edit-text=)
|
- [2015-06-29: Google translated "suicide post"](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=fi&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F06%2F29%2Fminusta.html&edit-text=)
|
||||||
- _I was at psychiatrical hospital after writing this._
|
- _I was at psychiatrical hospital after writing this._
|
||||||
- [2015-09-09: The most important post that I have written]({% post_url 2015-09-09-act-around-trans %})
|
- [2015-09-09: The most important post that I
|
||||||
|
have written]({% post_url 2015-09-09-act-around-trans %})
|
||||||
- [2015-11-03: I moved to Lauttasaari, Helsinki]({% post_url 2015-11-03-moving %})
|
- [2015-11-03: I moved to Lauttasaari, Helsinki]({% post_url 2015-11-03-moving %})
|
||||||
- way too positive for this section, but where else...
|
- way too positive for this section, but where else...
|
||||||
- [2015-11-21: Email to Legal Affairs Committee on how trans law must be based on the right of self-definition](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F11%2F21%2Fsahkopostia-lakivaliokunnalle-translaki.html&edit-text=)
|
- [2015-11-21: Email to Legal Affairs Committee on how trans law must be based on the right of self-definition](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F11%2F21%2Fsahkopostia-lakivaliokunnalle-translaki.html&edit-text=)
|
||||||
- [2017-04-18: Google Translated dance lesson trauma](https://translate.google.com/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2017%2F04%2F18%2Ftanssitunti.html&edit-text=)
|
- [2017-04-18: Google Translated dance lesson trauma](https://translate.google.com/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2017%2F04%2F18%2Ftanssitunti.html&edit-text=)
|
||||||
- [2017-04-30: After trans process and AvPD, everything is OK]({% post_url 2017-04-30-post-trans %})
|
- [2017-04-30: After trans process and AvPD, everything
|
||||||
|
is OK]({% post_url 2017-04-30-post-trans %})
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
_Please keep in mind that everything in this page is just my opinion and
|
_Please keep in mind that everything in this page is just my opinion and not all
|
||||||
not all trans or AS or \<any group\> people are the exact same._
|
trans or AS or \<any group\> people are the exact same._
|
||||||
|
@ -169,7 +169,9 @@ TODO: Sort this list.
|
|||||||
|
|
||||||
# Chromium flags
|
# Chromium flags
|
||||||
|
|
||||||
These can generally be found from `about:flags` on Chromium based browsers, for Vivaldi explicit `vivaldi://flags` is required and it also has `chrome://settings` for the usual Chromium settings.
|
These can generally be found from `about:flags` on Chromium based browsers, for
|
||||||
|
Vivaldi explicit `vivaldi://flags` is required and it also has
|
||||||
|
`chrome://settings` for the usual Chromium settings.
|
||||||
|
|
||||||
- `#enable-quic` - enabled
|
- `#enable-quic` - enabled
|
||||||
- `#enable-force-dark` - enabled with increased text constract
|
- `#enable-force-dark` - enabled with increased text constract
|
||||||
@ -188,29 +190,49 @@ These likely also exist, but just without the `vendor-` part when searhcing.
|
|||||||
|
|
||||||
# Firefox about:config
|
# Firefox about:config
|
||||||
|
|
||||||
_On LibreAwoo or autoconfig, refer to my [conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg) which has kind of replaced this section?._
|
_On LibreAwoo or autoconfig, refer to my
|
||||||
|
[conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg)
|
||||||
|
which has kind of replaced this section?._
|
||||||
|
|
||||||
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to not trust system CA store in case of enterprise MITM
|
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to
|
||||||
- `security.OCSP.require` to `true` in order to not allow [OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a bit paranoid, but _only the paranoid survive._
|
not trust system CA store in case of enterprise MITM
|
||||||
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is
|
- `security.OCSP.require` to `true` in order to not allow
|
||||||
used to hide real browser size. [Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
|
[OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a
|
||||||
|
bit paranoid, but _only the paranoid survive._
|
||||||
|
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is used
|
||||||
|
to hide real browser size.
|
||||||
|
[Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
|
||||||
- [Bug 70315: text in menus and boxes unreadable if using dark GTK theme](https://bugzilla.mozilla.org/show_bug.cgi?id=70315))
|
- [Bug 70315: text in menus and boxes unreadable if using dark GTK theme](https://bugzilla.mozilla.org/show_bug.cgi?id=70315))
|
||||||
- `image.animation_mode` to `once` in order to have gifs play once and
|
- `image.animation_mode` to `once` in order to have gifs play once and then stop
|
||||||
then stop everywhere (`none` to never have them play).
|
everywhere (`none` to never have them play).
|
||||||
- `geo.provider.network.url` to `https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in order to send nearby WiFi networks to Mozilla instead of Google. See also [MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
|
- `geo.provider.network.url` to
|
||||||
- `network.IDN_show_punycode` to `true` in order to see punycode instead of UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains painful. E.g. Cyrillic alphabet
|
`https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in
|
||||||
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to be used on ~all websites and devices (regardless of low RAM?)
|
order to send nearby WiFi networks to Mozilla instead of Google. See also
|
||||||
|
[MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
|
||||||
|
- `network.IDN_show_punycode` to `true` in order to see punycode instead of
|
||||||
|
UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains
|
||||||
|
painful. E.g. Cyrillic alphabet
|
||||||
|
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to
|
||||||
|
be used on ~all websites and devices (regardless of low RAM?)
|
||||||
|
|
||||||
Future note: [`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263) ?
|
Future note:
|
||||||
|
[`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263)
|
||||||
|
?
|
||||||
|
|
||||||
## Advertising
|
## Advertising
|
||||||
|
|
||||||
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to other Mozilla products or whoever pays them. See also [Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
|
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to
|
||||||
|
other Mozilla products or whoever pays them. See also
|
||||||
|
[Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
|
||||||
|
|
||||||
- `browser.newtabpage.activity-stream.showSponsored` & `browser.newtabpage.activity-stream.showSponsored` to `false` to stop sponsored links.
|
- `browser.newtabpage.activity-stream.showSponsored` &
|
||||||
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN advertisements
|
`browser.newtabpage.activity-stream.showSponsored` to `false` to stop
|
||||||
|
sponsored links.
|
||||||
|
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN
|
||||||
|
advertisements
|
||||||
- `browser.promo.focus.enabled` to `false` to stop Firefox Focus advertisements?
|
- `browser.promo.focus.enabled` to `false` to stop Firefox Focus advertisements?
|
||||||
- `browser.preferences.moreFromMozilla` to `false` to not hear from other Mozilla products?
|
- `browser.preferences.moreFromMozilla` to `false` to not hear from other
|
||||||
|
Mozilla products?
|
||||||
|
|
||||||
## [Cookie banner blocking](https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/)
|
## [Cookie banner blocking](https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/)
|
||||||
|
|
||||||
@ -224,44 +246,69 @@ defaultPref("cookiebanners.bannerClicking.enabled", true);
|
|||||||
|
|
||||||
## DNS over HTTPS
|
## DNS over HTTPS
|
||||||
|
|
||||||
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to explicitly disable. `2` to prefer DoH, but fallback to system also exists.
|
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to
|
||||||
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289) which encrypts SNI/ClientHello which would still leak which
|
explicitly disable. `2` to prefer DoH, but fallback to system also exists.
|
||||||
sites you visit. [Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
|
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289)
|
||||||
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer is 3 for ESNI/ECH?
|
which encrypts SNI/ClientHello which would still leak which sites you visit.
|
||||||
|
[Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
|
||||||
|
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer
|
||||||
|
is 3 for ESNI/ECH?
|
||||||
- `network.trr.early-AAAA` `true` to hopefully prefer IPv6
|
- `network.trr.early-AAAA` `true` to hopefully prefer IPv6
|
||||||
- `network.trr.uri` for the actual resolver address, e.g.
|
- `network.trr.uri` for the actual resolver address, e.g.
|
||||||
`https://doh.mullvad.net/dns-query`
|
`https://doh.mullvad.net/dns-query`
|
||||||
- and if they provide as SOCKS proxy as a killswitch, `network.proxy.socks_remote_dns` must be `false`
|
- and if they provide as SOCKS proxy as a killswitch,
|
||||||
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using NextDNS private ECS.
|
`network.proxy.socks_remote_dns` must be `false`
|
||||||
|
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using
|
||||||
|
NextDNS private ECS.
|
||||||
- [Wikipedia: EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet)
|
- [Wikipedia: EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet)
|
||||||
|
|
||||||
Some notes:
|
Some notes:
|
||||||
|
|
||||||
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for blocking.
|
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for
|
||||||
- You can confirm TRR working by visiting `about:networking#dns` where
|
blocking.
|
||||||
you should be seeing DNS cache of Firefox and a lot of `TRR: true`.
|
- You can confirm TRR working by visiting `about:networking#dns` where you
|
||||||
- ECH requires `network.dns.echconfig.enabled` and `network.dns.use_https_rr_as_altsvc` to be `true`,
|
should be seeing DNS cache of Firefox and a lot of `TRR: true`.
|
||||||
but they seem to default to true at least in Firefox Nightly so maybe no action is needed.
|
- ECH requires `network.dns.echconfig.enabled` and
|
||||||
- [While investingating how Android 9 Private DNS works, I also wrote a DNS provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
|
`network.dns.use_https_rr_as_altsvc` to be `true`, but they seem to default to
|
||||||
|
true at least in Firefox Nightly so maybe no action is needed.
|
||||||
|
- [While investingating how Android 9 Private DNS works, I also wrote a DNS
|
||||||
|
provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
|
||||||
|
|
||||||
## SSDs
|
## SSDs
|
||||||
|
|
||||||
This information is from [Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
|
This information is from
|
||||||
|
[Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
|
||||||
|
|
||||||
<!-- - `browser.cache.disk.enable` to `false` to only cache to RAM.
|
<!-- - `browser.cache.disk.enable` to `false` to only cache to RAM.
|
||||||
- (`browser.cache.memory.enable` to `true` which should be default) -->
|
- (`browser.cache.memory.enable` to `true` which should be default) -->
|
||||||
|
|
||||||
- `browser.sessionstore.interval` to `600000` in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.
|
- `browser.sessionstore.interval` to `600000` in order to only store open
|
||||||
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.
|
session every ten minutes (instead of 15 seconds) in case of crashes.
|
||||||
|
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not
|
||||||
|
store the session data for crash recovery at all. I think this may be the
|
||||||
|
more healthy option with all the information flood and dozens of tabs.
|
||||||
|
|
||||||
Why?
|
Why?
|
||||||
|
|
||||||
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.
|
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is
|
||||||
|
> saved in the Firefox cache for future use without the need to download it
|
||||||
|
> again. It is estimated that only a fraction of these objects will be reused,
|
||||||
|
> usually about 30%. This because of very short object expiration time, updates
|
||||||
|
> or simply user behavior (loading new pages instead of returning to the ones
|
||||||
|
> already visited). The Firefox cache is divided into memory and disk cache and
|
||||||
|
> the latter results in frequent disk writes: newly loaded objects are written
|
||||||
|
> to memory and older objects are removed.
|
||||||
|
|
||||||
> Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.
|
> Firefox stores the current session status (opened urls, cookies, history and
|
||||||
|
> form data) to the disk on a regular basis. It is used to recover a previous
|
||||||
|
> session in case of crash. The default setting is to save the session every 15
|
||||||
|
> seconds, resulting in frequent disk access.
|
||||||
|
|
||||||
and this is the reason why Firefox is at times accused of killing SSDs.
|
and this is the reason why Firefox is at times accused of killing SSDs.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
Changelog: [GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown) | [gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)
|
Changelog:
|
||||||
|
[GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown)
|
||||||
|
|
|
||||||
|
[gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)
|
||||||
|
@ -14,9 +14,14 @@ robots: noai
|
|||||||
|
|
||||||
I have multiple instant messaging chatrooms.
|
I have multiple instant messaging chatrooms.
|
||||||
|
|
||||||
- [The ones listed below](#the-links) are for comments to my blog, this website in general, my FOSS <s>spam</s> activity and a contact point for reaching me in general for not so private matters. They are connected together by [Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
|
- [The ones listed below](#the-links) are for comments to my blog, this website
|
||||||
|
in general, my FOSS <s>spam</s> activity and a contact point for reaching me
|
||||||
|
in general for not so private matters. They are connected together by
|
||||||
|
[Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
|
||||||
- Many linking here utilize the rules listed below.
|
- Many linking here utilize the rules listed below.
|
||||||
- Others are simply curious about protocols, transports, relays, bridges, etc. _Why did they end up on this page when they could have ended up anywhere else?_
|
- Others are simply curious about protocols, transports, relays, bridges, etc.
|
||||||
|
_Why did they end up on this page when they could have ended up anywhere
|
||||||
|
else?_
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -42,43 +47,63 @@ I have multiple instant messaging chatrooms.
|
|||||||
|
|
||||||
## Rules
|
## Rules
|
||||||
|
|
||||||
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) is the primary Code of Conduct here (which isn't forked due to this community forming around me and my website. Any project growing bigger would have its own), but we do have a couple of other rules too:
|
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/)
|
||||||
|
is the primary Code of Conduct here (which isn't forked due to this community
|
||||||
|
forming around me and my website. Any project growing bigger would have its
|
||||||
|
own), but we do have a couple of other rules too:
|
||||||
|
|
||||||
- Don't send private messages without asking for a permission first unless your message is purely moderation related.
|
- Don't send private messages without asking for a permission first unless your
|
||||||
- Please include your business in your first message and not only greeting. See [nohello.net](https://nohello.net) for more about that.
|
message is purely moderation related.
|
||||||
- Don't share personal affairs of other people outside of the room. This includes, but isn't limited to, gender/sexual/romantic orientation questioning, plurality, religion, etc. When in doubt, assume it's private.
|
- Please include your business in your first message and not only greeting.
|
||||||
- Mind the limitations of machines and people especially in the private side. Transport encryption is not [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption), which can be broken by a compromised client device (including, but not limited to bot/relay/bridge) or the protocol in question may neglect to encrypt something [like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
|
See [nohello.net](https://nohello.net) for more about that.
|
||||||
- For other matters, [_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule) applies.
|
- Don't share personal affairs of other people outside of the room. This
|
||||||
|
includes, but isn't limited to, gender/sexual/romantic orientation
|
||||||
|
questioning, plurality, religion, etc. When in doubt, assume it's private.
|
||||||
|
- Mind the limitations of machines and people especially in the private side.
|
||||||
|
Transport encryption is not
|
||||||
|
[end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption),
|
||||||
|
which can be broken by a compromised client device (including, but not
|
||||||
|
limited to bot/relay/bridge) or the protocol in question may neglect to
|
||||||
|
encrypt something
|
||||||
|
[like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
|
||||||
|
- For other matters,
|
||||||
|
[_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule)
|
||||||
|
applies.
|
||||||
|
|
||||||
## Languages
|
## Languages
|
||||||
|
|
||||||
As for languages; English is preferred due to majority of the discussion
|
As for languages; English is preferred due to majority of the discussion
|
||||||
participants speaking it, but Finnish and Esperanto are also fine.<br> I sadly
|
participants speaking it, but Finnish and Esperanto are also fine.<br> I sadly
|
||||||
don't consider myself capable of holding a discussion in other languages, but
|
don't consider myself capable of holding a discussion in other languages, but I
|
||||||
I do hope to be able to grow this list in the future.
|
do hope to be able to grow this list in the future.
|
||||||
|
|
||||||
## The links
|
## The links
|
||||||
|
|
||||||
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info)
|
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info) my
|
||||||
my selfhosted IRC server.
|
selfhosted IRC server.
|
||||||
- [(Recommended) Gamja webchat](https://irc.etro.mikaela.info/#mikaela.info)
|
- [(Recommended) Gamja webchat](https://irc.etro.mikaela.info/#mikaela.info)
|
||||||
- `MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion`
|
- `MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion`
|
||||||
- [LiberaChat], [`#mikaela.info`](ircs://irc.libera.chat:6697/#mikaela.info)
|
- [LiberaChat], [`#mikaela.info`](ircs://irc.libera.chat:6697/#mikaela.info)
|
||||||
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info), [KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning: Libera.Chat has no message history_
|
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info),
|
||||||
|
[KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning:
|
||||||
|
Libera.Chat has no message history_
|
||||||
- `MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion`
|
- `MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion`
|
||||||
- [Matrix], [`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
|
- [Matrix],
|
||||||
|
[`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
|
||||||
a decentralised conversation store.
|
a decentralised conversation store.
|
||||||
- [Convene webchat](https://letsconvene.im/app/#/join/%23mikaela.info:matrix.org)
|
- [Convene webchat](https://letsconvene.im/app/#/join/%23mikaela.info:matrix.org)
|
||||||
- [PirateIRC], [`#mikaela.info`](ircs://irc.pirateirc.net:6697/#mikaela.info)
|
- [PirateIRC], [`#mikaela.info`](ircs://irc.pirateirc.net:6697/#mikaela.info)
|
||||||
- [Gamja webchat](https://webchat.pirateirc.net/)
|
- [Gamja webchat](https://webchat.pirateirc.net/)
|
||||||
- `MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion`
|
- `MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion`
|
||||||
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a
|
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a popular
|
||||||
popular instant messenger with open source clients.
|
instant messenger with open source clients.
|
||||||
- [Twitch], [Ciblia](https://twitch.tv/Ciblia), a propietary game streaming
|
- [Twitch], [Ciblia](https://twitch.tv/Ciblia), a propietary game streaming
|
||||||
platform.
|
platform.
|
||||||
- Expect my streaming to happen in [mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
|
- Expect my streaming to happen in
|
||||||
|
[mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
|
||||||
(PeerTube) instead.
|
(PeerTube) instead.
|
||||||
- [XMPP], [`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
|
- [XMPP],
|
||||||
|
[`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
|
||||||
a federated chat protocol.
|
a federated chat protocol.
|
||||||
|
|
||||||
[ergochat]: https://ergo.chat/
|
[ergochat]: https://ergo.chat/
|
||||||
@ -90,67 +115,81 @@ I do hope to be able to grow this list in the future.
|
|||||||
[twitch]: https://twitch.tv/
|
[twitch]: https://twitch.tv/
|
||||||
[xmpp]: https://xmpp.org/
|
[xmpp]: https://xmpp.org/
|
||||||
|
|
||||||
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by protocol and thus
|
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by
|
||||||
users joining in the future could see messages up to one year or longer in the
|
protocol and thus users joining in the future could see messages up to one year
|
||||||
past.
|
or longer in the past.
|
||||||
|
|
||||||
## A couple of words on protocols
|
## A couple of words on protocols
|
||||||
|
|
||||||
- _IRC_ was invented in 1988 and regardless of developing integrated message
|
- _IRC_ was invented in 1988 and regardless of developing integrated message
|
||||||
storage since then, it's still _trivial to setup_ and runs well on _a toaster_.
|
storage since then, it's still _trivial to setup_ and runs well on _a
|
||||||
_IRC servers_ are generally _[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_ and _IRC clients_
|
toaster_. _IRC servers_ are generally
|
||||||
widely come with _[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_ where _[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_. My personal
|
_[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_
|
||||||
_IRC_ history begins in 2010 as user and since then I have also opered
|
and _IRC clients_ widely come with
|
||||||
mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
|
_[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_
|
||||||
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each other
|
where
|
||||||
without prior approval, it was originally introduced in 1999. I don't have
|
_[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_.
|
||||||
a record on when I begun using it as _all multi-protocol chat apps_ that were
|
My personal _IRC_ history begins in 2010 as user and since then I have also
|
||||||
common even before 2010 supported it. I haven't had a need or desire to _selfhost_.
|
opered mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
|
||||||
|
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each
|
||||||
|
other without prior approval, it was originally introduced in 1999. I don't
|
||||||
|
have a record on when I begun using it as _all multi-protocol chat apps_ that
|
||||||
|
were common even before 2010 supported it. I haven't had a need or desire to
|
||||||
|
_selfhost_.
|
||||||
- _Telegram_ was introduced in 2013 and is a popular _instant messenger_ with
|
- _Telegram_ was introduced in 2013 and is a popular _instant messenger_ with
|
||||||
many _open source clients (not server)_ also on minority platforms (by third
|
many _open source clients (not server)_ also on minority platforms (by third
|
||||||
parties). It's favoured by many for stickers and ease-to-use, while that
|
parties). It's favoured by many for stickers and ease-to-use, while that comes
|
||||||
comes with _concern on security and privacy_.
|
with _concern on security and privacy_.
|
||||||
- _Matrix_ was introduced in 2014 and I started using it in 2016. Many of the
|
- _Matrix_ was introduced in 2014 and I started using it in 2016. Many of the
|
||||||
_client and server implementations are heavy_, _especially on server side_ requiring what to outside looks
|
_client and server implementations are heavy_, _especially on server side_
|
||||||
like _a constant maintenance_ to deal with the _implementation performance issues_,
|
requiring what to outside looks like _a constant maintenance_ to deal with the
|
||||||
_I am not interested in even trying to selfhost a Matrix (home)server and bridges
|
_implementation performance issues_, _I am not interested in even trying to
|
||||||
until the situation significantly improves_. _[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
|
selfhost a Matrix (home)server and bridges until the situation significantly
|
||||||
while the _[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152) through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at [all](https://github.com/matrix-org/synapse/issues/7088)_.
|
improves_.
|
||||||
- Exception: [Hydrogen](https://hydrogen.element.io) ([GitHub](https://github.com/vector-im/hydrogen-web))
|
_[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
|
||||||
is the only client I have encountered that works well on Nokia 1 TA-1047
|
while the
|
||||||
or in other words passes the so-called toaster test. It does self-describe
|
_[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152)
|
||||||
as _A minimal Matrix chat client, focused on performance, offline
|
through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at
|
||||||
functionality, and broad browser support_, which it redeems.
|
[all](https://github.com/matrix-org/synapse/issues/7088)_.
|
||||||
- Good luck to users of either [dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
|
- Exception: [Hydrogen](https://hydrogen.element.io)
|
||||||
|
([GitHub](https://github.com/vector-im/hydrogen-web)) is the only client I
|
||||||
|
have encountered that works well on Nokia 1 TA-1047 or in other words passes
|
||||||
|
the so-called toaster test. It does self-describe as _A minimal Matrix chat
|
||||||
|
client, focused on performance, offline functionality, and broad browser
|
||||||
|
support_, which it redeems.
|
||||||
|
- Good luck to users of either
|
||||||
|
[dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
|
||||||
|
|
||||||
## And on transports, relays and bridges
|
## And on transports, relays and bridges
|
||||||
|
|
||||||
- One of the marketing points of _XMPP_ was to connect to other protocols by
|
- One of the marketing points of _XMPP_ was to connect to other protocols by
|
||||||
means of transports. They plug into a _XMPP server_ and can be provided either
|
means of transports. They plug into a _XMPP server_ and can be provided either
|
||||||
by yours or be open for other _XMPP servers_.
|
by yours or be open for other _XMPP servers_.
|
||||||
- The word _relay_ is often used on _bots which copy messages from one protocol/network
|
- The word _relay_ is often used on _bots which copy messages from one
|
||||||
and paste (or more simply said relay) it to another_. They aren't transparent and thus the
|
protocol/network and paste (or more simply said relay) it to another_. They
|
||||||
messages from them appear to be coming from bots beginning with the message
|
aren't transparent and thus the messages from them appear to be coming from
|
||||||
sender instead of being completely transparent. This is what is _commonly
|
bots beginning with the message sender instead of being completely
|
||||||
used on IRC to connect to other IRC networks or protocols_.
|
transparent. This is what is _commonly used on IRC to connect to other IRC
|
||||||
|
networks or protocols_.
|
||||||
- _Matterbridge regardless of the name acts like a relay. Like IRC and XMPP_,
|
- _Matterbridge regardless of the name acts like a relay. Like IRC and XMPP_,
|
||||||
it also _runs on a toaster requiring only [the binary](https://github.com/42wim/matterbridge/releases)
|
it also _runs on a toaster requiring only
|
||||||
and a [config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
|
[the binary](https://github.com/42wim/matterbridge/releases) and a
|
||||||
|
[config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
|
||||||
being trivial to setup anywhere quickly or move around.
|
being trivial to setup anywhere quickly or move around.
|
||||||
- _[Recent IRC development allows (RELAYMSG)](https://github.com/ircv3/ircv3-specifications/pull/417)_
|
- _[Recent IRC development allows (RELAYMSG)](https://github.com/ircv3/ircv3-specifications/pull/417)_
|
||||||
allows relays to be transparent making messages appear from users outside
|
allows relays to be transparent making messages appear from users outside of
|
||||||
of the channel that don't actually exist. This is similar to _Discord webhooks
|
the channel that don't actually exist. This is similar to _Discord webhooks
|
||||||
(that Matterbridge also supports) and Matrix Discord bridge_.
|
(that Matterbridge also supports) and Matrix Discord bridge_.
|
||||||
- Common complaint from _Matrix_ users is that they look ugly, but as shown
|
- Common complaint from _Matrix_ users is that they look ugly, but as shown by
|
||||||
by _IRC and Discord_, that doesn't have to be the case
|
_IRC and Discord_, that doesn't have to be the case
|
||||||
_[and I hope Matrix will fix their issue allowing low-budget "toasterbridges"](https://github.com/matrix-org/matrix-spec/issues/840)_.
|
_[and I hope Matrix will fix their issue allowing low-budget "toasterbridges"](https://github.com/matrix-org/matrix-spec/issues/840)_.
|
||||||
- _Bridges are popularised by Matrix_ and _are almost XMPP transports_. However
|
- _Bridges are popularised by Matrix_ and _are almost XMPP transports_. However
|
||||||
while _XMPP transports connect to the other protocol, bridges attempt to
|
while _XMPP transports connect to the other protocol, bridges attempt to copy
|
||||||
copy everything on both sides_ so _Matrix users_ see each other directly instead
|
everything on both sides_ so _Matrix users_ see each other directly instead of
|
||||||
of through the _transport_ on the other side and on the other side of _open protocols_
|
through the _transport_ on the other side and on the other side of _open
|
||||||
_Matrix users_ can be interacted with as if they were native to it.
|
protocols_ _Matrix users_ can be interacted with as if they were native to it.
|
||||||
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full homeserver
|
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full
|
||||||
setup._ The _IRC bridge also generally requires blessing from the IRC network_
|
homeserver setup._ The _IRC bridge also generally requires blessing from the
|
||||||
and while some public bridges exist, they _move the control away from you_
|
IRC network_ and while some public bridges exist, they _move the control
|
||||||
hijacking the room to _their rules_ and often have _performance trouble
|
away from you_ hijacking the room to _their rules_ and often have
|
||||||
compared to "local toaster matterbridge"._
|
_performance trouble compared to "local toaster matterbridge"._
|
||||||
|
@ -3,7 +3,9 @@ layout: page
|
|||||||
title: The IRC bot Euforia
|
title: The IRC bot Euforia
|
||||||
permalink: /irc/bot.html
|
permalink: /irc/bot.html
|
||||||
sitemap: true
|
sitemap: true
|
||||||
excerpt: "A little about my IRC bot. Useful links, why it doesn't reply to me, how to make it recognize me, what does it actually do?"
|
excerpt:
|
||||||
|
"A little about my IRC bot. Useful links, why it doesn't reply to me, how to
|
||||||
|
make it recognize me, what does it actually do?"
|
||||||
redirect_from: /bot.html
|
redirect_from: /bot.html
|
||||||
published: false
|
published: false
|
||||||
---
|
---
|
||||||
@ -17,14 +19,13 @@ _Please read also [rules of my channels.](https://mikaela.info/channel.html)_
|
|||||||
|
|
||||||
## Limnoria
|
## Limnoria
|
||||||
|
|
||||||
My bot is [Limnoria] which is currently the most popular [Supybot] fork
|
My bot is [Limnoria] which is currently the most popular [Supybot] fork that is
|
||||||
that is still under active development and it has merged in features of
|
still under active development and it has merged in features of another popular
|
||||||
another popular fork, [Gribble].
|
fork, [Gribble].
|
||||||
|
|
||||||
My role with [Limnoria] was Finnish translator and IRC support and I also
|
My role with [Limnoria] was Finnish translator and IRC support and I also made
|
||||||
made minor changes to make some default configuration variables more
|
minor changes to make some default configuration variables more reasonable. Most
|
||||||
reasonable. Most of [documentation] since [Supybot] and before my leaving
|
of [documentation] since [Supybot] and before my leaving is also written by me.
|
||||||
is also written by me.
|
|
||||||
|
|
||||||
[supybot]: https://github.com/Supybot/Supybot
|
[supybot]: https://github.com/Supybot/Supybot
|
||||||
[limnoria]: https://github.com/ProgVal/Limnoria
|
[limnoria]: https://github.com/ProgVal/Limnoria
|
||||||
@ -35,8 +36,8 @@ is also written by me.
|
|||||||
|
|
||||||
### Addressing the bot
|
### Addressing the bot
|
||||||
|
|
||||||
The following table opens where the bot will reply to in channel. In PM
|
The following table opens where the bot will reply to in channel. In PM the bot
|
||||||
the bot replies to everything _(without prefix)_.
|
replies to everything _(without prefix)_.
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<tr>
|
<tr>
|
||||||
@ -73,8 +74,8 @@ the bot replies to everything _(without prefix)_.
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
For checking the channel specific prefixes, refer to the following
|
For checking the channel specific prefixes, refer to the following commands.
|
||||||
commands. They can be used in channel (if you know the prefix) or PM.
|
They can be used in channel (if you know the prefix) or PM.
|
||||||
|
|
||||||
<table>
|
<table>
|
||||||
<tr>
|
<tr>
|
||||||
@ -99,28 +100,27 @@ commands. They can be used in channel (if you know the prefix) or PM.
|
|||||||
### Quick start
|
### Quick start
|
||||||
|
|
||||||
Use `list` command to get list of plugins, `list <plugin>` to get list of
|
Use `list` command to get list of plugins, `list <plugin>` to get list of
|
||||||
commands in plugin, `help <plugin> <command>` to get usage instructions
|
commands in plugin, `help <plugin> <command>` to get usage instructions for
|
||||||
for \<command\> in \<plugin\>.
|
\<command\> in \<plugin\>.
|
||||||
|
|
||||||
If the bot tells you `(X more messages)`, use the `more` command to see
|
If the bot tells you `(X more messages)`, use the `more` command to see more
|
||||||
more output.
|
output.
|
||||||
|
|
||||||
There are also default plugins which means that when you use only
|
There are also default plugins which means that when you use only `<command>`
|
||||||
`<command>` the command is automatically understood as `<plugin> <command>`
|
the command is automatically understood as `<plugin> <command>` for example
|
||||||
for example `tell` is configured to be `later tell` which tells text
|
`tell` is configured to be `later tell` which tells text to nick next time it's
|
||||||
to nick next time it's seen. If `command` exists only in one plugin,
|
seen. If `command` exists only in one plugin, it's gets turned to
|
||||||
it's gets turned to `<plugin> <command>` automatically.
|
`<plugin> <command>` automatically.
|
||||||
|
|
||||||
In case command exists in multiple plugins, the bot will tell you that
|
In case command exists in multiple plugins, the bot will tell you that the
|
||||||
the command exists in multiple plugins and asks you to specify the plugin
|
command exists in multiple plugins and asks you to specify the plugin before it.
|
||||||
before it.
|
|
||||||
|
|
||||||
## Users
|
## Users
|
||||||
|
|
||||||
The bot doesn't allow anyone to register and I will register channel ops
|
The bot doesn't allow anyone to register and I will register channel ops
|
||||||
manually on the channels the bot is on. Users are primarily identified by
|
manually on the channels the bot is on. Users are primarily identified by
|
||||||
NickServ account, but on networks where there are no services it's required
|
NickServ account, but on networks where there are no services it's required to
|
||||||
to use hostmasks.
|
use hostmasks.
|
||||||
|
|
||||||
Requirements for getting account:
|
Requirements for getting account:
|
||||||
|
|
||||||
@ -131,59 +131,60 @@ Requirements for getting account:
|
|||||||
|
|
||||||
### Identifying
|
### Identifying
|
||||||
|
|
||||||
_All users have a password in the bot, but I have made them invalid (by
|
_All users have a password in the bot, but I have made them invalid (by adding
|
||||||
adding `!` in front of the hash in users.conf). If you have password set
|
`!` in front of the hash in users.conf). If you have password set separately as
|
||||||
separately as said below, it will work._
|
said below, it will work._
|
||||||
|
|
||||||
- If you have a password, `/msg <bot> user identify username password`
|
- If you have a password, `/msg <bot> user identify username password`
|
||||||
- Passwords can be asked from me if needed. After getting one, change
|
- Passwords can be asked from me if needed. After getting one, change it
|
||||||
it immediately with
|
immediately with `/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
|
||||||
`/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
|
|
||||||
- If you use NickServ account:
|
- If you use NickServ account:
|
||||||
- Use the `auth` command.
|
- Use the `auth` command.
|
||||||
- `/cycle` so extended-join sends your account name to the bot.
|
- `/cycle` so extended-join sends your account name to the bot.
|
||||||
- `/kick <bot>` so the bot will automatically rejoin and send whox
|
- `/kick <bot>` so the bot will automatically rejoin and send whox requests to
|
||||||
requests to the channel receiving your NickServ account.
|
the channel receiving your NickServ account.
|
||||||
- [Other methods / Official documentation](https://limnoria-doc.readthedocs.org/en/latest/use/getting_started.html#making-supybot-recognize-you)
|
- [Other methods / Official documentation](https://limnoria-doc.readthedocs.org/en/latest/use/getting_started.html#making-supybot-recognize-you)
|
||||||
|
|
||||||
## Channels
|
## Channels
|
||||||
|
|
||||||
List of the channels where the bot is on can be seen with /whois. However
|
List of the channels where the bot is on can be seen with /whois. However this
|
||||||
this list doesn't include secret/private channels (mode +s/+p).
|
list doesn't include secret/private channels (mode +s/+p).
|
||||||
|
|
||||||
The bot can also be requested to join other channels, but I reserve the
|
The bot can also be requested to join other channels, but I reserve the right to
|
||||||
right to not join it anywhere or to not register specific channel ops
|
not join it anywhere or to not register specific channel ops to the bot.
|
||||||
to the bot.
|
|
||||||
|
|
||||||
## What does the bot do?
|
## What does the bot do?
|
||||||
|
|
||||||
Currently the bot is primarily spamming my channels with new items in some
|
Currently the bot is primarily spamming my channels with new items in some RSS
|
||||||
RSS feeds. You can find list of the feeds added to the bot at
|
feeds. You can find list of the feeds added to the bot at
|
||||||
[the web documentation for RSS plugin](https://bot.mikaela.info/plugindoc/RSS/),
|
[the web documentation for RSS plugin](https://bot.mikaela.info/plugindoc/RSS/),
|
||||||
but listing the feeds automatically announced on the channel isn't
|
but listing the feeds automatically announced on the channel isn't possible
|
||||||
possible [yet](https://github.com/ProgVal/Limnoria/issues/1085).
|
[yet](https://github.com/ProgVal/Limnoria/issues/1085).
|
||||||
|
|
||||||
It's also protecting channels from spam using the [AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
|
It's also protecting channels from spam using the
|
||||||
|
[AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
|
||||||
|
|
||||||
The bot also has `ops` command for getting op attention, but it requires
|
The bot also has `ops` command for getting op attention, but it requires correct
|
||||||
correct prefix to be used.
|
prefix to be used.
|
||||||
|
|
||||||
## Issues you may encounter
|
## Issues you may encounter
|
||||||
|
|
||||||
For all known issues, see the issue tracker link below relevant subtopic
|
For all known issues, see the issue tracker link below relevant subtopic as this
|
||||||
as this section only lists those that you are likely to see or that others
|
section only lists those that you are likely to see or that others have asked
|
||||||
have asked about from me.
|
about from me.
|
||||||
|
|
||||||
I am trying to run [the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
|
I am trying to run
|
||||||
|
[the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
|
||||||
|
|
||||||
External plugins are updated whenever I see need for it, but at least when
|
External plugins are updated whenever I see need for it, but at least when I
|
||||||
I upgrade Limnoria.
|
upgrade Limnoria.
|
||||||
|
|
||||||
### Limnoria issues
|
### Limnoria issues
|
||||||
|
|
||||||
- Issue tracker: https://github.com/ProgVal/Limnoria/issues
|
- Issue tracker: https://github.com/ProgVal/Limnoria/issues
|
||||||
|
|
||||||
_Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
|
_Includes Limnoria core and
|
||||||
|
[included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
|
||||||
|
|
||||||
- [Title is only told for the first link in a message](https://github.com/ProgVal/Limnoria/issues/152)
|
- [Title is only told for the first link in a message](https://github.com/ProgVal/Limnoria/issues/152)
|
||||||
- [Some commands using hostmasks behave weirdly](https://github.com/ProgVal/Limnoria/issues/281)
|
- [Some commands using hostmasks behave weirdly](https://github.com/ProgVal/Limnoria/issues/281)
|
||||||
@ -195,11 +196,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
|
|||||||
- [Meta descriptions for links aren't told](https://github.com/ProgVal/Limnoria/issues/650)
|
- [Meta descriptions for links aren't told](https://github.com/ProgVal/Limnoria/issues/650)
|
||||||
- these could be useful with news sites.
|
- these could be useful with news sites.
|
||||||
- [DNS command doesn't mention CNAMEs/ALIASes](https://github.com/ProgVal/Limnoria/issues/864)
|
- [DNS command doesn't mention CNAMEs/ALIASes](https://github.com/ProgVal/Limnoria/issues/864)
|
||||||
- Internet whois is quite broken [1](https://github.com/ProgVal/Limnoria/issues/993) [2](https://github.com/ProgVal/Limnoria/issues/994)
|
- Internet whois is quite broken
|
||||||
|
[1](https://github.com/ProgVal/Limnoria/issues/993)
|
||||||
|
[2](https://github.com/ProgVal/Limnoria/issues/994)
|
||||||
- [RSS: no announced feeds in web interface](https://github.com/ProgVal/Limnoria/issues/1085)
|
- [RSS: no announced feeds in web interface](https://github.com/ProgVal/Limnoria/issues/1085)
|
||||||
- [html/javascript redirects aren't followed](https://github.com/ProgVal/Limnoria/issues/1120)
|
- [html/javascript redirects aren't followed](https://github.com/ProgVal/Limnoria/issues/1120)
|
||||||
- you will especially see this if you encounter links to my
|
- you will especially see this if you encounter links to my "URL shortener"
|
||||||
"URL shortener"
|
|
||||||
- [Google says: Error invalid resultSize](https://github.com/ProgVal/Limnoria/issues/1163)
|
- [Google says: Error invalid resultSize](https://github.com/ProgVal/Limnoria/issues/1163)
|
||||||
- [Web title & titlesnarfer are broken](https://github.com/ProgVal/Limnoria/issues/1173)
|
- [Web title & titlesnarfer are broken](https://github.com/ProgVal/Limnoria/issues/1173)
|
||||||
|
|
||||||
@ -207,11 +209,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
|
|||||||
|
|
||||||
- Issue tracker: https://github.com/ProgVal/Supybot-plugins/issues
|
- Issue tracker: https://github.com/ProgVal/Supybot-plugins/issues
|
||||||
|
|
||||||
_Includes plugins from @ProgVal's/pinkieval's [plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
|
_Includes plugins from @ProgVal's/pinkieval's
|
||||||
|
[plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
|
||||||
|
|
||||||
- LinkRelay
|
- LinkRelay
|
||||||
- [Doesn't sync topics between relayed channels](https://github.com/ProgVal/Supybot-plugins/issues/31)
|
- [Doesn't sync topics between relayed channels](https://github.com/ProgVal/Supybot-plugins/issues/31)
|
||||||
- [Status of user in the channel isn't shown](https://github.com/ProgVal/Supybot-plugins/issues/60)
|
- [Status of user in the channel isn't shown](https://github.com/ProgVal/Supybot-plugins/issues/60)
|
||||||
- [What the bot says isn't relayed.](https://github.com/ProgVal/Supybot-plugins/issues/288)
|
- [What the bot says isn't relayed.](https://github.com/ProgVal/Supybot-plugins/issues/288)
|
||||||
- **This is currently the most visible issue on channels where
|
- **This is currently the most visible issue on channels where LinkRelay is
|
||||||
LinkRelay is used.**
|
used.**
|
||||||
|
@ -3,7 +3,9 @@ layout: page
|
|||||||
title: IRC-kanavien ja muiden sellaisten säännöt
|
title: IRC-kanavien ja muiden sellaisten säännöt
|
||||||
permalink: /irc/channel.fi.html
|
permalink: /irc/channel.fi.html
|
||||||
sitemap: true
|
sitemap: true
|
||||||
excerpt: "IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää, ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
|
excerpt:
|
||||||
|
"IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää,
|
||||||
|
ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
|
||||||
redirect_from:
|
redirect_from:
|
||||||
- /kanava.html
|
- /kanava.html
|
||||||
- /channel.fi.html
|
- /channel.fi.html
|
||||||
@ -12,10 +14,11 @@ published: false
|
|||||||
|
|
||||||
**[In English](channel.html)**
|
**[In English](channel.html)**
|
||||||
|
|
||||||
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt
|
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt koskettavat
|
||||||
koskettavat pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole
|
pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti
|
||||||
kovin hyvä paikka, koska monet asiakasohjelmat piilottavat sen jonnekin
|
lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole kovin hyvä paikka,
|
||||||
(joka tosin tapahtuu kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
|
koska monet asiakasohjelmat piilottavat sen jonnekin (joka tosin tapahtuu
|
||||||
|
kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
|
||||||
|
|
||||||
_[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
|
_[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
|
||||||
|
|
||||||
@ -24,35 +27,37 @@ _[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
|
|||||||
- Vahdi kielenkäyttöäsi, älä kiroile tai hauku.
|
- Vahdi kielenkäyttöäsi, älä kiroile tai hauku.
|
||||||
- Ellet (englantia puhuessa) ole varma mitä pronominejä käyttää, käytä
|
- Ellet (englantia puhuessa) ole varma mitä pronominejä käyttää, käytä
|
||||||
[singular theytä)](https://en.wikipedia.org/wiki/Singular_they)
|
[singular theytä)](https://en.wikipedia.org/wiki/Singular_they)
|
||||||
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille,
|
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille, lisäämällä
|
||||||
lisäämällä niiden eteen `[NSFW]` tai jotakin vastaavaa.
|
niiden eteen `[NSFW]` tai jotakin vastaavaa.
|
||||||
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä
|
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä kysymättä
|
||||||
kysymättä ensin.
|
ensin.
|
||||||
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää
|
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää sinulle
|
||||||
sinulle yksityisviestejä, mikäli sitä vaaditaan mahdollisen
|
yksityisviestejä, mikäli sitä vaaditaan mahdollisen ongelman ratkaisuun
|
||||||
ongelman ratkaisuun rauhallisesti._
|
rauhallisesti._
|
||||||
- Älä julkaise kanavan lokeja.
|
- Älä julkaise kanavan lokeja.
|
||||||
- Älä tuo kanavalle botteja kysymättä ensin opeilta.
|
- Älä tuo kanavalle botteja kysymättä ensin opeilta.
|
||||||
|
|
||||||
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja),
|
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja), jos
|
||||||
jos näet heidän rikkovan näitä sääntöjä, sano se._
|
näet heidän rikkovan näitä sääntöjä, sano se._
|
||||||
|
|
||||||
- Mikäli tarvitset apua kanava-operaattorilta...
|
- Mikäli tarvitset apua kanava-operaattorilta...
|
||||||
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat
|
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat estää
|
||||||
estää kaikki yksityisviestit.
|
kaikki yksityisviestit.
|
||||||
- jos verkko tukee sitä ja sinulla on oikeat liput (voice?),
|
- jos verkko tukee sitä ja sinulla on oikeat liput (voice?),
|
||||||
`/msg memoserv sendops #kanava <ongelma tähän>`
|
`/msg memoserv sendops #kanava <ongelma tähän>`
|
||||||
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti
|
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti käsittelee sen,
|
||||||
käsittelee sen, mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
|
mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
|
||||||
- ellei kanav-operattoreita ole paikalla, yritä otaa yhteyttä
|
- ellei kanav-operattoreita ole paikalla, yritä otaa yhteyttä
|
||||||
verkko-operaattoreihin, heillä pitäisi olla liput auttamista varten.
|
verkko-operaattoreihin, heillä pitäisi olla liput auttamista varten.
|
||||||
|
|
||||||
Lisälukemista:
|
Lisälukemista:
|
||||||
|
|
||||||
- [Pidä opit oppeina (englanniksi)]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
- [Pidä opit oppeina (englanniksi)]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||||
- [Kaikkien yksityisviestien estäminen oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
|
- [Kaikkien yksityisviestien estäminen
|
||||||
|
oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
|
||||||
|
|
||||||
Muutosloki ([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
|
Muutosloki
|
||||||
|
([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
|
||||||
|
|
||||||
- 2015-06-28: lisää yleistystä ja selvennetty yksityisviestejä (rajojen
|
- 2015-06-28: lisää yleistystä ja selvennetty yksityisviestejä (rajojen
|
||||||
kunnioittamisessa)
|
kunnioittamisessa)
|
||||||
|
@ -3,7 +3,9 @@ layout: page
|
|||||||
title: Rules of my IRC channels and others like that
|
title: Rules of my IRC channels and others like that
|
||||||
permalink: /irc/channel.html
|
permalink: /irc/channel.html
|
||||||
sitemap: true
|
sitemap: true
|
||||||
excerpt: "Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination, no public logging, don't bring bots without permission. Thanks ♥"
|
excerpt:
|
||||||
|
"Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination,
|
||||||
|
no public logging, don't bring bots without permission. Thanks ♥"
|
||||||
redirect_from:
|
redirect_from:
|
||||||
- /channel.html
|
- /channel.html
|
||||||
- /channel.en.html
|
- /channel.en.html
|
||||||
@ -13,51 +15,52 @@ published: false
|
|||||||
|
|
||||||
**[Suomeksi](channel.fi.html)**
|
**[Suomeksi](channel.fi.html)**
|
||||||
|
|
||||||
Rules of channel X in network Y.<br/>The channels which use these rules
|
Rules of channel X in network Y.<br/>The channels which use these rules should
|
||||||
should link to this page in ENTRYMSG (or other automatic msg by bot) or
|
link to this page in ENTRYMSG (or other automatic msg by bot) or topic. Channel
|
||||||
topic. Channel URL is not so good as many clients hide it somewhere (which
|
URL is not so good as many clients hide it somewhere (which actually happens
|
||||||
actually happens with everything else than topic)
|
with everything else than topic)
|
||||||
|
|
||||||
_[More about my bot (which might or might not be on this channel) here.](bot.html)_
|
_[More about my bot (which might or might not be on this channel) here.](bot.html)_
|
||||||
|
|
||||||
- **Use common sense.**
|
- **Use common sense.**
|
||||||
- Be nice, no discrimination
|
- Be nice, no discrimination
|
||||||
- Mind your language, not everyone is e.g. your brother ("bro"), don't
|
- Mind your language, not everyone is e.g. your brother ("bro"), don't swear
|
||||||
swear or use slurs.
|
or use slurs.
|
||||||
- In case you aren't sure which pronouns to use about someone else,
|
- In case you aren't sure which pronouns to use about someone else, please use
|
||||||
please use [singular they](https://en.wikipedia.org/wiki/Singular_they)
|
[singular they](https://en.wikipedia.org/wiki/Singular_they)
|
||||||
- Clearly tell when links aren't safe for everyone by prefixing them
|
- Clearly tell when links aren't safe for everyone by prefixing them with
|
||||||
with `[NSFW]` or similar.
|
`[NSFW]` or similar.
|
||||||
- Respect boundaries, don't PM people without asking first.
|
- Respect boundaries, don't PM people without asking first.
|
||||||
- _You may PM ops or ops may PM you if it's required for solving
|
- _You may PM ops or ops may PM you if it's required for solving potential
|
||||||
potential channel issue peacefully._
|
channel issue peacefully._
|
||||||
- Don't log the channel publicly.
|
- Don't log the channel publicly.
|
||||||
- Don't bring bots to the channel without asking ops first.
|
- Don't bring bots to the channel without asking ops first.
|
||||||
|
|
||||||
_These rules also affect (h)ops (and higher), if you see them breaking
|
_These rules also affect (h)ops (and higher), if you see them breaking these
|
||||||
these rules, please do say it._
|
rules, please do say it._
|
||||||
|
|
||||||
- If you need help from channel op...
|
- If you need help from channel op...
|
||||||
- ping or PM them (but keep in mind they might be blocking all PMs)
|
- ping or PM them (but keep in mind they might be blocking all PMs)
|
||||||
- if the network supports it and you have correct flags (voice?),
|
- if the network supports it and you have correct flags (voice?),
|
||||||
`/msg memoserv sendops #channel <the issue>`
|
`/msg memoserv sendops #channel <the issue>`
|
||||||
- `!ops` might work if the ops are highlighting on it or there is bot
|
- `!ops` might work if the ops are highlighting on it or there is bot handling
|
||||||
handling it, but it's not as recommended as the other ways.
|
it, but it's not as recommended as the other ways.
|
||||||
- if there are no ops present, try contacting the network operators,
|
- if there are no ops present, try contacting the network operators, they
|
||||||
they should have flags to help.
|
should have flags to help.
|
||||||
|
|
||||||
Furher reading:
|
Furher reading:
|
||||||
|
|
||||||
- [Keep your ops opped!]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
- [Keep your ops opped!]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||||
- [Blocking all PMs by default]({% post_url blog/2015-04-02-umodeg %})
|
- [Blocking all PMs by default]({% post_url blog/2015-04-02-umodeg %})
|
||||||
|
|
||||||
Changelog ([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
|
Changelog
|
||||||
|
([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
|
||||||
|
|
||||||
- 2015-06-28: more generalization & clarifying on PMing (on respecting
|
- 2015-06-28: more generalization & clarifying on PMing (on respecting
|
||||||
boundaries)
|
boundaries)
|
||||||
- 2015-05-07: make getting help from ops a little more clear
|
- 2015-05-07: make getting help from ops a little more clear
|
||||||
- 2015-05-03: add TL;DR to meta description & remove weird feeling line &
|
- 2015-05-03: add TL;DR to meta description & remove weird feeling line & fix
|
||||||
fix language & Finnish translation
|
language & Finnish translation
|
||||||
- 2015-05-02: no \*isms --> no discrimination & cleaning
|
- 2015-05-02: no \*isms --> no discrimination & cleaning
|
||||||
- 2015-04-26: typo fixes, cleaning up
|
- 2015-04-26: typo fixes, cleaning up
|
||||||
- 2015-04-14: Initial version
|
- 2015-04-14: Initial version
|
||||||
|
@ -3,23 +3,25 @@ layout: page
|
|||||||
title: IRC
|
title: IRC
|
||||||
navigation: true
|
navigation: true
|
||||||
permalink: /irc/
|
permalink: /irc/
|
||||||
excerpt: "Where do you find me at IRC and verify that it's me. Also includes my IRC related posts that are hopefully helpful."
|
excerpt:
|
||||||
|
"Where do you find me at IRC and verify that it's me. Also includes my IRC
|
||||||
|
related posts that are hopefully helpful."
|
||||||
robots: noai
|
robots: noai
|
||||||
---
|
---
|
||||||
|
|
||||||
IRC has been a big part of my life, I discovered it during junior high school
|
IRC has been a big part of my life, I discovered it during junior high school
|
||||||
and have several friends and communities there. This is also shown by
|
and have several friends and communities there. This is also shown by the amount
|
||||||
the amount of blog posts, I have below.
|
of blog posts, I have below.
|
||||||
|
|
||||||
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info) ([webchat](https://irc.etro.mikaela.info/))
|
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info)
|
||||||
and oper on a couple of other networks too. For a list of my registered IRCaccounts
|
([webchat](https://irc.etro.mikaela.info/)) and oper on a couple of other
|
||||||
in general, please see [txt/irc.txt](/txt/irc.txt)
|
networks too. For a list of my registered IRCaccounts in general, please see
|
||||||
and [my discuss page](/discuss) for registered channels outside of IRC@Etro.
|
[txt/irc.txt](/txt/irc.txt) and [my discuss page](/discuss) for registered
|
||||||
|
channels outside of IRC@Etro.
|
||||||
|
|
||||||
### IRC-related posts
|
### IRC-related posts
|
||||||
|
|
||||||
_Note that this section is manually updated and might be missing some
|
_Note that this section is manually updated and might be missing some links._
|
||||||
links._
|
|
||||||
|
|
||||||
- General
|
- General
|
||||||
- [Getting help from network operators when channel ops are away]({% post_url blog/2015-01-24-getting_help_with_channel_issues %})
|
- [Getting help from network operators when channel ops are away]({% post_url blog/2015-01-24-getting_help_with_channel_issues %})
|
||||||
@ -27,10 +29,14 @@ links._
|
|||||||
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
|
||||||
- [IRC over TLS is not pointless.]({% post_url blog/2015-04-22-IRC-over-TLS %})
|
- [IRC over TLS is not pointless.]({% post_url blog/2015-04-22-IRC-over-TLS %})
|
||||||
- [Forming irc:// or ircs:// links]({% post_url blog/2015-05-18-ircs_links %})
|
- [Forming irc:// or ircs:// links]({% post_url blog/2015-05-18-ircs_links %})
|
||||||
- [Making channel secret or private]({% post_url blog/2015-06-08-private_secret_channels %})
|
- [Making channel secret
|
||||||
- [Atheme quickstart: NickServ, HostServ, ChanServ & GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
|
or private]({% post_url blog/2015-06-08-private_secret_channels %})
|
||||||
|
- [Atheme quickstart: NickServ, HostServ, ChanServ
|
||||||
|
& GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
|
||||||
- Oper
|
- Oper
|
||||||
- [Channels & Hostmask groups: A Basic howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
- [Channels & Hostmask groups: A
|
||||||
|
Basic
|
||||||
|
howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
|
||||||
- WeeChat
|
- WeeChat
|
||||||
- [Easy instructions for using SASL PLAIN]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
- [Easy instructions for using SASL PLAIN]({% post_url blog/2015-03-26-weechat-sasl-simply %})
|
||||||
- [Ignoring with /filter]({% post_url blog/2015-05-31-weechat-filter %})
|
- [Ignoring with /filter]({% post_url blog/2015-05-31-weechat-filter %})
|
||||||
|
@ -10,8 +10,8 @@ published: false
|
|||||||
|
|
||||||
## ZNC
|
## ZNC
|
||||||
|
|
||||||
Vardiera is hosting stable ZNC (latest git tag) where people I trust can
|
Vardiera is hosting stable ZNC (latest git tag) where people I trust can get
|
||||||
get accounts.
|
accounts.
|
||||||
|
|
||||||
### Simple rules
|
### Simple rules
|
||||||
|
|
||||||
@ -21,33 +21,34 @@ get accounts.
|
|||||||
- accounts can be removed at any time.
|
- accounts can be removed at any time.
|
||||||
- it can crash any time without me being there to fix it.
|
- it can crash any time without me being there to fix it.
|
||||||
- it can be restarted any time to install upgrades.
|
- it can be restarted any time to install upgrades.
|
||||||
- No logging unless you load the log module by yourself (log access
|
- No logging unless you load the log module by yourself (log access requires
|
||||||
requires shell access which I don't give!)
|
shell access which I don't give!)
|
||||||
- If you use the [SASL](http://wiki.znc.in/sasl) or
|
- If you use the [SASL](http://wiki.znc.in/sasl) or
|
||||||
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored
|
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored in
|
||||||
in plain text.
|
plain text.
|
||||||
- I won't ever read it there, but I think it should be mentioned. Don't
|
- I won't ever read it there, but I think it should be mentioned. Don't use
|
||||||
use server password unless you have to as that password is thrown
|
server password unless you have to as that password is thrown to my eyes in
|
||||||
to my eyes in ZNC startup messages.
|
ZNC startup messages.
|
||||||
- In case more networks are needed, contact me.
|
- In case more networks are needed, contact me.
|
||||||
|
|
||||||
### Tips & tricks
|
### Tips & tricks
|
||||||
|
|
||||||
1. Read the [ZNC wiki], at least [FAQ].
|
1. Read the [ZNC wiki], at least [FAQ].
|
||||||
2. **Load savebuff** so your buffers aren't lost on restart/crash/etc.
|
2. **Load savebuff** so your buffers aren't lost on restart/crash/etc.
|
||||||
- **Don't specify a password or I am going to be angry and you are
|
- **Don't specify a password or I am going to be angry and you are going to
|
||||||
going to lose your account!**
|
lose your account!**
|
||||||
3. If your network has NickServ, [load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
|
3. If your network has NickServ,
|
||||||
|
[load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
|
||||||
|
|
||||||
[znc wiki]: http://wiki.znc.in/
|
[znc wiki]: http://wiki.znc.in/
|
||||||
[faq]: http://wiki.znc.in/FAQ
|
[faq]: http://wiki.znc.in/FAQ
|
||||||
|
|
||||||
#### Accessing webadmin
|
#### Accessing webadmin
|
||||||
|
|
||||||
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid
|
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid fingerprints
|
||||||
fingerprints are listed below)
|
are listed below)
|
||||||
- https://znc.mikaela.info/ (CloudFlare, https only between you and
|
- https://znc.mikaela.info/ (CloudFlare, https only between you and CloudFlare
|
||||||
CloudFlare (aka not recommended or use only if you have to))
|
(aka not recommended or use only if you have to))
|
||||||
|
|
||||||
### Certificate fingerprints
|
### Certificate fingerprints
|
||||||
|
|
||||||
@ -71,9 +72,9 @@ SHA512 Fingerprint=FF:B3:D6:8B:EB:2E:2B:96:10:C0:7C:F0:7A:17:28:8F:77:14:73:FC:6
|
|||||||
|
|
||||||
_If you forget -ssl, `/set irc.server.WHATEVER.ssl on`_
|
_If you forget -ssl, `/set irc.server.WHATEVER.ssl on`_
|
||||||
|
|
||||||
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want
|
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want to
|
||||||
to read at least the _Enabling server-time & other IRCv3 capabilities_ to
|
read at least the _Enabling server-time & other IRCv3 capabilities_ to make your
|
||||||
make your experience smoother.
|
experience smoother.
|
||||||
|
|
||||||
### Webchat
|
### Webchat
|
||||||
|
|
||||||
|
@ -10,6 +10,8 @@ redirect_from:
|
|||||||
- /pgp.html
|
- /pgp.html
|
||||||
- /wire.html
|
- /wire.html
|
||||||
redirect_to: /keys.txt
|
redirect_to: /keys.txt
|
||||||
excerpt: "My public key fingerprints (that I think can be put here, if I am missing something, tell me) for secure communication with me."
|
excerpt:
|
||||||
|
"My public key fingerprints (that I think can be put here, if I am missing
|
||||||
|
something, tell me) for secure communication with me."
|
||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
@ -7,9 +7,9 @@ sitemap: false
|
|||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
_This page has some kind of link list on minorities which mostly somehow
|
_This page has some kind of link list on minorities which mostly somehow affect
|
||||||
affect me and is probably always under construction. The order is somewhat
|
me and is probably always under construction. The order is somewhat random and
|
||||||
random and [improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
|
[improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
|
||||||
|
|
||||||
_This page is also in need of attention._
|
_This page is also in need of attention._
|
||||||
|
|
||||||
@ -47,13 +47,13 @@ _This page is also in need of attention._
|
|||||||
- I think there are a lot better pages telling this than this one.
|
- I think there are a lot better pages telling this than this one.
|
||||||
- [Review article provides evidence on the biological nature of gender identity](http://medicalxpress.com/news/2015-02-article-evidence-biological-nature-gender.html)
|
- [Review article provides evidence on the biological nature of gender identity](http://medicalxpress.com/news/2015-02-article-evidence-biological-nature-gender.html)
|
||||||
- [Sex redefined](http://www.nature.com/news/sex-redefined-1.16943?WT.mc_id=FBK_NatureNews)
|
- [Sex redefined](http://www.nature.com/news/sex-redefined-1.16943?WT.mc_id=FBK_NatureNews)
|
||||||
- _So if the law requires that a person is male or female, should that
|
- _So if the law requires that a person is male or female, should that sex be
|
||||||
sex be assigned by anatomy, hormones, cells or chromosomes, and what
|
assigned by anatomy, hormones, cells or chromosomes, and what should be done
|
||||||
should be done if they clash? “My feeling is that since there is not
|
if they clash? “My feeling is that since there is not one biological
|
||||||
one biological parameter that takes over every other parameter, at
|
parameter that takes over every other parameter, at the end of the day,
|
||||||
the end of the day, gender identity seems to be the most reasonable
|
gender identity seems to be the most reasonable parameter,” says Vilain. In
|
||||||
parameter,” says Vilain. In other words, if you want to know whether
|
other words, if you want to know whether someone is male or female, it may
|
||||||
someone is male or female, it may be best just to ask._
|
be best just to ask._
|
||||||
- [Gender identity is biological study says](https://gma.yahoo.com/gender-identity-biological-study-says-090824140--abc-news-health.html)
|
- [Gender identity is biological study says](https://gma.yahoo.com/gender-identity-biological-study-says-090824140--abc-news-health.html)
|
||||||
- [Stop Using Phony Science to Justify Transphobia - Scientific American Blog Network](https://blogs.scientificamerican.com/voices/stop-using-phony-science-to-justify-transphobia/)
|
- [Stop Using Phony Science to Justify Transphobia - Scientific American Blog Network](https://blogs.scientificamerican.com/voices/stop-using-phony-science-to-justify-transphobia/)
|
||||||
|
|
||||||
|
@ -11,11 +11,12 @@ robots: noai
|
|||||||
---
|
---
|
||||||
|
|
||||||
Just like [IRC](/irc/), _Matrix_ has became a part of my social life online. My
|
Just like [IRC](/irc/), _Matrix_ has became a part of my social life online. My
|
||||||
room can be found from [my discuss page](/discuss) alongside
|
room can be found from [my discuss page](/discuss) alongside some protocol
|
||||||
some protocol comparison and my main accounts are in [index](/).
|
comparison and my main accounts are in [index](/).
|
||||||
|
|
||||||
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which [has SSH signature](/txt/matrix.txt.sig).
|
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which
|
||||||
Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
|
[has SSH signature](/txt/matrix.txt.sig). Some of my accounts are also on my
|
||||||
|
[Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
|
||||||
|
|
||||||
[Questions and Answers about Matrix](#questions--answers)
|
[Questions and Answers about Matrix](#questions--answers)
|
||||||
|
|
||||||
@ -23,12 +24,14 @@ Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/a
|
|||||||
|
|
||||||
## Matrix-related posts
|
## Matrix-related posts
|
||||||
|
|
||||||
_Note that this section is manually updated and might be missing some
|
_Note that this section is manually updated and might be missing some links._
|
||||||
links._
|
|
||||||
|
|
||||||
- Critique
|
- Critique
|
||||||
- [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %})
|
- [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %})
|
||||||
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely on security through obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
|
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely
|
||||||
|
on security
|
||||||
|
through
|
||||||
|
obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
|
||||||
- [A couple of words on protocols (on the Discuss page)](/discuss.html#a-couple-of-words-on-protocols)
|
- [A couple of words on protocols (on the Discuss page)](/discuss.html#a-couple-of-words-on-protocols)
|
||||||
|
|
||||||
## Questions & Answers
|
## Questions & Answers
|
||||||
@ -80,10 +83,14 @@ links._
|
|||||||
|
|
||||||
### Where else can I read about Matrix?
|
### Where else can I read about Matrix?
|
||||||
|
|
||||||
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to contribute to.
|
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to
|
||||||
|
contribute to.
|
||||||
- [Matrix.org](https://matrix.org/) is the official website.
|
- [Matrix.org](https://matrix.org/) is the official website.
|
||||||
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix), they predate Miki and I hope to sort more relevant or historical parts there.
|
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix),
|
||||||
- PPFI also has [a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix), ([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
|
they predate Miki and I hope to sort more relevant or historical parts there.
|
||||||
|
- PPFI also has
|
||||||
|
[a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix),
|
||||||
|
([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
|
||||||
<!-- and [PPFI wiki page has an article](https://wiki.piraattipuolue.fi/Matrix) ([waybackmachine](https://web.archive.org/web/20230000000000*/https://wiki.piraattipuolue.fi/Matrix)).-->
|
<!-- and [PPFI wiki page has an article](https://wiki.piraattipuolue.fi/Matrix) ([waybackmachine](https://web.archive.org/web/20230000000000*/https://wiki.piraattipuolue.fi/Matrix)).-->
|
||||||
_Note that they are in Finnish_.
|
_Note that they are in Finnish_.
|
||||||
- This site has random assortment of Matrix details around.
|
- This site has random assortment of Matrix details around.
|
||||||
@ -91,22 +98,25 @@ links._
|
|||||||
- [n/matrixspoilers](/n/matrixspoilers.html) has a quick note on spoilers.
|
- [n/matrixspoilers](/n/matrixspoilers.html) has a quick note on spoilers.
|
||||||
- [the-apothecary.club has a Matrix Tips & Tricks page](https://the-apothecary.club/coc/matrix-tricks/)
|
- [the-apothecary.club has a Matrix Tips & Tricks page](https://the-apothecary.club/coc/matrix-tricks/)
|
||||||
- At the time of writing also on using spoilers and custom emotes/stickers.
|
- At the time of writing also on using spoilers and custom emotes/stickers.
|
||||||
- Cos has written [Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you) containing a FAQ, hints and guides.
|
- Cos has written
|
||||||
|
[Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you)
|
||||||
|
containing a FAQ, hints and guides.
|
||||||
|
|
||||||
### Is there any kind of Matrix etiquette I should know about?
|
### Is there any kind of Matrix etiquette I should know about?
|
||||||
|
|
||||||
Not particularly, you will find the same kind of social expectations like
|
Not particularly, you will find the same kind of social expectations like
|
||||||
anywhere else, such as at IRC or Telegram. Here are some guidelines:
|
anywhere else, such as at IRC or Telegram. Here are some guidelines:
|
||||||
|
|
||||||
- Ask for a permission in room before starting a private/direct message/discussion with someone.
|
- Ask for a permission in room before starting a private/direct
|
||||||
- There is commonly an exception when you are contacting a moderator of about an issue in
|
message/discussion with someone.
|
||||||
the chat and wish to avoid getting attention on yourself.
|
- There is commonly an exception when you are contacting a moderator of about
|
||||||
|
an issue in the chat and wish to avoid getting attention on yourself.
|
||||||
- When you eventually do message someone, state your business, without leaving
|
- When you eventually do message someone, state your business, without leaving
|
||||||
your first message to a greeting. For more information about this, refer to
|
your first message to a greeting. For more information about this, refer to
|
||||||
[nohello.net](https://nohello.net/).
|
[nohello.net](https://nohello.net/).
|
||||||
- When creating a new room, avoid advertising it in existing rooms. The
|
- When creating a new room, avoid advertising it in existing rooms. The first
|
||||||
first guideline also applies, refrain from inviting random people from
|
guideline also applies, refrain from inviting random people from other rooms
|
||||||
other rooms without their permission.
|
without their permission.
|
||||||
- If you do perform mass inviting of strangers, you will be considered as a
|
- If you do perform mass inviting of strangers, you will be considered as a
|
||||||
spammer and most likely end up on shared banlists resulting a significant
|
spammer and most likely end up on shared banlists resulting a significant
|
||||||
portition of Matrix communities instantly banning you even if you never
|
portition of Matrix communities instantly banning you even if you never
|
||||||
@ -133,90 +143,124 @@ profiles.
|
|||||||
|
|
||||||
### How do you do custom not-emoji reactions?
|
### How do you do custom not-emoji reactions?
|
||||||
|
|
||||||
As long as your client isn't by Element HQ ([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
|
As long as your client isn't by Element HQ
|
||||||
|
([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
|
||||||
[matrix-org/matrix-react-sdk#6628](https://github.com/matrix-org/matrix-react-sdk/pull/6628#issuecomment-1598708914)),
|
[matrix-org/matrix-react-sdk#6628](https://github.com/matrix-org/matrix-react-sdk/pull/6628#issuecomment-1598708914)),
|
||||||
there are a couple of methods to try:
|
there are a couple of methods to try:
|
||||||
|
|
||||||
- Reply to the message you wish to react to with `/react something`. This will
|
- Reply to the message you wish to react to with `/react something`. This will
|
||||||
commonly add a reaction `something` to the message.
|
commonly add a reaction `something` to the message.
|
||||||
- This works at least within [FluffyChat](https://fluffychat.im), [Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages) and [Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
|
- This works at least within [FluffyChat](https://fluffychat.im),
|
||||||
|
[Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages)
|
||||||
|
and
|
||||||
|
[Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
|
||||||
- Hold the message and look at the emoji bar. There may be a `…` allowing for
|
- Hold the message and look at the emoji bar. There may be a `…` allowing for
|
||||||
free-form reactions.
|
free-form reactions.
|
||||||
- This works at least within [Hydrogen](https://github.com/element-hq/hydrogen-web/).
|
- This works at least within
|
||||||
- Does the emoji bar have search? Some allow entering arbitary reactions
|
[Hydrogen](https://github.com/element-hq/hydrogen-web/).
|
||||||
through it offering a `react` button or `react with <your query>` option.
|
- Does the emoji bar have search? Some allow entering arbitary reactions through
|
||||||
- This works at least within [Cinny](https://cinny.in) and [SchildiChat](https://schildi.chat).
|
it offering a `react` button or `react with <your query>` option.
|
||||||
|
- This works at least within [Cinny](https://cinny.in) and
|
||||||
|
[SchildiChat](https://schildi.chat).
|
||||||
|
|
||||||
Please note that your **_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_** even in encrypted
|
Please note that your
|
||||||
rooms. See also my blog post, [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
|
**_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_**
|
||||||
|
even in encrypted rooms. See also my blog post, [Inconsistency issues of
|
||||||
|
Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
|
||||||
|
|
||||||
### What are ghost and puppets?
|
### What are ghost and puppets?
|
||||||
|
|
||||||
They are related to bridging Matrix with other protocols.
|
They are related to bridging Matrix with other protocols.
|
||||||
|
|
||||||
- A ghost is a virtual user account created by a bridge service to represent a user from another protocol (controlled by the actions of that user). They appear when an entire room is bridged. Some protocols like Discord or Slack have no native support for ghosts but can approximate them by changing the display name and avatar of the messages sent by the bridge.
|
- A ghost is a virtual user account created by a bridge service to represent a
|
||||||
- A puppet is a real user account controlled by a bridge service (based on their actions on another protocol). They may arise from personal bridging but also from room-level bridging when the target protocol does not support ghosts (such as IRC). Unlike a ghost, it's possible to log in to a puppet account using a normal client application so it's impossible to tell at a glance if the controller is a human or a bridge service (however message contents may provide hints).
|
user from another protocol (controlled by the actions of that user). They
|
||||||
- Double puppeting is when a user bridges their real accounts from two protocols so their actions on either side are mirrored on the other.
|
appear when an entire room is bridged. Some protocols like Discord or Slack
|
||||||
|
have no native support for ghosts but can approximate them by changing the
|
||||||
|
display name and avatar of the messages sent by the bridge.
|
||||||
|
- A puppet is a real user account controlled by a bridge service (based on their
|
||||||
|
actions on another protocol). They may arise from personal bridging but also
|
||||||
|
from room-level bridging when the target protocol does not support ghosts
|
||||||
|
(such as IRC). Unlike a ghost, it's possible to log in to a puppet account
|
||||||
|
using a normal client application so it's impossible to tell at a glance if
|
||||||
|
the controller is a human or a bridge service (however message contents may
|
||||||
|
provide hints).
|
||||||
|
- Double puppeting is when a user bridges their real accounts from two protocols
|
||||||
|
so their actions on either side are mirrored on the other.
|
||||||
|
|
||||||
### What does the public history visibility mean? I don't want to appear in search engines
|
### What does the public history visibility mean? I don't want to appear in search engines
|
||||||
|
|
||||||
The public/world-readable history visibility option means exactly what it says,
|
The public/world-readable history visibility option means exactly what it says,
|
||||||
public even without joining the room. These rooms are accessible to tools
|
public even without joining the room. These rooms are accessible to tools such
|
||||||
such as [Matrix Static](https://view.matrix.org/) and its successor [Matrix Viewer](https://github.com/matrix-org/matrix-viewer)
|
as [Matrix Static](https://view.matrix.org/) and its successor
|
||||||
and thus their history is visible in search engines.
|
[Matrix Viewer](https://github.com/matrix-org/matrix-viewer) and thus their
|
||||||
|
history is visible in search engines.
|
||||||
|
|
||||||
Note that as the option name hints, the history visibility option will not
|
Note that as the option name hints, the history visibility option will not apply
|
||||||
apply to previous messages. Thus if you first make room public and then
|
to previous messages. Thus if you first make room public and then restrict it to
|
||||||
restrict it to members only the messages between these two changes are public
|
members only the messages between these two changes are public and new users
|
||||||
and new users will see them. Same if messages are visible to members and
|
will see them. Same if messages are visible to members and then restricted
|
||||||
then restricted further.
|
further.
|
||||||
|
|
||||||
Another thing worth noting here is that encryption will not prevent new users
|
Another thing worth noting here is that encryption will not prevent new users
|
||||||
from reading the future messages, Matrix will share keys to new joiners to
|
from reading the future messages, Matrix will share keys to new joiners to some
|
||||||
some extent. For more information refer to [Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1)
|
extent. For more information refer to
|
||||||
and related issues.
|
[Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1) and
|
||||||
|
related issues.
|
||||||
|
|
||||||
### Can I see who is in any specific room without being there?
|
### Can I see who is in any specific room without being there?
|
||||||
|
|
||||||
It depends.
|
It depends.
|
||||||
|
|
||||||
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g. for Matrix HQ ~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
|
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g.
|
||||||
or~~ [matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org) ([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc))
|
for Matrix HQ
|
||||||
or [view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
|
~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
|
||||||
|
or~~
|
||||||
|
[matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org)
|
||||||
|
([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc)) or
|
||||||
|
[view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
|
||||||
omitting the leading `#`.
|
omitting the leading `#`.
|
||||||
|
|
||||||
_Until 2023-06-27 [Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
|
_Until 2023-06-27
|
||||||
so some outdated or intentionally misbehaving archive instances may still reveal information.
|
[Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
|
||||||
|
so some outdated or intentionally misbehaving archive instances may still reveal
|
||||||
|
information.
|
||||||
[Method to opt-out is still not in sight.](https://github.com/matrix-org/matrix-viewer/issues/47)_
|
[Method to opt-out is still not in sight.](https://github.com/matrix-org/matrix-viewer/issues/47)_
|
||||||
|
|
||||||
Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org): [https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org), you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires `matrix.org` to be in the room and aware of the alias.
|
Alternatively if the room in question has an alias, you can try poking the room
|
||||||
|
directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org):
|
||||||
|
[https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org),
|
||||||
|
you get the room ID and list of homeservers in it and if you see a single user
|
||||||
|
(or otherwise not so popular homeserver), you can make educated guesses on who
|
||||||
|
may be in the room. Note that this particular link requires `matrix.org` to be
|
||||||
|
in the room and aware of the alias.
|
||||||
|
|
||||||
Otherwise no, you cannot.
|
Otherwise no, you cannot.
|
||||||
|
|
||||||
### How can I remove my messages automatically like on Signal, WhatsApp, Telegram and everything else?
|
### How can I remove my messages automatically like on Signal, WhatsApp, Telegram and everything else?
|
||||||
|
|
||||||
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For
|
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For more
|
||||||
more information including countless reasons why you would like to do this, consult
|
information including countless reasons why you would like to do this, consult
|
||||||
[Element Meta discussion #682: Self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
[Element Meta discussion #682: Self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
|
||||||
|
|
||||||
#### How can I remove my messages automatically on Nheko?
|
#### How can I remove my messages automatically on Nheko?
|
||||||
|
|
||||||
Assuming you are on nightly build, there are three steps:
|
Assuming you are on nightly build, there are three steps:
|
||||||
|
|
||||||
1. In global settings of Nheko, enable _Periodically disable expired events_,
|
1. In global settings of Nheko, enable _Periodically disable expired events_, it
|
||||||
it will affect all profiles upon restart.
|
will affect all profiles upon restart.
|
||||||
2. In the room where you wish to automatically remove your messages, go to
|
2. In the room where you wish to automatically remove your messages, go to room
|
||||||
room settings and select _Configure_ next to _Automatic event deletion_.
|
settings and select _Configure_ next to _Automatic event deletion_. There you
|
||||||
There you will find the options _Expire events after X days_, _Only keep
|
will find the options _Expire events after X days_, _Only keep latest X
|
||||||
latest X events_, _Always keep latest X events_ and _Include state events_.
|
events_, _Always keep latest X events_ and _Include state events_.
|
||||||
3. Keep your Nheko running for at least 20 minutes. Nheko will automatically
|
3. Keep your Nheko running for at least 20 minutes. Nheko will automatically
|
||||||
remove the messages older than the time you specified and will check for
|
remove the messages older than the time you specified and will check for
|
||||||
event expiry occassionally after running for at least 20 minutes,
|
event expiry occassionally after running for at least 20 minutes, regardless
|
||||||
regardless of which client send the event in the first place or whether
|
of which client send the event in the first place or whether Nheko was online
|
||||||
Nheko was online at that time.
|
at that time.
|
||||||
|
|
||||||
Secretly it's also possible to configure defaults for all rooms using Element
|
Secretly it's also possible to configure defaults for all rooms using Element
|
||||||
Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
|
Web's `/devtools` through
|
||||||
|
[`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@ -225,21 +269,21 @@ Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://g
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
This configuration would make Nheko remove all other messages than state
|
This configuration would make Nheko remove all other messages than state events
|
||||||
events when they became one year old (and the scheduled expiry job ran after
|
when they became one year old (and the scheduled expiry job ran after Nheko
|
||||||
Nheko being online for around twenty minutes).
|
being online for around twenty minutes).
|
||||||
|
|
||||||
I am intentionally not going into deeper detail since that may be dangerous
|
I am intentionally not going into deeper detail since that may be dangerous and
|
||||||
and if you cannot figure it out, you probably shouldn't be touching it.
|
if you cannot figure it out, you probably shouldn't be touching it.
|
||||||
|
|
||||||
#### How can I install Nheko nightly?
|
#### How can I install Nheko nightly?
|
||||||
|
|
||||||
I use the nightly flatpak which is easy to install for all users as you
|
I use the nightly flatpak which is easy to install for all users as you just add
|
||||||
just add the nightly repo and install it. However I am assuming you have
|
the nightly repo and install it. However I am assuming you have already
|
||||||
already performed the [Flathub setup](https://flathub.org/setup).
|
performed the [Flathub setup](https://flathub.org/setup).
|
||||||
|
|
||||||
_Note that `#` means a comment and is there just to explain what is being
|
_Note that `#` means a comment and is there just to explain what is being done,
|
||||||
done, not to be actually entered into the terminal._
|
not to be actually entered into the terminal._
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Add the Nheko nightly remote onto your system
|
# Add the Nheko nightly remote onto your system
|
||||||
@ -253,8 +297,8 @@ sudo flatpak install nheko-nightly im.nheko.Nheko --assumeyes
|
|||||||
|
|
||||||
For installing it just for one user, omit `sudo` and append `--user`.
|
For installing it just for one user, omit `sudo` and append `--user`.
|
||||||
|
|
||||||
To run it, either use the new application menu icons or `flatpak run
|
To run it, either use the new application menu icons or
|
||||||
im.nheko.Nheko//master`.
|
`flatpak run im.nheko.Nheko//master`.
|
||||||
|
|
||||||
To use something else than flatpak, ask someone else like Nheko documentation.
|
To use something else than flatpak, ask someone else like Nheko documentation.
|
||||||
|
|
||||||
@ -264,49 +308,66 @@ The term is used least in two different scenarios:
|
|||||||
|
|
||||||
- when your display name and/or avatar return back to what they were previously
|
- when your display name and/or avatar return back to what they were previously
|
||||||
without anyone doing anything.
|
without anyone doing anything.
|
||||||
- more seriously when the Matrix federation decides that the room is actually
|
- more seriously when the Matrix federation decides that the room is actually in
|
||||||
in the past adding/removing users who were (or weren't) in the room at that time.
|
the past adding/removing users who were (or weren't) in the room at that time.
|
||||||
This also affects administrator/moderator access.
|
This also affects administrator/moderator access.
|
||||||
|
|
||||||
[This issue was supposed to be fixed at room version 2 with State Resolution Version 2](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions),
|
[This issue was supposed to be fixed at room version 2 with State Resolution Version 2](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions),
|
||||||
but regardless [still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629) ([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)). If you are affected, your best bet is to
|
but regardless
|
||||||
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in `/devtools`, which is a bit distruptive operation as all your users have to join the upgraded version and all homeservers involved must support it.
|
[still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629)
|
||||||
|
([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)).
|
||||||
|
If you are affected, your best bet is to
|
||||||
|
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in
|
||||||
|
`/devtools`, which is a bit distruptive operation as all your users have to join
|
||||||
|
the upgraded version and all homeservers involved must support it.
|
||||||
|
|
||||||
You shouldn't just trust me or the variable on this site on what is the latest version, [consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and add [Version Checker](matrix:u/version:maunium.net) or [their sibling](https://github.com/maubot/rsvc) to your room and once they join, `!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the {{site.matrixLatestRoomVersion}} with your target version.
|
You shouldn't just trust me or the variable on this site on what is the latest
|
||||||
|
version,
|
||||||
|
[consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
|
||||||
|
and add [Version Checker](matrix:u/version:maunium.net) or
|
||||||
|
[their sibling](https://github.com/maubot/rsvc) to your room and once they join,
|
||||||
|
`!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the
|
||||||
|
{{site.matrixLatestRoomVersion}} with your target version.
|
||||||
|
|
||||||
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
- See also
|
||||||
|
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||||
|
|
||||||
#### How about DAG splits?
|
#### How about DAG splits?
|
||||||
|
|
||||||
DAG splits are a phenomenon somehow related to state resets above, but instead
|
DAG splits are a phenomenon somehow related to state resets above, but instead
|
||||||
of all servers accepting the same old state, they disagree and split to different
|
of all servers accepting the same old state, they disagree and split to
|
||||||
directions with varying severity.
|
different directions with varying severity.
|
||||||
|
|
||||||
In minor case some servers may decide that a user is not in the room and not
|
In minor case some servers may decide that a user is not in the room and not
|
||||||
display messages from them, while in more severe situations the room may practically
|
display messages from them, while in more severe situations the room may
|
||||||
be two different rooms with no new messages in common between different sides
|
practically be two different rooms with no new messages in common between
|
||||||
kind of resembling [IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
|
different sides kind of resembling
|
||||||
|
[IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
|
||||||
|
|
||||||
People understanding state resolution (which by the way don't include me)
|
People understanding state resolution (which by the way don't include me)
|
||||||
disagree on the exact cause only agreeing that it's difficult to fix. From
|
disagree on the exact cause only agreeing that it's difficult to fix. From what
|
||||||
what is told to me, I understand it to be tracked [in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629) or actually [element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
|
is told to me, I understand it to be tracked
|
||||||
|
[in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629)
|
||||||
|
or actually
|
||||||
|
[element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
|
||||||
|
|
||||||
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
- See also
|
||||||
|
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
|
||||||
|
|
||||||
### Can I have a non-federated room?
|
### Can I have a non-federated room?
|
||||||
|
|
||||||
Yes, there are two methods.
|
Yes, there are two methods.
|
||||||
|
|
||||||
1. During room creation, Element Web offers an option to have a non-federated
|
1. During room creation, Element Web offers an option to have a non-federated
|
||||||
room. That will permanently prevent any other homeserver from joining and
|
room. That will permanently prevent any other homeserver from joining and to
|
||||||
to change that a manual room upgrade is required.
|
change that a manual room upgrade is required.
|
||||||
1. What I recommend instead is setting a server ACL, so if necessary it can be
|
1. What I recommend instead is setting a server ACL, so if necessary it can be
|
||||||
changed later. This may be helpful when migrating to another domain (which
|
changed later. This may be helpful when migrating to another domain (which
|
||||||
Matrix doesn't support) or cooperation with another entity with their own
|
Matrix doesn't support) or cooperation with another entity with their own
|
||||||
homeserver or anything.
|
homeserver or anything.
|
||||||
|
|
||||||
The second method begins with the usual `/devtools`, explore room state, `Send
|
The second method begins with the usual `/devtools`, explore room state,
|
||||||
custom state event`, enter type as `m.room.server_acl` and contents:
|
`Send custom state event`, enter type as `m.room.server_acl` and contents:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
@ -316,8 +377,8 @@ custom state event`, enter type as `m.room.server_acl` and contents:
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Now assuming all homeservers in the room implement ACL, only `example.org`
|
Now assuming all homeservers in the room implement ACL, only `example.org` users
|
||||||
users can join the room.
|
can join the room.
|
||||||
|
|
||||||
For futher reading about ACL:
|
For futher reading about ACL:
|
||||||
|
|
||||||
@ -332,14 +393,15 @@ Room upgrading basically means:
|
|||||||
|
|
||||||
1. Create a new room.
|
1. Create a new room.
|
||||||
1. Send an event to old room saying "the room has now moved to new room"
|
1. Send an event to old room saying "the room has now moved to new room"
|
||||||
1. Unless upgraded manually, the client copies some state such as power
|
1. Unless upgraded manually, the client copies some state such as power levels
|
||||||
levels from the old room to the new one.
|
from the old room to the new one.
|
||||||
|
|
||||||
Manual upgrading means poking the API endpoint manually and thus not copying
|
Manual upgrading means poking the API endpoint manually and thus not copying
|
||||||
creation event (non-federation state) or power levels. For an example see my
|
creation event (non-federation state) or power levels. For an example see my
|
||||||
[matrix-tombstone-room.bash script](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/matrix-tombstone-room.bash)
|
[matrix-tombstone-room.bash script](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/matrix-tombstone-room.bash)
|
||||||
|
|
||||||
See also [Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
|
See also
|
||||||
|
[Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
|
||||||
or `CTRL-F` this page for `/upgraderoom {{site.matrixLatestRoomVersion}}`
|
or `CTRL-F` this page for `/upgraderoom {{site.matrixLatestRoomVersion}}`
|
||||||
(Element Web `/devtools` _developer mode_ command to perform the upgrade).
|
(Element Web `/devtools` _developer mode_ command to perform the upgrade).
|
||||||
|
|
||||||
@ -349,14 +411,14 @@ I think there are three important questions that will each require
|
|||||||
consideration:
|
consideration:
|
||||||
|
|
||||||
- Do you want to encrypt the room?
|
- Do you want to encrypt the room?
|
||||||
- Is the room public? If so, encryption will just cause strange issues for
|
- Is the room public? If so, encryption will just cause strange issues for you
|
||||||
you to troubleshoot and hinder the purpouse of the channel (which you
|
to troubleshoot and hinder the purpouse of the channel (which you should
|
||||||
should also consider).
|
also consider).
|
||||||
- Do you want to use bridges or integrations? Unless you or someone close to
|
- Do you want to use bridges or integrations? Unless you or someone close to
|
||||||
you is selfhosting those, they are untrusted and will defeat the point of
|
you is selfhosting those, they are untrusted and will defeat the point of
|
||||||
encryption, so don't encrypt.
|
encryption, so don't encrypt.
|
||||||
- Does the room only contain trustworthy participants? Encryption may be
|
- Does the room only contain trustworthy participants? Encryption may be your
|
||||||
your friend.
|
friend.
|
||||||
- Who can see the room history?
|
- Who can see the room history?
|
||||||
- If you want everyone to be able to read it, choose everyone or
|
- If you want everyone to be able to read it, choose everyone or
|
||||||
`world_readable`.
|
`world_readable`.
|
||||||
@ -364,21 +426,27 @@ consideration:
|
|||||||
publish the history further), choose members-only or `shared`.
|
publish the history further), choose members-only or `shared`.
|
||||||
- If you want users to see the history since they were invited to the room,
|
- If you want users to see the history since they were invited to the room,
|
||||||
select `invited`
|
select `invited`
|
||||||
- Otherwise select `joined` to have users only see history since they
|
- Otherwise select `joined` to have users only see history since they joined.
|
||||||
joined.
|
|
||||||
- Who can join the room? This is self-explanatory so probably everyone or
|
- Who can join the room? This is self-explanatory so probably everyone or
|
||||||
invited users.
|
invited users.
|
||||||
- However my favourite rules are `knock` so that users have to ask for permission to
|
- However my favourite rules are `knock` so that users have to ask for
|
||||||
join and `knock_restricted` so users in trusted rooms can join directly
|
permission to join and `knock_restricted` so users in trusted rooms can join
|
||||||
without knocking.
|
directly without knocking.
|
||||||
|
|
||||||
If you choose to make your room public as in joinable by anyone and history
|
If you choose to make your room public as in joinable by anyone and history
|
||||||
viewable by members joining in the future, _please communicate that in the room
|
viewable by members joining in the future, _please communicate that in the room
|
||||||
topic_.
|
topic_.
|
||||||
|
|
||||||
> Some projects may wish to log their channels publicly, if you do so the logging should be authorised by the channel owners and users in the channel should be notified (through for instance the topic, entry message, or similar) that public logging is taking place. Channel operators should consider ways for users to make unlogged comments and a process for requesting the removal of certain logs.
|
> Some projects may wish to log their channels publicly, if you do so the
|
||||||
|
> logging should be authorised by the channel owners and users in the channel
|
||||||
|
> should be notified (through for instance the topic, entry message, or similar)
|
||||||
|
> that public logging is taking place. Channel operators should consider ways
|
||||||
|
> for users to make unlogged comments and a process for requesting the removal
|
||||||
|
> of certain logs.
|
||||||
|
|
||||||
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging) which I consider as good advice regarldess of being written for IRC rather than Matrix.
|
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging)
|
||||||
|
which I consider as good advice regarldess of being written for IRC rather
|
||||||
|
than Matrix.
|
||||||
|
|
||||||
Sample events for `/devtools`
|
Sample events for `/devtools`
|
||||||
|
|
||||||
@ -431,130 +499,185 @@ Sample events for `/devtools`
|
|||||||
|
|
||||||
### What are these idlekicks for inactivity, why are they for?
|
### What are these idlekicks for inactivity, why are they for?
|
||||||
|
|
||||||
Some Matrix rooms decide to connect their channel to IRC maintaining the same users on both sides, which can be heavy for the IRC network depending on bridge type of which there are three "major" variants:
|
Some Matrix rooms decide to connect their channel to IRC maintaining the same
|
||||||
|
users on both sides, which can be heavy for the IRC network depending on bridge
|
||||||
|
type of which there are three "major" variants:
|
||||||
|
|
||||||
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC side. All of these pretend to be separate clients, so if you have 1000 ghosts at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times every few minutes and so will every message received.
|
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC
|
||||||
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything separate for every user or a single bot connection to IRC while creating puppets for IRC users to use at Matrix. It also supports RELAYMSG for more modern IRC networks.
|
side. All of these pretend to be separate clients, so if you have 1000 ghosts
|
||||||
- matterbridge is the most lightweight of the three working as a traditional relaybot on both sides. Unlike the others, it doesn't require selfhosting your own homeserver making it the most accessible for those with less resources and the option I use whenever possible. Sadly it doesn't look that great [without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
|
at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times
|
||||||
|
every few minutes and so will every message received.
|
||||||
|
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything
|
||||||
|
separate for every user or a single bot connection to IRC while creating
|
||||||
|
puppets for IRC users to use at Matrix. It also supports RELAYMSG for more
|
||||||
|
modern IRC networks.
|
||||||
|
- matterbridge is the most lightweight of the three working as a traditional
|
||||||
|
relaybot on both sides. Unlike the others, it doesn't require selfhosting your
|
||||||
|
own homeserver making it the most accessible for those with less resources and
|
||||||
|
the option I use whenever possible. Sadly it doesn't look that great
|
||||||
|
[without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
|
||||||
|
|
||||||
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators generally have agreement with IRC networks (or are IRC networks by themselves) to remove unused connections after a month or three of inactivity, which is judged by lack of public read-receipts anywhere the bridge can see. It could have been implemented better [pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329), which would have a problem of practically being `root` and thus not many IRC networks would open their door to a third party bridge and the Ergo IRCd doesn't even support server linking (opting to be HA instead, but more of that in "Why should I use Matrix instead of IRC?").
|
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators
|
||||||
|
generally have agreement with IRC networks (or are IRC networks by themselves)
|
||||||
|
to remove unused connections after a month or three of inactivity, which is
|
||||||
|
judged by lack of public read-receipts anywhere the bridge can see. It could
|
||||||
|
have been implemented better
|
||||||
|
[pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329),
|
||||||
|
which would have a problem of practically being `root` and thus not many IRC
|
||||||
|
networks would open their door to a third party bridge and the Ergo IRCd doesn't
|
||||||
|
even support server linking (opting to be HA instead, but more of that in "Why
|
||||||
|
should I use Matrix instead of IRC?").
|
||||||
|
|
||||||
Being a server would also resolve IRC users getting annoyed by huge disconnection floods whenever matrix-appservice-irc restarts as it could be [batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
|
Being a server would also resolve IRC users getting annoyed by huge
|
||||||
|
disconnection floods whenever matrix-appservice-irc restarts as it could be
|
||||||
|
[batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
|
||||||
|
|
||||||
The issues of matrix-appservice-irc grow worse when the room has bridges to other protocols, as those grow the IRC user count, use nicknames (sometimes capturing nicknames of people using both protocols and may be difficult to regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially when the other protocol doesn't support direct/private messages and doesn't have even that excuse of using a connection slot.
|
The issues of matrix-appservice-irc grow worse when the room has bridges to
|
||||||
|
other protocols, as those grow the IRC user count, use nicknames (sometimes
|
||||||
|
capturing nicknames of people using both protocols and may be difficult to
|
||||||
|
regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially
|
||||||
|
when the other protocol doesn't support direct/private messages and doesn't have
|
||||||
|
even that excuse of using a connection slot.
|
||||||
|
|
||||||
I hope this answer helped explain why this behaviour exists and that IRC users aren't opposed to bridging out of malice.
|
I hope this answer helped explain why this behaviour exists and that IRC users
|
||||||
|
aren't opposed to bridging out of malice.
|
||||||
|
|
||||||
#### But the relaybots look so ugly
|
#### But the relaybots look so ugly
|
||||||
|
|
||||||
IRC users have dealt with them since always, I tend to use Limnoria IRC bot which is forked from Supybot and has had the Relay plugin (for relaying messages between multiple IRC networks) [since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e) and I imagine it was far from the first IRC relay.
|
IRC users have dealt with them since always, I tend to use Limnoria IRC bot
|
||||||
|
which is forked from Supybot and has had the Relay plugin (for relaying messages
|
||||||
|
between multiple IRC networks)
|
||||||
|
[since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e)
|
||||||
|
and I imagine it was far from the first IRC relay.
|
||||||
|
|
||||||
This means that even before IRCv3 RELAYMSG and displayname proposals, which I wish to merge so modern clients could show displaynames and legacy RELAYMSGs, there have been client-side solutions that have also been evolving:
|
This means that even before IRCv3 RELAYMSG and displayname proposals, which I
|
||||||
|
wish to merge so modern clients could show displaynames and legacy RELAYMSGs,
|
||||||
|
there have been client-side solutions that have also been evolving:
|
||||||
|
|
||||||
- Irssi I haven't used personally, but I hear it has a [detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit like it's made with Heisenbridge in mind.
|
- Irssi I haven't used personally, but I hear it has a
|
||||||
- WeeChat used to have a separate script for this, but at version 1.1 in gained the Trigger plugin able to perform actions without scripts, thus meaning you can use something like [this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2) without having to install anything (while `/script` would be easy too).
|
[detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit
|
||||||
|
like it's made with Heisenbridge in mind.
|
||||||
|
- WeeChat used to have a separate script for this, but at version 1.1 in gained
|
||||||
|
the Trigger plugin able to perform actions without scripts, thus meaning you
|
||||||
|
can use something like
|
||||||
|
[this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2)
|
||||||
|
without having to install anything (while `/script` would be easy too).
|
||||||
|
|
||||||
I hope Matrix will get better at this too.
|
I hope Matrix will get better at this too.
|
||||||
|
|
||||||
### I am told that I should Matrixify my IRC channel, what does that mean?
|
### I am told that I should Matrixify my IRC channel, what does that mean?
|
||||||
|
|
||||||
You are likely using IRCnet and I am sorry that you have to deal with this raider group. It means some mix of:
|
You are likely using IRCnet and I am sorry that you have to deal with this
|
||||||
|
raider group. It means some mix of:
|
||||||
|
|
||||||
- setting a Matrix avatar to the room
|
- setting a Matrix avatar to the room
|
||||||
- removing the `#` from the name of the Matrix room
|
- removing the `#` from the name of the Matrix room
|
||||||
- setting a main alias to the Matrix room that doesn't contain the IRC network's name
|
- setting a main alias to the Matrix room that doesn't contain the IRC network's
|
||||||
- bridging to Matrix in a way that Matrix user (that may not be you) has full power over the room, potentially also over the bridge bot
|
name
|
||||||
|
- bridging to Matrix in a way that Matrix user (that may not be you) has full
|
||||||
|
power over the room, potentially also over the bridge bot
|
||||||
- be careful if you are told to answer a bot `yes` in a `/query`!
|
- be careful if you are told to answer a bot `yes` in a `/query`!
|
||||||
|
|
||||||
### Why should I use Matrix instead of IRC?
|
### Why should I use Matrix instead of IRC?
|
||||||
|
|
||||||
No reason, if IRC suits you better than Matrix. As I have said before, I find
|
No reason, if IRC suits you better than Matrix. As I have said before, I find
|
||||||
maintaining IRC easier. IRC also tends to work better for me in poor network conditions
|
maintaining IRC easier. IRC also tends to work better for me in poor network
|
||||||
and with [IRCv3](https://ircv3.net/) specifications and implemented draft proposals,
|
conditions and with [IRCv3](https://ircv3.net/) specifications and implemented
|
||||||
it can be very pleasant modern experience without the issues that come from federation.
|
draft proposals, it can be very pleasant modern experience without the issues
|
||||||
|
that come from federation.
|
||||||
|
|
||||||
There is a usecase for every tool and while federation is important feature
|
There is a usecase for every tool and while federation is important feature in
|
||||||
in general I am yet to miss it in IRC.
|
general I am yet to miss it in IRC.
|
||||||
|
|
||||||
I keep mentioning Ergo IRCd, which [scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability), has serverside history and integrated bouncer
|
I keep mentioning Ergo IRCd, which
|
||||||
feature so it's just a matter of adding it to your IRC client alongside your
|
[scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability),
|
||||||
SASL credentials and you will receive your offline messages whenever you
|
has serverside history and integrated bouncer feature so it's just a matter of
|
||||||
reconnect. Ergo also supports `RELAYMSG` making messages from other protocols
|
adding it to your IRC client alongside your SASL credentials and you will
|
||||||
seem more native to read and many graphical IRC clients even provide integrated
|
receive your offline messages whenever you reconnect. Ergo also supports
|
||||||
image uploading support.
|
`RELAYMSG` making messages from other protocols seem more native to read and
|
||||||
|
many graphical IRC clients even provide integrated image uploading support.
|
||||||
|
|
||||||
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based [PirateIRC](https://pirateirc.net/)
|
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based
|
||||||
and [its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we have to leave other protocols
|
[PirateIRC](https://pirateirc.net/) and
|
||||||
or they would be unusable otherwise.
|
[its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we
|
||||||
|
have to leave other protocols or they would be unusable otherwise.
|
||||||
|
|
||||||
#### Why isn't Pirate Party of Finland using Matrix?
|
#### Why isn't Pirate Party of Finland using Matrix?
|
||||||
|
|
||||||
This goes a bit past my personal Q&A, but we are using it kind of as a "tech demo".
|
This goes a bit past my personal Q&A, but we are using it kind of as a "tech
|
||||||
However it cannot currently mature past that as:
|
demo". However it cannot currently mature past that as:
|
||||||
|
|
||||||
- we don't have people interested in Matrix (obviously excluding me).
|
- we don't have people interested in Matrix (obviously excluding me).
|
||||||
- we don't have resources for hosting a Matrix homeserver, while we had IRC before we were founded.
|
- we don't have resources for hosting a Matrix homeserver, while we had IRC
|
||||||
- moderation tools are so bad it's only me dealing with them (see critiques near top of the page).
|
before we were founded.
|
||||||
|
- moderation tools are so bad it's only me dealing with them (see critiques near
|
||||||
|
top of the page).
|
||||||
- [Matrix flagship clients, Element Web, Element Android and Element iOS don't support knocking](https://github.com/vector-im/element-meta/issues/43)
|
- [Matrix flagship clients, Element Web, Element Android and Element iOS don't support knocking](https://github.com/vector-im/element-meta/issues/43)
|
||||||
which has been supported by Matrix Specification since September 2021 or so meaning
|
which has been supported by Matrix Specification since September 2021 or so
|
||||||
users of those aren't able to request access to our rooms, unless they
|
meaning users of those aren't able to request access to our rooms, unless they
|
||||||
are members of an allowed rooms first.
|
are members of an allowed rooms first.
|
||||||
|
|
||||||
If you want in, your options are:
|
If you want in, your options are:
|
||||||
|
|
||||||
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists
|
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists Finnish
|
||||||
Finnish speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
|
speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
|
||||||
- Due to aforementioned lack of moderation tools, this can be withdrawn should that become necessary to mitigate abuse.
|
- Due to aforementioned lack of moderation tools, this can be withdrawn should
|
||||||
- Knock one of our rooms using Nheko and [hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
|
that become necessary to mitigate abuse.
|
||||||
- Come to [#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
|
- Knock one of our rooms using Nheko and
|
||||||
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you aren't a bot) that you wish in.
|
[hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
|
||||||
|
- Come to
|
||||||
|
[#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
|
||||||
|
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you
|
||||||
|
aren't a bot) that you wish in.
|
||||||
|
|
||||||
### I don't currently want to touch Matrix, but I am seeing abuse from there, what can I do?
|
### I don't currently want to touch Matrix, but I am seeing abuse from there, what can I do?
|
||||||
|
|
||||||
If you are using Telegram or Discord, you are out of luck, as while you can
|
If you are using Telegram or Discord, you are out of luck, as while you can
|
||||||
remove messages, that may get removed from Matrix, you cannot remove the
|
remove messages, that may get removed from Matrix, you cannot remove the abusive
|
||||||
abusive users. If you are using XMPP you may be out of luck.
|
users. If you are using XMPP you may be out of luck.
|
||||||
|
|
||||||
However if you use IRC and the Matrix users are behind matrix-appservice-irc
|
However if you use IRC and the Matrix users are behind matrix-appservice-irc
|
||||||
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md) or your network operators) you may be in luck as long as
|
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md)
|
||||||
|
or your network operators) you may be in luck as long as
|
||||||
[you or your ops haven't answered "yes" to the Matrix bot](https://github.com/matrix-org/matrix-appservice-irc/issues/462).
|
[you or your ops haven't answered "yes" to the Matrix bot](https://github.com/matrix-org/matrix-appservice-irc/issues/462).
|
||||||
|
|
||||||
Matrix-appservice-irc attempts to sync permissions from IRC in a limited fashion,
|
Matrix-appservice-irc attempts to sync permissions from IRC in a limited
|
||||||
and if it's unable to join a ghost (see an earlier question), it will kick the
|
fashion, and if it's unable to join a ghost (see an earlier question), it will
|
||||||
user from Matrix for as long as the ban stays in place.
|
kick the user from Matrix for as long as the ban stays in place.
|
||||||
|
|
||||||
In other words, if you were using Matrix personally, the IRC bridge would
|
In other words, if you were using Matrix personally, the IRC bridge would
|
||||||
drastically increase the moderation tools available for you! You can now use
|
drastically increase the moderation tools available for you! You can now use
|
||||||
wildcard bans that aren't natively supported and even extbans like (LiberaChat's)
|
wildcard bans that aren't natively supported and even extbans like
|
||||||
`/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org users from your
|
(LiberaChat's) `/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org
|
||||||
channel or set `+e` ban exceptions on them!
|
users from your channel or set `+e` ban exceptions on them!
|
||||||
|
|
||||||
_Note: this obviously stops working should the Matrix user change their
|
_Note: this obviously stops working should the Matrix user change their
|
||||||
gecos/"real name" in which case your only option is to ban the entirety of
|
gecos/"real name" in which case your only option is to ban the entirety of
|
||||||
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming
|
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming your
|
||||||
your abusers don't have a cloak (vhost in any other IRC network)._
|
abusers don't have a cloak (vhost in any other IRC network)._
|
||||||
|
|
||||||
#### I fear someone has said yes
|
#### I fear someone has said yes
|
||||||
|
|
||||||
In that case someone may have near absolute power on the Matrix side and could have
|
In that case someone may have near absolute power on the Matrix side and could
|
||||||
removed the matrix-appservice-irc bot from power thus preventing it from
|
have removed the matrix-appservice-irc bot from power thus preventing it from
|
||||||
kicking users banned from IRC letting them spam freely on Matrix while being
|
kicking users banned from IRC letting them spam freely on Matrix while being
|
||||||
invisible to IRC. In even worse scenario the abusive user was given power
|
invisible to IRC. In even worse scenario the abusive user was given power and
|
||||||
and they are immune to whatever is done from IRC.
|
they are immune to whatever is done from IRC.
|
||||||
|
|
||||||
There is also the chance that [a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
|
There is also the chance that
|
||||||
|
[a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
|
||||||
|
|
||||||
##### That doesn't help me
|
##### That doesn't help me
|
||||||
|
|
||||||
If everything else fails, you can always mail abuse at matrix dot org, who
|
If everything else fails, you can always mail abuse at matrix dot org, who will
|
||||||
will want the following details (as of 2022-10-16):
|
want the following details (as of 2022-10-16):
|
||||||
|
|
||||||
- Your matrix ID
|
- Your matrix ID
|
||||||
- the room ID(s) your report is about
|
- the room ID(s) your report is about
|
||||||
- timestamps or links to the events you are telling us about
|
- timestamps or links to the events you are telling us about
|
||||||
|
|
||||||
Assuming you are an IRC user and thus unable to provide the two first,
|
Assuming you are an IRC user and thus unable to provide the two first, I would
|
||||||
I would include:
|
include:
|
||||||
|
|
||||||
- IRC network in question
|
- IRC network in question
|
||||||
- IRC channel in question
|
- IRC channel in question
|
||||||
@ -571,25 +694,25 @@ sending raw events in JSON to them.
|
|||||||
My reasons for that are many and I am often proved correct in them.
|
My reasons for that are many and I am often proved correct in them.
|
||||||
|
|
||||||
- By having multiple accounts on different homeservers, there is no single
|
- By having multiple accounts on different homeservers, there is no single
|
||||||
entity that can decide whether I participate on Matrix or not. This is also
|
entity that can decide whether I participate on Matrix or not. This is also a
|
||||||
a benefit of decentralisation in general.
|
benefit of decentralisation in general.
|
||||||
- Matrix rooms are hosted on all homeservers that have at least one account
|
- Matrix rooms are hosted on all homeservers that have at least one account
|
||||||
joined to them.
|
joined to them.
|
||||||
- In case of federation meltdown, I have multiple entrypoints to send events
|
- In case of federation meltdown, I have multiple entrypoints to send events and
|
||||||
and thus hopefully one of them goes through faster. There have been
|
thus hopefully one of them goes through faster. There have been multiple
|
||||||
multiple incidents where this could have been useful for room
|
incidents where this could have been useful for room administrators.
|
||||||
administrators.
|
|
||||||
- Matrix homeservers used to allow open registration with no kind of
|
- Matrix homeservers used to allow open registration with no kind of
|
||||||
protection and no warnings they are being ran with that configuration
|
protection and no warnings they are being ran with that configuration until
|
||||||
until some time before room version 10 was released. This
|
some time before room version 10 was released. This allowed multiple rooms
|
||||||
allowed multiple rooms to be spammed trivially and it took days for all
|
to be spammed trivially and it took days for all homeservers to sync ACL
|
||||||
homeservers to sync ACL bans in the worst cases. It also resulted to a lot
|
bans in the worst cases. It also resulted to a lot of state resetting so the
|
||||||
of state resetting so the affected rooms never got cleaned up as the spam
|
affected rooms never got cleaned up as the spam users kept coming back and
|
||||||
users kept coming back and clients had issues handling so inflated rooms.
|
clients had issues handling so inflated rooms.
|
||||||
- Federation also fails when a spammer sends messages after getting banned
|
- Federation also fails when a spammer sends messages after getting banned and
|
||||||
and thus moderation bots fail to remove messages from them as those don't
|
thus moderation bots fail to remove messages from them as those don't get to
|
||||||
get to the banning server. Thus moderators need more accounts again.
|
the banning server. Thus moderators need more accounts again.
|
||||||
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329). [The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
|
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329).
|
||||||
|
[The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
|
||||||
- State resets keep happening and thus I cannot trust other accounts than the
|
- State resets keep happening and thus I cannot trust other accounts than the
|
||||||
one which created a room in question stay as power level 100.
|
one which created a room in question stay as power level 100.
|
||||||
- Homeservers come and go, sometimes with little to no warning. As I have many
|
- Homeservers come and go, sometimes with little to no warning. As I have many
|
||||||
@ -600,62 +723,90 @@ My reasons for that are many and I am often proved correct in them.
|
|||||||
##### Brief history of my experiences with dead homeservers
|
##### Brief history of my experiences with dead homeservers
|
||||||
|
|
||||||
Believe my concern on homeservers coming and going or not, no homeserver is
|
Believe my concern on homeservers coming and going or not, no homeserver is
|
||||||
safe, you should have backup accounts on multiple independent ones. Or maybe
|
safe, you should have backup accounts on multiple independent ones. Or maybe I
|
||||||
I am just personally unlucky?
|
am just personally unlucky?
|
||||||
|
|
||||||
1. 2018-09-07: [Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
|
1. 2018-09-07:
|
||||||
1. 2019-04-12: [Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
|
[Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
|
||||||
|
1. 2019-04-12:
|
||||||
|
[Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
|
||||||
resulting the homeserver being down for a while, some integrations even
|
resulting the homeserver being down for a while, some integrations even
|
||||||
longer and the XMPP bridge returned months later.
|
longer and the XMPP bridge returned months later.
|
||||||
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks <em>as</em>sociation, thinking that homeserver being a paid
|
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks
|
||||||
membership benefit would help it to stay up and be reliable. However in
|
<em>as</em>sociation, thinking that homeserver being a paid membership
|
||||||
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt) and [early
|
benefit would help it to stay up and be reliable. However in
|
||||||
2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt) we decided to disband the association due to
|
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt)
|
||||||
COVID-19 pandemic, lack of volunteers, lack of money (which wasn't helped
|
and
|
||||||
by [Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
|
[early 2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt)
|
||||||
|
we decided to disband the association due to COVID-19 pandemic, lack of
|
||||||
|
volunteers, lack of money (which wasn't helped by
|
||||||
|
[Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
|
||||||
etc.
|
etc.
|
||||||
1. Around 2023-04-24 the-apothecary.club went down and returned sometime
|
1. Around 2023-04-24 the-apothecary.club went down and returned sometime
|
||||||
2023-05-06. That would have been a long time with no communication on
|
2023-05-06. That would have been a long time with no communication on Matrix
|
||||||
Matrix and not having access to any rooms, but luckily I have been using my
|
and not having access to any rooms, but luckily I have been using my account
|
||||||
account there just for accessibility testing and even if it was my primary
|
there just for accessibility testing and even if it was my primary account, I
|
||||||
account, I would have had backup accounts. I still don't know what exactly
|
would have had backup accounts. I still don't know what exactly happened
|
||||||
happened there, but I am not an active member of their community and they
|
there, but I am not an active member of their community and they are
|
||||||
are volunteers like most of Matrix (excluding EMS and other paid homeserver
|
volunteers like most of Matrix (excluding EMS and other paid homeserver
|
||||||
offerings).
|
offerings).
|
||||||
1. 2023-05-08 13:15 [Kapsi.fi](https://www.kapsi.fi/english.html)
|
1. 2023-05-08 13:15 [Kapsi.fi](https://www.kapsi.fi/english.html)
|
||||||
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488) taking down their homeserver and
|
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488)
|
||||||
[pikaviestin.fi](https://www.pikaviestin.fi) (alongside [sauna.social](https://sauna.social)
|
taking down their homeserver and [pikaviestin.fi](https://www.pikaviestin.fi)
|
||||||
and [järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It
|
(alongside [sauna.social](https://sauna.social) and
|
||||||
returned a couple of days later on the evening of 2023-05-11.
|
[järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It returned a
|
||||||
1. On 2023-10-25 [IT group of Pirate Party Austria made an announcement that
|
couple of days later on the evening of 2023-05-11.
|
||||||
pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
|
1. On 2023-10-25
|
||||||
1. 2023-12-24 saw that _[the hard drive hosting the jae.fi matrix server shat
|
[IT group of Pirate Party Austria made an announcement that pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
|
||||||
itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_ and as per that
|
1. 2023-12-24 saw that
|
||||||
announcement, it's not returning anytime soon. My matterbridge had account
|
_[the hard drive hosting the jae.fi matrix server shat itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_
|
||||||
#4 there while it later returned to account #3 on tedomum.net.
|
and as per that announcement, it's not returning anytime soon. My
|
||||||
1. 2024-01-18 brought the [shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
|
matterbridge had account #4 there while it later returned to account #3 on
|
||||||
|
tedomum.net.
|
||||||
|
1. 2024-01-18 brought the
|
||||||
|
[shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
|
||||||
and their [call for volunteers page](https://diasp.in/volunteer) has sunset
|
and their [call for volunteers page](https://diasp.in/volunteer) has sunset
|
||||||
date set for 2024-01-31. As I have been PirateIRC operator since
|
date set for 2024-01-31. As I have been PirateIRC operator since 2017-05-11,
|
||||||
2017-05-11, Diasp.in received a spot in this listing.
|
Diasp.in received a spot in this listing.
|
||||||
|
|
||||||
#### Why do you use Matrix URI scheme instead of matrix.to?
|
#### Why do you use Matrix URI scheme instead of matrix.to?
|
||||||
|
|
||||||
I dislike matrix.to as a concept. It's a centralized service on decentralized protocol and in my opinion it shows lack of self-esteem on Matrix side considering neither XMPP or IRC require something like it, both of those trust being known or handled appropiately.
|
I dislike matrix.to as a concept. It's a centralized service on decentralized
|
||||||
|
protocol and in my opinion it shows lack of self-esteem on Matrix side
|
||||||
|
considering neither XMPP or IRC require something like it, both of those trust
|
||||||
|
being known or handled appropiately.
|
||||||
|
|
||||||
#### Why does one of your accounts have capital letter in the username?
|
#### Why does one of your accounts have capital letter in the username?
|
||||||
|
|
||||||
In 2016 or so I mistakenly thought that usernames would be case-insensitive
|
In 2016 or so I mistakenly thought that usernames would be case-insensitive and
|
||||||
and they only [got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
|
they only
|
||||||
|
[got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
|
||||||
|
|
||||||
#### Which client do you recommend?
|
#### Which client do you recommend?
|
||||||
|
|
||||||
Honestly the only one that I can recommend is [Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
|
Honestly the only one that I can recommend is
|
||||||
|
[Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
|
||||||
|
|
||||||
I have also said it before, but for any serious use of Matrix, you will need [Element Web](https://github.com/vector-im/element-web) and especially the `/devtools` command it has.
|
I have also said it before, but for any serious use of Matrix, you will need
|
||||||
|
[Element Web](https://github.com/vector-im/element-web) and especially the
|
||||||
|
`/devtools` command it has.
|
||||||
|
|
||||||
If you absolutely need Matrix somewhere neither fits you, ~~maybe [Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your needs don't include too many Matrix accounts ([#783](https://github.com/vector-im/hydrogen-web/issues/783), [#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you [don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela) ([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or [Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~ Good luck!
|
If you absolutely need Matrix somewhere neither fits you, ~~maybe
|
||||||
|
[Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your
|
||||||
|
needs don't include too many Matrix accounts
|
||||||
|
([#783](https://github.com/vector-im/hydrogen-web/issues/783),
|
||||||
|
[#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you
|
||||||
|
[don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela)
|
||||||
|
([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or
|
||||||
|
[Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~
|
||||||
|
Good luck!
|
||||||
|
|
||||||
On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdroid/repo) ([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many Element shortcomings being a fork and Matrix isn't too mobile friendly protocol in my opinion. (For my view of the repo fingerprints, refer to [n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
|
On Android I often find myself using
|
||||||
|
[SchildiChat](https://s2.spiritcroc.de/fdroid/repo)
|
||||||
|
([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many
|
||||||
|
Element shortcomings being a fork and Matrix isn't too mobile friendly protocol
|
||||||
|
in my opinion. (For my view of the repo fingerprints, refer to
|
||||||
|
[n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
|
||||||
|
|
||||||
<!-- The one that fits your needs. Personally I mix-and-match:
|
<!-- The one that fits your needs. Personally I mix-and-match:
|
||||||
|
|
||||||
@ -674,58 +825,74 @@ On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdro
|
|||||||
|
|
||||||
I don't know, I have
|
I don't know, I have
|
||||||
[spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
[spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
||||||
which doubles as a critique towards Matrix room directory, which is
|
which doubles as a critique towards Matrix room directory, which is centralized
|
||||||
centralized and everyone wants to be on `matrix.org` room directory, which
|
and everyone wants to be on `matrix.org` room directory, which again leads to
|
||||||
again leads to them registering on `matrix.org` to add themselves there and
|
them registering on `matrix.org` to add themselves there and did I mention that
|
||||||
did I mention that on 29-02-2024 it has been locked for a couple of months for
|
on 29-02-2024 it has been locked for a couple of months for a cleanup?
|
||||||
a cleanup?
|
|
||||||
|
|
||||||
> Of course this file makes me the curator/authority of room listing and thus
|
> Of course this file makes me the curator/authority of room listing and thus I
|
||||||
> I challenge you, the reader, to make your own space or version of this file,
|
> challenge you, the reader, to make your own space or version of this file,
|
||||||
> maybe I can even link to your list here? :smiley_cat:
|
> maybe I can even link to your list here? :smiley_cat:
|
||||||
|
|
||||||
- [spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
- [spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
|
||||||
|
|
||||||
#### Which homeserver do you recommend?
|
#### Which homeserver do you recommend?
|
||||||
|
|
||||||
I am hesistant to recommend any. Finnish users may be interested in the [Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be served by [joinmatrix.org listing](https://servers.joinmatrix.org).
|
I am hesistant to recommend any. Finnish users may be interested in the
|
||||||
|
[Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be
|
||||||
|
served by [joinmatrix.org listing](https://servers.joinmatrix.org).
|
||||||
|
|
||||||
#### Why don't you run your own?
|
#### Why don't you run your own?
|
||||||
|
|
||||||
As can be read between the lines from my critiques, I don't consider any homeserver to be in the state that it's either safe to run legally or lightweight enough or not require constant maintenance as opposed to IRC which I do selfhost.
|
As can be read between the lines from my critiques, I don't consider any
|
||||||
|
homeserver to be in the state that it's either safe to run legally or
|
||||||
|
lightweight enough or not require constant maintenance as opposed to IRC which I
|
||||||
|
do selfhost.
|
||||||
|
|
||||||
The world situation in general discourages me from anything as heavy.
|
The world situation in general discourages me from anything as heavy.
|
||||||
|
|
||||||
#### Why cannot I see history in your Matrix rooms?
|
#### Why cannot I see history in your Matrix rooms?
|
||||||
|
|
||||||
Matrix doesn't support self-destructing messages or message expiry in general, so
|
Matrix doesn't support self-destructing messages or message expiry in general,
|
||||||
I don't feel comfortable with world-readable logs (which would easily end to
|
so I don't feel comfortable with world-readable logs (which would easily end to
|
||||||
search engines forever).
|
search engines forever).
|
||||||
|
|
||||||
If you need to see something in the backlog, I suggest
|
If you need to see something in the backlog, I suggest using IRC (IRC@Etro or
|
||||||
using IRC (IRC@Etro or PirateIRC especially) or XMPP which each store messages
|
PirateIRC especially) or XMPP which each store messages only for 7 days (Ergo
|
||||||
only for 7 days (Ergo default) or some months (Prosody default) on a single server.
|
default) or some months (Prosody default) on a single server.
|
||||||
|
|
||||||
#### So do you wish Matrix to fail?
|
#### So do you wish Matrix to fail?
|
||||||
|
|
||||||
No, I have been using countless of hours at writing these critiques and performing "quality assurance"/testing,
|
No, I have been using countless of hours at writing these critiques and
|
||||||
localizing clients to Finnish, providing support on their rooms for users of those clients, writing a Matrix
|
performing "quality assurance"/testing, localizing clients to Finnish, providing
|
||||||
Spec Change proposal (that was merged), having coauthored another, writing or contributing documentation in two languages
|
support on their rooms for users of those clients, writing a Matrix Spec Change
|
||||||
and whatever else I have been doing since 2016.
|
proposal (that was merged), having coauthored another, writing or contributing
|
||||||
|
documentation in two languages and whatever else I have been doing since 2016.
|
||||||
|
|
||||||
Matrix has a place in my heart, just as IRC and XMPP and while none of the three are perfect, I wish for the issues
|
Matrix has a place in my heart, just as IRC and XMPP and while none of the three
|
||||||
get resolved and the fighting between them to end and I am tired of the "stop having fun" or "you are worse person for still using deprecated IRC"
|
are perfect, I wish for the issues get resolved and the fighting between them to
|
||||||
or "I wish IRC/XMPP just died already as it's so old" or whatever attitude I see amongst certain Matrix user/enthustiastic groups.
|
end and I am tired of the "stop having fun" or "you are worse person for still
|
||||||
|
using deprecated IRC" or "I wish IRC/XMPP just died already as it's so old" or
|
||||||
|
whatever attitude I see amongst certain Matrix user/enthustiastic groups.
|
||||||
|
|
||||||
However I admit sometimes having difficult time believing that either _Matrix
|
However I admit sometimes having difficult time believing that either _Matrix
|
||||||
Foundation_ or _New Vector trading as Element_ has their users best interests
|
Foundation_ or _New Vector trading as Element_ has their users best interests in
|
||||||
in heart. On my worse days, I especially hardwordedly criticise [media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193) ([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
|
heart. On my worse days, I especially hardwordedly criticise
|
||||||
or [fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845) ([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
|
[media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193)
|
||||||
and especially [lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
|
([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
|
||||||
|
or
|
||||||
|
[fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845)
|
||||||
|
([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
|
||||||
|
and especially
|
||||||
|
[lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
|
||||||
considering even [DeltaChat (also known as an email client)](https://delta.chat)
|
considering even [DeltaChat (also known as an email client)](https://delta.chat)
|
||||||
manages to implement it without control over the underlying protocol and even
|
manages to implement it without control over the underlying protocol and even
|
||||||
less guarantees!
|
less guarantees!
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do [consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from [Version Checker](matrix:u/version:maunium.net) or [their siblings](https://github.com/maubot/rsvc)._
|
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do
|
||||||
|
[consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
|
||||||
|
and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from
|
||||||
|
[Version Checker](matrix:u/version:maunium.net) or
|
||||||
|
[their siblings](https://github.com/maubot/rsvc)._
|
||||||
|
@ -13,12 +13,13 @@ excerpt: "Links to my my referral links around the internet."
|
|||||||
lang: en
|
lang: en
|
||||||
---
|
---
|
||||||
|
|
||||||
Looking for my social media accounts? They have moved to the [index](/index.html#web).
|
Looking for my social media accounts? They have moved to the
|
||||||
|
[index](/index.html#web).
|
||||||
|
|
||||||
- [Wolt](http://get.woltapp.com/93O1)
|
- [Wolt](http://get.woltapp.com/93O1)
|
||||||
- "_Every time a new friend signs up to Wolt with your personal code
|
- "_Every time a new friend signs up to Wolt with your personal code and makes
|
||||||
and makes their first order, they get a €5.00 discount and you get
|
their first order, they get a €5.00 discount and you get €5.00 worth in
|
||||||
€5.00 worth in credits. Happy sharing!_"
|
credits. Happy sharing!_"
|
||||||
- `93O1`
|
- `93O1`
|
||||||
- [N26](https://n26.com/r/mikaelas0922)
|
- [N26](https://n26.com/r/mikaelas0922)
|
||||||
- `mikaelas0922`
|
- `mikaelas0922`
|
||||||
|
Loading…
Reference in New Issue
Block a user