Mikaela
/
mikaela.github.io
mirror of https://github.com/mikaela/mikaela.github.io/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

run prettier (mainly proseWrap)

This commit is contained in:
Aminda Suomalainen 2024-06-19 08:19:44 +03:00
parent b6704b8da6
commit 85153f7ac2
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
94 changed files with 3830 additions and 2966 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/jekyll.yml vendored
View File

@ -46,7 +46,9 @@ jobs:
uses: actions/configure-pages@v5
- name: Build with Jekyll
# Outputs to the './_site' directory by default
run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
run:
bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path
}}"
env:
JEKYLL_ENV: production
- name: Upload artifact

6
.gitlab-ci.yml
View File

@ -11,7 +11,8 @@ cache:
- ${CI_PROJECT_DIR}/vendor
before_script:
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev build-base libffi-dev libxml2-dev
- apk add --no-cache ruby ruby-dev ruby-bundler make gcc g++ musl-dev
build-base libffi-dev libxml2-dev
- bundle install
test:
@ -37,7 +38,8 @@ pages:
gitlab-ci-pre-commit:
stage: build
before_script:
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev bash nodejs-current npm ruby ruby-bundler
- apk add --no-cache python3 python3-dev py3-pip py3-wheel git gcc musl-dev
bash nodejs-current npm ruby ruby-bundler
- pip install pre-commit --break-system-packages
script:
- pre-commit run --all-files --show-diff-on-failure

3
.pre-commit-config.yaml
View File

@ -58,7 +58,8 @@ repos:
[
--update-only,
--title,
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>',
'<em lang="fi">Automaattinen sisällysluettelo</em> / <em
lang="en">Automatically generated Table of Contents</em>',
]
- repo: https://github.com/python-jsonschema/check-jsonschema

3
CITATION.cff
View File

@ -1,8 +1,7 @@
cff-version: 1.2.0
title: Aminda.eu
message: >-
If you use this website, please cite it using the
metadata from this file.
If you use this website, please cite it using the metadata from this file.
type: software
authors:
- given-names: Aminda

26
README.markdown
View File

@ -32,29 +32,37 @@ checkmark.
- `sitemap.xml` — automatically generated by Jekyll when building
- `sitemaps.xml` — manually written sitemap index pointing to sitemaps on my
sites. I am not sure how it works when there are multiple domains, so
I am keeping all sitemaps in robots.txt and sitemaps.xml on bottom
of it. Same will possibly happen with other domains.
sites. I am not sure how it works when there are multiple domains, so I am
keeping all sitemaps in robots.txt and sitemaps.xml on bottom of it. Same will
possibly happen with other domains.
## Unusual directories
Or directories that generally aren't encountered in other similar projects.
- `n/` - quick notes for my personal reference with memorable addresses.
- `r/` - my personal url redirector for links that I have to refer to more or less often.
- `txt/` - signed text files such as account list to decrease impact of identity theft attempts.
- `r/` - my personal url redirector for links that I have to refer to more or
less often.
- `txt/` - signed text files such as account list to decrease impact of identity
theft attempts.
- `PGP/` - my current and some previous PGP keys.
### Submodules
- `ir/` - list of I2P services, previously a part of this repository for memorable addresses.
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However it doesn't work with GitHub pages.
- `ir/` - list of I2P services, previously a part of this repository for
memorable addresses.
- `lfs-media/` - orphan branch containing lfs-media such as the avatars. However
it doesn't work with GitHub pages.
- `or/` - same as `ir/`, but for Tor Onion Services.
## Building
1. Install `bundler` onto your system.
1. `cd` to root of this repository, if you didn't already.
1. _Optionally_ configure where you wish bundler to install everything. This repository already specifies `bundle config set --local path 'vendor/bundle'` in the gitignored `.bundle/config` file.
1. _Optionally_ configure where you wish bundler to install everything. This
repository already specifies `bundle config set --local path 'vendor/bundle'`
in the gitignored `.bundle/config` file.
1. Run `bundle install`
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should work, just remember `bundle exec` in front of the command so the system wide installation doesn't unintentionally get used.
1. You are done, `bundle exec jekyll <build|serve>` and similar commands should
work, just remember `bundle exec` in front of the command so the system wide
installation doesn't unintentionally get used.

10
_config.yml
View File

@ -6,10 +6,12 @@ author:
# Jekyll seo, appended after title
tagline: Aminda Suomalainen ⚧︎
description: > # this means to ignore newlines until "baseurl:"
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment. &#9895;&#65038;
<br/><br/><em lang="en">This website is licensed under the
<a href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>
by <a href="https://aminda.eu">Aminda Suomalainen</a>.</em>
I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am
familiar with git and looking for employment. &#9895;&#65038; <br/><br/><em
lang="en">This website is licensed under the <a
href="(https://creativecommons.org/licenses/by/4.0/">Creative Commons
Attribution 4.0 International License</a> by <a
href="https://aminda.eu">Aminda Suomalainen</a>.</em>
baseurl: "" # the subpath of your site, e.g. /blog/
# I would like to use www subdomain to not have all cookies passed to top
# level, but there seems to be a redirect issue otherwise.

50
blog/_posts/2015-01-10-channels-hostmask-groups-a-basic-howto.md
View File

@ -9,24 +9,24 @@ sitemap: true
robots: noai
---
`@Annwenn` got me opering at her network after long pause with my opering.
She also named this blogpost and requested me to write this and I don't
have any better place where to put this, but I am starting with other talk
before getting to the subject.
`@Annwenn` got me opering at her network after long pause with my opering. She
also named this blogpost and requested me to write this and I don't have any
better place where to put this, but I am starting with other talk before getting
to the subject.
It appears that I am not as bad oper as I thought as I was able to identify
and find solutions to multiple issues including server-side aliases not
working, SASL being loaded with services, but not with IRCd, CertFP loaded
with services, but not IRCd, missing oper-only channels (and allowing
everyone to join #services) etc.
It appears that I am not as bad oper as I thought as I was able to identify and
find solutions to multiple issues including server-side aliases not working,
SASL being loaded with services, but not with IRCd, CertFP loaded with services,
but not IRCd, missing oper-only channels (and allowing everyone to join
#services) etc.
The services package is Atheme and IRCd InspIRCd which are the same I would
have picked if I had started running IRC server which I was avoiding
before. The forks of Atheme don't have any stable releases yet and Atheme
is still getting security fixes.
The services package is Atheme and IRCd InspIRCd which are the same I would have
picked if I had started running IRC server which I was avoiding before. The
forks of Atheme don't have any stable releases yet and Atheme is still getting
security fixes.
I am not linking to the network or complete issue list here as I don't want
too much traffic there.
I am not linking to the network or complete issue list here as I don't want too
much traffic there.
And now to the subject.
@ -59,12 +59,11 @@ First, register a channel, for example #test.
```
Here $oper adds people who are opered to access list (if EXTTARGET $oper is
enabled) and allows people who have +c in group !test to see the access
list (even with PRIVATE on), invite themselves or see the channel key using
ChanServ and have autovoice on the channel.
enabled) and allows people who have +c in group !test to see the access list
(even with PRIVATE on), invite themselves or see the channel key using ChanServ
and have autovoice on the channel.
4. Set the options and flags of !test.4. Set the options and flags of
!test.
4. Set the options and flags of !test.4. Set the options and flags of !test.
```
/msg groupserv set !test channel #test
@ -72,10 +71,9 @@ ChanServ and have autovoice on the channel.
/msg groupserv set !test open on
```
joinflags +cvi means that when people join the group, they automatically
have +cvi which allows them to have access in channels where !test has
flags, take vhosts which are offered to the group and invite other people
to the group.
joinflags +cvi means that when people join the group, they automatically have
+cvi which allows them to have access in channels where !test has flags, take
vhosts which are offered to the group and invite other people to the group.
5. Offer vhosts to the group (requires you to be oper).
@ -92,5 +90,5 @@ to the group.
/hs on
```
`/hs offerlist` shows which vhosts are offered to you or groups where you
have `+v`.
`/hs offerlist` shows which vhosts are offered to you or groups where you have
`+v`.

53
blog/_posts/2015-01-24-getting_help_with_channel_issues.md
View File

@ -1,7 +1,8 @@
---
layout: post
comments: true
title: "Getting help from network operators with channel issues when ops are away"
title:
"Getting help from network operators with channel issues when ops are away"
category: [english]
tags: [irc, english]
redirect_from: /english/2015/01/24/getting_help_with_channel_issues.html
@ -9,19 +10,18 @@ sitemap: true
robots: noai
---
In case you wish network operators to help you when your channel operators
are away, please authorize them to do so. You can do this simply by
command `/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this
assumes that your network uses Atheme with exttarget $oper loaded._
In case you wish network operators to help you when your channel operators are
away, please authorize them to do so. You can do this simply by command
`/msg ChanServ flags #channel $oper +vhoirtAe`. _Note that this assumes that
your network uses Atheme with exttarget $oper loaded._
If you don't do this and there is trouble on your channel, it can be
assumed that you don't want network operators to intervene and they most
likely take no action. Taking action would also require using operator
privileges such as `/samode` which might not be so nice unless the flags
are set.
If you don't do this and there is trouble on your channel, it can be assumed
that you don't want network operators to intervene and they most likely take no
action. Taking action would also require using operator privileges such as
`/samode` which might not be so nice unless the flags are set.
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`.
The only thing that must be changed is `#channel`.
I repeat that the commnd is `/msg ChanServ flags #channel $oper +vhoirtAe`. The
only thing that must be changed is `#channel`.
## Explanation of these flags
@ -32,9 +32,8 @@ The only thing that must be changed is `#channel`.
- r - allows using kick/kickban/ban/unban commands
- t - allows using topic/topicappend commands
- A - allows seeing channel access lists and (MemoServ) sendops command
- most of our alerts seem to be coming from opers who are accidentally
using their priviledges and seeing access list of channel they have
no access to.
- most of our alerts seem to be coming from opers who are accidentally using
their priviledges and seeing access list of channel they have no access to.
- `<ChanServ> Mikaela ACCESS:LIST: #channel (oper override)`
- e - exempts from akick and allows unbanning yourself
@ -48,22 +47,22 @@ Some flags change their meaning if written with wrong case:
- H - automatic halfop and allows using halfop/dehalfop on yourself
- O - automatic op and allows using op/deop on yourself
- R - allows using recover, sync and clear commands
- recover - deop everyone, remove key, invite yourself, add ban
exception on yourself, unban yourself, set modes +im (invite-only,
only voiced users can talk), op yourself and other fun...
- recover - deop everyone, remove key, invite yourself, add ban exception on
yourself, unban yourself, set modes +im (invite-only, only voiced users can
talk), op yourself and other fun...
- sync - sync the channel according to access list
- clear - allows clearing akicks (+b flags), bans, flags, users
(=kick everyone)
- clear - allows clearing akicks (+b flags), bans, flags, users (=kick
everyone)
- a - allows using protect/deprotect commands
- protect is sometimes also known as admin and is higher than op, but
lower than owner/founder. Combine with +O to make it automatic.
- protect is sometimes also known as admin and is higher than op, but lower
than owner/founder. Combine with +O to make it automatic.
So you don't want to accidentally confuse different letters. `+VHO` aren't
so dangerous and you can freely set them, but avoid confusing +r and +R and
So you don't want to accidentally confuse different letters. `+VHO` aren't so
dangerous and you can freely set them, but avoid confusing +r and +R and
avoiding confusing +A and +a can also be a good idea.
## One last note
`$oper` matches everyone who is opered and requires Atheme to have
exttarget $oper loaded. Some other networks use different ways to add opers
to be on access list.
`$oper` matches everyone who is opered and requires Atheme to have exttarget
$oper loaded. Some other networks use different ways to add opers to be on
access list.

113
blog/_posts/2015-02-24-znc160-ssl.md
View File

@ -12,55 +12,59 @@ redirect_from:
**TL;DR: if you don't verify SSL certificates, don't use SSL!**
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple
improvements such as taking IP addresses from round-robins randomly instead
of always resolving them into same IP and most notably it actually verifies
SSL certificates.
ZNC 1.6.0 was released on 2015-02-12 21:05:48Z. It brings multiple improvements
such as taking IP addresses from round-robins randomly instead of always
resolving them into same IP and most notably it actually verifies SSL
certificates.
- [Changelog](https://wiki.znc.in/ChangeLog/1.6.0)
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which
would be stupid, but sadly
ZNC 1.6.0 also doesn't have option to blindly accept certificates, which would
be stupid, but sadly
[Quakenet is right about most of people just accepting certificates blindly](https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless)
as people are asking how to disable the SSL certificate verification on
\#znc a lot.
as people are asking how to disable the SSL certificate verification on \#znc a
lot.
Some people even wrote [a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
Some people even wrote
[a patch and scripts to disable the verification.](https://gist.github.com/KindOne-/52cfade7b937ee8b4c37)
This isn't a good idea as patching ZNC can cause all kinds of issues as
sometimes seen with zncstrap [1](https://github.com/ProjectFirrre/zncstrap/issues/16) [2](https://github.com/ProjectFirrre/zncstrap/issues/18) [3](https://github.com/znc/znc/issues/384).
See also [contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
sometimes seen with zncstrap
[1](https://github.com/ProjectFirrre/zncstrap/issues/16)
[2](https://github.com/ProjectFirrre/zncstrap/issues/18)
[3](https://github.com/znc/znc/issues/384). See also
[contributing (reporting bugs) guidelines of ZNC.](https://github.com/znc/znc/issues/384)
I believe same policy should apply to patching ZNC as to config files,
patch ZNC or edit config file and you will forfeit all support.
I believe same policy should apply to patching ZNC as to config files, patch ZNC
or edit config file and you will forfeit all support.
## And to the subject
If you don't verify SSL certificates, you only have a false sense of
security as you let anyone between your ZNC and the IRC network. This is
called as [Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
There are also people asking for ZNC to trust the certificate for the
first time and then be alerted if the certificate changes. What if the
MITM is there during your first connection attempt and then you are
alerted when the real IRC server gives you wrong certificate?
If you don't verify SSL certificates, you only have a false sense of security as
you let anyone between your ZNC and the IRC network. This is called as
[Man-in the middle (or shortly MITM) attack.](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
There are also people asking for ZNC to trust the certificate for the first time
and then be alerted if the certificate changes. What if the MITM is there during
your first connection attempt and then you are alerted when the real IRC server
gives you wrong certificate?
## So what is the correct way?
- Check the website of your IRC network in case the fingerprints are
listed on their website.
- Try asking the operators of your IRC network somewhere else if you know
them (like another network or email).
- Check the website of your IRC network in case the fingerprints are listed on
their website.
- Try asking the operators of your IRC network somewhere else if you know them
(like another network or email).
- This might not be so recommended, but also check the fingerprints from
multiple locations.
> But the IRC network has hundreds of servers with different certificates!
In this case do what was recommened before ZNC 1.6.0, check some of the
servers that are geographically close to you and use them.
In this case do what was recommened before ZNC 1.6.0, check some of the servers
that are geographically close to you and use them.
## Checking the fingerprint from multiple locations
I have shell function (which you can find later on this page) which I run
from multiple places:
I have shell function (which you can find later on this page) which I run from
multiple places:
- my home, Kotka, Finland
- [Kapsi (shell)](https://www.kapsi.fi/english.html), somewhere in Finland
@ -83,36 +87,34 @@ serversslcertfp() {
```
I hope this article has helped you to understand the issues with blindly
accepting SSL certificates or at least to understand that _if you don't
want to verify SSL certificates, don't use SSL._
accepting SSL certificates or at least to understand that _if you don't want to
verify SSL certificates, don't use SSL._
- _Updated on 2015-02-26 10:43Z: just use environment variables in the
function like suggested by @DarthGandalf on \#znc._
- _Updated on 2015-02-26 10:43Z: just use environment variables in the function
like suggested by @DarthGandalf on \#znc._
## I am asked to verify fingerprint for network with valid certificate
_Added on 2015-09-03. 4. added on 2016-01-26._
There are usually four causes for this. Lets use liberachat as example
network.
There are usually four causes for this. Lets use liberachat as example network.
1. You don't have the `ca-certificates` package installed (`ca_root_nss`
on FreeBSD), so your system trusts no certificate authority. Install it
and try again.
1. You don't have the `ca-certificates` package installed (`ca_root_nss` on
FreeBSD), so your system trusts no certificate authority. Install it and try
again.
2. You are connecting to wrong address. liberachat's certificate is valid for
\*.libera.chat, but there are CNAMEs pointing there. If you connect to
CNAME and the certificate isn't valid for that CNAME, the certificate
is invalid.
\*.libera.chat, but there are CNAMEs pointing there. If you connect to CNAME
and the certificate isn't valid for that CNAME, the certificate is invalid.
- You should always connect to `irc.libera.chat`.
3. There is MITM which is unlikely, but unlikely is not impossible.
Validating the certificates either by trusted certificates or verifying
the fingerprints securely manually protect you from this. If MITM is the
case, you shouldn't connect.
4. You have `ca-certificates` installed, but the remote certificate is
signed by CA that is not included in it. You could try installing
system updates in case `ca-certificates` have been updated or you will
have to treat the certificate as invalid until ZNC starts supporting
it's own CA storage. See (and comment if you encounter this)
3. There is MITM which is unlikely, but unlikely is not impossible. Validating
the certificates either by trusted certificates or verifying the fingerprints
securely manually protect you from this. If MITM is the case, you shouldn't
connect.
4. You have `ca-certificates` installed, but the remote certificate is signed by
CA that is not included in it. You could try installing system updates in
case `ca-certificates` have been updated or you will have to treat the
certificate as invalid until ZNC starts supporting it's own CA storage. See
(and comment if you encounter this)
[znc/znc#909](https://github.com/znc/znc/issues/909).
---
@ -121,13 +123,14 @@ Section added on 2018-11-10: I have started using the new option to allow
invalid SSL certificates in some cases as this post is only written with
clearnet in mind.
I am on some networks over Yggdrasil or Cjdns which already have E2EE like
Tor hidden services so as long as they are accessed directly, all benefits
of TLS are there already and TLS certificates are an additional burden as
with LetsEncrypt they will change often and LetsEncrypt doesn't support
any network I mentioned.
I am on some networks over Yggdrasil or Cjdns which already have E2EE like Tor
hidden services so as long as they are accessed directly, all benefits of TLS
are there already and TLS certificates are an additional burden as with
LetsEncrypt they will change often and LetsEncrypt doesn't support any network I
mentioned.
---
_As I seem to be updating this page more than I originally thought I should
probably add [this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_
probably add
[this link to changelog here.](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-02-24-znc160-ssl.md)_

29
blog/_posts/2015-03-18-nodcc.md
View File

@ -9,33 +9,32 @@ tags: [irc, english]
redirect_from: /english/2015/03/18/nodcc.html
---
DCC was way to send files and chat without having IRC server in the
between. It's not very common nowadays and what is done nowadays is
uploading images etc. to social media services or web servers or using
other file transfer protocols.
DCC was way to send files and chat without having IRC server in the between.
It's not very common nowadays and what is done nowadays is uploading images etc.
to social media services or web servers or using other file transfer protocols.
Here are some reasons to not use it:
- There is no proper standard or if there is, no one follows it, all
clients speak their own dialects and may be unable to communicate with
other clients. Not all clients even implement the same features.
- There is no proper standard or if there is, no one follows it, all clients
speak their own dialects and may be unable to communicate with other clients.
Not all clients even implement the same features.
- NAT and firewalls break it
- As DCC requires port on sending/hosting side, it must be opened in
firewall and if there is NAT which there is in most of situations
nowadays, the port must be forwarded. Most of average users have
no idea how to do the latter if even the first.
- As DCC requires port on sending/hosting side, it must be opened in firewall
and if there is NAT which there is in most of situations nowadays, the port
must be forwarded. Most of average users have no idea how to do the latter
if even the first.
- The only place where most of people see it is spam. The only thing lately
where people have seen is two attacks which @grawity has documented
[here](https://nullroute.eu.org/~grawity/dcc.html)
## Disabling DCC
This depends on your client and I am only able to give instructions for
three:
This depends on your client and I am only able to give instructions for three:
- WeeChat: "`/plugin unload xfer`" and "`/set weechat.plugin.autoload *,!xfer`"
- The option in second command can be also be used to not automatically
load other plugins, I personally use `/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
- The option in second command can be also be used to not automatically load
other plugins, I personally use
`/set weechat.plugin.autoload alias,exec,irc,perl,python,script,trigger,logger`.
The `*,!xfer` simply means load everything else than xfer.
- HexChat: "`/ignore *!*@* DCC`"
- ZNC & clients behind it: "`/znc *controlpanel addctcp $me DCC`"

102
blog/_posts/2015-03-25-leaving-bots-life.md
View File

@ -14,78 +14,72 @@ A little on my life currently
**TRIGGER WARNING: suicide, school bullying, transphobia**
I am 19 years old trans woman who also has Asperger's syndrome
studying <s>for vocational qualification in business information
technology</s> or would be studying if there wasn't one "small bullying
issue." I haven't been at
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for
month and more.
I am 19 years old trans woman who also has Asperger's syndrome studying <s>for
vocational qualification in business information technology</s> or would be
studying if there wasn't one "small bullying issue." I haven't been at
[Etelä-Kymenlaakso vocational college](https://ekami.fi/in-english) for month
and more.
It started some time ago when I went there and it was mainly in three
events on different days:
It started some time ago when I went there and it was mainly in three events on
different days:
- Coming from school canteen someone said "hi Mikaela, you are beautiful"
in one boy group where I have no idea who said it or who they even are.
- Going to school canteen someone of the same group said "hi" and I replied
"hi" and I got third reply imitating my horrible masculine voice.
- The last time going to school canteen I went to nearby bathroom to
\<if I understood correctly, trans people do so horrible things in
bahtroom that I cannot write it here :P\> and I heard my name being
shouted there multiple times. When I leeft it and went to canteen, I
just ignored them and went to canteen normally and heard them shouting
after me "ONKO SULLA MUNAT!" which in spoken (Finnish) language
translates to "DO YOU HAVE TESTICLES?".
- Coming from school canteen someone said "hi Mikaela, you are beautiful" in one
boy group where I have no idea who said it or who they even are.
- Going to school canteen someone of the same group said "hi" and I replied "hi"
and I got third reply imitating my horrible masculine voice.
- The last time going to school canteen I went to nearby bathroom to \<if I
understood correctly, trans people do so horrible things in bahtroom that I
cannot write it here :P\> and I heard my name being shouted there multiple
times. When I leeft it and went to canteen, I just ignored them and went to
canteen normally and heard them shouting after me "ONKO SULLA MUNAT!" which in
spoken (Finnish) language translates to "DO YOU HAVE TESTICLES?".
I informed this to school social worker and two teachers, but then I
learned that the school is unable to do anything as I have no idea who
the people are (what class or names). I was one day away and on then went
back for some time and got more and more anxious and stressful on what
if I saw the people somewhere or if they walke to canteen using the side
door that I had been using. Since then I have been unable to go anywhere
near Hamina.
I informed this to school social worker and two teachers, but then I learned
that the school is unable to do anything as I have no idea who the people are
(what class or names). I was one day away and on then went back for some time
and got more and more anxious and stressful on what if I saw the people
somewhere or if they walke to canteen using the side door that I had been using.
Since then I have been unable to go anywhere near Hamina.
There was one exception where I had scheduler appointment with the school
social worker and I went there with my mother, but the school social
worker was away with label on the door saying "if you had scheduled
appointment, please contact me using Wilma (place to message teachers
etc.)" so we wasted time 50 minutes per trip from [Kotka] to [Hamina] and
[Hamina] to [Kotka].
There was one exception where I had scheduler appointment with the school social
worker and I went there with my mother, but the school social worker was away
with label on the door saying "if you had scheduled appointment, please contact
me using Wilma (place to message teachers etc.)" so we wasted time 50 minutes
per trip from [Kotka] to [Hamina] and [Hamina] to [Kotka].
[kotka]: https://www.kotka.fi/en/residents
[hamina]: https://hamina.fi/en/
---
_Update:
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
I would graduate in summer without this issue and the only thing I have
missing is work training. As I don't have work training place I was doing
it at school with some other students until the bullying started.
I would graduate in summer without this issue and the only thing I have missing
is work training. As I don't have work training place I was doing it at school
with some other students until the bullying started.
The work training didn't went too well as it felt like it was as far
from real work environment as possible, teacher giving some tasks that are
done in maybe 15 minutes and rest of time other people just playing games
and drinking energy drinks.
The work training didn't went too well as it felt like it was as far from real
work environment as possible, teacher giving some tasks that are done in maybe
15 minutes and rest of time other people just playing games and drinking energy
drinks.
There is also another issue, me being scared of real work environment, but
nothing can be done to it now and the fear will just be moved to trouble
either my next school that I have thought to be
[KyUAS](https://www.kyamk.fi/Frontpage) (but it seems likely that I will
try to get to [Helsinki] or [Jyväskylä] and study there as people have
offered to help me find apartment either from there) or anywhere where I
will work in the future if I ever will.
nothing can be done to it now and the fear will just be moved to trouble either
my next school that I have thought to be [KyUAS](https://www.kyamk.fi/Frontpage)
(but it seems likely that I will try to get to [Helsinki] or [Jyväskylä] and
study there as people have offered to help me find apartment either from there)
or anywhere where I will work in the future if I ever will.
[helsinki]: https://www.hel.fi/www/helsinki/en
[jyväskylä]: https://www.hel.fi/www/helsinki/en
The school also offered to also give remote tasks, but it was too late and
I don't feel like I can do anything anymore as the school hasn't done
anything to help the situation.
The school also offered to also give remote tasks, but it was too late and I
don't feel like I can do anything anymore as the school hasn't done anything to
help the situation.
How does this affect me? As people say, bullying leaves eternal scars and I
am not someone who could stay away from school just for fun, I have talked
about suicide daily and I have also just been talked out of it for the
second time in two days. I don't believe I can live like this forever.
How does this affect me? As people say, bullying leaves eternal scars and I am
not someone who could stay away from school just for fun, I have talked about
suicide daily and I have also just been talked out of it for the second time in
two days. I don't believe I can live like this forever.
---

29
blog/_posts/2015-03-26-umode--i.md
View File

@ -9,25 +9,26 @@ sitemap: true
robots: noai
---
_Or why am I using umode -iI and thus showing all channels that I am on at
IRC? So you can find channels that may interest you if we have similar
interests._
_Or why am I using umode -iI and thus showing all channels that I am on at IRC?
So you can find channels that may interest you if we have similar interests._
People ask this question from me a lot, often the same people as they don't
remember my answer.
I am in umode -iI which shows the channels that I am on so if you think
that I seem sane or interesting or whatever person and feel like you have
similar interests, you can simply `/whois Mikaela` to see the public
channels that I am on and join if you see anything interesting.
I am in umode -iI which shows the channels that I am on so if you think that I
seem sane or interesting or whatever person and feel like you have similar
interests, you can simply `/whois Mikaela` to see the public channels that I am
on and join if you see anything interesting.
But what about the trolls? I haven't had many trolls following me around
and if that happens to you, you can simply send logs to network operators
and if they are good opers, they will take action.
But what about the trolls? I haven't had many trolls following me around and if
that happens to you, you can simply send logs to network operators and if they
are good opers, they will take action.
**_This section on (un)setting umodes was broken and moved [here]({% post_url blog/2015-06-03-setting-umodes %})_**
**_This section on (un)setting umodes was broken and moved
[here]({% post_url blog/2015-06-03-setting-umodes %})_**
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding
all channels from whois depending on the modules loaded and IRCd config._
_Update on 2015-04-13: add umode -I which is the InspIRCd way of hiding all
channels from whois depending on the modules loaded and IRCd config._
_Update on 2015-06-03: setting/unsetting umodes moved [here]({% post_url blog/2015-06-03-setting-umodes %})._
_Update on 2015-06-03: setting/unsetting umodes moved
[here]({% post_url blog/2015-06-03-setting-umodes %})._

27
blog/_posts/2015-03-26-weechat-sasl-simply.md
View File

@ -14,8 +14,8 @@ redirect_from:
This seems to confuse many WeeChat users, so I will try to explain it more
simply as I am repeating myself everywhere about this same thing.
SASL is mechanism for identifying to services at IRC automatically even
before you are visible to the network.
SASL is mechanism for identifying to services at IRC automatically even before
you are visible to the network.
---
@ -25,10 +25,10 @@ First set mechanism as plain if you have it as anything else.
/set irc.server_default.sasl_mechanism PLAIN
```
PLAIN is simple "login using username and password" mechanism that sends
the username and password in plaintext which isn't an issue if you also use
SSL (like you should) and trust the server (and
**use different password everywhere**).
PLAIN is simple "login using username and password" mechanism that sends the
username and password in plaintext which isn't an issue if you also use SSL
(like you should) and trust the server (and **use different password
everywhere**).
Then simply set your username and password
@ -39,11 +39,11 @@ Then simply set your username and password
/save
```
_Replace NETWORK with the name of network that you have in WeeChat, for
example `liberachat`._
_Replace NETWORK with the name of network that you have in WeeChat, for example
`liberachat`._
And now after `/reconnect` you should be identified automatically using
SASL, but you might also ensure that you use SSL.
And now after `/reconnect` you should be identified automatically using SASL,
but you might also ensure that you use SSL.
## Using SSL
@ -62,10 +62,9 @@ _6697 is the [standard SSL port](https://tools.ietf.org/html/rfc7194)._
liberachat has valid SSL certificate, but if it didn't, you would have two
choises:
1. Trust the fingerprints manually using
`irc.server.NETWORK.ssl_fingerprint`, see [this post].
1. Trust the fingerprints manually using `irc.server.NETWORK.ssl_fingerprint`,
see [this post].
2. Disable SSL certificate checking using
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see
[this post].
`/set irc.server.NETWORK.ssl_verify off` **NOT RECOMMENDED**, see [this post].
[this post]:{% post_url blog/2015-02-24-znc160-ssl %}

80
blog/_posts/2015-04-01-keep-the-ops-opped.md
View File

@ -14,54 +14,53 @@ robots: noai
_Why I think that you should keep the ops opped instead of following
LiberaChat's recommendations._
Is there an issue with your IRC channel needing op attention? Without
having ops visible, your users will very likely go to the network support
channel instead of informing you or your ops.
Is there an issue with your IRC channel needing op attention? Without having ops
visible, your users will very likely go to the network support channel instead
of informing you or your ops.
Without ops being visible, who are ops or how to alert them?
- `/msg chanserv flags #channel`
- requires whoising all ops to see if they are present
- idle time gets reset by CTCP replies, OTR and possibly other
things. LiberaChat staffers may also base their judgement on are
there ops present to handle the issue on idletime of ops.
- idle time gets reset by CTCP replies, OTR and possibly other things.
LiberaChat staffers may also base their judgement on are there ops present
to handle the issue on idletime of ops.
- new users most likely have no idea on the command
- remote (=different server) whois is rate-limited
- lists accountnames, not nicknames the people are actually using
- e.g. I have a less privileged account `Mikaela-`, but my Matrix
connection is usually called `Michaela` which may not instantly connect
in people's minds. Ciblia which is one of my fallback usernames is
even further away from `Mikaela`.
- e.g. I have a less privileged account `Mikaela-`, but my Matrix connection
is usually called `Michaela` which may not instantly connect in people's
minds. Ciblia which is one of my fallback usernames is even further away
from `Mikaela`.
- `/msg memoserv sendops #channel help! X is spamming`
- requires +A flag which isn't mostly given to everyone
- new users are unsure whether they have the flag if they even know
about existense of the flag or the MemoServ command.
- new users are unsure whether they have the flag if they even know about
existense of the flag or the MemoServ command.
There is also third commonly used method, having trigger word that either
highlights all the ops or makes bot PM or highlight the ops which again
has it's own issues:
highlights all the ops or makes bot PM or highlight the ops which again has it's
own issues:
- are the ops surely highlighting on it?
- the users can be confused for not getting any kind of acknowledging to
the triggerword without bot and possibly spam it even more
- the users can be confused for not getting any kind of acknowledging to the
triggerword without bot and possibly spam it even more
- if the bot PMs the ops, what if they are on umode +g and miss the bot?
- if the bot highlights all the ops, what if the ops automatically ignore
mass highlights (multiple nicks highlighted on the same line)?
- if the bot highlights all the ops, what if the ops automatically ignore mass
highlights (multiple nicks highlighted on the same line)?
- and again, are the users aware of the triggerword?
- if you clearly document it on webpage of your channel, the users
should be aware of it, but what if they didn't bother to read it or
forgot it? Their fault probably, but your channel is having issues
for longer time...
- if you clearly document it on webpage of your channel, the users should be
aware of it, but what if they didn't bother to read it or forgot it? Their
fault probably, but your channel is having issues for longer time...
And there is also the issue of having to trust services or your bots.
What if the services go down or netsplit and the same happens to your bot?
You are out of luck unless you had the ops opped in which case the outage
doesn't affect you that much at all.
And there is also the issue of having to trust services or your bots. What if
the services go down or netsplit and the same happens to your bot? You are out
of luck unless you had the ops opped in which case the outage doesn't affect you
that much at all.
Counter argument: if ops are shown on a support channel, that can make
people new to IRC ping them about everything instead of asking in the
channel in gneral. I think it's up to the channel operators to decide how
much that weights and can the new users be educated without much effort.
Counter argument: if ops are shown on a support channel, that can make people
new to IRC ping them about everything instead of asking in the channel in
gneral. I think it's up to the channel operators to decide how much that weights
and can the new users be educated without much effort.
## Fixing LiberaChat
@ -74,18 +73,19 @@ Tell ChanServ the following three commands:
```
The ! means "add these flags to everyone who currently matches the template
exactly" so when you do this everyone who you have made xOP with
`/msg chanserv someone xOP" gets opped or voiced automatically.<br/>
_Note: templates including F (founder) are not automatically updated even
with the !._
exactly" so when you do this everyone who you have made xOP with `/msg chanserv
someone xOP" gets opped or voiced automatically.<br/> _Note: templates including
F (founder) are not automatically updated even with the !._
Alternatively if you have been setting flags manually use
`/msg chanserv flags #channel someone +O` to automatically op them. You
must also do this to yourself if you are channel founder, for auto-voicing
use +V. _Note: +o allows you to manually op/deop anyone, +v is the same,
but for voice, so don't confuse the casing._
`/msg chanserv flags #channel someone +O` to automatically op them. You must
also do this to yourself if you are channel founder, for auto-voicing use +V.
_Note: +o allows you to manually op/deop anyone, +v is the same, but for voice,
so don't confuse the casing._
Changelog:
- Part 1: https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
- Part 2: https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md
- Part 1:
https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-04-01-keep-the-ops-opped.md
- Part 2:
https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2015-04-01-keep-the-ops-opped.md

56
blog/_posts/2015-04-01-saasta.md
View File

@ -12,39 +12,37 @@ redirect_from: /finnish/2015/04/01/saasta.html
> Minun pitäisi kai myös antaa jonkinlainen mielipide.
>
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua
> asioita, mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja
> kai tälle sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut
> käytettyä, mutta luulen että joskus loukkaantuneena olen käyttänyt,
> en muista enempää ja minulla ei muisti ole toiminut viimeaikoina.
> En pidä kenenkään nimittelystä ja minusta parasta olisi vain puhua asioita,
> mutta aina ovat nämä, jotka eivät kuuntele tai halua ymmärtää ja kai tälle
> sanalle on oma käyttötarkoituksensa, ei ole kovin usein tullut käytettyä,
> mutta luulen että joskus loukkaantuneena olen käyttänyt, en muista enempää ja
> minulla ei muisti ole toiminut viimeaikoina.
>
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin
> yhä koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti
> kuvaa... Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi
> Nimi, olet kaunis", seuraavalla kerralla "moi" ja pilkattu
> maskuliinista ääntäni ja kolmannella kerralla en ole saanut käydä
> vessassa rauhassa vaan nimeäni huudettiin ja kun en kiinnittänyt niihin
> minkäänlaista huomiota ne huusivat perääni onko minulla munat.
> No kouluhan ei luonnollisesti voi tehdä yhtikäs mitään, koska en ole cis,
> enkä neurotyypillinen eli minä olen vain kotona ollut kuukauden ja
> varmaan päivittäin puhunut itsemurhasta.
> Tietysti voi kai ajatella niinkin, että jos olisin hyökkäävämpi, olisin yhä
> koulussa toisin kuin ihmiset siellä, joita tämä sana mahdollisesti kuvaa...
> Lyhyesti siellä on siis ensimmäisellä kerralla sanottu "moi Nimi, olet
> kaunis", seuraavalla kerralla "moi" ja pilkattu maskuliinista ääntäni ja
> kolmannella kerralla en ole saanut käydä vessassa rauhassa vaan nimeäni
> huudettiin ja kun en kiinnittänyt niihin minkäänlaista huomiota ne huusivat
> perääni onko minulla munat. No kouluhan ei luonnollisesti voi tehdä yhtikäs
> mitään, koska en ole cis, enkä neurotyypillinen eli minä olen vain kotona
> ollut kuukauden ja varmaan päivittäin puhunut itsemurhasta.
>
> Olenhan minä kai myös huono ihminen, koska olen riidoissa kaikkien kanssa
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain
> toivon, että olisin cistyttö ja neurotyypillinen ja, että joku voisi
> joskus rakastaa minua. En tiedä onko ulkona oleminen minulle paras
> vaihtoehto, mutta en voi muutakaan ja ehkä se auttaa jotakuta edes vähän,
> vaikka en koskaan kuulisi koko henkilöstä mitään ja minä yritän tehdä
> minkä voin, vaikka mikään ei onnistukaan ja teen ja sanon kaiken aina
> väärin.
> kaikkialla ja en myöskään ole hyvä transsukupuolinen, koska minä vain toivon,
> että olisin cistyttö ja neurotyypillinen ja, että joku voisi joskus rakastaa
> minua. En tiedä onko ulkona oleminen minulle paras vaihtoehto, mutta en voi
> muutakaan ja ehkä se auttaa jotakuta edes vähän, vaikka en koskaan kuulisi
> koko henkilöstä mitään ja minä yritän tehdä minkä voin, vaikka mikään ei
> onnistukaan ja teen ja sanon kaiken aina väärin.
>
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti
> jossakin tapetaan trans-henkilö, etenkin trans woman of colour
> (en uskalla kääntää tätä suomeksi) ja joka puolella säädetään erilaisia
> LGBTIQ+ vastaisia lakeja ja nyt on ollut noista vessoista paljon puhetta.
> Tästä asiasta vain ei ole mahdollista saada lepoa.
> En jaksa tätä sotaa mikä näissä kommenteissa aina on ja jatkuvasti jossakin
> tapetaan trans-henkilö, etenkin trans woman of colour (en uskalla kääntää tätä
> suomeksi) ja joka puolella säädetään erilaisia LGBTIQ+ vastaisia lakeja ja nyt
> on ollut noista vessoista paljon puhetta. Tästä asiasta vain ei ole
> mahdollista saada lepoa.
>
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
-- Facebook-kommentti

58
blog/_posts/2015-04-03-scum.md
View File

@ -12,41 +12,39 @@ redirect_from: /english/2015/04/03/scum.html
> I should probably also say some kind of opinion.
> I don't like calling anyone names and I think it would be best to just
> talk about things, but there are always people who don't listen or
> want to understand and maybe this word has it's usage, I haven't used it
> much, but I think that I might have used it sometime when upset, but
> I don't remember more and my memory hasn't worked lately.
> I don't like calling anyone names and I think it would be best to just talk
> about things, but there are always people who don't listen or want to
> understand and maybe this word has it's usage, I haven't used it much, but I
> think that I might have used it sometime when upset, but I don't remember more
> and my memory hasn't worked lately.
>
> Of course it can probably be thought that if I was more attacking,
> I might still be at school unlike the people there whom this word
> possibly describes... Shortly, first time they said "hi Name, you are
> beautiful", next time "hi" and mocked my masculine voice and the third
> time I couldn't even use bathroom in peace, my name was shouted and
> when I ignored them and didn't look them at all, they shouted after me
> if I have \<male genitalia\>. School naturally cannot do anything at
> all, because I am not cis or neurotypical so I have just been at home
> for month and talked about suicide possibly daily.
> Of course it can probably be thought that if I was more attacking, I might
> still be at school unlike the people there whom this word possibly
> describes... Shortly, first time they said "hi Name, you are beautiful", next
> time "hi" and mocked my masculine voice and the third time I couldn't even use
> bathroom in peace, my name was shouted and when I ignored them and didn't look
> them at all, they shouted after me if I have \<male genitalia\>. School
> naturally cannot do anything at all, because I am not cis or neurotypical so I
> have just been at home for month and talked about suicide possibly daily.
>
> I am probably bad human, because I am in disputes with everyone
> everywhere and I am not good trans either, because I only wish that I
> was cis girl and neurotypical and that someone could love me some day. I
> don't know if being out is the best possible choise for me, but I don't
> have a choice and maybe it will help someone even if I never heard about
> the person and I try to do everything I can even if nothing ever succeeds
> and I always do and say everything wrongly.
> I am probably bad human, because I am in disputes with everyone everywhere and
> I am not good trans either, because I only wish that I was cis girl and
> neurotypical and that someone could love me some day. I don't know if being
> out is the best possible choise for me, but I don't have a choice and maybe it
> will help someone even if I never heard about the person and I try to do
> everything I can even if nothing ever succeeds and I always do and say
> everything wrongly.
>
> I am tired of this war which is always in these comments and continuosly
> trans person is killed somewhere, especially trans woman of colour
> and everywhere there are laws against LGBTIQ+ people and now there has
> been aa lot talk about those bathrooms. It's just not possible to get
> rest from this thing.
> I am tired of this war which is always in these comments and continuosly trans
> person is killed somewhere, especially trans woman of colour and everywhere
> there are laws against LGBTIQ+ people and now there has been aa lot talk about
> those bathrooms. It's just not possible to get rest from this thing.
>
> (and I once again managed to talk offtopic most of the time, but as I
> wrote this, maybe I must also send this)
> (and I once again managed to talk offtopic most of the time, but as I wrote
> this, maybe I must also send this)
>
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun
> minä kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
> (ja onnistuin puhumaan suurimman osan aivan aiheen vierestä, mutta kun minä
> kerran kirjoitin tämän niin kai minun pitää myös lähettää tämä)
-- Facebook comment

83
blog/_posts/2015-04-22-IRC-over-TLS.md
View File

@ -15,71 +15,78 @@ robots: noai
_IRC over TLS is not pointless unless you only worry about things that you
cannot affect at all. SSL is pointless, because of [POODLE]._
I use IRC over TLS on all networks that support it (=other than IRCnet)
and I also [verify the certificates]. TLS is used
I use IRC over TLS on all networks that support it (=other than IRCnet) and I
also [verify the certificates]. TLS is used
_Update on 2015-06-18: I was told that IRCnet does have SSL on
ssl.irc.atw-inter.net and ssl.rfc1459.ca, but server links are mostly
unencrypted. I am not able to use those though as Finnish channels are
mostly stupid and letting people only in from Finnish servers._
unencrypted. I am not able to use those though as Finnish channels are mostly
stupid and letting people only in from Finnish servers._
- between my client and bouncer
- when they both are on localhost it's not used and my bouncer only
listens for plain text connections only on `127.0.0.1` and `::1`.
- when they both are on localhost it's not used and my bouncer only listens
for plain text connections only on `127.0.0.1` and `::1`.
- between my bouncer and IRCd
These are the points that I can affect. I cannot do anything to server
links other than hope that the network operators know what they are doing
and use TLS. I cannot affect whether other users use TLS or not or do they
check the certificates or blindly accept whatever they are offered.
These are the points that I can affect. I cannot do anything to server links
other than hope that the network operators know what they are doing and use TLS.
I cannot affect whether other users use TLS or not or do they check the
certificates or blindly accept whatever they are offered.
As I use TLS everywhere where I can affect, I can be more sure that
my discussions aren't so easily read on:
As I use TLS everywhere where I can affect, I can be more sure that my
discussions aren't so easily read on:
- open WLAN
- any router between me and the bouncer
- any router between bouncer and the IRC server
And like everyone else says, you cannot be sure on the server links
or other people on the channels or queries. You can only make sure that
**you** are using TLS.
And like everyone else says, you cannot be sure on the server links or other
people on the channels or queries. You can only make sure that **you** are using
TLS.
One example where TLS is very helpful even if you have no idea whether
the other people use SSL is passwords:
One example where TLS is very helpful even if you have no idea whether the other
people use SSL is passwords:
- your NickServ password isn't in plain text between you and the IRC
server, but you again cannot know if the IRC server sends it to other
IRC server(s) in plain text that are between the server where you are
connected to and services server.
- your /OPER password in case you are IRC operator. Imagine being on
open WLAN or similar situation and transmitting your password in
plain text and someone else taking that password. What kind of "fun"
things they could do with it?
- your NickServ password isn't in plain text between you and the IRC server, but
you again cannot know if the IRC server sends it to other IRC server(s) in
plain text that are between the server where you are connected to and services
server.
- your /OPER password in case you are IRC operator. Imagine being on open WLAN
or similar situation and transmitting your password in plain text and someone
else taking that password. What kind of "fun" things they could do with it?
_Now you can move into reading why [IRC over SSL is pointless], [web.archive.org]..._
_Now you can move into reading why [IRC over SSL is pointless],
[web.archive.org]..._
[poodle]: https://en.wikipedia.org/wiki/POODLE
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %}
[IRC over SSL is pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %} [IRC
over SSL
is
pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
[web.archive.org]:https://web.archive.org/web/20130425123002/http://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
## Addition: who is interested in my traffic?
- Finland - Security Police & Defence Forces
- Currently law allowing Security Police and the Defence Forces to do
network monitoring without limitations is going to pass in the
parlament.
- Currently law allowing Security Police and the Defence Forces to do network
monitoring without limitations is going to pass in the parlament.
- Sweden - National Defence Radio Establishment & Security Police & Police
- Sweden has monitored all traffic going through them since 2008
and most of Finnish traffic goes through them.
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
- 2015-04-23 (in Finnish) https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html / https://archive.is/iYrsl
- Sweden has monitored all traffic going through them since 2008 and most of
Finnish traffic goes through them.
- 2015-04-23
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
- 2015-04-23
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
- 2015-04-23 (in Finnish)
https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html
/ https://archive.is/iYrsl
- UK - GCHQ
- Cooperating with Sweden
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
- 2015-04-23
https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
- USA - NSA
- Cooperating with Sweden
- 2015-04-23 https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
- 2015-04-23
https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
- Many others? :(

35
blog/_posts/2015-05-10-znc-ubuntu.md
View File

@ -8,35 +8,36 @@ redirect_from: /english/2015/05/10/znc-ubuntu.html
sitemap: false
---
_Many people seem to be installing ZNC using some weird instructions and
don't ever upgrade after that. This is yet another unofficial install
guide, but with this you should be able to upgrade too._
_Many people seem to be installing ZNC using some weird instructions and don't
ever upgrade after that. This is yet another unofficial install guide, but with
this you should be able to upgrade too._
**This is not the official install guide, if you are looking for that,
[click here.](https://wiki.znc.in/Installation)** _You will find these
same instructions there too though._
[click here.](https://wiki.znc.in/Installation)** _You will find these same
instructions there too though._
Step 0: If you had already installed ZNC from source, go to the source
directory and run `make uninstall` or `sudo make uninstall` if needed.
Step 0: If you had already installed ZNC from source, go to the source directory
and run `make uninstall` or `sudo make uninstall` if needed.
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes
the latest version of ZNC for [supported Ubuntu releases](https://wiki.ubuntu.com/Releases)
and this guide uses it.
[Thomas Ward](https://launchpad.net/~teward) has PPA which usually includes the
latest version of ZNC for
[supported Ubuntu releases](https://wiki.ubuntu.com/Releases) and this guide
uses it.
1. Install required package for adding PPAs: `sudo apt-get install python-software-properties`
1. Install required package for adding PPAs:
`sudo apt-get install python-software-properties`
2. Add the PPA `sudo add-apt-repository ppa:teward/znc`
3. Refresh list of packages in the repos `sudo apt-get update`
4. If you had installed ZNC from Ubuntu repositories, now you could run
`sudo apt-get upgrade`, otherwise finally install ZNC with
`sudo apt-get install znc`.
ZNC is now installed. If you had it running before installing from PPA,
you should restart it especially if it was different version than what the
PPA has.
ZNC is now installed. If you had it running before installing from PPA, you
should restart it especially if it was different version than what the PPA has.
Now you can either (new ZNC user) run `znc --makeconf` to create config
file and then (existing ZNC user) run `znc` and your ZNC starts listening
on where you told it to listen.
Now you can either (new ZNC user) run `znc --makeconf` to create config file and
then (existing ZNC user) run `znc` and your ZNC starts listening on where you
told it to listen.
You might also want to read:

41
blog/_posts/2015-05-18-ircs_links.md
View File

@ -9,34 +9,33 @@ sitemap: true
robots: noai
---
_Yet another note-to-self post, but these links are confusing, how do you
make proper irc:// or ircs:// link?_
_Yet another note-to-self post, but these links are confusing, how do you make
proper irc:// or ircs:// link?_
I started wondering about the proper way to make irc/ircs links today and
based on the following addresses
I started wondering about the proper way to make irc/ircs links today and based
on the following addresses
- https://www.iana.org/assignments/uri-schemes/prov/ircs
- https://tools.ietf.org/html/draft-butcher-irc-url-04
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of
what was said above :frown: and the proper way how you make links without
getting eaten by HTML5 validator is
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address
would become
`ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
EDIT 2015-08-30 & 2015-10-10: I got eaten by HTML5 validator, because of what
was said above :frown: and the proper way how you make links without getting
eaten by HTML5 validator is
(https://tools.ietf.org/html/draft-butcher-irc-url-04) and the address would
become `ircs://irc.example.org:6697/%23channel%2C%23%23channel%2C%21channel`.
See [Percent-encoding at Wikipedia]. Thanks Mardeg at irc.mozilla.org.
[percent-encoding at wikipedia]: https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
[percent-encoding at wikipedia]:
https://en.wikipedia.org/wiki/Percent-encoding#Percent-encoding_reserved_characters
- specifies that the link uses SSL with the _s_ (for plain text just remove
it)
- specifies that the link uses SSL with the _s_ (for plain text just remove it)
- specifies the port so client doesn't have to guess it
- clearly specifies the channels without leaving prefixes for the client
to guess
- clearly specifies the channels without leaving prefixes for the client to
guess
The previously linked pages also contain other forms, but this seems the
best to me and I am against using channel keys as there are better ways
to keep channel private (such as restricted or +i and +I to authorized
people) and server passwords aren't used anywhere where I would encounter
them, other than forwarding the password to NickServ, but that is depracted
by [SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).
The previously linked pages also contain other forms, but this seems the best to
me and I am against using channel keys as there are better ways to keep channel
private (such as restricted or +i and +I to authorized people) and server
passwords aren't used anywhere where I would encounter them, other than
forwarding the password to NickServ, but that is depracted by
[SASL](https://ircv3.net/specs/extensions/sasl-3.1.html).

57
blog/_posts/2015-05-18-life-bot-background.md
View File

@ -8,42 +8,41 @@ redirect_from: /english/2015/05/18/life-bot-background.html
sitemap: false
---
_More on my life and a little background on bots; also trigger warning
about probably everything..._
_More on my life and a little background on bots; also trigger warning about
probably everything..._
Start with the [previous post on the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
Start with the [previous post on
the subject]({% post_url blog/2015-03-25-leaving-bots-life %})...
_Update:
[I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
_Update: [I graduated on 2015-05-29.]({% post_url blog/2015-05-29-graduation %})_
So I have been away from school for months now and the fact that I won't
graduate seems very sure. I haven't left home unless I have had too either
and after today I might leave home even then.
graduate seems very sure. I haven't left home unless I have had too either and
after today I might leave home even then.
I don't remember last week so well, so probably nothing happened, I was
away from home for two events at Helsinki which is tiring as the bus
trip from Kotka-Helsinki is two hours, rest of the week I was at home
with the exception of visiting cottage and replacing elorn (Banana Pi which
didn't like upgrade from Bananian Wheezy to Bananian Jessie) with rbtpzn
(a little better system, Raspberry Pi B+ running Arch Linux ARM), I don't
remember what else happened.
I don't remember last week so well, so probably nothing happened, I was away
from home for two events at Helsinki which is tiring as the bus trip from
Kotka-Helsinki is two hours, rest of the week I was at home with the exception
of visiting cottage and replacing elorn (Banana Pi which didn't like upgrade
from Bananian Wheezy to Bananian Jessie) with rbtpzn (a little better system,
Raspberry Pi B+ running Arch Linux ARM), I don't remember what else happened.
I have also been anxious too much for being healthy and I have talked about
suicide probably daily. Last night Doctor [Google] also suggested
[Avoidant personality disorder] and I am waiting for seeing "mental
health professional" again and asking if that is possible.
suicide probably daily. Last night Doctor [Google] also suggested [Avoidant
personality disorder] and I am waiting for seeing "mental health professional"
again and asking if that is possible.
[google]: https://encrypted.google.com/
[avoidant personality disorder]: https://en.wikipedia.org/wiki/Avoidant_personality_disorder
[avoidant personality disorder]:
https://en.wikipedia.org/wiki/Avoidant_personality_disorder
And back to today, I had possibly my worst bus trip between Kotka and
Helsinki. First there was bully from previous school and even if they
didn't do anything, just seeing is enough to trigger heavy anxiety to me.
<br/>Then there were two people sitting in front of me at the bus, small
child and one adult. The child kept making loud noice for most of the trip
and at some point dropped whatever the thing is on bus seats behind your
head to me and only stared.<br/>
I was too anxious even without them, so I didn't tell the adult anything
and there wouldn't have been any use in that as they didn't care about
their behaviour anyway and it would have been my fault anyway for sitting
there or annoying them just for existing.
And back to today, I had possibly my worst bus trip between Kotka and Helsinki.
First there was bully from previous school and even if they didn't do anything,
just seeing is enough to trigger heavy anxiety to me. <br/>Then there were two
people sitting in front of me at the bus, small child and one adult. The child
kept making loud noice for most of the trip and at some point dropped whatever
the thing is on bus seats behind your head to me and only stared.<br/> I was too
anxious even without them, so I didn't tell the adult anything and there
wouldn't have been any use in that as they didn't care about their behaviour
anyway and it would have been my fault anyway for sitting there or annoying them
just for existing.

26
blog/_posts/2015-05-29-graduation.md
View File

@ -9,25 +9,23 @@ sitemap: true
robots: noai
---
As my blog is so full of suicidality and depression and how I won't
graduate, I probably must inform here that I have graduated according to
YLE News.
As my blog is so full of suicidality and depression and how I won't graduate, I
probably must inform here that I have graduated according to YLE News.
- [web.archive.org: Etelä-Kymenlaakson ammattiopisto 2015-05-29](https://web.archive.org/web/20150602001658/http://yle.fi/uutiset/etela-kymenlaakson_ammattiopisto/8023952)
- YLE had apparently changed their URL breaking the old link and when
I was informed of this, I tried to search the current live version,
but was only able to find it from Waybackmachine.
- YLE had apparently changed their URL breaking the old link and when I was
informed of this, I tried to search the current live version, but was only
able to find it from Waybackmachine.
- [Google Translated link](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fweb.archive.org%2Fweb%2F20150602001658%2Fhttp%3A%2F%2Fyle.fi%2Fuutiset%2Fetela-kymenlaakson_ammattiopisto%2F8023952&edit-text=)
- Note that Google Translate changes my name to "Finnish Mikaela" as
Suomalainen means a Finn or Finnish or similar.
What happens next? Nothing until I am legally recognized as a woman which
currently seems to happen in winter at soonest. As I have told everyone,
I won't be applying anywhere with my current person identification number
as all databases mark me as a man and I don't want to have weird situations
like I currently have e.g. student information system separates by gender
and puts Mikaela Suomalainen in the middle of men which raises questions…
currently seems to happen in winter at soonest. As I have told everyone, I won't
be applying anywhere with my current person identification number as all
databases mark me as a man and I don't want to have weird situations like I
currently have e.g. student information system separates by gender and puts
Mikaela Suomalainen in the middle of men which raises questions…
What is said in previous posts still applies, I am not moving outdoors
unless I have to which means visit to Helsinki where I am able to move more
freely.
What is said in previous posts still applies, I am not moving outdoors unless I
have to which means visit to Helsinki where I am able to move more freely.

54
blog/_posts/2015-05-31-weechat-filter.md
View File

@ -11,43 +11,41 @@ redirect_from:
robots: noai
---
_Everyone knows the `/ignore` command, but there is also `/filter` which
I feel is superiour._
_Everyone knows the `/ignore` command, but there is also `/filter` which I feel
is superiour._
First, how do they differ?
- Ignore removes all lines from the person you are ignoring permanently and
they aren't logged or anything.
- Filter only hides the messages from the person and is very customizable,
but I am only describing my ignoring here. They are still logged and
by toggling filters they become visible.
- Ignore removes all lines from the person you are ignoring permanently and they
aren't logged or anything.
- Filter only hides the messages from the person and is very customizable, but I
am only describing my ignoring here. They are still logged and by toggling
filters they become visible.
And how do you use it?
- `/filter add FILTERNAME * nick_*NICKHERE* *`
- FILTERNAME is the name how you recognize the filter, I usually put
the nick there.
- The first `*` is buffer where the filter is used in and means simply
"all buffers".
- `nick_*NICKHERE*` means that you want to filter lines from
`*NICKHERE*`, the asterisks are important as it makes sure that the
user doesn't change their nick to `NICKHERE_` who again wouldn't be
filtered.
- And the last `*`, what do you want to filter from that nick?
Everything.
- FILTERNAME is the name how you recognize the filter, I usually put the nick
there.
- The first `*` is buffer where the filter is used in and means simply "all
buffers".
- `nick_*NICKHERE*` means that you want to filter lines from `*NICKHERE*`, the
asterisks are important as it makes sure that the user doesn't change their
nick to `NICKHERE_` who again wouldn't be filtered.
- And the last `*`, what do you want to filter from that nick? Everything.
But doesn't this defeat the whole point of ignoring? That depends on you
and do you think you will ever need the ignored content.
But doesn't this defeat the whole point of ignoring? That depends on you and do
you think you will ever need the ignored content.
One good example where you might want to have the content is when you are
channel op and someone on your ignore list joins the channel and someone
else alerts ops.
channel op and someone on your ignore list joins the channel and someone else
alerts ops.
With ignore you see nothing, with filter you just toggle your filters and
see that someone who you had filtered joined on the channel and did
something against the channel rules and you can easily take action.
With ignore you see nothing, with filter you just toggle your filters and see
that someone who you had filtered joined on the channel and did something
against the channel rules and you can easily take action.
Further reading, check `/help filter`, you will enjoy at least
the smart filter, `/filter add irc_smart * irc_smart_filter *` (hides
joins/quits/parts/etc. unless the person has talked in X minutes configured
in `/help irc.look.smart_filter_delay`).
Further reading, check `/help filter`, you will enjoy at least the smart filter,
`/filter add irc_smart * irc_smart_filter *` (hides joins/quits/parts/etc.
unless the person has talked in X minutes configured in
`/help irc.look.smart_filter_delay`).

59
blog/_posts/2015-06-03-setting-umodes.md
View File

@ -9,20 +9,18 @@ sitemap: true
robots: noai
---
_As I have written more about umodes than I thought, I am breaking the
posts setting/unsetting is documented here and I will link here from other
posts._
_As I have written more about umodes than I thought, I am breaking the posts
setting/unsetting is documented here and I will link here from other posts._
Simply use `/umode +mo-des` or if that is unknown command (as it's alias
in most of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo"
and unset "des". _These might not be real umodes and they are here just as
an example._
Simply use `/umode +mo-des` or if that is unknown command (as it's alias in most
of clients), use `/mode YOURNICK +mo-des` and you set umodes "mo" and unset
"des". _These might not be real umodes and they are here just as an example._
## Automatic umodes
Umodes aren't remembered across connections so you must configure your
client to (un)set them automatically. **Your umodes won't be change this
way until you reconnect!**
Umodes aren't remembered across connections so you must configure your client to
(un)set them automatically. **Your umodes won't be change this way until you
reconnect!**
_These examples use the umodes that I am using at the time of writing._
@ -31,36 +29,37 @@ _These examples use the umodes that I am using at the time of writing._
- WeeChat
- Old way: `/set irc.server_default.command /mode $nick -iI+wRQxg`
- Modern way (1.7+): `/set irc.server_default.usermode -iI+wRQxg`
- _For setting umodes only for one network instead of them all
replace server_default with server.name, e.g._
- _For setting umodes only for one network instead of them all replace
server_default with server.name, e.g._
- `/set irc.server.liberachat.usermode -iI+wRQxg`
- ZNC:
- Traditional way: `/msg *status loadmod perform` and
`/msg *perform add mode %nick% -iI+wRQxg`
- The same can also be done in webadmin and if you load perform for
user level, adding the command `mode %nick% -iI+wRQxg` will set
umode -iI+wrqXG on all networks.
- The modes will apply to all networks if you load it on user
level or only the invidual network on network level.
- The same can also be done in webadmin and if you load perform for user
level, adding the command `mode %nick% -iI+wRQxg` will set umode -iI+wrqXG
on all networks.
- The modes will apply to all networks if you load it on user level or only
the invidual network on network level.
- Modern way: [ZNC issue #1221](https://github.com/znc/znc/issues/1221)
### And what these umodes mean
This list is what I want the umodes to mean when I set them automatically.
For what the actual umodes are on your network, try `/quote help umode` or
This list is what I want the umodes to mean when I set them automatically. For
what the actual umodes are on your network, try `/quote help umode` or
`/quote help umodes`.
- i — invisible, hides your channel list from whois with ircd-seven and
possibly some other ircds. Also hides you from /who of people who don't
share channels with you. [See also why I unset it here.]({% post_url blog/2015-03-26-umode--i %})
- I — On InspIRCd with [hidechans] module hides your channel list from
whois.
- w — receive wallops, less-important announcements from network operators
that are only received by those who are curious and have umode +w. More
important announcements are usually global notices.
- R — block PMs from unidentified users (who tend to be spambots and if
they aren't, they can identify to services).
- i — invisible, hides your channel list from whois with ircd-seven and possibly
some other ircds. Also hides you from /who of people who don't share channels
with you. [See also why I unset
it here.]({% post_url blog/2015-03-26-umode--i %})
- I — On InspIRCd with [hidechans] module hides your channel list from whois.
- w — receive wallops, less-important announcements from network operators that
are only received by those who are curious and have umode +w. More important
announcements are usually global notices.
- R — block PMs from unidentified users (who tend to be spambots and if they
aren't, they can identify to services).
- Q — block channel redirects on Charybdis (mode +f or banforward).
- x — activates IRCd based uncloaking even if it's [not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
- x — activates IRCd based uncloaking even if it's
[not that reliable.](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c)
- g — caller-id, people must be `/accepted` or PMed before they can PM you.
- t — only users using SSL can PM.

76
blog/_posts/2015-06-08-private_secret_channels.md
View File

@ -9,27 +9,27 @@ sitemap: true
robots: noai
---
_People often wonder about this and I thought that I could probably write
about this, how do you make IRC channel secret/private, either hiding it
from other people or not letting others in._
_People often wonder about this and I thought that I could probably write about
this, how do you make IRC channel secret/private, either hiding it from other
people or not letting others in._
_Modes spbiI are standard and should be the same on all IRCds. I am also
assuming that your network uses Atheme IRC Services or fork of it._
To make channel secret, there are two useful modes. You might also want to
mlock them with `/msg chanserv help set mlock`.
To make channel secret, there are two useful modes. You might also want to mlock
them with `/msg chanserv help set mlock`.
- +s — hides the channel from all channel lists (for non-opers)
-i). Keep in mind that you always see channels that you are on or share
with other people in whois. +p also prevents `/knock` (which is command
to request invite to the channel) on some IRCds.
- +s — hides the channel from all channel lists (for non-opers) -i). Keep in
mind that you always see channels that you are on or share with other people
in whois. +p also prevents `/knock` (which is command to request invite to the
channel) on some IRCds.
Other nice modes that you may be interested in are:
- +b — (ban) depnding on does your network support extbans, try
`/quote help extban`.
- +r — on Charybdis prevents unidentified users from joining the channel,
you will want this with RESTRICTED.
- +r — on Charybdis prevents unidentified users from joining the channel, you
will want this with RESTRICTED.
- InspIRCd uses +R
- - S — on Charybdis prevents users not using SSL/TLS from joining.
- InspIRCd uses +z
@ -37,43 +37,43 @@ Other nice modes that you may be interested in are:
And to make channel private, there are two ways, mode +i/+I and ChanServ
RESTRICTED (auto-kban unauthorized users).
With RESTRICTED you will want to prevent unidentified users from joining
or you will get people attempting to join while unidentified and then
banned immediately and unable to join after identifying.
With RESTRICTED you will want to prevent unidentified users from joining or you
will get people attempting to join while unidentified and then banned
immediately and unable to join after identifying.
To use it,
1. Give people who are supposed to be on the channel flags, I use +ViA
which means auto-**Voice**, **i**nvite oneself and can see **A**ccess
lists, you don't have to use these, but these are probably the most
safe flags and the users must have at least one account to not be
kbanned. `/msg ChanServ flags #channel account +ViA`
1. Give people who are supposed to be on the channel flags, I use +ViA which
means auto-**Voice**, **i**nvite oneself and can see **A**ccess lists, you
don't have to use these, but these are probably the most safe flags and the
users must have at least one account to not be kbanned.
`/msg ChanServ flags #channel account +ViA`
2. `/msg ChanServ set #channel restricted on`
3. You are ready, but you might also want to
`/msg ChanServ set #channel private on`, so people cannot use
`/msg chanserv access #channel list` to see who are the secret people
you let in (and who aren't on the channel between auto-kban).
`/msg chanserv access #channel list` to see who are the secret people you let
in (and who aren't on the channel between auto-kban).
And last, mode +i and +I which are the oldest way to do this, but also the
most difficult.
And last, mode +i and +I which are the oldest way to do this, but also the most
difficult.
First you set the mode +i and now everyone must be `/invite`d to the
channel or they cannot join. Then you set +I like you would set a ban
(read the `/quote help extban), here I assume you use Charybdis.
First you set the mode +i and now everyone must be `/invite`d to the channel or
they cannot join. Then you set +I like you would set a ban (read the `/quote
help extban), here I assume you use Charybdis.
To allow user with account `friend` you would `/mode +I $a:friend` and
they are able to join freely without needing to be `/invite`d every time.
To allow user with account `friend` you would `/mode +I $a:friend` and they are
able to join freely without needing to be `/invite`d every time.
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful
as they allow everyone to use the `/invite` command.
You might also find the modes `+g` (Charybdis) and `+A` (InspIRCd) helpful as
they allow everyone to use the `/invite` command.
I said that +iI is difficult and I must probably explain why it's so.
- It doesn't use services and the lists get emptied always when the channel
gets empty.
- It's tied to whatever you give it, if you give it hostmask and that
changes, the person cannot get in anymore. Also if you gave it extban
matching to accountname and the person changes accountname, they are
again unable to join until the +I is updated.
- _These were the reasons that came to mind at first, if you have others,
feel free to suggest them._
- It doesn't use services and the lists get emptied always when the channel gets
empty.
- It's tied to whatever you give it, if you give it hostmask and that changes,
the person cannot get in anymore. Also if you gave it extban matching to
accountname and the person changes accountname, they are again unable to join
until the +I is updated.
- _These were the reasons that came to mind at first, if you have others, feel
free to suggest them._

90
blog/_posts/2015-06-12-ufw.md
View File

@ -10,28 +10,26 @@ redirect_from:
robots: noai
---
_This post describes my UFW config and is here so I find it from somewhere
and with hope that I am told if someone notices something terriby insecure
here and is able to offer suggestions. This probably will never be
perfect._
_This post describes my UFW config and is here so I find it from somewhere and
with hope that I am told if someone notices something terriby insecure here and
is able to offer suggestions. This probably will never be perfect._
Having firewall is important as you aren't always in your trusted home
network (that can also be broken into especially if you have WLAN) and
with IPv6 your devices have public IPv6 addresses. Theoretically your
router should include a firewall, but at least the Huawei mobile broadband
routers or MiFis don't include one (and I might be annoyed by it enough
to disable it anyway and configure everything on host level if it was
my network).
Having firewall is important as you aren't always in your trusted home network
(that can also be broken into especially if you have WLAN) and with IPv6 your
devices have public IPv6 addresses. Theoretically your router should include a
firewall, but at least the Huawei mobile broadband routers or MiFis don't
include one (and I might be annoyed by it enough to disable it anyway and
configure everything on host level if it was my network).
_Threat model: service I am not aware of or that I accidentally make
listen wider than intended, with UFW I am aware of what ports are
allowed. I assume any mobile host is going to move randomly and while
some whitelists (especially link-local and IPv4 LANs) will overlap and
possibly allow access, it's still better than being open to the internet
and overlay networks that I have interacted with recently._
_Threat model: service I am not aware of or that I accidentally make listen
wider than intended, with UFW I am aware of what ports are allowed. I assume any
mobile host is going to move randomly and while some whitelists (especially
link-local and IPv4 LANs) will overlap and possibly allow access, it's still
better than being open to the internet and overlay networks that I have
interacted with recently._
This post first has list of commands, then explanations that won't be
repeated with IPvX ranges.
This post first has list of commands, then explanations that won't be repeated
with IPvX ranges.
Fedora/firewalld? [n/firewalld](/n/firewalld)
@ -55,19 +53,20 @@ ufw allow 60000:61000/udp
```
- 22 TCP/ssh — Allow acces to SSHd you don't want to lock yourself out.
- previously I used `ufw limit` but it seems to be too oversensitive,
just use SSHGuard.
- previously I used `ufw limit` but it seems to be too oversensitive, just use
SSHGuard.
- Deny incoming connections unless the port has been whitelisted.
- Allow all outgoing connections, keeping list of authorized ports would
be too much for me.
- Start ufw on boot and now (I am not sure if this step is required, but
better safe than sorry).
- Allow all outgoing connections, keeping list of authorized ports would be too
much for me.
- Start ufw on boot and now (I am not sure if this step is required, but better
safe than sorry).
- Put the firewall in force.
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113. This makes ident checking IRC servers connect faster as they don't
have to timeout. If you run shell server (for IRC purpouses) you should
allow this instead. And if you don't use IRC or don't care about having
to wait for the check to timeout, don't do this as you may leave
yourself visible to random port scanners.
- 113 TCP/ident — Tell "Connection refused" to whoever tries to reach port 113.
This makes ident checking IRC servers connect faster as they don't have to
timeout. If you run shell server (for IRC purpouses) you should allow this
instead. And if you don't use IRC or don't care about having to wait for the
check to timeout, don't do this as you may leave yourself visible to random
port scanners.
- 123 UDP/NTP - syncing time between local hosts
- 631 both/cups — Allow access to cups for printer sharing from 192.168.8.xxx
- fe80:://10 is link-local address existing _everywhere_ IPv6 is enabled,
@ -75,18 +74,19 @@ ufw allow 60000:61000/udp
- 5353 UDP/mdns/Avahi — used for `.local` addresses.
- 5900 — VNC port at least for `krfb kdrc` (KDE Remote Desktop server & client).
I tend to only allow it from specific Yggdrasil address(es).
- 6771/udp — [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic
peering port only on link-local.
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this
setup and there should be something bettter instead of this. As
something evil could run and listen on these ports.
- 6771/udp —
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
- 9001/udp — [Yggdrasil](https://yggdrasil-network.github.io/) automatic peering
port only on link-local.
- 60000:61000 UDP/mosh — I feel this is the most insecure part of this setup and
there should be something bettter instead of this. As something evil could run
and listen on these ports.
_If some host doesn't run some of the mentioned service, it's not open in
the firewall._
_If some host doesn't run some of the mentioned service, it's not open in the
firewall._
KDE Connect which seems painful enough to list separately and doesn't seem
to work IPv6-only or I am too impatient.
KDE Connect which seems painful enough to list separately and doesn't seem to
work IPv6-only or I am too impatient.
```bash
#ufw allow from 192.168.8.0/24 to any port 1714:1764 proto tcp
@ -104,11 +104,13 @@ ufw route allow in on enp3s0 out on wlp2s0
ufw route allow in on wlp2s0 out on enp3s0
```
I am not sure if both rules are required, enp3s0 is the ethernet interface
and wlp2s0 the wireless one. I think it would make sense for only the first
to be required.
I am not sure if both rules are required, enp3s0 is the ethernet interface and
wlp2s0 the wireless one. I think it would make sense for only the first to be
required.
---
Last updated: 2020-10-26 | [GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md) |
Last updated: 2020-10-26 |
[GitHub changelog](https://github.com/Mikaela/mikaela.github.io/commits/master/_posts/2015-06-12-ufw.md)
|
[Blesmrt Gitea changelog](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/_posts/2015-06-12-ufw.md)

140
blog/_posts/2015-06-16-feelings.md
View File

@ -9,88 +9,82 @@ sitemap: true
robots: noai
---
_If you wanted to know about my current life situation, read something else
as I have no life and this posts talks only about the haunting past._
_If you wanted to know about my current life situation, read something else as I
have no life and this posts talks only about the haunting past._
Everyone probably knows that I haven't had very positive experience with
any school, but now I try to bring some events to light from maybe
seven years ago.
Everyone probably knows that I haven't had very positive experience with any
school, but now I try to bring some events to light from maybe seven years ago.
There are three event that haunt me the most:
- _I am just being at break like I am always, alone and without friends
and I hear one of the bullies talking about me, "that jack pisses me off
so much, always walking around in kuoma boots and his face is like ass
of prey bird." After that I remember being in physics or chemitry lesson
and crying and trying to get attention of teacher by writing everything
very slowly, but failing and the only thing that happened was my
handwriting looking better._
- _I don't remember the situation, I think it was a break, but someone from
the same class said "I know why … is so weird, his grandfathers have had
sex with monkeys._
- _I don't remember where it began, but one group of bullies took the habit
of calling me as "ubitch". I don't know where they took that word as
even I didn't know about being trans (Asperger's diagnose would also
come later), but they had issue when I smiled, so I learned to not smile
and that is still causing me issues to this day includin difficulties in
voice training and potential [AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder).
The same group also did worse things that I don't want to talk about._
- _I am just being at break like I am always, alone and without friends and I
hear one of the bullies talking about me, "that jack pisses me off so much,
always walking around in kuoma boots and his face is like ass of prey bird."
After that I remember being in physics or chemitry lesson and crying and
trying to get attention of teacher by writing everything very slowly, but
failing and the only thing that happened was my handwriting looking better._
- _I don't remember the situation, I think it was a break, but someone from the
same class said "I know why … is so weird, his grandfathers have had sex with
monkeys._
- _I don't remember where it began, but one group of bullies took the habit of
calling me as "ubitch". I don't know where they took that word as even I
didn't know about being trans (Asperger's diagnose would also come later), but
they had issue when I smiled, so I learned to not smile and that is still
causing me issues to this day includin difficulties in voice training and
potential
[AvPD](https://en.m.wikipedia.org/wiki/Avoidant_personality_disorder). The
same group also did worse things that I don't want to talk about._
What was done? Different appointments with different people, including
school social worker who quite directly said "there is no bullying in our
school, you are scizhophrenic" (don't mind that school social workers
aren't able to write dignosis) and psychologist who surprised me and my
mother by knowing everything about my childhood and "just had to start from
something (Asperger's syndrome).
What was done? Different appointments with different people, including school
social worker who quite directly said "there is no bullying in our school, you
are scizhophrenic" (don't mind that school social workers aren't able to write
dignosis) and psychologist who surprised me and my mother by knowing everything
about my childhood and "just had to start from something (Asperger's syndrome).
I ended up ending that school half year before it would have been over and
at some point starting my long visits to psychiatrical hospital (which is
horrible if you happen to be neuroatypial and part of
Gender/Romantic/Sexual Minority or multiple of those, but that is for
another post).
I ended up ending that school half year before it would have been over and at
some point starting my long visits to psychiatrical hospital (which is horrible
if you happen to be neuroatypial and part of Gender/Romantic/Sexual Minority or
multiple of those, but that is for another post).
There were also other issues that I remember, but I don't feel the same
level of pain.
There were also other issues that I remember, but I don't feel the same level of
pain.
- _One person never talked to me and had some issue with me and always got
what they wanted ("I don't want to work with that"). Not that I wanted
to work with them, but it would have been nice if anyone thought about
asking my opinion._
- _On home economics lesson, I don't remember what was talked about, but
I said for some reason that I like tuna over rye crisps and got response
that it's "so poor" and it's unclear to this day what does price of food
have to do with how does it taste._
- _One person never talked to me and had some issue with me and always got what
they wanted ("I don't want to work with that"). Not that I wanted to work with
them, but it would have been nice if anyone thought about asking my opinion._
- _On home economics lesson, I don't remember what was talked about, but I said
for some reason that I like tuna over rye crisps and got response that it's
"so poor" and it's unclear to this day what does price of food have to do with
how does it taste._
- _There was … Suomalainen fanclub at Facebook and it was also reported to
police, but no action was took as there was nothing offensive there. In
the end offensive content got there, but it was removed in agreement
when anti-bullying FB page with name "bully name bunny club" was
removed._
- _I was also friends at some point with the person depending on how
much friendship it is to perform Windows repair install and as
reward get told that we couldn't be friends at school as their
reputation would suffer. More bullying came..._
- There was also a lot more that happened there, but I would probably write
this forever if I wrote about everything and the things that are always
on surface are already written.
police, but no action was took as there was nothing offensive there. In the
end offensive content got there, but it was removed in agreement when
anti-bullying FB page with name "bully name bunny club" was removed._
- _I was also friends at some point with the person depending on how much
friendship it is to perform Windows repair install and as reward get told
that we couldn't be friends at school as their reputation would suffer. More
bullying came..._
- There was also a lot more that happened there, but I would probably write this
forever if I wrote about everything and the things that are always on surface
are already written.
and as this is titled feelings, I should probably write about those too,
not that there was anything new.
and as this is titled feelings, I should probably write about those too, not
that there was anything new.
- I seem to be always anxious, especially if anyone wants me to go outdoors
alone and I am afraid of seeing someone from any school even if they
didn't recognize me or did nothing, I have already seen people from there
twice with both times mentally locking me down.
- I am just horrible person, everyone hates me and no one is honest in any
good thing they say to/about me.
- I am just bothering everyone by being present in same space whether
physical or online.
- Most of time I feel I have no friends anywhere even if there are
otherwise some IRC or IRL, it's just difficult for me to make/maintain
friendships, but me being horrible person is nothing new anyway.
- I wish that I had a partner, but it's impossible as I am just horrible
person and autist (in bad way) and asexual (while most of rest of the
world wants only sex) and trans (which is probably the worse as that
translates to "has or has had a penis" and makes everyone misinterpred me
as being male or being unable to think me as a girl). I don't sleep
propery at nights thinking these things and I just cannot get out and
as said Kymenlaakso is unable to help.
alone and I am afraid of seeing someone from any school even if they didn't
recognize me or did nothing, I have already seen people from there twice with
both times mentally locking me down.
- I am just horrible person, everyone hates me and no one is honest in any good
thing they say to/about me.
- I am just bothering everyone by being present in same space whether physical
or online.
- Most of time I feel I have no friends anywhere even if there are otherwise
some IRC or IRL, it's just difficult for me to make/maintain friendships, but
me being horrible person is nothing new anyway.
- I wish that I had a partner, but it's impossible as I am just horrible person
and autist (in bad way) and asexual (while most of rest of the world wants
only sex) and trans (which is probably the worse as that translates to "has or
has had a penis" and makes everyone misinterpred me as being male or being
unable to think me as a girl). I don't sleep propery at nights thinking these
things and I just cannot get out and as said Kymenlaakso is unable to help.

161
blog/_posts/2015-06-22-ipv6.md
View File

@ -12,10 +12,11 @@ lang: en
robots: noai
---
_There appears to be a lot of confusion on IPv6 and in this post I try to
clear it a little._
_There appears to be a lot of confusion on IPv6 and in this post I try to clear
it a little._
I am writing this post, because [TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
I am writing this post, because
[TorrentFreak wrote about buggy µTorrent and suggests disabling IPv6 because of it.](https://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/)
The comments of that post are also totally lost.
<!-- editorconfig-checker-disable -->
@ -41,17 +42,16 @@ The comments of that post are also totally lost.
## IPv4
It's probably best to start with what is wrong with IPv4 and note that all
modern operating systems (including Windows Vista and newer) are designed
to work with IPv6 and disabling it may break some features.
modern operating systems (including Windows Vista and newer) are designed to
work with IPv6 and disabling it may break some features.
There are no IPv4 addresses for everyone and that is why we have NATs in
routers so we only have one IPv4 address facing the internet. That isn't
enough either so ISPs started having their own NATs too known as CGN
(Carrier Grade NAT) putting _a lot_ of customers behind single IPv4
address.
There are no IPv4 addresses for everyone and that is why we have NATs in routers
so we only have one IPv4 address facing the internet. That isn't enough either
so ISPs started having their own NATs too known as CGN (Carrier Grade NAT)
putting _a lot_ of customers behind single IPv4 address.
This means that if someone on the same ISP abused your favourite service
X\*, all users behind that IPv4 address get banned.
This means that if someone on the same ISP abused your favourite service X\*,
all users behind that IPv4 address get banned.
<em>\*X = Wikipedia, your favourite forum or IRC network or whatever</em>.
@ -60,59 +60,57 @@ connecting from single address and it can also increase latencies).
## IPv6
IPv6, again, is next version of the Internet Protocol and has enough
addresses for all your devices and you don't need NAT anymore so you don't
have to do port forwards (which didn't help you behind CGN anyway) anymore.
IPv6, again, is next version of the Internet Protocol and has enough addresses
for all your devices and you don't need NAT anymore so you don't have to do port
forwards (which didn't help you behind CGN anyway) anymore.
People have weird worries with it and many misunderstandings on privacy
concerns.
### EUI-64-addresses
EUI-64-addresses are based on your MAC-address and a lot of people seem to
be worried about how they can be used for spying on you as you go through
different networks (phone, laptop).
EUI-64-addresses are based on your MAC-address and a lot of people seem to be
worried about how they can be used for spying on you as you go through different
networks (phone, laptop).
This is an unrequired concern though as IPv6 privacy extensions should
exist with all IPv6 capable systems (again including Windows which seems
to be what people worry about the most). The privacy extensions generate
a random IPv6 address which has no MAC-address and is changed over time.
This is an unrequired concern though as IPv6 privacy extensions should exist
with all IPv6 capable systems (again including Windows which seems to be what
people worry about the most). The privacy extensions generate a random IPv6
address which has no MAC-address and is changed over time.
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change
it every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`)
and I believe it also gets changed by reconnecting to network or rebooting
the system.
Arch Linux and Ubuntu MATE (and other Linux distributions?) seem to change it
every 24 hours (controlled by `net.ipv6.conf.default.temp_prefered_lft`) and I
believe it also gets changed by reconnecting to network or rebooting the system.
On your IPv6-enabled system you should see three addresses:
- EUI-64-address where you see your MAC-address clearly, it just exists and
isn't used in outgoing connections so no one knows it unless you decide
to tell them.
isn't used in outgoing connections so no one knows it unless you decide to
tell them.
- Privacy (extensions) address which is random and used for all outgoing
connections and it changes every few hours. You might see multiple of
these as the old privacy addresses are still kept for some time, but no
outgoing connections is made with them.
connections and it changes every few hours. You might see multiple of these as
the old privacy addresses are still kept for some time, but no outgoing
connections is made with them.
- Link-local address you see even without global IPv6 connectivity as every
IPv6-supporting system generates them automatically. They start with
`fe80` and only work in your LAN. It also has your MAC-address visible.
IPv6-supporting system generates them automatically. They start with `fe80`
and only work in your LAN. It also has your MAC-address visible.
If you are still worried about the MAC-address being visible, you can
easily confirm that no one sees it by going to
[ipv6-test.com](https://ipv6-test.com), looking at "IPv6 connectivity" and
check the test that says "SLAAC". If it says "No" your EUI-64-address
is not used, if it says "Yes" they are used and it should never say "Yes".
You will probably understand that it's not supposed to say "Yes" as getting
"Yes" in that test decreases your score.
If you are still worried about the MAC-address being visible, you can easily
confirm that no one sees it by going to [ipv6-test.com](https://ipv6-test.com),
looking at "IPv6 connectivity" and check the test that says "SLAAC". If it says
"No" your EUI-64-address is not used, if it says "Yes" they are used and it
should never say "Yes". You will probably understand that it's not supposed to
say "Yes" as getting "Yes" in that test decreases your score.
#### Windows IPv6 address randomization
Windows which you shouldn't worry about makes you worry even less by being
annoying and randomizing all addresses (even if there is no need because
you have IPv6 privacy extensions) and this probably causes you a headache
if you are running Windows Server or dual-booting with some other OS.
annoying and randomizing all addresses (even if there is no need because you
have IPv6 privacy extensions) and this probably causes you a headache if you are
running Windows Server or dual-booting with some other OS.
When you dual-boot, you might wonder why even the EUI-64-address is
different on Windows and Linux/OS X/whatever.
When you dual-boot, you might wonder why even the EUI-64-address is different on
Windows and Linux/OS X/whatever.
This is easy to fix though, open cmd.exe or PowerShell as admin and run:
@ -123,14 +121,13 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
##### Disabling privacy extensions
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE
MOVED ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE
DOES SEE YOUR MAC-ADDRESS.**
**YOU DON'T WANT TO DO THIS UNLESS YOUR PC IS A SERVER AND WON'T EVER BE MOVED
ANYWHERE. BY DOING THIS THE EUI-64-ADDRESS GETS USED AND EVERYONE DOES SEE YOUR
MAC-ADDRESS.**
As I am talking so much about privacy extensions, I must probably tell
that you can disable them if you want. I have no idea if that is possible
with OS X so I don't say anything about it, I only know that it uses them
by default.
As I am talking so much about privacy extensions, I must probably tell that you
can disable them if you want. I have no idea if that is possible with OS X so I
don't say anything about it, I only know that it uses them by default.
Windows: start by disabling the randomization and then
@ -139,18 +136,16 @@ netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
```
Linux: check NetworkManager connection editor (or config files of whatever
you use) or use the kernel option directly in `/etc/sysctl.conf` or
preferably `/etc/sysctl.d/<whatever>.conf`:
`net.ipv6.conf.default.use_tempaddr=0`.
Linux: check NetworkManager connection editor (or config files of whatever you
use) or use the kernel option directly in `/etc/sysctl.conf` or preferably
`/etc/sysctl.d/<whatever>.conf`: `net.ipv6.conf.default.use_tempaddr=0`.
The numbers you can use here are:
- 0 — IPv6 Privacy Extensions are disabled.
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is
preferred.**
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually
the default and what you should use.
- 1 — IPv6 Privacy Extensions are enabled, but **EUI-64-address is preferred.**
- 2 — IPv6 Privacy Extensions are enabled and preferred. This is usually the
default and what you should use.
### Getting IPv6
@ -158,22 +153,22 @@ For native connectivity I only know about Finland (links in the list in
Finnish)…
- [IPv6 in Finnish consumer connections](https://ape3000.com/ipv6/)
- At the time of writing Elisa and DNA which are two of three biggest
carriers (Sonera is missing) have IPv6 in all mobile connections, DNA
has IPv6 also in broadband connections and Elisa is working on it
and Sonera has 6rd.
- At the time of writing Elisa and DNA which are two of three biggest carriers
(Sonera is missing) have IPv6 in all mobile connections, DNA has IPv6 also
in broadband connections and Elisa is working on it and Sonera has 6rd.
- [Elisa's page on enabling IPv6](https://asiakastuki.elisa.fi/ohje/541)
- [DNA's page on IPv6](https://www.dna.fi/ipv6)
- [DNA's instructions for enabling IPv6 on different devices](https://www.dna.fi/ipv6-laitteet)
- [Sonera's page on IPv6 that is worse than earlier ones](https://www.sonera.fi/etsi+apua+ja+tukea/ohjeet/Soneran-palvelut-IPv6-valmiita?id=c4779f91-dd1c-4e43-b026-b2e6338d0db1)
…but I can suggest searching the web for `yourISP IPv6` and contacting
their customer support asking when they are going to enable IPv6.
…but I can suggest searching the web for `yourISP IPv6` and contacting their
customer support asking when they are going to enable IPv6.
For tunneling there are multiple services for tunneling and the best are
[SixXS] and [Tunnelbroker], but I am going to talk more about Teredo which
the protocol of last resort for accessing IPv6 sites and Windows comeswith it by default. The easiest way to enable it is probably saving the
following as `something.reg` and running it:
For tunneling there are multiple services for tunneling and the best are [SixXS]
and [Tunnelbroker], but I am going to talk more about Teredo which the protocol
of last resort for accessing IPv6 sites and Windows comeswith it by default. The
easiest way to enable it is probably saving the following as `something.reg` and
running it:
[sixxs]: https://www.sixxs.net/
[tunnelbroker]: https://tunnelbroker.net/
@ -195,25 +190,25 @@ Short explanation:
- Enable looking up IPv6 records even with Teredo
- Enable Teredo…
- …even if we are in domain
- use teredo.trex.fi as Teredo server, you might want to use some server
that is [closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
- use teredo.trex.fi as Teredo server, you might want to use some server that is
[closer to you](https://en.wikipedia.org/wiki/Teredo_tunneling#Servers).
Linux: install package `miredo` and edit the server in `/etc/miredo.conf`
if needed.
Linux: install package `miredo` and edit the server in `/etc/miredo.conf` if
needed.
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect
your Teredo connectivity. Some browsers don't even attempt to use it, at
least I think Google Chrome did so.
And then check [ipv6-test.com](https://ipv6-test.com) and it should detect your
Teredo connectivity. Some browsers don't even attempt to use it, at least I
think Google Chrome did so.
## Further reading
- [Wikipedia's page on IPv6](https://en.wikipedia.org/wiki/IPv6)
- [Wikipedia's page on Teredo](https://en.wikipedia.org/wiki/Teredo_tunneling)
- [Microsoft Technet: A 5 Second Boot Optimization If Youve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF](https://blogs.technet.com/b/askpfeplat/archive/2014/09/15/a-5-second-boot-optimization-if-you-ve-disabled-ipv6-on-windows-client-and-server-by-setting-disabledcomponents-to-0xffffffff.aspx)
- TL;DR: depending on how you disabled IPv6 your boot might be 5
seconds less and Microsoft discourages disabling it and they don't
test working without IPv6. Disabling IPv6 breaks e.g. HomeGroup.
- TL;DR: depending on how you disabled IPv6 your boot might be 5 seconds less
and Microsoft discourages disabling it and they don't test working without
IPv6. Disabling IPv6 breaks e.g. HomeGroup.
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking that I
don't write total nonsense here and all the fixes made and also @e-ali for
checking for spelling mistakes._
_Special thanks to people of `ircs://irc.libera.chat:6697/#IPv6` for checking
that I don't write total nonsense here and all the fixes made and also @e-ali
for checking for spelling mistakes._

134
blog/_posts/2015-06-29-minusta.md
View File

@ -8,9 +8,9 @@ redirect_from: /finnish/2015/06/29/minusta.html
published: false
---
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä
ja olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista
tulen nyt taas kertoman._
_Olen 19-vuotias transsukupuolinen nainen, minulla on Aspergerin oireyhtymä ja
olen aseksuaali. Tämä aiheuttaa minulle kaikenlaisia ongelmia, joista tulen nyt
taas kertoman._
Yritetäämpä kirjoittaa suomeksikin välillä, mutta tuskin tämäkään vaikuttaa
mihinkään, tunnen vain kirjoittavani huonommin ja huonovointisuuteni vuoksi
@ -20,83 +20,81 @@ Asun Kotkassa ja olen aina asunut täällä. Olin koulukiusattu tarhasta asti
johtuen erilaisuudestani ja "terveydenhuollon ammattilaiset" tutkivat
poikkeavuuttani.
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja
useiden muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko
sanaa silloin) kuulin vihdoinkin Aspergerin oireyhtymästä ja olevani
ilmiselvä tapaus ja että tämä olisi pitänyt selvittää ajat sitten ja nämä
kaikki piirteet olivat tiedossa jo pikkulapsena, mutta asiantuntijat
eivät osanneet yhdistää niitä toisiinsa.
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt
_koulukuraattorin_ diagnoosi "skitsofrenia", vaikkei koulukuraattori
pysty diagnooseja kirjoittamaan, mutta oppilasta on paljon helpompi sanoa
mielisairaaksi, kuin hyväksyä koulussa olevaa kiusaamista.
Kuitenkin vasta 15-vuotiaana yritettyäni itsemurhaa koulukiusaamisen ja useiden
muiden ongelmien (mm. dysforian, vaikken tuntenutkaan koko sanaa silloin) kuulin
vihdoinkin Aspergerin oireyhtymästä ja olevani ilmiselvä tapaus ja että tämä
olisi pitänyt selvittää ajat sitten ja nämä kaikki piirteet olivat tiedossa jo
pikkulapsena, mutta asiantuntijat eivät osanneet yhdistää niitä toisiinsa.
Loistava esimerkki Kotkan toimivuudesta on tätä edeltänyt _koulukuraattorin_
diagnoosi "skitsofrenia", vaikkei koulukuraattori pysty diagnooseja
kirjoittamaan, mutta oppilasta on paljon helpompi sanoa mielisairaaksi, kuin
hyväksyä koulussa olevaa kiusaamista.
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena
lukuisien itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin
sukupuoli-identiteetin tutkimuspoliklinikalle.
Seuraava koulu, lisää kiusaamista ja tulen ulos transsukupuolisena lukuisien
itsemurhayritysten jälkeen. Saan lähetteen Helsinkiin sukupuoli-identiteetin
tutkimuspoliklinikalle.
Ensin tapaan sairaanhoitajaa kahden viikon välein muutaman kerran, odotan
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten
seuraavaa. Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman
lääkärin valvontaa _vuoden_ ennen virallista diagnoosia ja reseptiä.
seuraavaa aikaa lääkärille/psykologille monta kuukautta ja sitten seuraavaa.
Lopputulos: olen vuoden hormonikorvaushoidossa itse, ilman lääkärin valvontaa
_vuoden_ ennen virallista diagnoosia ja reseptiä.
Pelkään kehittäneeni [estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen
itsetuhoinen. Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa
ellen sitten joudu menemään jollekin sovitulle ajalle tai
vertaistukiryhmään, koska pelkään näkeväni entisiä koulukiusaajia, jotka
laukaisevat minulle kovan ahdistuksen.
Pelkään kehittäneeni
[estyneen persoonallisuuden](https://en.wikipedia.org/wiki/Avoidant_personality_disorder)
kaiken minulle tapahtuneen seurauksena, olen valmistunut ja olen itsetuhoinen.
Olen myöskin vailla psykiatrista hoitoa. En liiku ulkonaa ellen sitten joudu
menemään jollekin sovitulle ajalle tai vertaistukiryhmään, koska pelkään
näkeväni entisiä koulukiusaajia, jotka laukaisevat minulle kovan ahdistuksen.
Terveydenhuollosta puhuin jo aiemmin, nyt tarkennan sitä lisää. Olen ollut
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään,
olen aina vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla
kesäloman ja vähän enemmän, koska psykologi oli lomalla eikä voinut
antaa palautettaan tutkimuksestaan ja (perustelemattoman) käytännön vuoksi
kukaan muu ei sitä voinut tehdä.
psykiatrisessa sairaalassa useita kertoja hyötymättä siitä mitenkään, olen aina
vain ollut siellä säilössä jonkin aikaa, ensimmäisellä kerralla kesäloman ja
vähän enemmän, koska psykologi oli lomalla eikä voinut antaa palautettaan
tutkimuksestaan ja (perustelemattoman) käytännön vuoksi kukaan muu ei sitä
voinut tehdä.
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle
melko suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
Viimeisellä kerralla taas psykiatrisessa sairaalassa kerrottiin minulle melko
suoraan "olet psykoottinen, koska kuvittelet olevasi tyttö".
Tämä ei tosin ole mitään harvinaislaatuista Kotkassa, olen myös ollut
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin
selväksi, että valmentaja on _oikea nainen_, minä en, jatkuvasti.
autismisäätiöllä neurologisessa valmennuksessa, missä minulle tehtiin selväksi,
että valmentaja on _oikea nainen_, minä en, jatkuvasti.
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle
jokin lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani.
Olin pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen
kuukauteen ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi
selittämään puhelimeen miten "tänne tuli tälläinen 1X-vuotias poika"...
Somattisella (ei-psykiatrisella) puolella taas kerran piti hakea Kelalle jokin
lääkärinlausunto ja lääkäri oli aivan hukassa mitä tehdä kanssani. Olin
pukeutunut hameeseen ja minulla oli huulipunaa eikä kukaan moneen kuukauteen
ollut erehtynyt sukupuolestani ja lääkäri sitten alkoi selittämään puhelimeen
miten "tänne tuli tälläinen 1X-vuotias poika"...
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan
pidä paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella
poliklinikalla. Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä
höpöttää jotakin omiaan, eikä kiinnitä mitään huomiota minuun tai
ongelmiini eikä ole yhtään kiinnostunutkaan niistä. Asiantuntemus puuttuu
täysin. Edellisellä kerralla yritin kysyä onko mahdollista, että minulla
olisi aiemmin mainittu AvPD, mutta siihenkään ei voinut saada minkäänlaista
vastausta, työntekijä vain luki lausuntoja "kuvittelee olevansa tyttö,
psykoottinen"-lääkäriltä ja lähti kesälomalle.
Aiemmin sanoin olevani vailla psykiatrista hoitoa. Tämä ei oikeastaan pidä
paikaansa, koska minä olen avohoidossa Kotkan psykiatrisella poliklinikalla.
Tämä tarkoittaa Suomeksi sitä, että siellä työntekijä höpöttää jotakin omiaan,
eikä kiinnitä mitään huomiota minuun tai ongelmiini eikä ole yhtään
kiinnostunutkaan niistä. Asiantuntemus puuttuu täysin. Edellisellä kerralla
yritin kysyä onko mahdollista, että minulla olisi aiemmin mainittu AvPD, mutta
siihenkään ei voinut saada minkäänlaista vastausta, työntekijä vain luki
lausuntoja "kuvittelee olevansa tyttö, psykoottinen"-lääkäriltä ja lähti
kesälomalle.
Entä nyt?
Olen valmistunut eli minua ei sitoisi mikään Kotkaan ellen olisi
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta
minulla on miehen henkilötunnus, joten minut merkittäisiin jokaiseen
tietokantaan miehenä ja koulun nimilistat laittaisivat minut miesten
keskelle.
transsukupuolinen. Haluaisin hakea jatko-opintoihin Helsinkiin, mutta minulla on
miehen henkilötunnus, joten minut merkittäisiin jokaiseen tietokantaan miehenä
ja koulun nimilistat laittaisivat minut miesten keskelle.
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus
vanhalla henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
Muuttaessa minun täytyisi taas tehdä ainakin vuokra-sopimus vanhalla
henkilötunnuksella ja jos vuokranantaja ei osaisi lukea sukupuolta
henkilötunnuksesta, hän alkaisi ihmettelemään henkilötunnuksen vaihtumista.
No miksen minä korjaa henkilötunnusta?
- Lyhyt vastaus: minulla ei ole ihmisoikeuksia siihen.
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa,
jonne tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden
vastakkaisen sukupuolin roolissa</s>vuoden diagnoosista jälkeen.
Tämän lähetteen käsittelyyn ja ajan saamiseen *second opinion*iin taas
kestää vähintään puolivuotta.
- Pitkä vastaus: sukupuoli vahvistetaan juridisesti *second opinion*issa, jonne
tutkimusyksikkö kirjoittaa lähetteen <s>henkilön edettyä vuoden vastakkaisen
sukupuolin roolissa</s>vuoden diagnoosista jälkeen. Tämän lähetteen
käsittelyyn ja ajan saamiseen *second opinion*iin taas kestää vähintään
puolivuotta.
Pientä aikajanaa:
@ -105,19 +103,17 @@ Pientä aikajanaa:
Facebookissa.
- 2013-12-30 aloitin hormonikorvaushoidon itse
- 2014-03-20 vaihdoin nimeni virallisesti
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain
todistusta sukupuolen tutkimuksessa olemisesta, yleensä tähän
vaaditaan diagnoosi. Lainasin myös Amnestyn raporttia transihmisten
ihmisoikeuksista.
- tämä vaatii todella hyvän tuurin, koska minulta vaadittiin vain todistusta
sukupuolen tutkimuksessa olemisesta, yleensä tähän vaaditaan diagnoosi.
Lainasin myös Amnestyn raporttia transihmisten ihmisoikeuksista.
- 2014-12-XX sain diagnoosin ja aloitin hormonit virallisesti
TL;DR: en pysty liikkuman ulkona Kotkassa, minulle ei tarjota ammattimaista
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni
virallista vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden
2016 aikana.
terveyden huoltoa enkä pysty muuttamaan pois täältä ennen sukupuoleni virallista
vahvistamista, joka taas tapahtuu hyvällä tuurilla vuoden 2016 aikana.
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI
KOVIN TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ
LAILLISESTA KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
**TIEDÄN ETTÄ TÄMÄ ARTIKKELI KUULOSTAA HULLULTA, MUTTA EN KOE OLEVANI KOVIN
TERVE SUOMEN TAKIA JA ITSEMURHA ON MINULLE AINOA TIE ULOS TÄSTÄ LAILLISESTA
KIDUTUKSESTA SUKUPUOLI/NEUROLOGISIA VÄHEMMISTÖJÄ KOHTAAN!**
_[Katso myös muut kirjoitukseni elämästäni englanniksi]({{ site.url }}/about#life)_

41
blog/_posts/2015-07-28-stagefright.md
View File

@ -8,13 +8,13 @@ redirect_from: /finnish/2015/07/28/stagefright.html
published: false
---
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa
etänä. Lue lisää [Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
_Stagefright on haavoittuvuus Androidissa, jolla haittakoodia voi ajaa etänä.
Lue lisää
[Viestintävirasto Haavoittuvuus 067/2015](https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-067.html)_
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa,
kuinka rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi
asia tarkemmin ja se olisi mahdollisesti ollut järkevämpää kirjoittaa
tänne suoraan.
Valitin aluksi Facebook-seinälläni Viestintäviraston unohtaneen kertoa, kuinka
rajoittaminen tapahtuu käytännössä ja myöhemmin minulle selvisi asia tarkemmin
ja se olisi mahdollisesti ollut järkevämpää kirjoittaa tänne suoraan.
Tähän on kaksi minun tuntemaani tapaa
@ -22,16 +22,15 @@ Tähän on kaksi minun tuntemaani tapaa
1. Avaa `Viestitys`
2. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Asetukset.
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta
"Automaattinouto".
3. Mene valikkoon Multimediaviesti ja poista rasti ruudusta "Automaattinouto".
## MMS APN-osoitteen poistaminen
Freenodessa (nykyisin Libera.Chat:issa) kanavalla `#vapaakoodi` mentiin
pidemmälle ja poistettiin koko multimediaviestien APN-osoite.
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet
määritä APN-osoitetta uudelleen.**
**VAROITUS: Et tämän jälkeen voi vastaanottaa multimediaviestejä ellet määritä
APN-osoitetta uudelleen.**
1. Avaa Asetukset.
2. Verkot välilehdellä valitse "Jakaminen & Verkkoyhteydet".
@ -41,9 +40,9 @@ määritä APN-osoitetta uudelleen.**
6. Paina kolmen päällekkäisen pisteen kuvaa ja valitse Poista APN.
Samasta paikasta löytyy myös toinen kiinnostava asetus internet-yhteyden
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6
käyttöön. Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen
mobiilidata tulee katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
käyttöön liittyvästä APN:stä, APN-Protokolla, jolla voidaan ottaa IPv6 käyttöön.
Se pitäisi olla IPv4/IPv6 ja asetuksen vaihtamisen jälkeen mobiilidata tulee
katkaista ja ottaa uudelleen käyttöön. Lisätietoja:
- [Elisan IPv6-ohjeet](https://elisa.fi/ipv6)
- [DNA:n IPv6-laiteohjeet](https://dna.fi/ipv6-laitteet)
@ -60,11 +59,13 @@ Nämä valikot on tarkistettu pikkuveljeni puhelimella.
- MMS APN: "Sonera MMS"
- APN-osoite `wap.sonera.fi`
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta
käyttöön ja ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii
kuitenkin normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi,
IPv4/IPv6:ksi, koska jos se ei ole tuettu, puhelin yrittää APN-protokollaa
IPv4._
_Tele Finland ja Sonera eivät muuten vieläkään ole saaneet IPv6:tta käyttöön ja
ovat ainoat opraattorit Suomessa ilman sitä. Verkko toimii kuitenkin
normaalisti, vaikka APN-protokollan vaihtaisi valmiiksi, IPv4/IPv6:ksi, koska
jos se ei ole tuettu, puhelin yrittää APN-protokollaa IPv4._
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta toimintaan ja sama pätee kai Soneraan.
Pikkuveljen puhelimessa APN:t ovat "Sonera" (käytetään internetiin
APN-osoitteella "internet") ja Sonera MMS (multimediaviestit, APN wap.sonera.net
). Puhelin on LG Sprit LTE Android-versiolla 5.0.1. Operaattori taas on Tele
Finland, joka ei ymmärtääkseni vieläkään ole saanut itselleen IPv6:tta
toimintaan ja sama pätee kai Soneraan.

139
blog/_posts/2015-09-19-atheme-quickstart.md
View File

@ -14,71 +14,72 @@ redirect_from:
- /english/2015/09/19/atheme-quickstart.html
---
Atheme IRC Services is the most used IRC service package. However many
people have difficulties with registering a channel and then managing
it, which I attempt to help with here. I start by explaining NickServ
registration (and as a bonus HostServ) and then move to channel
management and you just cannot talk about that without mentioning
GroupServ too...
Atheme IRC Services is the most used IRC service package. However many people
have difficulties with registering a channel and then managing it, which I
attempt to help with here. I start by explaining NickServ registration (and as a
bonus HostServ) and then move to channel management and you just cannot talk
about that without mentioning GroupServ too...
## NickServ
You won't be able to do anything unless you register your nick. This is
as easy as `/msg nickserv register PASSWORD someone@example.net`.
You won't be able to do anything unless you register your nick. This is as easy
as `/msg nickserv register PASSWORD someone@example.net`.
Depending on Atheme configuration on the IRC network you are using, you
must verify your email by checking it and copy-pasting the command which
starts with `/msg NickServ verify register` to NickServ.
Depending on Atheme configuration on the IRC network you are using, you must
verify your email by checking it and copy-pasting the command which starts with
`/msg NickServ verify register` to NickServ.
In case you wish to have multiple nicks in the same account, that is also
easy, just `/nick AltNick` and `/msg nickserv group`. You can see nicks
you have by using `/msg nickserv info yournick` (other people (except IRC
operators) cannot see that part).
In case you wish to have multiple nicks in the same account, that is also easy,
just `/nick AltNick` and `/msg nickserv group`. You can see nicks you have by
using `/msg nickserv info yournick` (other people (except IRC operators) cannot
see that part).
Now you should be successfully identified and should configure automatic
identification, I cannot help with it so much, but I can point you to
beginning:
identification, I cannot help with it so much, but I can point you to beginning:
- [liberachat's SASL instructions](https://libera.chat/guides/sasl)
- [My instructions for SASL with WeeChat]({% post_url blog/2015-03-26-weechat-sasl-simply %})
- [Searx YOURCLIENTHERE SASL](https://search.disroot.org/?q=YOURCLIENTHERE+SASL)
- IRCCloud: edit network and go to advanced settings and you will see box
for NickServ password.
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure
that you specified a nick that is grouped to your account.
- IRCCloud: edit network and go to advanced settings and you will see box for
NickServ password.
- KiwiIRC: Check "I have a password" and type your passsword there. Ensure that
you specified a nick that is grouped to your account.
- Matrix: in the admin room (direct chat with the appservice-irc), say
`!storepass password` to have the password send with PASS on connect.
In case of liberachat use `!storepass nick:password` and/or see more
information at [matrix-appservice-irc wiki].
`!storepass password` to have the password send with PASS on connect. In case
of liberachat use `!storepass nick:password` and/or see more information at
[matrix-appservice-irc wiki].
- [IRC networks with Matrix bridge]
- [Matrix bridge end-user FAQ register/identify section]
[matrix-appservice-irc wiki]: https://github.com/matrix-org/matrix-appservice-irc/wiki/
[irc networks with matrix bridge]: https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
[matrix bridge end-user faq register/identify section]: https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
[matrix-appservice-irc wiki]:
https://github.com/matrix-org/matrix-appservice-irc/wiki/
[irc networks with matrix bridge]:
https://github.com/matrix-org/matrix-appservice-irc/wiki/Bridged-IRC-networks
[matrix bridge end-user faq register/identify section]:
https://github.com/matrix-org/matrix-appservice-irc/wiki/End-user-FAQ#how-do-i-registeridentify-to-nickserv
## HostServ
In case the network you are on has HostServ, you can get vhosts with it.
Vhosts appear in place of your real host/cloaked host, but
In case the network you are on has HostServ, you can get vhosts with it. Vhosts
appear in place of your real host/cloaked host, but
[won't hide your IP](https://gist.github.com/maxteufel/1e2cf7ada079c271bd3c).
There are two ways to get a vhost, take one that is offered to everyone or
request something.
- Check `/msg hostserv offerlist` and if you see something you like, you
can enable it with e.g. `/msg hostserv take $user.irc.example.net` and
running `/msg hostserv on`.
- Use `/msg nickserv request blah` and when you receive message telling you
that your requested vhost has been approved use `/msg hostserv on`.
- Check `/msg hostserv offerlist` and if you see something you like, you can
enable it with e.g. `/msg hostserv take $user.irc.example.net` and running
`/msg hostserv on`.
- Use `/msg nickserv request blah` and when you receive message telling you that
your requested vhost has been approved use `/msg hostserv on`.
## ChanServ
And finally to the topic which seems to be the most difficult, channel
(access) management.
And finally to the topic which seems to be the most difficult, channel (access)
management.
First register the channel with `/msg ChanServ register #channel` while
you are opped. Now you are free to setup the channel as you wish.
First register the channel with `/msg ChanServ register #channel` while you are
opped. Now you are free to setup the channel as you wish.
I use the following templates, so I can e.g.
`/msg chanserv flags #channel someone op` instead of
@ -86,60 +87,60 @@ I use the following templates, so I can e.g.
network defaults that you can see with `/msg chanserv template`.
_This is a bash scripts which is ran like `./cstemplate #channel` and
copy-pasted to ChanServ. It basically allows ops to do everything they
could do anyway by being opped using services and "trusted users" have
became regulars on channels I am on. If a flag doesn't exist on the network
you are on, Atheme will just silently ignore it._
copy-pasted to ChanServ. It basically allows ops to do everything they could do
anyway by being opped using services and "trusted users" have became regulars on
channels I am on. If a flag doesn't exist on the network you are on, Atheme will
just silently ignore it._
**You should see my cstemplate script here, but the embedding isn't
working, to see it [please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
**You should see my cstemplate script here, but the embedding isn't working, to
see it
[please click here to go to the GitHub instance of it](https://github.com/Mikaela/gist/blob/master/irc/atheme/cstemplate).**
Another example using my templates would be `/msg ChanServ flags #channel !channel-ops op` which would give op permissions above to users in the
!channel-ops group.
Another example using my templates would be
`/msg ChanServ flags #channel !channel-ops op` which would give op permissions
above to users in the !channel-ops group.
## GroupServ
I mentioned groups a little earlier and now I am returning to them. They
are a way to manage flags of group of users very easily by having
all users in the group and just setting flags to the group instead of
invidual users.
I mentioned groups a little earlier and now I am returning to them. They are a
way to manage flags of group of users very easily by having all users in the
group and just setting flags to the group instead of invidual users.
_GroupServ is undervalued service and it might not be surprising if it's
missing from your network :(_
_GroupServ is undervalued service and it might not be surprising if it's missing
from your network :(_
Start by creating your group `/msg groupserv register !blah` (you might
want to register a more descriptive name).
Start by creating your group `/msg groupserv register !blah` (you might want to
register a more descriptive name).
Next, as in this example this group is going to be op #somewhere we close
the group: `/msg groupserv set !group open off`.
Next, as in this example this group is going to be op #somewhere we close the
group: `/msg groupserv set !group open off`.
Now there are only two tasks left, making the group op and adding ops
there:
Now there are only two tasks left, making the group op and adding ops there:
- `/msg chanserv flags #channel !blah op`
- where `op` can still be replaced with `aop` if you are following
Atheme defaults or some other template you created or your own
set of flags.
- where `op` can still be replaced with `aop` if you are following Atheme
defaults or some other template you created or your own set of flags.
- `/msg groupserv flags !blah user +c`
- Repeat as many times as you have ops, to remove ops you simply remove
their `-c` flag or all flags (`-*`). You will also want to read
- Repeat as many times as you have ops, to remove ops you simply remove their
`-c` flag or all flags (`-*`). You will also want to read
`/msg groupserv help flags` as there is more than I said here.
## Futher reading
- [Always add opers to access list (this is the $oper in my templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
- [Always add opers to access list (this is the $oper in
my
templates)]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
- oops, did I just repeat previous post
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
- especially read this if you are at liberachat or wondering why you
don't get automatically opped after registering the channel and
cycling while being identified!
- especially read this if you are at liberachat or wondering why you don't get
automatically opped after registering the channel and cycling while being
identified!
- `/msg NickServ help`
- `/msg NickServ help set`
- especially worth taking a look at: `emailmemos` & `enforce`
- `/msg ChanServ help`
- `/msg ChanServ help set`
- especially worth taking a look at: `guard`, `keeptopic`,
`verbose`
- especially worth taking a look at: `guard`, `keeptopic`, `verbose`
- `/msg ChanServ help flags`
- what flags are available, what they do and managing them.
- `/msg ChanServ help template`

35
blog/_posts/2015-10-09-arch-reflector.md
View File

@ -12,14 +12,16 @@ redirect_from:
- /english/2015/10/09/arch-reflector.html
---
_Reflector is a tool that checks the most recently upgraded Arch Linux
mirrors and ranks them by speed and saves them to your mirrorlist._
_Reflector is a tool that checks the most recently upgraded Arch Linux mirrors
and ranks them by speed and saves them to your mirrorlist._
**This is largely based on [ArchWiki page on reflector] which is licensed
in [GNU Free Documentation License 1.3 or later].**
**This is largely based on [ArchWiki page on reflector] which is licensed in [GNU
Free
Documentation License 1.3 or later].**
[archwiki page on reflector]: https://wiki.archlinux.org/index.php/Reflector
[gnu free documentation license 1.3 or later]: https://www.gnu.org/copyleft/fdl.html
[gnu free documentation license 1.3 or later]:
https://www.gnu.org/copyleft/fdl.html
TL;DR commands:
@ -34,18 +36,19 @@ sudo pacman -Syu
(end of TL;DR and what you actually do)
1. Install reflector itself, additional depedency of rsync to rank the
mirrors by speed, and curl which you use in the second command
1. Install reflector itself, additional depedency of rsync to rank the mirrors
by speed, and curl which you use in the second command
2. to download my reflector.service
- differences to Arch Wiki version: requires network-online.target
so you don't have to enable any wait-online services and uses only
https mirrors.
- differences to Arch Wiki version: requires network-online.target so you
don't have to enable any wait-online services and uses only https mirrors.
3. enable the service so it's ran on boot
4. start it now so it checks the most recently updated mirrors and
saves them to mirrorlist.
4. start it now so it checks the most recently updated mirrors and saves them to
mirrorlist.
5. Check for updates & install them.
Do check the service itself at https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service !
Do check the service itself at
https://github.com/Mikaela/shell-things/raw/master/etc/systemd/system/reflector.service
!
Bonus: edit `/etc/pacman.conf` and add the line:
@ -53,6 +56,6 @@ Bonus: edit `/etc/pacman.conf` and add the line:
NoExtract = etc/pacman.d/mirrorlist
```
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:**
it's intented to be `etc/pacman.d/mirrorlist` without the initial `/`,
because it's _relative_, not _absolute_, path.
so when you upgrade you won't get useless mirrorlist.pacnew file. **NOTE:** it's
intented to be `etc/pacman.d/mirrorlist` without the initial `/`, because it's
_relative_, not _absolute_, path.

52
blog/_posts/2015-10-17-archlinux_change_login_dm.md
View File

@ -11,32 +11,32 @@ redirect_from:
sitemap: false
---
_Also applies to other distributions based on it, how do you change
the display manager, aka login screen._
_Also applies to other distributions based on it, how do you change the display
manager, aka login screen._
- `--needed` makes pacman not install packages that are already installed.
- uncommented line = line that doesn't begin with `#`.
- to change DM you don't need to reboot, you can also
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this
logs you out.
- my personal recommendation is using LightDM if it works for you,
otherwise sddm. I personally use LightDM, because sddm is missing
support for `sudo passwd -de user` [sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
`sudo systemctl stop olddm` and `sudo systemctl start newdm`, but this logs
you out.
- my personal recommendation is using LightDM if it works for you, otherwise
sddm. I personally use LightDM, because sddm is missing support for
`sudo passwd -de user`
[sddm/sddm#472](https://github.com/sddm/sddm/issues/472)
## LightDM gtk greeter
- `sudo pacman --needed -S lightdm lightdm-gtk-greeter accountsservice numlockx`
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line
that starts with `greeter-session=` and change it to
Edit the file `/etc/lightdm/lightdm.conf` and find the uncommented line that
starts with `greeter-session=` and change it to
`greeter-session=lightdm-gtk-greeter`.
If you have keyboard with [numpad] you might want to enable Num Lock by
default by finding the uncommented line starting with
`greeter-setup-script=` and changing it to
`greeter-setup-script=/usr/bin/numlockx on`. If there isn't uncommented
line anywhere in the file, just uncomment one or add it under the commented
line.
If you have keyboard with [numpad] you might want to enable Num Lock by default
by finding the uncommented line starting with `greeter-setup-script=` and
changing it to `greeter-setup-script=/usr/bin/numlockx on`. If there isn't
uncommented line anywhere in the file, just uncomment one or add it under the
commented line.
Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
@ -44,8 +44,8 @@ Then enable it by running `sudo systemctl enable -f lightdm` and reboot.
- `sudo pacman --needed -S sddm`
SDDM is simple display manager for all desktop environments and is
successor of KDM which is the KDE Display Manager.
SDDM is simple display manager for all desktop environments and is successor of
KDM which is the KDE Display Manager.
To create a config file and enable it for next reboot:
@ -54,20 +54,20 @@ sddm --example-config | sudo tee /etc/sddm.conf
sudo systemctl enable -f sddm
```
The lines you might want to change are the one starting with `Nucmlock=`
and I recommend changing it to `Numlock=on` if you have the [numpad]. The
other line starts with `Current=` and is used to select the current theme.
Available themes can be seen with `ls /usr/share/sddm/themes`.
The lines you might want to change are the one starting with `Nucmlock=` and I
recommend changing it to `Numlock=on` if you have the [numpad]. The other line
starts with `Current=` and is used to select the current theme. Available themes
can be seen with `ls /usr/share/sddm/themes`.
KDE users might also want to install `sddm-kcm` which gives GUI
for controlling sddm.
KDE users might also want to install `sddm-kcm` which gives GUI for controlling
sddm.
## gdm
- `sudo pacman --needed -S gdm`
The last display manager I am mentioning is the Gnome Display Manager and
is only for Gnome users and I am not so familiar with it and I believe
using it is just `sudo systemctl enable -f gdm`.
The last display manager I am mentioning is the Gnome Display Manager and is
only for Gnome users and I am not so familiar with it and I believe using it is
just `sudo systemctl enable -f gdm`.
[numpad]: https://en.wikipedia.org/wiki/numpad

22
blog/_posts/2015-11-03-moving.md
View File

@ -8,21 +8,19 @@ redirect_from: /english/2015/11/03/moving.html
published: false
---
_As this blog is so depressing and full of Kotka, I should mention that I
moved to Lauttasaari (~5km from Helsinki centre) a few days ago._
_As this blog is so depressing and full of Kotka, I should mention that I moved
to Lauttasaari (~5km from Helsinki centre) a few days ago._
I think my biggest problems are now over. I can move outside without
issues and there are groups I can visit like HeSeta's gaymer's night where
I went on the first day here to play board games as I got friend with me.
I think my biggest problems are now over. I can move outside without issues and
there are groups I can visit like HeSeta's gaymer's night where I went on the
first day here to play board games as I got friend with me.
Getting to places is just 2€ per hour or using season from travel card and
works for all public transport. From Lauttasaari it's hopping to bus and
then changing to another bus or metro/train/tram. Metro is also coming
nearby in August when [West Metro](https://lansimetro.fi/en/home.html)
opens.
Getting to places is just 2€ per hour or using season from travel card and works
for all public transport. From Lauttasaari it's hopping to bus and then changing
to another bus or metro/train/tram. Metro is also coming nearby in August when
[West Metro](https://lansimetro.fi/en/home.html) opens.
I don't know about psychiatrical health care yet other than there will be
appointment on coming weeks about arranging it.
_This post is too short for my taste, but so was the previous one about
hau._
_This post is too short for my taste, but so was the previous one about hau._

118
blog/_posts/2015-11-21-sahkopostia-lakivaliokunnalle-translaki.md
View File

@ -10,61 +10,129 @@ locale: fi_FI
robots: noai
---
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut
vaikea kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian
myöhäistä muuttaa._
_Toivottavasti tämä viesti on edes jotenkuten järkevä, se olisi ollut vaikea
kirjoittaa ilmankin Ketipinorin vaikutusta ja sitä on nyt liian myöhäistä
muuttaa._
---
Hyvä VASTAANOTTAJA,
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa ainoastaan naimattomuusvaatimuksen.
Lakivaliokunta käsittelee ensiviikolla tasa-arvoisen avioliittolain
liitännäislakeja mukaanlukien translain, josta hallitus haluaa poistaa
ainoastaan naimattomuusvaatimuksen.
Se ei riitä, translain täytyy perustua itsemääräämisoikeuteen.
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se ei ollut virallinen nimeni.
Tulin ulos transsukupuolisena naisena keväällä/kesällä 2013 ollessani
ammattikoulussa. En uskaltanut edes pyytää opettajia tai muita oppilaita
käyttämään minusta omaa nimeäni, koska he olisivat voineet kieltäytyä, koska se
ei ollut virallinen nimeni.
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
Saatuani nimeni vaihdettua tilanne ei parantunut kovin paljon. Pystyin
korjaamaan väärää nimeä käyttäviä opettajia, mutta minulla oli yhä miehen
henkilötunnus, joka taas aiheuttaa omat vaikeutensa.
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina "Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies. Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
Kun mikä tahansa lista tulostettin tietokoneelta, miesten keskeltä löytyi aina
"Mikaela Suomalainen" eikä asialle voinut mitään, koska juridisesti olen mies.
Sama ongelma myös aivan arkisissa asioissa, hakiessani pakettia postista minun
täytyy näyttää henkilöllisyystodistusta, jossa lukee mies. Hakiessani
kirjastokorttia minut merkitään kirjaston järjestelmiin mieheksi, koska kaikkien
tietojen on oltava samat, kuin henkilöllisyystodistuksessa.
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta (jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä kaikki vain tapahtuisi alusta asti uudelleen.
Jatkoin kuitenkin koulunkäyntiä vielä jonkin aikaa ennen kuin kouluväkivalta
(jonka uhri olen ollut tarhasta asti) alkaa taas. Tällä kertaa ketään ei
kuitenkaan kiinnosta puuttua asiaan, koska en ole "normaali". Sain kuitenkin
päästötodistuksen vaikka olinkin ollut pitkään poissa koulusta, mutta en uskalla
hakea jatko-opintoihin ennnen kuin olen juridisesti nainen, koska muuten tämä
kaikki vain tapahtuisi alusta asti uudelleen.
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden kärsiä näin.
Sinulla, hyvä lakivaliokunnan jäsen, on mahdollisuus vaatia
itsemääräämisoikeuteen perustuvaa translakia Suomeen. Älä anna enää muiden
kärsiä näin.
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista ilman äänestystä.
Myös Suomen Keskusta kannattaa translain uudistamista. Vuoden 2014 Turussa
pidetyssä puoluekokouksessa hyväksyttiin aloite tasa-arvoisesta translaista
ilman äänestystä.
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen itsemääräämisoikeudesta uuden translain perusteeksi.
Liitän loppuun myös usean ihmisoikeusjärjestön vetoomuksen
itsemääräämisoikeudesta uuden translain perusteeksi.
16.10.2015
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen lähtökohdaksi
Ihmisoikeusjärjestöt vaativat: itsemääräämisoikeus sukupuoleen lakiuudistuksen
lähtökohdaksi
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen vahvistamiseen riittää henkilön oma ilmoitus.
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä uudistetaan
avioliittolain muutoksen yhteydessä. Me allekirjoittaneet ihmisoikeusjärjestöt
vaadimme kyseisen translain uudistamista siten, että sukupuolen juridiseen
vahvistamiseen riittää henkilön oma ilmoitus.
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus, lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan ihmisoikeuslähtöiseksi.
Tällä hetkellä sukupuolen vahvistamisen ehtona on muun muassa naimattomuus,
lisääntymiskyvyttömyys ja täysi-ikäisyys. Uusi avioliittolaki edistää tasa-arvoa
yhteiskunnassa: tämän tasa-arvon on ulotuttava koskemaan myös
sukupuolivähemmistöjä. Nykyinen translaki aiheuttaa perus- ja
ihmisoikeusloukkauksia, jotka poistuvat, kun laki muutetaan
ihmisoikeuslähtöiseksi.
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin riittämätön.
Valtioneuvostolle esiteltiin 15.10 lakimuutosehdotus, jossa vain
naimattomuusvaatimus esitetään poistettavaksi translaista. Tämän ehdon
poistuminen on edistysaskel, mutta perus- ja ihmisoikeusnäkökulmasta täysin
riittämätön.
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
Sukupuolen juridista vahvistamista koskevaa lainsäädäntöä on muutettu viime
vuosina ympäri maailmaa. Itsemääräämisoikeuteen perustuvia lakeja on hyväksytty
muun muassa Euroopan katolilaisissa maissa Irlannissa ja Maltalla. Pohjoismaista
Tanska on jo uudistanut lakinsa itsemääräämisperustaiseksi. Norjassa
vastaavanlainen lakimuutos astunee voimaan keväällä 2016.
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen. Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
Suomessa voimassa oleva translaki on karkean syrjivä. Tästä syystä nyt esitelty
hallituksen esitys on pettymys. Ihmisoikeusjärjestöt odottivat, että translakiin
esitettäisiin perinpohjaisia muutoksia tasa-arvoisen avioliittolainsäädännön
valmistelun yhteydessä. Painetta translain muutokseen synnyttää myös uudistunut
tasa-arvolaki, jossa syrjinnän kielto on laajennettu koskemaan
sukupuoli-identiteetin ja sukupuolen ilmaisuun koskevaa syrjintää. Muutostarve
on perusteltavissa muunkin lainsäädännön pohjalta. Myös kansainväliset
ihmisoikeuselimet ovat kiinnittäneet huomiota Suomen translain syrjivyyteen.
Suomi on saanut huomautuksia translain suhteen niin Euroopan neuvoston
ihmisoikeusvaltuutetulta kuin YK:n alaiselta naisten oikeuksien sopimusta
valvovalta komitealtakin. YK:n kidutuksen vastainen erityisraportoija on
vaatinut muun muassa vaatimusta lisääntymiskyvyttömyydestä poistettavaksi.
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla, transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen osaston asiantuntija Pia Puu Oksanen kysyy.
”Me allekirjoittaneet järjestöt emme tyydy lakiuudistukseen, joka edelleen
syrjii transsukupuolisia. Jos lakia sorvataan nyt, niin se on tehtävä kunnolla,
transihmisten ihmisoikeuksia kunnioittaen. Ja kun Suomi ajaa kansainvälisessä
ihmisoikeuspolitiikassaan aktiivisesti seksuaali- ja sukupuolivähemmistöjen
oikeuksia niin eikö tämän pitäisi näkyä myös sisäpolitiikassa?” Amnestyn Suomen
osaston asiantuntija Pia Puu Oksanen kysyy.
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
Nykylain mukaan sukupuolen juridinen vahvistaminen vaatii pitkät tutkimukset
yliopistollisessa keskussairaalassa sekä lausunnon toisestakin yliopistollisesta
keskussairaalasta. Lisääntymiskyvyttömyydestäkin vaaditaan lääketieteellinen
lausunto. ”Juridinen ja lääketieteellinen korjausprosessi on erotettava
toisistaan ja sukupuolen vahvistamisen kaikkien osien tulee hoitua sujuvasti ja
läpinäkyvästi”, Trasek ry:n puheenjohtaja Antti Karanki vaatii.
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle. Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi vähentää halua hakea koulutukseen.
Nykylaki edellyttää täysi-ikäisyyttä sukupuolen juridiselle vahvistamiselle.
Käytännössä tämä luo tilanteita, joissa juridiikka laahaa todellisuudesta
jäljessä. Näissä tilanteissa nuoret altistuvat syrjinnälle. Papereissa
kummitteleva vanhentunut sukupuolimerkintä aiheuttaa ongelmia ja esimerkiksi
vähentää halua hakea koulutukseen.
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu Mäenpää kertoo.
”Myös nuorten oikeus omaan sukupuoleensa on turvattava ja nuorten sukupuolen
juridisen vahvistamisen tulee olla mahdollista”, Setan puheenjohtaja Panu
Mäenpää kertoo.
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää, aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle vahvistamiselle.
Näistä syistä me, allekirjoittaneet järjestöt vaadimme sujuvaa ja läpinäkyvää,
aidosti itsemääräämisoikeuteen perustuvaa lakia sukupuolen juridiselle
vahvistamiselle.
Allekirjoittajat:
Amnesty International, Suomen osasto ry
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän asiantuntija
Pia Puu Oksanen, sukupuoleen ja seksuaalisuuteen perustuvan syrjinnän
asiantuntija
Dreamwear Club ry
@ -86,8 +154,6 @@ Trasek ry
Antti Karanki, puheenjohtaja
Ystävällisin terveisin,
Mikaela Suomalainen
https://mikaela.info
Ystävällisin terveisin, Mikaela Suomalainen https://mikaela.info
---

37
blog/_posts/2015-12-25-asus-tunnelbroker-net.md
View File

@ -9,8 +9,8 @@ lang: en
robots: noai
---
_I am typing this, because there is a lot of misinformation on this,
especially about the dynamic DNS part._
_I am typing this, because there is a lot of misinformation on this, especially
about the dynamic DNS part._
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -48,14 +48,14 @@ Go to the router web panel and IPv6 under advanced settings.
### IPv6 LAN Setting
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from
tunnelbroker.net tunnel details_
- LAN IPv6 Prefix: _Routed /64 from Routed IPv6 Prefixes from tunnelbroker.net
tunnel details_
- LAN Prefix Length: 64
### IPv6 DNS Setting
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net
says for me)_
- IPv6 DNS Server 1: 2001:470:20::2 _(this is the one tunnelbroker.net says for
me)_
- IPv6 DNS Server 2: 2001:4860:4860::8888 _Google DNS 1_
- IPv6 DNS Server 3: 2001:4860:4860::8844 _Google DNS 2_
@ -71,25 +71,24 @@ Go to Advanced Settings, WAN, DDNS
- Server: WWW.TUNNELBROKER.NET
- Host Name: _tunnel ID from tunnelbroker.net tunnel details_
- User Name or E-mail address: \*username of tunnelbroker.net
- Password or DDNS Key: _Update Key from tunnel details under the Advanced
tab_
- Password or DDNS Key: _Update Key from tunnel details under the Advanced tab_
All guides I have seen say that username is user ID from index of
tunnelbroker.net and password is account password, but that doesn't work
for me. This is how I got it working guessing the details based on
_Example Update URL_ at the same place you got the Update Key.
tunnelbroker.net and password is account password, but that doesn't work for me.
This is how I got it working guessing the details based on _Example Update URL_
at the same place you got the Update Key.
Now it should either work or not.
- If it gives error saying something about trying again later, you are
doing something wrong.
- If it gives error about endpoint IP not changed since the last update,
it works.
- If it gives error saying something about trying again later, you are doing
something wrong.
- If it gives error about endpoint IP not changed since the last update, it
works.
- If you don't get error, it doesn't work.
Now I would suggest you to go to Administration and from there
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button
so in case something bad happens you can easily restore the working state.
Restore/Save/UPload Setting and clicking the "Save setting"s "Save" button so in
case something bad happens you can easily restore the working state.
And I probably shouldn't need to say this, but I will say it
anyway: **don't use admin/admin as username/password combination!**
And I probably shouldn't need to say this, but I will say it anyway: **don't use
admin/admin as username/password combination!**

19
blog/_posts/2016-01-14-dnssec-trigger_ubuntu.md
View File

@ -18,10 +18,9 @@ It's very simple.
sudo apt-get update && sudo apt-get install unbound dnssec-trigger
```
And this is the farthest I have gotten before. But today at IRC there
was talk on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq
and Fedora unbound. That made me _read the fine manual_ of
NetworkManager.conf...
And this is the farthest I have gotten before. But today at IRC there was talk
on DNS proxies which Ubuntu and Fedora use, Ubuntu uses dnsmasq and Fedora
unbound. That made me _read the fine manual_ of NetworkManager.conf...
```man
dns
@ -43,12 +42,14 @@ NetworkManager.conf...
none: NetworkManager will not modify resolv.conf.
```
And there is the solution, unbound. The third line of NetworkManager.conf
is usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line
if it doesn't exist and restart networkmanager with `sudo systemctl restart NetworkManager.service` and your dnssec-trigger should now work.
And there is the solution, unbound. The third line of NetworkManager.conf is
usually `dns=dnsmasq`, just change it to `dns=unbound` or add the line if it
doesn't exist and restart networkmanager with
`sudo systemctl restart NetworkManager.service` and your dnssec-trigger should
now work.
And when you `sudo reboot` you should see new dnssec-trigger tray icon in
your tray bar or whatever it was called as.
And when you `sudo reboot` you should see new dnssec-trigger tray icon in your
tray bar or whatever it was called as.
_Edit_: Arch users do remember do `systemctl enable dnssec-triggerd` and
`systemctl enable unbound`.

71
blog/_posts/2016-03-09-weechat-tmux-quickstart.md
View File

@ -10,8 +10,8 @@ sitemap: true
robots: noai
---
_Sometimes you don't have GUI when you need remote support, luckily you
don't need it even if you have only one device._
_Sometimes you don't have GUI when you need remote support, luckily you don't
need it even if you have only one device._
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -34,17 +34,16 @@ don't need it even if you have only one device._
## What is what?
- Tmux is terminal multiplexer which allows you to have "multiple
terminals" in one terminal. You can also detach it which means returning
to the terminal where you ran tmux leaving tmux and everything there
running and later return to it.
- Tmux is terminal multiplexer which allows you to have "multiple terminals" in
one terminal. You can also detach it which means returning to the terminal
where you ran tmux leaving tmux and everything there running and later return
to it.
- WeeChat is popular text based IRC client.
## Installing things
_Note: WeeChat has multiple optional depedencies, but I am only listing
the most important ones (I will return to it later) unless they are all
in one package._
_Note: WeeChat has multiple optional depedencies, but I am only listing the most
important ones (I will return to it later) unless they are all in one package._
- Arch & deriatives:
- `sudo pacman --needed -S tmux weechat perl gpm pastebinit`
@ -53,14 +52,14 @@ in one package._
## tmux
Just run `tmux` and you will find yourself in a new shell, but with tmux
bar on the bottom where you see open "windows".
Just run `tmux` and you will find yourself in a new shell, but with tmux bar on
the bottom where you see open "windows".
Basic navigation:
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was
developed in screen. That can be changed with tmux.conf (check further
reading after WeeChat).
\*Note: Tmux users ctrl + b by default instead of ctrl + a as it was developed
in screen. That can be changed with tmux.conf (check further reading after
WeeChat).
- Ctrl + b + c = new "window"
- Ctrl + b + number = move to "window" number
@ -70,14 +69,13 @@ reading after WeeChat).
## WeeChat
Time to finally go to IRC. Go to tmux first and there run `weechat` (or
if your distribution has ancient version of WeeChat, `weechat-curses`, but
in that case you should upgrade (if your distribution is
Time to finally go to IRC. Go to tmux first and there run `weechat` (or if your
distribution has ancient version of WeeChat, `weechat-curses`, but in that case
you should upgrade (if your distribution is
[Debian/Ubuntu/Raspbian, use this repository](https://weechat.org/download/debian/))).
WeeChat welcomes you and suggests you to read at least the quickstart
guide and recommends reading user's guide too, but in this case we
can skip those.
WeeChat welcomes you and suggests you to read at least the quickstart guide and
recommends reading user's guide too, but in this case we can skip those.
First we must connect to the network where the support channel of our
distribution is.
@ -88,42 +86,43 @@ distribution is.
- `/connect liberachat`
3. Join the channel of your distribution.
- `/join #distribution`
- you can also join multiple channels at once by separating them by
commas e.g. `/join #channel,#channel2`.
- you can also join multiple channels at once by separating them by commas
e.g. `/join #channel,#channel2`.
You might want to have friendly channel listing and be able to click the
channels with mouse? That is why you installed perl and gpm (you might
need to `sudo systemctl start gpm` or whatever init system you use).
channels with mouse? That is why you installed perl and gpm (you might need to
`sudo systemctl start gpm` or whatever init system you use).
1. `/script install buffers.pl`
2. `/mouse enable`
Now you should see bar with the core buffer (`weechat`), server buffers
merged to it (`liberachat`) and `#distribution`. If mouse doesn't work, you
can `/buffer X` where X is the number to move. For moving between merged
buffers move to the buffer and press Ctrl + x.
Now you should see bar with the core buffer (`weechat`), server buffers merged
to it (`liberachat`) and `#distribution`. If mouse doesn't work, you can
`/buffer X` where X is the number to move. For moving between merged buffers
move to the buffer and press Ctrl + x.
And the last thing, if you need to see just plain lines without
sidebars or anything, press `alt + l` (`alt` can be replaced with `esc`).
And the last thing, if you need to see just plain lines without sidebars or
anything, press `alt + l` (`alt` can be replaced with `esc`).
## pastebinit
You are often wanted to pastebin something which can be difficult without
GUI. Luckily there is pastebinit which you can use instead of typing
everyting by hand.
You are often wanted to pastebin something which can be difficult without GUI.
Luckily there is pastebinit which you can use instead of typing everyting by
hand.
Usage:
- `pastebinit file.txt` to pastebin the content of `file.txt`
- `dmesg | pastebinit` to pastebin output of `dmesg`
Pastebinit replies by givig you address to the paste which you can then
give to IRC.
Pastebinit replies by givig you address to the paste which you can then give to
IRC.
Alternatives to pastebinit with some pastebins:
- [ix.io](http://ix.io/): `command | curl -F 'f:1=<-' ix.io`
- [sprunge.us](http://sprunge.us/): `command | curl -F 'sprunge=<-' http://sprunge.us`
- [sprunge.us](http://sprunge.us/):
`command | curl -F 'sprunge=<-' http://sprunge.us`
These also answer by giving you link to the paste.

17
blog/_posts/2016-03-14-autostart-tmux-weechat.md
View File

@ -8,11 +8,11 @@ redirect_from: /english/2016/03/14/autostart-tmux-weechat.html
sitemap: false
---
_This is another note-to-self post, but I think other people might also
be wondering this._
_This is another note-to-self post, but I think other people might also be
wondering this._
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS
THE NEXT TIME!**
**THIS IS ENTIRELY UNTESTED UNTIL THE SHELL WHERE I AM USING THIS REBOOTS THE
NEXT TIME!**
```cron
## Environment
@ -28,11 +28,10 @@ TZ=Europe/Helsinki
```
- `@reboot` = tell cron to do this on reboot
- `sleep 500` = the shell where I intent to use this primarily is using NFS
and I think it's reasonable to expect everything to be mounted in five
minutes.
- `sleep 500` = the shell where I intent to use this primarily is using NFS and
I think it's reasonable to expect everything to be mounted in five minutes.
- `tmux -2u" = force enable 256 colors & UTF-8
- `new-session -s auto -d` = start a new session with name `auto` (as in
automatically started) and detach it
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named
auto and press ENTER to execute it.
- `tmux send -t auto weechat ENTER` type `weechat` to tmux session named auto
and press ENTER to execute it.

41
blog/_posts/2016-03-27-puhelimet-kellojen-siirto-pysyvasti.md
View File

@ -25,36 +25,33 @@ pysyvästi, mutta kirjoittelen siitä nyt kuitenkin._
Kaikki luultavasti tietävät, että puhelimet siirtelevät kelloja
aikavyöhyketietokannan mukaan, kuten myös tietokoneet.
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi
päivittää puhelimista tai ne jatkaisivat kellojen siirtelyä samoina
päivinä, kuin nytkin.
Jos kelloja siirrettäisiin pysyvästi, aikavyöhyketietokanta pitäisi päivittää
puhelimista tai ne jatkaisivat kellojen siirtelyä samoina päivinä, kuin nytkin.
Ideaalitapauksessa kaikki laitevalmistajat päivittäisivät
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta
puhelimista.
aikavyöhyketietokannat, mutta tämä ei tapahdu suurimmalla osasta puhelimista.
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme
pysyvästi Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi
niinkin helppoa kuin poistaa asetuksista automaattinen kellojen siirto
käytöstä ja asettaa aika itse.
Tämä ongelma on kuitenkin helppoa ratkaista, koska mikäli siirtyisimme pysyvästi
Keski-Euroopan aikaan, kelloja ei enää siirrettäisi ja se olisi niinkin helppoa
kuin poistaa asetuksista automaattinen kellojen siirto käytöstä ja asettaa aika
itse.
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös
kaksi muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse
(_TimeZone Fixer (ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
Android-laitteiden, jotka ovat suurin ongelma päivitysten suhteen, on myös kaksi
muutakin vaihtoehtoa: aikavyöhyketietokannan päivittäminen itse (_TimeZone Fixer
(ROOT)_) tai ulkoisen aikavyöhyketietokannan lataaminen.
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla
pääkäyttäjäoikeudet, ja sen on sanottu joissakin tapauksessa sekoittavan
puhelimen käyttöjärjestelmän niin että se on täytynyt asentaa uudelleen.
Tällä tavalla puhelin kuitenkin jatkaa normaalisti toimintaa ulkomailla
mukaanlukien maat, jotka ovat vaihtaneet aikavyöhykettä pysyvästi
puhelimen aikavyöhyketietokannan tietämättä.
TimeZone Fixer (ROOT)in tapauksessa puhelimeene täytyy olla pääkäyttäjäoikeudet,
ja sen on sanottu joissakin tapauksessa sekoittavan puhelimen käyttöjärjestelmän
niin että se on täytynyt asentaa uudelleen. Tällä tavalla puhelin kuitenkin
jatkaa normaalisti toimintaa ulkomailla mukaanlukien maat, jotka ovat vaihtaneet
aikavyöhykettä pysyvästi puhelimen aikavyöhyketietokannan tietämättä.
Ulkoisella aikavyöhyketietokannalla taas tarkoitan esimerkiksi
_ClockSync_-sovellusta, joka päivittää laitteen ajan käyttäen internetin
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa,
jota käytettäessä laitteen omasta aikavyöhyketietokannasta ei
välitetä. Haittapuolena tosin aikavyöhyke täytyy asettaa ClockSyncin
asetuksista käsin ja vaihtaa aina esimerkiksi ulkomaille mennessä.
NTP-palvelimia) jolle on saatavilla oma aikavyöhyketietokantansa, jota
käytettäessä laitteen omasta aikavyöhyketietokannasta ei välitetä. Haittapuolena
tosin aikavyöhyke täytyy asettaa ClockSyncin asetuksista käsin ja vaihtaa aina
esimerkiksi ulkomaille mennessä.
Linkkejä:

41
blog/_posts/2016-09-24-on-facebook.md
View File

@ -8,29 +8,28 @@ redirect_from: /english/2016/09/24/on-facebook.html
sitemap: false
---
_My wellbeing is more imporant than whatever you do at SOME and I reserve
the right to ignore you._
_My wellbeing is more imporant than whatever you do at SOME and I reserve the
right to ignore you._
I have had my Facebook deactivated for 24 days. However I have started
missing events (as you must be at Facebook to know what is happening)
and Nearby friends (good luck getting people to other solutions).
I have had my Facebook deactivated for 24 days. However I have started missing
events (as you must be at Facebook to know what is happening) and Nearby friends
(good luck getting people to other solutions).
During this time I have been mainly at Twitter and Google+ and in the later
I especially like the collections feature which allows me to specify which
larger subject my message is related to. I think I will continue using them
primarily (even if I should use Diaspora\*).
During this time I have been mainly at Twitter and Google+ and in the later I
especially like the collections feature which allows me to specify which larger
subject my message is related to. I think I will continue using them primarily
(even if I should use Diaspora\*).
I originally left Facebook as it was taking too much of my time in form of
idle newsfeed reading and notifications (which I gathered too much from
all kinds of groups and people I know IRL (_in real life_) and I just
don't like them.
I originally left Facebook as it was taking too much of my time in form of idle
newsfeed reading and notifications (which I gathered too much from all kinds of
groups and people I know IRL (_in real life_) and I just don't like them.
Now I am returning after I have writing this and as I said on top, I am
going to clear notifications aggressively and I will be ignoring you
unless there is an emergency in which case you should send me a message
and I might take a look at whatever it is. It might mean not reading
your posts or newsfeed or replying or even liking your comments, as
I care more about my wellbeing than whatever noise you cause burneding me.
Now I am returning after I have writing this and as I said on top, I am going to
clear notifications aggressively and I will be ignoring you unless there is an
emergency in which case you should send me a message and I might take a look at
whatever it is. It might mean not reading your posts or newsfeed or replying or
even liking your comments, as I care more about my wellbeing than whatever noise
you cause burneding me.
Am I selfish? Note that I am not even obligated to write this post, I
just felt like writing this.
Am I selfish? Note that I am not even obligated to write this post, I just felt
like writing this.

44
blog/_posts/2017-04-18-tanssitunti.md
View File

@ -8,42 +8,40 @@ redirect_from: /finnish/2017/04/18/tanssitunti.html
published: false
---
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei
ole tässä ja nyt, vuodatuskanava kelpaa._
_Minusta tuntuu, että tästä pitäisi kirjoittaa nyt ja koska git/blogi ei ole
tässä ja nyt, vuodatuskanava kelpaa._
_Lisätty blogiin muokkaamattomana alkuperäisellä kirjoituspäivämäärällä
2017-04-30._
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti,
mahdollisesti senhetkiseen opetussuunnitelmaan perustuen.
Kotkan Keskuskoulu joskus syystalvella. On pakollinen tanssitunti, mahdollisesti
senhetkiseen opetussuunnitelmaan perustuen.
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit
olisivat mahdollisesti voineet olla siedettäviä ellei niistä tulisi
traumaattinen kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän
unohduttua.
En ole kiusaamisesta johtuen liikuntatuntien ystävä, mutta nämä tunnit olisivat
mahdollisesti voineet olla siedettäviä ellei niistä tulisi traumaattinen
kokemus, joka syöpyy mieleen yksityiskohtaisesti muun päivän unohduttua.
Mitälie tanssia varten täytyy aloittaa ottamalla toista, olisikohan ollut
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun.
Tätä jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja
minut siirretään sivuun liikuntavälineiden taakse nurkkaan.
pakotetusti tyttö-poika parit, kädestä ja kukaan ei halua koskea minuun. Tätä
jatkuu pari kierrosta, jonka jälkeen luovutan edes yrittämisen ja minut
siirretään sivuun liikuntavälineiden taakse nurkkaan.
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta
ajatellen miten kaikki olisi paremmin jos vain tappaisin itseni.
Näidenkään ajatusten kanssa en saa olla rauhassa vaan kaksi tyttöä tulee
kyselemään "ootko autisti" ja yritän olla reagoimatta mitenkään olon
pahentuessa lisää.
Vietän lopputunnin katsoen ikkunasta ulos harmaata pilvistä taivasta ajatellen
miten kaikki olisi paremmin jos vain tappaisin itseni. Näidenkään ajatusten
kanssa en saa olla rauhassa vaan kaksi tyttöä tulee kyselemään "ootko autisti"
ja yritän olla reagoimatta mitenkään olon pahentuessa lisää.
Opettajat taas eivät tätä koulua käydessäni koskaan kommentoi tapausta.
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset
ja kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli
tutkittu jokaista autismin piirrettä erikseen suunnilleen lapsesta
asti ajattelematta niitä yhdessä.
Myöhemmin lopetan kouluun menemisen, aloitan lukuisat itsemurhayritykset ja
kuulen olevani ilmiselvästi Asperger-tapaus ja että minusta oli tutkittu
jokaista autismin piirrettä erikseen suunnilleen lapsesta asti ajattelematta
niitä yhdessä.
Lisää aiheesta:
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja
riippumattoman muunmoassa domainista ja polusta, mutta nyt en jaksa vaan
siirryn ajankohtaisempaan blogaukseen._
_Tästä osasta voisi tehdä Jekyll-ystävällisemmän (blogialusta) ja riippumattoman
muunmoassa domainista ja polusta, mutta nyt en jaksa vaan siirryn
ajankohtaisempaan blogaukseen._
- https://mikaela.info/blog/english/2015/06/16/feelings.html
- https://mikaela.info/about#life

234
blog/_posts/2017-04-30-post-trans.md
View File

@ -8,181 +8,177 @@ redirect_from: /english/2017/04/30/post-trans.html
robots: noai
---
_A little confusing flood of what my fingers brought up on the last past
year and a little more._
_A little confusing flood of what my fingers brought up on the last past year
and a little more._
---
**_CONTENT WARNINGs: NSFW, genitalia, surgery descriptions_**
I don't have any well-laid plan how to type this post, but lets see what
comes out of my fingers. By the way, orchiectomy is surgical removal of
testicles, even if it's fun to talk about it without explaining it and have
people searxing what it is...
I don't have any well-laid plan how to type this post, but lets see what comes
out of my fingers. By the way, orchiectomy is surgical removal of testicles,
even if it's fun to talk about it without explaining it and have people searxing
what it is...
I don't usually discuss my genitalia, but I feel like I have to make an
exception for this post as the majority of trans people only talk about
the full genital surgery ("gender-reassignment surgery", but I tend to take
the Finnish word and translate it into English, many people don't know
that orchiectomy is an option.
exception for this post as the majority of trans people only talk about the full
genital surgery ("gender-reassignment surgery", but I tend to take the Finnish
word and translate it into English, many people don't know that orchiectomy is
an option.
_Dear reader, for this part of this post I am assuming that you are trans
as I am typing this for you in hope that it will help you, not for anyone
reading this only, because they are curious on what I have between my
legs or what trans people have between their legs._
_Dear reader, for this part of this post I am assuming that you are trans as I
am typing this for you in hope that it will help you, not for anyone reading
this only, because they are curious on what I have between my legs or what trans
people have between their legs._
First question would probably be how did I end up to orchiectomy instead of
the full genital surgery.
First question would probably be how did I end up to orchiectomy instead of the
full genital surgery.
If you have been reading this blog, you know that I was having very bad
time mentally suffering from depression, AvPD (it was confirmed and I
healed, but that later in this post), anxiety and everything. Thus everyone
thought that I wouldn't have mental resources for the full genital surgery.
If you have been reading this blog, you know that I was having very bad time
mentally suffering from depression, AvPD (it was confirmed and I healed, but
that later in this post), anxiety and everything. Thus everyone thought that I
wouldn't have mental resources for the full genital surgery.
If I recall correctly, I was complaining about this at [Transtukipiste](https://transtukipiste.fi/in-english/)
(Trans support point, runs peer support groups and supports trans people
otherwise) coffee evening and somehow I ended up wondering if I should
try getting orchiectomy and someone encouraged me to ask. Could this have
even been the last day of 2015...
If I recall correctly, I was complaining about this at
[Transtukipiste](https://transtukipiste.fi/in-english/) (Trans support point,
runs peer support groups and supports trans people otherwise) coffee evening and
somehow I ended up wondering if I should try getting orchiectomy and someone
encouraged me to ask. Could this have even been the last day of 2015...
Knowing that orchiectomy doesn't prevent having full genital surgery later
(confirm from your doctor though, I only know this is the case in Finland
as long as you repeat to your doctor that you want to keep the option
open), I asked about the doctor who asked my therapist and (as this post is
not about the process) skipping things a little, I finally got permission
for it.
(confirm from your doctor though, I only know this is the case in Finland as
long as you repeat to your doctor that you want to keep the option open), I
asked about the doctor who asked my therapist and (as this post is not about the
process) skipping things a little, I finally got permission for it.
At some point before the surgery I started sleeping naked and started becoming very
comfortable with my body and I started feeling that I might be happy with
just orchiectomy, but I decided that I would think about it after the
surgery if I started feeling like it.
At some point before the surgery I started sleeping naked and started becoming
very comfortable with my body and I started feeling that I might be happy with
just orchiectomy, but I decided that I would think about it after the surgery if
I started feeling like it.
---
**_Same content warnings, except that only now is actually the surgery._**
On evening of October 17th I took the last Androcur. It's the
male-hormone blocker that all trans people are prescribed in Finland by
default and the medicine that appears to make almost everyone depressed
and I was using half-dosage as it's strong and if you have read my old
posts, you have some kind of image on how much I suffered it.
On evening of October 17th I took the last Androcur. It's the male-hormone
blocker that all trans people are prescribed in Finland by default and the
medicine that appears to make almost everyone depressed and I was using
half-dosage as it's strong and if you have read my old posts, you have some kind
of image on how much I suffered it.
On the next morning I was at Peijas hospital and had the orchiectomy. I
remember being there long time before the appointment and getting a little
lost inside the hospital, but when I found there, everything happened
easily and I spend there only a few hours. And there was no depression
anymore.
On the next morning I was at Peijas hospital and had the orchiectomy. I remember
being there long time before the appointment and getting a little lost inside
the hospital, but when I found there, everything happened easily and I spend
there only a few hours. And there was no depression anymore.
The recovery period should have been two weeks, but the wound opened so
it took a little longer, but that isn't what this post is about either.
The recovery period should have been two weeks, but the wound opened so it took
a little longer, but that isn't what this post is about either.
---
What this post is about is how I feel.
I have finished the trans process. I have a penis and empty testicle sack
that has decided to rise up so I don't even see it in the mirror.
I have finished the trans process. I have a penis and empty testicle sack that
has decided to rise up so I don't even see it in the mirror.
I don't feel dysphoria or have any issues looking at my own body, no
discomfort or anything, I am me. I transitioned for me, not other
people and if my genitalia is something people don't expect, that isn't
my problem.
I don't feel dysphoria or have any issues looking at my own body, no discomfort
or anything, I am me. I transitioned for me, not other people and if my
genitalia is something people don't expect, that isn't my problem.
I can use dirtier toilets easily as I don't have to sit down, it doesn't
necessary even have to be a toilet and in case there is a long queue, I
can also use urinal if I need to.
necessary even have to be a toilet and in case there is a long queue, I can also
use urinal if I need to.
Public saunas and changing areas etc.? I am a woman regardless of what
people may think about my body parts which aren't their business. I haven't
yet visited any of those, but as I said whatever people think isn't my
problem. I actually even have a temptation to visit such areas, just
because my body is "sinful" and everything, according to whatever you wish
to call cis beauty standards. <!-- This is possibly a little kinky. -->
Public saunas and changing areas etc.? I am a woman regardless of what people
may think about my body parts which aren't their business. I haven't yet visited
any of those, but as I said whatever people think isn't my problem. I actually
even have a temptation to visit such areas, just because my body is "sinful" and
everything, according to whatever you wish to call cis beauty standards.
<!-- This is possibly a little kinky. -->
How do I know that I don't need the full genital surgery? I haven't even
thought about it recently and I have no feelings of wrongness or thoughts
or anything pointing that I would need it. I even sometimes forget that
I am not cis or that my body isn't "normal". _Normal doesn't exist by
the way._
How do I know that I don't need the full genital surgery? I haven't even thought
about it recently and I have no feelings of wrongness or thoughts or anything
pointing that I would need it. I even sometimes forget that I am not cis or that
my body isn't "normal". _Normal doesn't exist by the way._
Trans people are also often worried about erections, based on my
experience and what I have heard, I think it depends entirely on your
relationship with your body. I have them sometimes as I am a human
and asexuality doesn't close them out.
Trans people are also often worried about erections, based on my experience and
what I have heard, I think it depends entirely on your relationship with your
body. I have them sometimes as I am a human and asexuality doesn't close them
out.
I feel indifferent about them, but that might be connected to me
being asexual or also being sex-repulsed which to me means that
I feel repulsed seeing erections or bodily fluids.
I feel indifferent about them, but that might be connected to me being asexual
or also being sex-repulsed which to me means that I feel repulsed seeing
erections or bodily fluids.
---
_Should I content warning about Esperanto?_
After the surgery I have heard that people often have crisis on what to do
after transition. I solved that by becoming insane :D
After the surgery I have heard that people often have crisis on what to do after
transition. I solved that by becoming insane :D
I read about Esperanto, which is the most spoken artificial language in
the world and then I just had to learn it. I did Duolingo and associated
Memrise course for three months ... <em lang="eo">kaj mi parolas
Esperanton!</em>
I read about Esperanto, which is the most spoken artificial language in the
world and then I just had to learn it. I did Duolingo and associated Memrise
course for three months ... <em lang="eo">kaj mi parolas Esperanton!</em>
Thanks to online-friend I also happened to read about Buddhism and it made
a lot more sense than Christianity that was forced on me ever did. It's
more on experiencing things than believing blindly and even Buddha said
_don't believe me, experience it by yourself_ and I started trying to
use their methods (you may have heard _Mindfulness_) or maybe it would be
more accurate to say that I started practicing it.
Thanks to online-friend I also happened to read about Buddhism and it made a lot
more sense than Christianity that was forced on me ever did. It's more on
experiencing things than believing blindly and even Buddha said _don't believe
me, experience it by yourself_ and I started trying to use their methods (you
may have heard _Mindfulness_) or maybe it would be more accurate to say that I
started practicing it.
If individuality is an illusion, how could I be worse than everyone else?
If past and future aren't here _now_ and I am finally "given" the
permission to let go of them, why should I be stuck in the past? And the
future won't be like I think so why be stuck in imaginary future on my
worseness?
If individuality is an illusion, how could I be worse than everyone else? If
past and future aren't here _now_ and I am finally "given" the permission to let
go of them, why should I be stuck in the past? And the future won't be like I
think so why be stuck in imaginary future on my worseness?
The books I read are _How To Be An Adult in Relationships_ by
_David Richo_ (thanks to [attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
The books I read are _How To Be An Adult in Relationships_ by _David Richo_
(thanks to
[attachment styles - a primer at the dirty normal](https://www.thedirtynormal.com/post/2010/06/21/attachment-styles-a-primer/)
which recommends a different book with similar name, so happy accident
happened), _The Way Things Are_ by _Lama Ole Nydahl_ and _Living Dharma_ by
_Lama Yeshe Losaf_. I am also reading more books about the subject, those
were about Diamond Way Buddhism and now I am reading about Zen
(_Everyday Zen_ by _Charlotte Joko Beck_ (this seems to be for Zen what
_Living Dharma_ is for Diamond Way.)
_Lama Yeshe Losaf_. I am also reading more books about the subject, those were
about Diamond Way Buddhism and now I am reading about Zen (_Everyday Zen_ by
_Charlotte Joko Beck_ (this seems to be for Zen what _Living Dharma_ is for
Diamond Way.)
_No one is perfect, including you, everyone makes mistake._
_Everyone is as capable to hurting you as making you good._
So I have learned Esperanto and according to my mother <em lang="eo">mi diras Esperanto
duono de tempo</em> and came to religion, can I be more crazy?
So I have learned Esperanto and according to my mother <em lang="eo">mi diras
Esperanto duono de tempo</em> and came to religion, can I be more crazy?
Esperanto gave me self-esteem with my capability of learning languages so
I started learning
Esperanto gave me self-esteem with my capability of learning languages so I
started learning
- Swedish, which I regret not learning at junior high school, but I had
dysphoria, bullying, suicidality, depression and everything and I think
I hear it in Helsinki daily and it's also official language in Finland.
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like Esperanto so
I feel I almost understand everything written in it and it's the second
most spoken language in the world, so I have to learn it.
dysphoria, bullying, suicidality, depression and everything and I think I hear
it in Helsinki daily and it's also official language in Finland.
- Spanish as <em lang="eo">mi amas Esperanton</em>, it looks so much like
Esperanto so I feel I almost understand everything written in it and it's the
second most spoken language in the world, so I have to learn it.
- Lojban thanks to the friend mentioned earlier.
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas hispanan,
la svennan kaj la lojbanon.</em> Entirely sane.
<em lang="eo">Do mi nun parolas la finnan, la anglan, Esperanton kaj mi lernas
hispanan, la svennan kaj la lojbanon.</em> Entirely sane.
---
And life otherwise, I haven't gotten to continue studying yet, which I
think was mentioned as a goal in the other posts, but I just wasn't able
to. I have applied to four places and I think I failed one entrance
examination, but that is three left.
And life otherwise, I haven't gotten to continue studying yet, which I think was
mentioned as a goal in the other posts, but I just wasn't able to. I have
applied to four places and I think I failed one entrance examination, but that
is three left.
I was also local election candidate for Helsinki Pirates (part of Pirate
Party Finland) and I got surprisingly many votes (20 IIRC) and collective
votes helped us get one candidate through to the Helsinki municipal
council and we also got some other seats and backup seats.
I was also local election candidate for Helsinki Pirates (part of Pirate Party
Finland) and I got surprisingly many votes (20 IIRC) and collective votes helped
us get one candidate through to the Helsinki municipal council and we also got
some other seats and backup seats.
I think I have finished typing this blog post now. However I was supposed
to start this with an apology about some of my old blog posts (which I am not censoring as I don't feel like that would be the right thing either),
so I apologise about them now. I don't know if the text says it, but I
feel like I have improved as a person a lot in addition to getting over
mental health issues and finishing the trans process.
I think I have finished typing this blog post now. However I was supposed to
start this with an apology about some of my old blog posts (which I am not
censoring as I don't feel like that would be the right thing either), so I
apologise about them now. I don't know if the text says it, but I feel like I
have improved as a person a lot in addition to getting over mental health issues
and finishing the trans process.

125
blog/_posts/2017-09-19-teleirc-instead-of-telematrix.md
View File

@ -13,31 +13,30 @@ published: false
_FAQ at SailfishOS Fan Club: why everything was made worse for Matrix users?_
I am not sure which order should I put the issues with TeleMatrix in and
the first issue is actually multiple interlinked issues and I am just
trying to open it somehow.
I am not sure which order should I put the issues with TeleMatrix in and the
first issue is actually multiple interlinked issues and I am just trying to open
it somehow.
---
Issue 1: Matrix display names are based on Telegram real name and not
username. In practive this means that Matrix (and IRC) users won't know
what is the username to use in order to ping a Telegram user.
Issue 1: Matrix display names are based on Telegram real name and not username.
In practive this means that Matrix (and IRC) users won't know what is the
username to use in order to ping a Telegram user.
This was workaroundable by setting Telegram real name into `@username`, but
the new Riot Web mentions broke this.
This was workaroundable by setting Telegram real name into `@username`, but the
new Riot Web mentions broke this.
And as display names at Telegram don't have any limitations (unlike
usernames), everyone who had only UTF-8 characters as their "real name" at
Telegram became "Telegram" at IRC and as there were 5 users named Telegram,
the IRC bridge got easily confused on who is who and lost the connection
between Matrix and IRC users resulting into the IRC bridge repeating
everything the Matrix user said resulting into duplicated messages at
Matrix and Telegram.
And as display names at Telegram don't have any limitations (unlike usernames),
everyone who had only UTF-8 characters as their "real name" at Telegram became
"Telegram" at IRC and as there were 5 users named Telegram, the IRC bridge got
easily confused on who is who and lost the connection between Matrix and IRC
users resulting into the IRC bridge repeating everything the Matrix user said
resulting into duplicated messages at Matrix and Telegram.
As requested, I workarounded this by setting quiet on `#jollafanclub` for
`*Telegram*!*@*` preventing anyone whose username nickname included the
word Telegram from saying anything. Thus IRC users were unable to see
parts of discussion with at least 5 users missing.
`*Telegram*!*@*` preventing anyone whose username nickname included the word
Telegram from saying anything. Thus IRC users were unable to see parts of
discussion with at least 5 users missing.
- [Telematrix#28: Replying from Matrix to Telegram doesn't ping the user](https://github.com/SijmenSchoon/telematrix/issues/28)
- [Telematrix#33: Allow configuring bridged user display name format](https://github.com/SijmenSchoon/telematrix/issues/33)
@ -51,83 +50,85 @@ parts of discussion with at least 5 users missing.
Issue 2: When Telegram users replied to messages, Telematrix sent the whole
original message to Matrix/IRC.
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins
every message that goes over three lines in order to avoid angering IRC ops
and serverside antispam measures.
For Matrix users this wasn't an issue, but the Matrix IRC bridge pastebins every
message that goes over three lines in order to avoid angering IRC ops and
serverside antispam measures.
For example normal message from Telegram user would become this at IRC.
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message: Mikaela-\_2017-09-19_13:30:08.txt <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
> 2017-09-19 16:30:09+0300 \* @Mikaela- sent a long message:
> Mikaela-\_2017-09-19_13:30:08.txt
> <https://matrix.org/_matrix/media/v1/download/matrix.org/PuaTAbMsMmuboFHpHMuLBruj>
_Where I said Telegram, I meant TeleMatrix, and only noticed this later._
Telegram users often reply to each other and when half of the discussion
is like this and requires clicking all the time, IRC users simply cannot
follow the discussion. For some reason I got the impression that Matrix
users don't mind if their messages get unreadable for IRC and Telegram
users.
Telegram users often reply to each other and when half of the discussion is like
this and requires clicking all the time, IRC users simply cannot follow the
discussion. For some reason I got the impression that Matrix users don't mind if
their messages get unreadable for IRC and Telegram users.
For comparsion, here is how TeleIRC with the current configuration looks
like, a little ugly, but no need to switch apps or click dozens of links.
For comparsion, here is how TeleIRC with the current configuration looks like, a
little ugly, but no need to switch apps or click dozens of links.
```
2017-09-19 16:28:03+0300 <#@M1kaela> Typing an example message for my blog post. This is the first line. … This is the second line. … This is the third line.
2017-09-19 16:28:56+0300 <#@oldandwise> @@M1kaela [Typing an example message …], typing an example of reply for your blog, … you haven't asked but i assumed it may be helpful. … would it be?
```
_I am using WeeChat script parse_relayed_msg.pl, normal users would see
the message in the following format:_
_I am using WeeChat script parse_relayed_msg.pl, normal users would see the
message in the following format:_
- `<T4> <@TelegramUserName> @@OriginalAuthor [Snippet of original message]`
_The double @ is caused by setting username format in TeleIRC config.js to
start with @ in order to remind users that the @ is necessary to ping
Telegram users._
_The double @ is caused by setting username format in TeleIRC config.js to start
with @ in order to remind users that the @ is necessary to ping Telegram users._
_This is technically not an issue in either associated project, so I cannot
add issue links._
_This is technically not an issue in either associated project, so I cannot add
issue links._
---
Minor(?) technical(?) issues:
- Telegram users appear as separate IRC connections draining resources
on both matrix.org (running the bridge) and IRC server and freenode
has expressed being unhappy about idle connections. In case of SailfishOS
Fan Club this meant 300 additional connections.
- The Telegram users also cannot be sent private messages and all
Matrix/IRC users appear as single bot at Telegram, so I don't think
it's worth it.
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot
more maintained, but it doesn't have this many/serious issues).
- Telegram users appear as separate IRC connections draining resources on both
matrix.org (running the bridge) and IRC server and freenode has expressed
being unhappy about idle connections. In case of SailfishOS Fan Club this
meant 300 additional connections.
- The Telegram users also cannot be sent private messages and all Matrix/IRC
users appear as single bot at Telegram, so I don't think it's worth it.
- TeleMatrix isn't currently maintained (to be honest, TeleIRC isn't a lot more
maintained, but it doesn't have this many/serious issues).
Links:
- Freenode's unhappiness:
- [matrix-appservice-irc#388: Please can we regularly and automatically reap idle-presence connections on all networks](https://github.com/matrix-org/matrix-appservice-irc/issues/388)
- [matrix-appservice-irc#450: Channels on IRC that contain only matrix users should not be bridged to IRC](https://github.com/matrix-org/matrix-appservice-irc/issues/450)
- BONUS: [TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
- tchncs.de instance is running modified code with this behaviour
disabled, I had originally forgotten it from this post.
- BONUS:
[TeleMatrix sends all joins/parts to Telegram anoying users](https://github.com/SijmenSchoon/telematrix/issues/13)
- tchncs.de instance is running modified code with this behaviour disabled, I
had originally forgotten it from this post.
---
Proposed solution: Changing the middle protocol from IRC to Telegram as
Matrix didn't work as can be read from this article, so everyone is happy.
Proposed solution: Changing the middle protocol from IRC to Telegram as Matrix
didn't work as can be read from this article, so everyone is happy.
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users
wouldn't suffer any worse experience than before and I wouldn't need to
type this article.
Matrix users could use TeleMatrix and IRC users TeleIRC so Matrix users wouldn't
suffer any worse experience than before and I wouldn't need to type this
article.
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram
would see everyone and IRC and Matrix wouldn't see each other.
**ISSUE: Telegram bots won't see messages from other bots**, so Telegram would
see everyone and IRC and Matrix wouldn't see each other.
> 2. Bot admins and bots with privacy mode disabled will receive all
> messages except messages sent by other bots.
> 2. Bot admins and bots with privacy mode disabled will receive all messages
> except messages sent by other bots.
> Bots talking to each other could potentially get stuck in unwelcome
> loops. To avoid this, we decided that bots will not be able to see
> messages from other bots regardless of mode.
> Bots talking to each other could potentially get stuck in unwelcome loops. To
> avoid this, we decided that bots will not be able to see messages from other
> bots regardless of mode.
via [Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get) "What messages will my bot get?" and "Why doesn't my bot see
messages from other bots?" on 2017-09-19.
via
[Telegram Bots FAQ](https://core.telegram.org/bots/faq#what-messages-will-my-bot-get)
"What messages will my bot get?" and "Why doesn't my bot see messages from other
bots?" on 2017-09-19.

315
blog/_posts/2017-09-29-as-hsp-sensory-stimulus-stress.md
View File

@ -8,22 +8,22 @@ redirect_from: /english/2017/09/29/as-hsp-sensory-stimulus-stress.html
sitemap: false
---
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from
me often if we are any closer. I have been planning typing this for some
time now, so people would hopefully understand me better._
_Sensory stimulus stress (aistiärsykestressi) is a word that you hear from me
often if we are any closer. I have been planning typing this for some time now,
so people would hopefully understand me better._
I have no idea how I should type this post, so I will just go to how I feel
like typing this, so I will start from my events of 19th, continue to 20th
and jump to today before trying to explain what is sensory stimulus stress
without examples.
I have no idea how I should type this post, so I will just go to how I feel like
typing this, so I will start from my events of 19th, continue to 20th and jump
to today before trying to explain what is sensory stimulus stress without
examples.
I guess that before I do that, I should explain the beginning of the title.
I am an autist (I have diagnosed Asperger's syndrome) and a highly
sensitive person (HSP) and while over (and under) sensitive senses are
associated mainly with autism, they are also part of high sensitivity
and I cannot separate what causes which trait for me. They have some
overlap and some conflicts that are interesting to me.
I am an autist (I have diagnosed Asperger's syndrome) and a highly sensitive
person (HSP) and while over (and under) sensitive senses are associated mainly
with autism, they are also part of high sensitivity and I cannot separate what
causes which trait for me. They have some overlap and some conflicts that are
interesting to me.
_UPDATE: Asperger's Syndrome is being removed from the diagnostics manuals
leaving only Autism Spectrum Disorder._
@ -33,209 +33,200 @@ leaving only Autism Spectrum Disorder._
2017-09-19
There isn't much to say of that day, I had a dental operation under local
anesthesia. In the evening I was somewhat ill and had to disable some
lights and even then fridge light hurt my eyes. Interestingly after
vomiting my senses were like they usually are.
anesthesia. In the evening I was somewhat ill and had to disable some lights and
even then fridge light hurt my eyes. Interestingly after vomiting my senses were
like they usually are.
2017-09-20
Regardless of being ill on the previous night, I found myself from my
politics hobby and agreed to be someone from Young Pirates at Metropolia
University of Applied Sciences term starting sports party MetroSport.
Regardless of being ill on the previous night, I found myself from my politics
hobby and agreed to be someone from Young Pirates at Metropolia University of
Applied Sciences term starting sports party MetroSport.
I started by quickly visiting our office to fetch Pirate vests by taking a
bus and hopping onto metro. From there I continued unfamiliar route using
[Moovit] to reach tram and then to bus stop where I would reach the bus
taking me to Vantaa and the event.
I started by quickly visiting our office to fetch Pirate vests by taking a bus
and hopping onto metro. From there I continued unfamiliar route using [Moovit]
to reach tram and then to bus stop where I would reach the bus taking me to
Vantaa and the event.
[moovit]: https://moovitapp.com/
Being a sports event it naturally happened at sports hall where I had to
start by wearing ear fillers and sun glasses as it was so loud, because
of the amount of people and different music from multiple sources and there
were bright lights.
Being a sports event it naturally happened at sports hall where I had to start
by wearing ear fillers and sun glasses as it was so loud, because of the amount
of people and different music from multiple sources and there were bright
lights.
I spent a few hours there with another Pirate activist before leaving for
open doors of Helsinki Pirates which later turned out to be a mistake.
I spent a few hours there with another Pirate activist before leaving for open
doors of Helsinki Pirates which later turned out to be a mistake.
We walked to train station from where I took a train and later a metro to
the office again. At first there were only a few of us activists before
other people started appearing and then we possibly had a record on the
amount of new people who were interested about the party.
We walked to train station from where I took a train and later a metro to the
office again. At first there were only a few of us activists before other people
started appearing and then we possibly had a record on the amount of new people
who were interested about the party.
I had had too much of draining events, so at some point I left quietly
explaining to activist outside how I was leaving as I had had too much
of sensory stimuluss stress and I possibly started crying at that point, I
am not sure.
explaining to activist outside how I was leaving as I had had too much of
sensory stimuluss stress and I possibly started crying at that point, I am not
sure.
I am sure that I was crying when I encountered another activist going to
the open doors at metro station where I said the same things.
I am sure that I was crying when I encountered another activist going to the
open doors at metro station where I said the same things.
_I don't know how much it would be OK for me to say, so I am saying barely
anything about the people involved. I don't know if anyone of them
understood what I meant, but at home I thought more about finally typing
this and wrote it down onto a piece of paper._
anything about the people involved. I don't know if anyone of them understood
what I meant, but at home I thought more about finally typing this and wrote it
down onto a piece of paper._
2017-09-29 (today)
Last night I slept a little worse than usually and I have been tired and
my senses more sensitive than usually, but not as sensitive as if I was
ill.
Last night I slept a little worse than usually and I have been tired and my
senses more sensitive than usually, but not as sensitive as if I was ill.
My mother was visiting me and that made me be affected by the world more
than usually.
My mother was visiting me and that made me be affected by the world more than
usually.
First I took a bus to the nearest _open_ metro station and went to
Central Railway Station to fetch her, we visited library and returned to
my apartment. Later we ate at nearby salad bar and I escorted her to
tram stop where she continued elsewhere with my grandmother.
First I took a bus to the nearest _open_ metro station and went to Central
Railway Station to fetch her, we visited library and returned to my apartment.
Later we ate at nearby salad bar and I escorted her to tram stop where she
continued elsewhere with my grandmother.
Returning home I had again had too much, this time I didn't cry, but I
think panic attack was close as I was using a full bus which I reached
through full shopping centre that was having some sort of a shopping party.
Returning home I had again had too much, this time I didn't cry, but I think
panic attack was close as I was using a full bus which I reached through full
shopping centre that was having some sort of a shopping party.
I survived by focusing on my breathing and listening to music with
wireless earbud/microphone as it wasn't so long bus trip. And then it's
typing this blog with some distractions.
I survived by focusing on my breathing and listening to music with wireless
earbud/microphone as it wasn't so long bus trip. And then it's typing this blog
with some distractions.
---
Now I have typed some sort of a introduction to this post and some events
on three days, I think it's the time to say why, which I think might
be the most difficult part of this post.
Now I have typed some sort of a introduction to this post and some events on
three days, I think it's the time to say why, which I think might be the most
difficult part of this post.
_I think I should disclaim that I am not a mental health professional or
researcher or neurologist or anything (I do have vocational qualification
on business information technology though) and this is based on my lived
experience (even if I only heard of highly sensitive people this year and
was told that I am one by my therapist) and what I have understood from
talking with professionals, reading books, watching documentaries etc._
researcher or neurologist or anything (I do have vocational qualification on
business information technology though) and this is based on my lived experience
(even if I only heard of highly sensitive people this year and was told that I
am one by my therapist) and what I have understood from talking with
professionals, reading books, watching documentaries etc._
When I previously talked with my therapist on the subject, I explained that
it's like there is a battery that is drained by sensory stimulus stress
and breaking down crying is one sign of it being critically low and
requiring recharge. Typing this I guess that panic attack might be
short-circuiting the battery?
When I previously talked with my therapist on the subject, I explained that it's
like there is a battery that is drained by sensory stimulus stress and breaking
down crying is one sign of it being critically low and requiring recharge.
Typing this I guess that panic attack might be short-circuiting the battery?
And now I finally get to the point (if I wasn't in the point all the
time?), what is that _sensory stimulus stress_? It's everything that is
sensed, regardless of whether it's positive, neutral or negative. I think
positive might drain the battery slower than negative would, but it will
drain regardless.
And now I finally get to the point (if I wasn't in the point all the time?),
what is that _sensory stimulus stress_? It's everything that is sensed,
regardless of whether it's positive, neutral or negative. I think positive might
drain the battery slower than negative would, but it will drain regardless.
If you have any knowledge about autism, you probably know that people on
the spectrum need time to recover from social interactions. Do you know
why? Yes, sensory stimulus stress is behind it too, hearing other people,
hearing own talking, background noise, looking anywhere, colours.
Especially maintaining eye contact is a good way of draining.
If you have any knowledge about autism, you probably know that people on the
spectrum need time to recover from social interactions. Do you know why? Yes,
sensory stimulus stress is behind it too, hearing other people, hearing own
talking, background noise, looking anywhere, colours. Especially maintaining eye
contact is a good way of draining.
If I return to the first day/night that I talked about, I was ill, so my
senses were a lot more sensitive than usually so even the fridge light
hurt my eyes while often I might not be mindful about it being there.
If I return to the first day/night that I talked about, I was ill, so my senses
were a lot more sensitive than usually so even the fridge light hurt my eyes
while often I might not be mindful about it being there.
On the second day, there were the people, the buses, the trams, PA systems,
escalators, metros, music (that I listened during transport to drain more
slowly), lights and everything. As with illness, stress also causes faster
draining and stress is easy to get by going into a new situation at new
place with new people and being hungry makes highly sensitive people
horrible.
draining and stress is easy to get by going into a new situation at new place
with new people and being hungry makes highly sensitive people horrible.
On the third day, today, there were other people (naturally, I live in the
capital of Finland), bus, escalators, metro, musician between central
railway station and the metro station, PA systems, talking with mother,
grocery store noises, being at my apartment with mother having tea and
talking, during lunch there was also some machine keeping noise etc.
capital of Finland), bus, escalators, metro, musician between central railway
station and the metro station, PA systems, talking with mother, grocery store
noises, being at my apartment with mother having tea and talking, during lunch
there was also some machine keeping noise etc.
I think this is the place for the _do you hear sounds that other people
don't hear_ joke. _Yes, I do, as my family is half-deaf and we have family
joke on how I should share some of my hearing_ even if how good and how
sensitive hearing is are two separate things.
I think this is the place for the _do you hear sounds that other people don't
hear_ joke. _Yes, I do, as my family is half-deaf and we have family joke on how
I should share some of my hearing_ even if how good and how sensitive hearing is
are two separate things.
I think this post is finished with the exception of one thing which I am
not sure if I wish to type. However I feel that my typing finally started
flowing well after hours of trying to get this into words and I think
it would be unfair from me to say that everything is draining, so I think
I should type some of the methods that I discussed with my previous
therapist to ease the situation.
I think this post is finished with the exception of one thing which I am not
sure if I wish to type. However I feel that my typing finally started flowing
well after hours of trying to get this into words and I think it would be unfair
from me to say that everything is draining, so I think I should type some of the
methods that I discussed with my previous therapist to ease the situation.
_I must again disclaim that this might only apply to me and not to you
(when did I make the reader another aspie or HSP?), and I should
probably say that my senses are mostly oversensitive except that my
sense of touch defies logic and can either make me feel "hug deprived" and
wishing that someone would touch me or send me into panic attack from
someone accidentally touching me from behind..._
_I must again disclaim that this might only apply to me and not to you (when did
I make the reader another aspie or HSP?), and I should probably say that my
senses are mostly oversensitive except that my sense of touch defies logic and
can either make me feel "hug deprived" and wishing that someone would touch me
or send me into panic attack from someone accidentally touching me from
behind..._
- General: Pushing the wall with strength for around 15 to 30 seconds.
- Hearing: Music that you like from earbuds or similar, preferably
something that reminds you of some very good experience.
- Hearing: Music that you like from earbuds or similar, preferably something
that reminds you of some very good experience.
- Seeing: pastel/pale colours.
- I would like to add that bright colours are especially bad and I hate
stripes and balls and dots and prefer my clothing to be single colour
while I might wear clothes that I would dislike seeing.
- I think we talked something about black being a neutral colour that
isn't draining while it might not help easing sensory stimulus stress
either. I recommend using dark themes on phones and everything that
has the option for it.
- Smell: leaving the situation or avoiding, but it might also help to
get a pleasant smelling lip balm that could be stealthily smelled
while applying it.
stripes and balls and dots and prefer my clothing to be single colour while
I might wear clothes that I would dislike seeing.
- I think we talked something about black being a neutral colour that isn't
draining while it might not help easing sensory stimulus stress either. I
recommend using dark themes on phones and everything that has the option for
it.
- Smell: leaving the situation or avoiding, but it might also help to get a
pleasant smelling lip balm that could be stealthily smelled while applying
it.
- Sense: massaging with a (stress) ball.
- I would very often like a hug or to be touched, but when I am
asked if anyone can do anything to help me, I will lie and say
nothing as I am often ashamed of having undersensitive sense of
touch (if I can say that, as I said before, it defies logic and
all rules that I try to put on it to explain how it works). I
think it's this Finnish culture.
- I think sense of touch might be some kind of a inbuild
recovery method andchoring me to this moment or giving me
strength to continue from overwhelming.
- And I naturally forgot something important, overwhelming
is how _The Highly Sensitive Person_ calls the situation
with too much sensory stimulus stress ane need for
recharging. Before encountering _high sensitivity_, I
used words "soft limit" where warning signals started
appearing about coming panic attack or having had too
much sensory stimulus stress and needing rest and if I
borrow the term from ICT, why I wouldn't call panic
attacks as hard limit?
- Finns, this overwhelming is the same thing as
_ylivirittyneisyys_.
- and now I probably said more than I wondered if
I wanted to say above. I wonder how horrible will
this post look at on the blog while this looks
this funny in Vim which I am using to type
- I would very often like a hug or to be touched, but when I am asked if
anyone can do anything to help me, I will lie and say nothing as I am
often ashamed of having undersensitive sense of touch (if I can say that,
as I said before, it defies logic and all rules that I try to put on it to
explain how it works). I think it's this Finnish culture.
- I think sense of touch might be some kind of a inbuild recovery method
andchoring me to this moment or giving me strength to continue from
overwhelming.
- And I naturally forgot something important, overwhelming is how _The
Highly Sensitive Person_ calls the situation with too much sensory
stimulus stress ane need for recharging. Before encountering _high
sensitivity_, I used words "soft limit" where warning signals started
appearing about coming panic attack or having had too much sensory
stimulus stress and needing rest and if I borrow the term from ICT,
why I wouldn't call panic attacks as hard limit?
- Finns, this overwhelming is the same thing as _ylivirittyneisyys_.
- and now I probably said more than I wondered if I wanted to say
above. I wonder how horrible will this post look at on the blog
while this looks this funny in Vim which I am using to type
this...
- Motion: calm/slow moves
- If I recall correctly, there was some reason why the previous
therapist wanted to put motion as a sense, but I cannot remember
what the actual reason was. I think I haven't ever had an issue
with motion other than having the motorical clumsiness that I think
is part of diagnostic criteria from autism.
- If I recall correctly, there was some reason why the previous therapist
wanted to put motion as a sense, but I cannot remember what the actual
reason was. I think I haven't ever had an issue with motion other than
having the motorical clumsiness that I think is part of diagnostic criteria
from autism.
_Addition: the TL;DR of the above list could probably be put into one word.
Stim!_
And now I think I am actually finished with a few hours spend typing this
and just moving onto the 209th line in Vim. In the end I only want to say
that remember that you aren't alone, 20% of the population are estimated
to be highly sensitive people and while I don't know the percent for
people on autism spectrum, there is at least one of us in mostly every
IRC channel that you can find.
And now I think I am actually finished with a few hours spend typing this and
just moving onto the 209th line in Vim. In the end I only want to say that
remember that you aren't alone, 20% of the population are estimated to be highly
sensitive people and while I don't know the percent for people on autism
spectrum, there is at least one of us in mostly every IRC channel that you can
find.
I think I should also link to
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity) and [HSPerson.com](https://hsperson.com/) and
why not to [their self/tests](https://www.hsperson.com/test/highly-sensitive-test/)
in case you are like me and haven't encountered it before or haven't
thought that it has anything to do with you.
[Wikipedia: Sensory processing sensitivity](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity)
and [HSPerson.com](https://hsperson.com/) and why not to
[their self/tests](https://www.hsperson.com/test/highly-sensitive-test/) in case
you are like me and haven't encountered it before or haven't thought that it has
anything to do with you.
I trust that you have heard something of autism or that you are able to
find information about it easily while High Sensitivity is very unknown.
I trust that you have heard something of autism or that you are able to find
information about it easily while High Sensitivity is very unknown.
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism
or that one person might be both, so I want to link you to their blog
Oh, the _Highly Sensitive Person_ book didn't comment much on on autism or that
one person might be both, so I want to link you to their blog
[About High Sensitivity, Autism, and Neurodiversity](https://hsperson.com/about-high-sensitivity-autism-and-neurodiversity/).
And now I am finally going to end typing this at 230 lines, I hope that
this post was any help or at least not negative or including misinformation
or anything, but if that would happen to be the case, please do tell
me [by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)
And now I am finally going to end typing this at 230 lines, I hope that this
post was any help or at least not negative or including misinformation or
anything, but if that would happen to be the case, please do tell me
[by opening an issue!](https://github.com/mikaela/mikaela.github.io/issues)

116
blog/_posts/2018-10-21-dnscrypt-proxy-quick-dirty-debian.md
View File

@ -12,64 +12,61 @@ sitemap: false
---
_DNSCrypt-proxy encrypts DNS queries that would otherwise go in plaintext
ensuring that they won't be seen or modified by anyone in the middle. It
works as a localhost DNS server sending queries to configured DNS
resolvers._
ensuring that they won't be seen or modified by anyone in the middle. It works
as a localhost DNS server sending queries to configured DNS resolvers._
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which
is in most of repos currently uses broken resolver by default and only
supports one resolver at a time, while v2 can use multiple of them while
comparing them for the best ones.
I guess I should also say why you would want dnscrypt v1 vs v2. V1 which is in
most of repos currently uses broken resolver by default and only supports one
resolver at a time, while v2 can use multiple of them while comparing them for
the best ones.
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which
contain v1 and I (sadly) don't know a better way to do this.
This post is on getting v2 to Debian Stable and Ubuntu pre 18.10 which contain
v1 and I (sadly) don't know a better way to do this.
In order to check which version your distro has available, check the
dnscrypt-proxy search page for your distribution:
- [Debian](https://packages.debian.org/dnscrypt-proxy)
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has
the issues why I wrote this post.
- 2018-11-03: the version in _stretch (stable)_ is `1.9.4-1` which has the
issues why I wrote this post.
- [Ubuntu](https://packages.ubuntu.com/dnscrypt-proxy)
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I
am sure it previously had the Debian version 1.
- 2018-11-03: I cannot find dnscrypt-proxy from Ubuntu at all, while I am sure
it previously had the Debian version 1.
---
1. Update your local apt cache `sudo apt update` and install curl that will
be used for downloading the package from Debian `sudo apt-get install curl`
1. Update your local apt cache `sudo apt update` and install curl that will be
used for downloading the package from Debian `sudo apt-get install curl`
Check the version number at [Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download) and fix it
below:
Check the version number at
[Debian's dnscrypt-proxy package download page](https://packages.debian.org/sid/amd64/dnscrypt-proxy/download)
and fix it below:
2: download the package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
2: download the
package`curl -LO https://deb.debian.org/debian/pool/main/d/dnscrypt-proxy/dnscrypt-proxy_2.0.16-2_amd64.deb`
**WARNING: This part is not supported by either Debian or Ubuntu, you are
taking a package from another distribution and attempting to install it
on another.**
**WARNING: This part is not supported by either Debian or Ubuntu, you are taking
a package from another distribution and attempting to install it on another.**
**WARNING: Usually when you use apt, it will verify package signatures and
ensure that the package hasn't been tampered with. I have no idea how to
do that with direct downloads (if it's even possible) so you will be
trusting the Debian repository mirror or CDN blindly.**
ensure that the package hasn't been tampered with. I have no idea how to do that
with direct downloads (if it's even possible) so you will be trusting the Debian
repository mirror or CDN blindly.**
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>`
(TAB (above capslock) automatically completes rest of the filename for
you).
3. install the package you downloaded: `sudo dpkg -i dnscrypt-proxy<TAB>` (TAB
(above capslock) automatically completes rest of the filename for you).
1. In case there was a problem, attmept `sudo apt-get install -f` to fix
broken package depedencies. **Remember to check that what it suggests
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out
of luck and should do that instead of attempting to replace important
system components from another distribution (creating
"Frankendebian").
looks reasonable!** If it asks to remove dnscrypt-proxy, you are out of
luck and should do that instead of attempting to replace important system
components from another distribution (creating "Frankendebian").
Hopefully dnscrypt-proxy is now running, check
`journalctl -u dnscrypt-proxy`, there should be a line saying
Hopefully dnscrypt-proxy is now running, check `journalctl -u dnscrypt-proxy`,
there should be a line saying
`[NOTICE] Wiring systemd TCP socket #0, dnscrypt-proxy.socket, 127.0.2.1:53`
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping
resolvers breaking each other, it should say say `dns=none`
e.g.:
Edit `/etc/NetworkManager/NetworkManager.conf` to avoid overlapping resolvers
breaking each other, it should say say `dns=none` e.g.:
```
[main]
@ -100,15 +97,15 @@ options edns0 single-request-reopen
Nameserver is the host where dnscrypt-proxy said to be listening on in
journalctl, options are from dnscrypt-proxy documentation and search means
domains that are automatically searched for if you don't use fully
qualified domain names, e.g. `ssh machine` in my (uncommented) config
would turn into `ssh machine.mikaela.info`. Update: I find this a privacy
leakage (whenever NXDOMAIN happens), which is why I nowadays have it commented.
domains that are automatically searched for if you don't use fully qualified
domain names, e.g. `ssh machine` in my (uncommented) config would turn into
`ssh machine.mikaela.info`. Update: I find this a privacy leakage (whenever
NXDOMAIN happens), which is why I nowadays have it commented.
You should also tell dhclient to not touch resolv.conf or you may get many
files into `/etc` beginning with names `resolv.conf.dhclient-new.`
according to
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf) which gives the following two commands and
You should also tell dhclient to not touch resolv.conf or you may get many files
into `/etc` beginning with names `resolv.conf.dhclient-new.` according to
[Debian wiki](https://wiki.debian.org/resolv.conf#Stop_dhclient_from_modifying_.2Fetc.2Fresolv.conf)
which gives the following two commands and
[Debian bug 860928](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860928):
```bash
@ -118,9 +115,9 @@ chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
---
**WARNING from 2018-10-21!** It appears that the cache and log directories
of dnscrypt-proxy don't sometimes get created automatically (at least on
Debian GNU/Linux 9.6 (stretch).
**WARNING from 2018-10-21!** It appears that the cache and log directories of
dnscrypt-proxy don't sometimes get created automatically (at least on Debian
GNU/Linux 9.6 (stretch).
If this happens to you or you would like to be sure to get them:
@ -131,14 +128,16 @@ sudo chown -R _dnscrypt-proxy:nogroup /var/cache/dnscrypt-proxy /var/log/dnscryp
---
For the curious my dnscrypt-proxy config [is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy) [mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
For the curious my dnscrypt-proxy config
[is in my shell-things repository](https://github.com/Mikaela/shell-things/tree/master/etc/dnscrypt-proxy)
[mirror](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/dnscrypt-proxy).
---
## 2019-07-22 update
I have also started performing local DNSSEC validation by running Unbound
in front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
I have also started performing local DNSSEC validation by running Unbound in
front of DNSCrypt-proxy, so my queries go resolv.conf -> Unbound ->
dnscrypt-proxy -> configured resolvers. This has the advantage that if the
resolver didn't perform DNSSEC validation or lied about performing it, the
protection by DNSSEC would still be received.
@ -146,11 +145,12 @@ protection by DNSSEC would still be received.
The steps are simple:
1. `sudo apt install unbound`
- You should see a file `/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf`
which simply says `server:` and on another line after intending
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies
by distribution) which means it's performing DNSSEC validation with
those trust anchors.
- You should see a file
`/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf` which simply
says `server:` and on another line after intending
`auto-trust-anchor-file: "/var/lib/unbound/root.key"` (the path varies by
distribution) which means it's performing DNSSEC validation with those
trust anchors.
2. `sudo nano /etc/unbound/unbound.conf.d/dnscrypt-proxy.conf`
```
@ -161,6 +161,6 @@ forward-zone:
```
3. `sudo systemctl restart unbound`
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1`
instead of `127.0.2.1` where dnscrypt-proxy runs by default. For more
details, CTRL + F for resolv.conf or chattr.
4. Ensure `/etc/resolv.conf` points to `127.0.0.1` and optionally `::1` instead
of `127.0.2.1` where dnscrypt-proxy runs by default. For more details, CTRL +
F for resolv.conf or chattr.

222
blog/_posts/2019-07-11-android-private-dns-in-practice.md
View File

@ -1,7 +1,8 @@
---
layout: post
comments: true
title: "Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
title:
"Android 9 Private DNS behaviour with 853 blocked & DoT server comparsion"
category: [english]
tags: [english, Android, DNS-over-TLS, DNS, security, privacy]
redirect_from:
@ -11,10 +12,10 @@ lang: en
robots: noai
---
_Since I first heard of Android 9 Private DNS I wondered how it will work
when the port is blocked or there is a captive portal. I didn't find this
information anywhere and now that I have gotten the Android 9 Go update on
my Nokia 1, I am able to type my own blog post about it._
_Since I first heard of Android 9 Private DNS I wondered how it will work when
the port is blocked or there is a captive portal. I didn't find this information
anywhere and now that I have gotten the Android 9 Go update on my Nokia 1, I am
able to type my own blog post about it._
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -36,78 +37,94 @@ my Nokia 1, I am able to type my own blog post about it._
- Phone: Nokia 1 (TA-1047) running Android 9 (Go Edition)
- I think I got the update on 9th of July
- Language: Finnish (and as I am typing in English I may accidentally
invent my own words)
- Language: Finnish (and as I am typing in English I may accidentally invent
my own words)
- In all tests mobile data was disabled to not cause confusing results.
- As Private DNS is technically DNS over TLS, I am calling it as DoT.
- In Android 9 it's enabled from Settings, Network & Internet, Advanced settings, Private DNS
- In Android 9 it's enabled from Settings, Network & Internet, Advanced
settings, Private DNS
- I am using [dns.quad9.net](https://quad9.net/) as hostname.
- Automatic mode connects to the DNS server port 853 without validating
certificate, "Hostname of private DNS provider" (which I call as the
manual mode) also validates the certificate and disallows downgrading.
certificate, "Hostname of private DNS provider" (which I call as the manual
mode) also validates the certificate and disallows downgrading.
- [Google's documentation](https://support.google.com/android/answer/9089903?hl=en).
- [Intra](https://getintra.org/) detects when private DNS is enabled and
says that it doesn't have to be enabled at those times. However it gets
confused easily as between the metro and DHCP offering Quad9 it claimed
secure DNS was disabled. Later before the captive portal test Intra again
claimed DoT was disabled when there was no connectivity to DoT server, so
I guess it's only able to detect when Android is actually connected to the
DoT server.
- [Intra](https://getintra.org/) detects when private DNS is enabled and says
that it doesn't have to be enabled at those times. However it gets confused
easily as between the metro and DHCP offering Quad9 it claimed secure DNS was
disabled. Later before the captive portal test Intra again claimed DoT was
disabled when there was no connectivity to DoT server, so I guess it's only
able to detect when Android is actually connected to the DoT server.
- [My messy notes for making this post](https://github.com/Mikaela/mikaela.github.io/issues/149)
## The tests
---
Test: _automatic mode without DoT capable server from DHCP_; the setting
says "automatic".
Test: _automatic mode without DoT capable server from DHCP_; the setting says
"automatic".
---
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has
no internet connectivity until I disable private DNS and toggle WLAN. I
tested this in Helsinki metro.
Test: _DoT with port 853 blocked_; Android reports that the WLAN network has no
internet connectivity until I disable private DNS and toggle WLAN. I tested this
in Helsinki metro.
---
Test: _automatic mode with DoT capable server from DHCP_; Android says that
DoT is "enabled". For this test I configured a WLAN AP to use [Quad9](https://quad9.net/)
DNS servers `149.112.112.112` and `9.9.9.9`.
Test: _automatic mode with DoT capable server from DHCP_; Android says that DoT
is "enabled". For this test I configured a WLAN AP to use
[Quad9](https://quad9.net/) DNS servers `149.112.112.112` and `9.9.9.9`.
I would also have configured
the IPv6 addresses `2620:fe::9` and `2620:fe::fe` as the network was dualstack,
but naturally the router was missing ability to configure IPv6 DNS servers
and forced using the ISP ones. At least the Android 9 was happy with the IPv4
servers.
I would also have configured the IPv6 addresses `2620:fe::9` and `2620:fe::fe`
as the network was dualstack, but naturally the router was missing ability to
configure IPv6 DNS servers and forced using the ISP ones. At least the Android 9
was happy with the IPv4 servers.
I didn't do this at home as my main network connectivity is a MiFi
"box" that doesn't allow me to specify a DNS server and I tend to avoid it anyway
by using [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with [this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml) and Intra. Sadly I have some
little used devices that have no way to encrypt DNS and they either use the
ISP DNS or in case of Chromecasts I am under impression that they are
hardcoded to use Google DNS. I don't use them much though.
I didn't do this at home as my main network connectivity is a MiFi "box" that
doesn't allow me to specify a DNS server and I tend to avoid it anyway by using
[dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy/) with
[this config](https://github.com/Mikaela/shell-things/blob/master/etc/dnscrypt-proxy/dnscrypt-proxy.toml)
and Intra. Sadly I have some little used devices that have no way to encrypt DNS
and they either use the ISP DNS or in case of Chromecasts I am under impression
that they are hardcoded to use Google DNS. I don't use them much though.
Why do I care about encrypted DNS so much? Encrypt everything! And to quote
my index:
Why do I care about encrypted DNS so much? Encrypt everything! And to quote my
index:
> The only traffic I am not encrypting is probably my WLAN. For some reason my router requires a reboot once per hour with WPA2 encryption while on open network I only have to reboot it once per day (I have asked about this confusing behaviour from wiser people on IRC and they weren't able to explain it either). I support the <a href="https://openwireless.org/">Open Wireless Movement</a> and think that if someone really wanted to cause me harm, they could break into the network anyway and that would be more difficult to prove on consumer grade device than the network being open. There are firewalls on all networks and while a passerby would be able to observe unencrypted SNIs, isn't that also <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by international security agencies already</a> while even <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland has given permission to monitor traffic crossing our borders</a> ((TODO: better link in English as the situation develops)and how much of traffic doesn't do that?). I also don't like being somewhere where the only available WLANs are printers and smart thermostats :)
> The only traffic I am not encrypting is probably my WLAN. For some reason my
> router requires a reboot once per hour with WPA2 encryption while on open
> network I only have to reboot it once per day (I have asked about this
> confusing behaviour from wiser people on IRC and they weren't able to explain
> it either). I support the <a href="https://openwireless.org/">Open Wireless
> Movement</a> and think that if someone really wanted to cause me harm, they
> could break into the network anyway and that would be more difficult to prove
> on consumer grade device than the network being open. There are firewalls on
> all networks and while a passerby would be able to observe unencrypted SNIs,
> isn't that also
> <a href="https://en.wikipedia.org/wiki/Global_surveillance">being done by
> international security agencies already</a> while even
> <a href="https://fi.wikipedia.org/wiki/Suomen_tiedustelulains%C3%A4%C3%A4d%C3%A4nt%C3%B6">Finland
> has given permission to monitor traffic crossing our borders</a> ((TODO:
> better link in English as the situation develops)and how much of traffic
> doesn't do that?). I also don't like being somewhere where the only available
> WLANs are printers and smart thermostats :)
---
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_
configured to use server `https://149.112.112.112/dns-query` in Helsinki
metro; Android claims that the network has no connectivity and shows the x
on the WLAN symbol in the statusbar, but everything works regardless.
My hypothesis that I am not enough interested in confirming is that if I was
using `https://dns.quad9.net/dns-query` nothing would work as the Intra app
would have been unable to resolve that name due to DoT being blocked.
Bonus test: _DoT + DoH via the [Intra app](https://getintra.org/)_ configured to
use server `https://149.112.112.112/dns-query` in Helsinki metro; Android claims
that the network has no connectivity and shows the x on the WLAN symbol in the
statusbar, but everything works regardless. My hypothesis that I am not enough
interested in confirming is that if I was using
`https://dns.quad9.net/dns-query` nothing would work as the Intra app would have
been unable to resolve that name due to DoT being blocked.
---
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to
login to the network as usual, so I guess Android handles captive portal
separately from DoT which is a good thing in my opinion as otherwise that
feature would likely be too confusing or difficult for many people to use.
Test: _DoT + Captive Portal_; I get the captive portal prompt asking me to login
to the network as usual, so I guess Android handles captive portal separately
from DoT which is a good thing in my opinion as otherwise that feature would
likely be too confusing or difficult for many people to use.
I performed this test next to a closed Espresso House, which luckily hadn't
turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
@ -116,36 +133,37 @@ turned off their WLAN AP, but I treat SSIDs as free advertising anyway.
## Why I use Quad9?
I had an idea of blogging about this separately long before I got Android 9
and was able to perform this testing, but as I mention it so much I guess
it's better to merge the posts.
I had an idea of blogging about this separately long before I got Android 9 and
was able to perform this testing, but as I mention it so much I guess it's
better to merge the posts.
What I wish from a DNS server is privacy/security (including DoT), [DNSSEC],
being stable (or unlikely to go
away without warning in near future) and thus being able to recommend it to
my family members (read as: configure it on their routers while being tech
support).
being stable (or unlikely to go away without warning in near future) and thus
being able to recommend it to my family members (read as: configure it on their
routers while being tech support).
[dnssec]: https://www.dnssec.net/
The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>) are the following:
The options
[judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers#DNSPrivacyPublicResolvers-DNS-over-TLS(DoT)>)
are the following:
- Quad9 (I am only talking about the secure variant as the insecure disables
DNSSEC)
- non-profit
- [privacy policy](https://quad9.net/privacy/) (I seem to have too much
problems with the others to even look at their policies)
- same malicious domain filtering for everyone (I was going to compare it
to Cisco/OpenDNS without realizing that the DoT requirement dropped them out
- same malicious domain filtering for everyone (I was going to compare it to
Cisco/OpenDNS without realizing that the DoT requirement dropped them out
already) that I haven't yet encountered
- [FAQ](https://quad9.net/faq/)
- supports DNS over HTTPS (I need it for Firefox which at the time of typing requires
DoH for ESNI support)
- supports DNS over HTTPS (I need it for Firefox which at the time of typing
requires DoH for ESNI support)
- has a node in Finland (see TREX under regional providers)
- I have heard that they plan a network map (Adguard on the bottom has it)
and I hope to see it soon, because I would have no idea they have a node
in Finland without knowing about TREX and having performed DNS leak test
(see TREX under regional providers for more details on both).
- I have heard that they plan a network map (Adguard on the bottom has it) and
I hope to see it soon, because I would have no idea they have a node in
Finland without knowing about TREX and having performed DNS leak test (see
TREX under regional providers for more details on both).
- Cloudflare
- for-profit company
- too big for my taste and possibly getting even bigger if Firefox starts
@ -156,19 +174,18 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
queries too.
- CleanBrowsing
- I never looked it before, but it appears to be for-profit
- allows custom filters? What prevents filters from another user from
being applied to me? This was a problem with Cisco OpenDNS.
- allows custom filters? What prevents filters from another user from being
applied to me? This was a problem with Cisco OpenDNS.
- Adguard
- I never looked at them before either, but they look surprisingly good
and I could consider using them with the short reading I did for this
post.
- I never looked at them before either, but they look surprisingly good and I
could consider using them with the short reading I did for this post.
- for-profit (even though they claim to make money by their other products
than DNS, but so do Cloudflare and Google?)
- I worry they could block something more than ads/malware by accident
- and I think they are more likely to do that than Quad9 due to blocking
so much more.
- and this could be painful to start troubleshooting over the phone
with family members.
- and I think they are more likely to do that than Quad9 due to blocking so
much more.
- and this could be painful to start troubleshooting over the phone with
family members.
- [privacy policy](https://adguard.com/en/privacy.html)
- based in Cyprus (EU)
- [Adguard DNS page including FAQ](https://adguard.com/en/adguard-dns/overview.html)
@ -177,38 +194,41 @@ The options [judging by DNSPrivacy.org](<https://dnsprivacy.org/wiki/display/DP/
Then there are regional providers like:
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for Finnish users
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But TREX hosts a Quad9 node, which offers a secure service with those features."
- this can be confirmed by running a [DNS leak test](https://dnsleaktest.com/)
which in Finland replies "TREX Regional Exchanges Oy" and being hosted
by TREX is a plus for Quad9 in my eyes as it's
- often recommended for Finnish users instead of Google DNS by people in
my circles
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech users
(English readers: enable cookies and click "English")
- [TREX recursive name service](http://www.trex.fi/service/resolvers.html) for
Finnish users
- "Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But
TREX hosts a Quad9 node, which offers a secure service with those features."
- this can be confirmed by running a
[DNS leak test](https://dnsleaktest.com/) which in Finland replies "TREX
Regional Exchanges Oy" and being hosted by TREX is a plus for Quad9 in my
eyes as it's
- often recommended for Finnish users instead of Google DNS by people in my
circles
- [CZ.NIC Open DNSSEC Validating Resolvers](https://www.nic.cz/odvr/) for Czech
users (English readers: enable cookies and click "English")
- has DNSSEC, DoT & DoH
- probably wouldn't make much sense to use from Finland (or anywhere
else far from Czech Republic, I imagine all the neighbouring countries would also have their
own equivalent regardless of CZ.NIC being so big name (you have heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
- (thus I promote centralization, but) a regional not-anycasted DNS server
may be impractical while traveling as your DNS would always go through
home and possibly be slower than it could be. As a counter argument it
wouldn't hurt that much or be difficult to change, but would you
remember to do it while traveling (I guess I would) and would your
family members remember that?
- probably wouldn't make much sense to use from Finland (or anywhere else far
from Czech Republic, I imagine all the neighbouring countries would also
have their own equivalent regardless of CZ.NIC being so big name (you have
heard of e.g. [Turris Omnia](https://en.wikipedia.org/wiki/Turris_Omnia)?))
- (thus I promote centralization, but) a regional not-anycasted DNS server may
be impractical while traveling as your DNS would always go through home and
possibly be slower than it could be. As a counter argument it wouldn't hurt
that much or be difficult to change, but would you remember to do it while
traveling (I guess I would) and would your family members remember that?
And the golden option of hosting your own DNS. (It's actually easy with
Unbound, I haven't tried DoH/DoT hosting though!)
And the golden option of hosting your own DNS. (It's actually easy with Unbound,
I haven't tried DoH/DoT hosting though!)
- Hosting where?
- Hosting with what money?
- On my laptop? What about when it goes down?
- On three of my active devices separately? I don't think the root
nameserver admins would be very happy if everyone did that.
- On my VPS? What if it went down due to being so cheap? What to say when
my family called that "the internet is broken"? How to provide the additional
line of defence against malware and phishing as well as Quad9 does it with
all their information sources and partners?
- On three of my active devices separately? I don't think the root nameserver
admins would be very happy if everyone did that.
- On my VPS? What if it went down due to being so cheap? What to say when my
family called that "the internet is broken"? How to provide the additional
line of defence against malware and phishing as well as Quad9 does it with all
their information sources and partners?
To me Quad9 seems the least bad (or the least scary?) option with all these
things considered, but some other provider may seem better to you.

267
blog/_posts/2021-08-03-matrix-perfect-privacy-not.md
View File

@ -32,172 +32,217 @@ administrating experience due to not having any with Matrix personally._
## Element, what Element?
Element is the defacto Matrix client. If you wish to get into Matrix, you
will likely hear the advice to install Element or use it on the web.
Element is the defacto Matrix client. If you wish to get into Matrix, you will
likely hear the advice to install Element or use it on the web.
It comes with two problems:
- you will likely register your account on the `matrix.org` homeserver and
later hear that you made a mistake in using it as it's overloaded and you
should instead use some other homeserver which would also be good for
healthy federation, but the interface doesn't suggest or offer you any
other servers.
- maybe in the future [your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
- if you happen to be like me and use both Element Web and Element iOS, you
will notice they are wildly inconsistent. I cannot comment on Element
Android as my phone (Nokia 1 / TA-1047) is too weak powered for pleasant
Matrix experience and I don't use it much.
- you will likely register your account on the `matrix.org` homeserver and later
hear that you made a mistake in using it as it's overloaded and you should
instead use some other homeserver which would also be good for healthy
federation, but the interface doesn't suggest or offer you any other servers.
- maybe in the future
[your account will be decentralized and that won't matter](https://github.com/matrix-org/matrix-spec/issues/246)?
- if you happen to be like me and use both Element Web and Element iOS, you will
notice they are wildly inconsistent. I cannot comment on Element Android as my
phone (Nokia 1 / TA-1047) is too weak powered for pleasant Matrix experience
and I don't use it much.
Comparing the later two platforms, I imagine you will hit some of these
problems sooner or later:
Comparing the later two platforms, I imagine you will hit some of these problems
sooner or later:
- <s>You see a link in the channel. If you were using Element Web or
possibly even Element Android you would immediately know what it was
about. However you use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS that never got URL preview support!</a></s>
- <s>You see a link in the channel. If you were using Element Web or possibly
even Element Android you would immediately know what it was about. However you
use <a href="https://github.com/vector-im/element-ios/issues/888">Element iOS
that never got URL preview support!</a></s>
- You hear of interesting room on another room and you wish to join it. You
touch the name wishing to get into there? What happens instead? You will get
an error message [cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
- I hope that doesn't annoy you and you wish to hear the workaround of
running `/join #room:example.net` by hand instead.
an error message
[cannot rejoin an empty room](https://github.com/vector-im/element-ios/issues/1066).
- I hope that doesn't annoy you and you wish to hear the workaround of running
`/join #room:example.net` by hand instead.
- This may be a bit more rare one, but if you share rooms with bots, you may
notice that on Element Web they are more gray than people. [Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
- I may again be a bit weird, but I wish to have [timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
but Element says no. They exist on Web, not on iOS. Same if you [wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
- <s>I almost forgot, but the <a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
just <a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't exist on iOS</a>,
should you attempt to join or be invited to one, you will get a banner
saying that they aren't implemented yet and you cannot accept or reject
the invite unless you open Element Web to do that.</s>
notice that on Element Web they are more gray than people.
[Element iOS just never got messages from bots being rendered differently](https://github.com/vector-im/element-ios/issues/882).
- I may again be a bit weird, but I wish to have
[timestamps for all messages visible all the time](https://github.com/vector-im/element-ios/issues/524),
but Element says no. They exist on Web, not on iOS. Same if you
[wanted to see seconds](https://github.com/vector-im/element-ios/issues/3901)
- <s>I almost forgot, but the
<a href="https://element.io/blog/spaces-the-next-frontier/">new spaces</a>
just
<a href="https://github.com/vector-im/element-ios/issues?q=label%3AA-Spaces+">don't
exist on iOS</a>, should you attempt to join or be invited to one, you will
get a banner saying that they aren't implemented yet and you cannot accept or
reject the invite unless you open Element Web to do that.</s>
- <s>Another issue I am editing in hours later is pills, when you mention
someone on Element (Web), or someone else mentions someone, there is a clear
pill shape around their name and it can be clicked to get to their profile,
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on Element (iOS)</a></s>
<a href="https://github.com/vector-im/element-ios/issues/3526">but not on
Element (iOS)</a></s>
And that is probably enough of annoyances with Element iOS, I hope the
situation will improve in foreseeable future there due to
And that is probably enough of annoyances with Element iOS, I hope the situation
will improve in foreseeable future there due to
[Matrix exploding with Element securing $30M funding to revolutionise the apps usability, build out major new features, expand in the enterprise market and take Matrix fully mainstream!](https://element.io/blog/element-raises-30m-as-matrix-explodes/)
2022-01-29: As seen from the strikethrough, two of six points on my list have
been resolved, however today [FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
At the time of writing [stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
been resolved, however today
[FluffyChat released version 1.2.0 featuring stories](https://ko-fi.com/post/Whats-new-in-FluffyChat-1-2-0-Z8Z09LEO7).
At the time of writing
[stories are a draft Matrix spec proposal](https://github.com/matrix-org/matrix-spec-proposals/pull/3588)
that in incompatible clients (such as Element Web and Element Android) appear as
read-only rooms, however [Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
read-only rooms, however
[Element iOS hides them completely with the exception of notifications that cannot be acknowledged](https://github.com/vector-im/element-ios/issues/5455).
## You mentioned privacy?
Yes, privacy is a big reason why Matrix is advertised and the lack of it is
a fact you agree to by using Matrix or getting bridged to Matrix (which is
out of scope for this blog post as it involves other protocols too much,
whether you know Matrix or not).
Yes, privacy is a big reason why Matrix is advertised and the lack of it is a
fact you agree to by using Matrix or getting bridged to Matrix (which is out of
scope for this blog post as it involves other protocols too much, whether you
know Matrix or not).
As with the internet in general, the most safe assumption is that once you
post something it's there forever. It may be encrypted in a private Matrix
room or it may be public in a public room, but it will most likely be there
forever.
As with the internet in general, the most safe assumption is that once you post
something it's there forever. It may be encrypted in a private Matrix room or it
may be public in a public room, but it will most likely be there forever.
Matrix does support [history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
this assumes [your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
and as your room is hosted on every homeserver that has users in your room,
have a single homeserver that hasn't explicitly enabled it, or doesn't otherwise support it, and the room
history never goes away. Executing `/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version [will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
Matrix does support
[history retention if you are advanced enough to enable it](https://brendan.abolivier.bzh/matrix-retention-policies/),
this assumes
[your homeserver explicitly enables it as it's not default](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L481-L484)
and as your room is hosted on every homeserver that has users in your room, have
a single homeserver that hasn't explicitly enabled it, or doesn't otherwise
support it, and the room history never goes away. Executing
`/upgraderoom {{site.matrixLatestRoomVersion}}` or any other version
[will also remove the event](https://github.com/matrix-org/synapse/issues/11279).
**_WARNING!_** [Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
and [will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
Upgrading the room will fix that, but it's just a fancy
way of saying "discontinue the old room and add a note saying where the new
room is".
**_WARNING!_**
[Enabling history **_retention_** may **_corrupt your Synapse database_**](https://github.com/matrix-org/synapse/issues/13476)
and
[will make your room **_unrejoinable_** if a homeserver leaves it for long enough](https://github.com/matrix-org/synapse/issues/11448).
Upgrading the room will fix that, but it's just a fancy way of saying
"discontinue the old room and add a note saying where the new room is".
**_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
**_WARNING! Always before executing `/upgraderoom` check that everyone in your
room has a recent Matrix server that supports your target room version,
otherwise you may lock some of your users out._** For example
`/invite @version:maunium.net` and once it joins, say
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
that don't support room version {{site.matrixLatestRoomVersion}} yet.
In case there isn't enough confusion, retention shouldn't be confused with actual [self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
In case there isn't enough confusion, retention shouldn't be confused with
actual
[self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
_Technical note: sorry about calling <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd issue
as a Matrix protocol issue._
_Technical note: sorry about calling <s>reference</s> homeserver implementation
by the <s>matrix.org team</s> New Vector Ltd issue as a Matrix protocol issue._
You may say that this requires you to trust the homeserver admin anyway and
that is true, I wish people could trust each other and even if someone
modified their Synapse to never remove anything or had a client logging
everything, they wouldn't throw that history to people who don't want to see it.
You may say that this requires you to trust the homeserver admin anyway and that
is true, I wish people could trust each other and even if someone modified their
Synapse to never remove anything or had a client logging everything, they
wouldn't throw that history to people who don't want to see it.
Speaking of removals, once you remove a message [it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461) which is fine for me, but if [this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263) and should you have copied link to the media, it would keep on working
and if you changed the homeserver address in your copied link, it would still
keep on working. Is this something you expect from a private protocol? I don't, or I didn't before getting familiar with Matrix. There is also an [alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
Speaking of removals, once you remove a message
[it will be stored in the database for server admins for 7 days](https://github.com/matrix-org/synapse/blob/ba5287f5e8be150551824493b3ad685dde00a543/docs/sample_config.yaml#L456-L461)
which is fine for me, but if
[this message happened to be media instead of text, it would never be removed](https://github.com/matrix-org/synapse/issues/1263)
and should you have copied link to the media, it would keep on working and if
you changed the homeserver address in your copied link, it would still keep on
working. Is this something you expect from a private protocol? I don't, or I
didn't before getting familiar with Matrix. There is also an
[alternative proposal about this](https://github.com/matrix-org/matrix-spec-proposals/pull/2228).
_By the way Synapse is still a <s>reference</s> homeserver implementation by the <s>matrix.org team</s> New Vector Ltd and not
Matrix protocol itself, so sorry about that for anyone technical reading this._
_By the way Synapse is still a <s>reference</s> homeserver implementation by the
<s>matrix.org team</s> New Vector Ltd and not Matrix protocol itself, so sorry
about that for anyone technical reading this._
Do you use different names in different contexts? Like your Full Name in
professional context, a nickname somewhere else and maybe what will be your
real name after gender transitioning or even have a diffferent name in direct
chat with your partner? [Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
professional context, a nickname somewhere else and maybe what will be your real
name after gender transitioning or even have a diffferent name in direct chat
with your partner?
[Congratulations, whatever is your latest room-specific name may now be public (especially when the room federates and has users from different homeservers), same with your potential avatar](https://github.com/matrix-org/synapse/issues/5677).
_Synapse didn't become Matrix protocol itself by the way, there are still other implementations!_
_Synapse didn't become Matrix protocol itself by the way, there are still other
implementations!_
This issue does have a potential solution [an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
and what I am hopeful about in the future <a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open pull request specification for space specific profiles</a>,
unless it just moves the issue to a different level. Which is [cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
This issue does have a potential solution
[an API planned for room specific details (2015)](https://github.com/matrix-org/matrix-spec/issues/103)
and what I am hopeful about in the future
<a href="https://github.com/matrix-org/matrix-spec-proposals/pull/3189">open
pull request specification for space specific profiles</a>, unless it just moves
the issue to a different level. Which is
[cancelled or delayed for an undefined time period](https://github.com/matrix-org/matrix-spec-proposals/pull/3189#issuecomment-905761797),
["until extensible profiles and sync v3 become more concrete"](https://github.com/matrix-org/matrix-spec-proposals/pull/1769)
2021-08-27: I don't know how serious issue this may be for you, but any emoji/
[reactions made on end-to-end-encrypted messages aren't encrypted](https://github.com/matrix-org/matrix-spec/issues/660).
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you cannot read the other party, but
regardless see their reactions on your messages.
It's fun in [E2EE test rooms](matrix:r/megolm:matrix.org?action=join) when you
cannot read the other party, but regardless see their reactions on your
messages.
2022-01-10: In E2EE features, when you are invited to E2EE rooms, you generally
cannot see the previously encrypted messages. However when those are encrypted,
viewing [message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
which [have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
viewing
[message source will reveal the older messages in body and formatted_body](https://github.com/matrix-org/matrix-spec/issues/368)
which
[have been under deprecating plans since 2020-09-19, maybe in the future...](https://github.com/matrix-org/matrix-spec-proposals/pull/2781)
I think that was my biggest complaints on Matrix (or Synapse itself), that
don't involve other protocols and I have personally experienced. My notes
for this blog post include [Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
or in other words [Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
I think that was my biggest complaints on Matrix (or Synapse itself), that don't
involve other protocols and I have personally experienced. My notes for this
blog post include
[Elements not having real contacts list](https://github.com/vector-im/element-web/issues/4488),
or in other words
[Matrix not having canonical direct messages](https://github.com/matrix-org/matrix-spec-proposals/pull/2199),
but they didn't occur to me and I guess it has been doing fine enough without
implementing those.
If any of these issues is a dealbreaker for you or you don't want to hear
a bad word about Matrix, you may be wondering what is the perfect flawless
solution? I don't know, personally I don't think it may not exist and I don't
want to enter discussing compromise solutions or other protocols in this post
at all. This list also wasn't complete on what issues I have with Matrix
(and so close to the end I don't want to dig for references) and I have
specific wishes that no protocol offers (at least not consistently,
such as using multiple names and knowing which name I am using where or managing
50 different rooms with same operators everywhere, but [that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
If any of these issues is a dealbreaker for you or you don't want to hear a bad
word about Matrix, you may be wondering what is the perfect flawless solution? I
don't know, personally I don't think it may not exist and I don't want to enter
discussing compromise solutions or other protocols in this post at all. This
list also wasn't complete on what issues I have with Matrix (and so close to the
end I don't want to dig for references) and I have specific wishes that no
protocol offers (at least not consistently, such as using multiple names and
knowing which name I am using where or managing 50 different rooms with same
operators everywhere, but
[that may get answered by Matrix](https://github.com/matrix-org/matrix-spec-proposals/pull/2962).)
You may wonder was it nice of me to write so negative blog post. I find it
therapeutic as [I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
and now I have finally done it, a bit over half an year late,
spending a bit over an hour to it and I feel better after getting these problems
out of my head and maybe they weren't so big after all. Up to you.
therapeutic as
[I have had an issue to me to write this since 2021-01-15](https://github.com/Mikaela/mikaela.github.io/issues/230)
and now I have finally done it, a bit over half an year late, spending a bit
over an hour to it and I feel better after getting these problems out of my head
and maybe they weren't so big after all. Up to you.
Lastly I apologise to you-know-who-you-are for not titling this post "undefined",
or even M.UNKNOWN (which I would have imagined to be one of the issues for me to write about, but
I don't remember seeing it in a long time, so maybe the situation is improving.
Lastly I apologise to you-know-who-you-are for not titling this post
"undefined", or even M.UNKNOWN (which I would have imagined to be one of the
issues for me to write about, but I don't remember seeing it in a long time, so
maybe the situation is improving.
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss),
or you can find me from a lot of the linked issues and there is also [issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
Feedback? I have [a discussion room in many apps](https://aminda.eu/discuss), or
you can find me from a lot of the linked issues and there is also
[issue tracker for this site](https://github.com/Mikaela/mikaela.github.io/issues).
- [Changelog, also known as git commit history](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-08-03-matrix-perfect-privacy-not.md)
- Clicksaver for edits done on day of publishing: I have fixed a typo resulting one
link being a 404 error, added mention on Element (iOS) not doing URL previews
and later added pills not being supported by it either. I didn't consider
- Clicksaver for edits done on day of publishing: I have fixed a typo
resulting one link being a 404 error, added mention on Element (iOS) not
doing URL previews and later added pills not being supported by it either. I
didn't consider
[outdated emoji picker](https://github.com/vector-im/element-ios/issues/4654)
worth mentioning here, but it came up in the same context as URL previews
and wasn't reported to upstream, so I might as well mention it in this part.
- 2021-08-27: Noted cancellation/delay of space-specific profiles,
mention emoji/reactions not being encrypted at all, added link to E2EE
test room and this list item.
- 2021-08-27: Noted cancellation/delay of space-specific profiles, mention
emoji/reactions not being encrypted at all, added link to E2EE test room and
this list item.
- 2021-09-09: It's brought to my attention that URL previews exist on Element
iOS! It's 23.15 in Finland so I only strikethrough this issue.
- 2022-01-10: I am told that [Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
- 2022-01-10: I am told that
[Synapse is not a reference homeserver implementation since 2021-10-06](https://github.com/matrix-org/synapse/pull/10971#event-5418418970)
so I have strikethrouged that and changed it to "by the matrix.org team".
- Typing this it looks like this blogpost predates the demote of Synapse, but
I wish to stay up-to-date with this post.
- I am also noting that `m.room.retention` doesn't persist across room upgrades
and linking to the Element-meta issue on self-destructing/disappearing messages
to not be confused with retention.
- Typing this it looks like this blogpost predates the demote of Synapse,
but I wish to stay up-to-date with this post.
- I am also noting that `m.room.retention` doesn't persist across room
upgrades and linking to the Element-meta issue on
self-destructing/disappearing messages to not be confused with retention.
- Oh and reply fallbacks leaking previously encrypted messages too.
- 2022-05-31: I noticed that Element iOS has gotten pills. Strikethrough time.
- 2023-07-05: I added warning that room retention may cause database

248
blog/_posts/2021-11-23-leaving-privacyguides.md
View File

@ -7,36 +7,35 @@ lang: en
robots: noai
---
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io
based on transparency/openess, actually reviewing recommendations and having
at least two reviews by team members before un/recommending anything. That
is no longer the case._
_PrivacyGuides.org was supposed to be the continuation of PrivacyTools.io based
on transparency/openess, actually reviewing recommendations and having at least
two reviews by team members before un/recommending anything. That is no longer
the case._
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so
I was less available online. During that time, on 2021-11-18 9.30 UTC+2
a pull request was force-merged by a team member listing three new projects
and removing two.
Between 2021-11-12 and 2021-11-20 I had a friend visiting me physically so I was
less available online. During that time, on 2021-11-18 9.30 UTC+2 a pull request
was force-merged by a team member listing three new projects and removing two.
- [privacyguides/privacyguides.org#274](https://github.com/privacyguides/privacyguides.org/pull/274)
This was mentioned in the team room and reviews were asked during one hour
period before the force-merge, but no one was online to review before it was
already merged. I didn't realize what had happened, until another PR came in
on 2021-11-21.
already merged. I didn't realize what had happened, until another PR came in on
2021-11-21.
I believe this change violates what Privacy Guides stands for and as no one
has any interest making an announcement (this may be the first one) or
reverting the pull request until proper process, I consider that the team
has no purpose and isn't needed for reviewing anything as opinions of an
individual can be force-pushed through like that.
I believe this change violates what Privacy Guides stands for and as no one has
any interest making an announcement (this may be the first one) or reverting the
pull request until proper process, I consider that the team has no purpose and
isn't needed for reviewing anything as opinions of an individual can be
force-pushed through like that.
This has brought me enough anxiety and stress to distract me from other
aspects of my life and I consider my departure to be healthy in general.
This has brought me enough anxiety and stress to distract me from other aspects
of my life and I consider my departure to be healthy in general.
The way things appear to be going is that there will be a change of criteria
that will then justify the change. To me this is just the other side of the
coin from changing a law to ban something and then punishing people for it
and not the way a transparent project should work.
that will then justify the change. To me this is just the other side of the coin
from changing a law to ban something and then punishing people for it and not
the way a transparent project should work.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -60,49 +59,50 @@ and not the way a transparent project should work.
## Previous leaving
I previously left Privacy Guides team, then known as Privacy Tools due to
there having been an issue I viewed as conflict of interest, someone in the
then-team being offered work or gig by a software/service that was willing to
be listed, which the rest of the team didn't consider as one or worth mentioning,
but you can find more information about that online.
I previously left Privacy Guides team, then known as Privacy Tools due to there
having been an issue I viewed as conflict of interest, someone in the then-team
being offered work or gig by a software/service that was willing to be listed,
which the rest of the team didn't consider as one or worth mentioning, but you
can find more information about that online.
Maybe I am just incapable of working in teams that claim to be something
they are not, while I personally aspire to stand for my values and be openly
and honestly myself.
Maybe I am just incapable of working in teams that claim to be something they
are not, while I personally aspire to stand for my values and be openly and
honestly myself.
## Other issues
### Cleanup older solutions now, instruct on new ones later
Like everything else in tech, privacy field changes fast and it can be hard
to keep up. Privacy Guides appear to have adapted a policy to get rid of old
Like everything else in tech, privacy field changes fast and it can be hard to
keep up. Privacy Guides appear to have adapted a policy to get rid of old
recommendations such as HTTPS Everywhere as soon as possible.
HTTPS Everywhere is deprecated and going away as web browsers are rapidly
gaining an option for enforcing HTTPS connections everywhere. However it is
not enabled by default in most of web browsers and Privacy Guides has delisted
the extension without instructions on how to enable the HTTPS-only mode.
gaining an option for enforcing HTTPS connections everywhere. However it is not
enabled by default in most of web browsers and Privacy Guides has delisted the
extension without instructions on how to enable the HTTPS-only mode.
In my opinion the issue is even worse when considering that the option doesn't
even sync in some web browsers such as Microsoft Edge.
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy Guides recommends\>.
Counter-argument: Microsoft Edge is not private browser, use \<whatever Privacy
Guides recommends\>.
I hope that helps tech/privacy support people using Privacy Guides as material,
less techy people may have difficulties even installing extensions.
### Community communication
I haven't been in the Matrix rooms of Privacy Guides in a long time outside
of the team, as I find them very draining. I think I have an issue with how
I haven't been in the Matrix rooms of Privacy Guides in a long time outside of
the team, as I find them very draining. I think I have an issue with how
multiple people communicate and there are ongoing discussions on improving the
Code of Conduct.
### Privacy, is it one size fits all, what can be sacrificed for it?
As may be clear from this writing, I have multiple values and while privacy
is one of them, I don't consider privacy to be above everything else. For
example I care about climate change and diversity of the internet.
As may be clear from this writing, I have multiple values and while privacy is
one of them, I don't consider privacy to be above everything else. For example I
care about climate change and diversity of the internet.
I get the impression that Privacy Guides is going towards a direction where, to
exaggregate a bit, only VPN providers and internet giants alongside big enough
@ -110,109 +110,127 @@ organizations exist. And by VPN, I don't mean a service that connects two
networks together letting you access private network resources, I mean a service
that everyone in ICT field appears to tell you to get to be private and secure
online, commonly without explaining why you need one, or which one, which
results into a risk of getting one that may be a bit shady or paying it's
way into rankings (Privacy Guides doesn't take money to my knowledge, but who
can know if force-merges will make that the norm in the future).
results into a risk of getting one that may be a bit shady or paying it's way
into rankings (Privacy Guides doesn't take money to my knowledge, but who can
know if force-merges will make that the norm in the future).
I disagree and wish to see a connected world where anyone can host a server
even at their home or even host on P2P networks without caring about NAT or
port-forwarding, while that goes to firewalls versus NAT territory and brings
in the dark side of Internet of Things which likely call home, don't interoperate
I disagree and wish to see a connected world where anyone can host a server even
at their home or even host on P2P networks without caring about NAT or
port-forwarding, while that goes to firewalls versus NAT territory and brings in
the dark side of Internet of Things which likely call home, don't interoperate
with each other, and never get updates or may just stop working should the
manufacturer go out of business, but that would be something for another blog post.
manufacturer go out of business, but that would be something for another blog
post.
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough
for majority of people and in case of family tech-administrators can go
a long way in upkeeping security in form of malicious domain filtering without
drawbacks of VPNs (increased latencies, captchas, connectivity problems in
poor network connections).
I argue that today enforcing HTTPS everywhere and encrypting DNS is enough for
majority of people and in case of family tech-administrators can go a long way
in upkeeping security in form of malicious domain filtering without drawbacks of
VPNs (increased latencies, captchas, connectivity problems in poor network
connections).
- _Before following any of this, please see [Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether it suits for you_
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about diverse internet, has less bloat on it
and due to separate port is likely choice of your network admin. However **_DoH actually works everywhere_**
due to using the same port, so as someone who just wants to use the internet, it should be preferred.
If you are implementing encrypted DNS somewhere, I would request support
for both for the [DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
- _Before following any of this, please see
[Quad9 privacy policy](https://quad9.net/service/privacy/) and decide whether
it suits for you_
- DoT vs Private DNS vs DoH? (Private DNS is) DoT which actually cares about
diverse internet, has less bloat on it and due to separate port is likely
choice of your network admin. However **_DoH actually works everywhere_**
due to using the same port, so as someone who just wants to use the
internet, it should be preferred. If you are implementing encrypted DNS
somewhere, I would request support for both for the
[DoT opportunistic mode which should be default](https://datatracker.ietf.org/doc/html/rfc8310#section-5).
- Android9+: Settings -> Advanced -> Private DNS: `dns.quad9.net`
- Apple: [encrypted-dns.party](https://encrypted-dns.party/)
- SailfishOS: [feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
- Linux: [systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS) [Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
- Windows 11: [proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support) or (read first: [Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users)) [improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg) and in any case network settings
- SailfishOS:
[feature request](https://forum.sailfishos.org/t/support-doh-for-sailfish/3616?u=mikaela)
- Linux:
[systemd-resolved on Arch Wiki](https://wiki.archlinux.org/title/Systemd-resolved#DNS_over_TLS)
[Actually secure DNS over TLS in Unbound on ctrl.blog](https://www.ctrl.blog/entry/unbound-tls-forwarding.html)
- Windows 11:
[proper method](https://docs.microsoft.com/windows-server/networking/dns/doh-client-support)
or (read first:
[Microsoft: Windows registry for advanced users](https://docs.microsoft.com/troubleshoot/windows-server/performance/windows-registry-advanced-users))
[improper method that only experienced users if even them should use](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/Windows/DoH/DohWellKnownServers.reg)
and in any case network settings
Counter-argument: encrypted DNS doesn't encrypt the IP address you are connecting
to which often maps back to the plaintext domain, and SNI is still visible so
the sites you visit are still visible.
Counter-argument: encrypted DNS doesn't encrypt the IP address you are
connecting to which often maps back to the plaintext domain, and SNI is still
visible so the sites you visit are still visible.
Counter-counter-argument: do people around you really care if the ISP and
encrypted DNS provider know they are visiting sites like `facebook.com` and
`youtube.com` as they still cannot see what you are doing there?
In case encrypting what is being done on sites (https) and encrypting DNS
(to protect from DNS hijacking) is not enough, I would advice using [Tor](https://torproject.org/) instead
and becoming familiar with their website.
In case encrypting what is being done on sites (https) and encrypting DNS (to
protect from DNS hijacking) is not enough, I would advice using
[Tor](https://torproject.org/) instead and becoming familiar with their website.
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally or not? DNSSEC
and certificate authorities. Also out of scope for this post, but if your
interest is piqued, please do use your favourite search engine to learn more,
I already wrote too much about encrypted DNS...
What if the WiFi-AP/ISP/VPN/encrypted-DNS server is lying whether intentionally
or not? DNSSEC and certificate authorities. Also out of scope for this post, but
if your interest is piqued, please do use your favourite search engine to learn
more, I already wrote too much about encrypted DNS...
### Real time communication platforms
If you look into Privacy Guides instant messaging platforms, at the time
of writing it will suggest you to use Element. That means nothing,
[there are three different apps called as Element on three different platforms, the only thing in common is the name and if you are looking for privacy, you should look into it deeper or look entirely elsewhere, but that is my previous blog post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at the time of writing)
your room specific display names may leak and media files are never actually
removed. If that is fine for you, great. If your issue is just with
room specific display names, I would suggest a Matrix client that allows
using multiple different accounts such as [FluffyChat](https://fluffychat.im/) (note:
I am a contributor).
If you look into Privacy Guides instant messaging platforms, at the time of
writing it will suggest you to use Element. That means nothing, [there are three
different apps called as Element on three different platforms, the only thing
in common is the name and if you are looking for privacy, you should look into
it deeper or look entirely elsewhere, but that is my previous blog
post]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}). TL;DR is that (at
the time of writing) your room specific display names may leak and media files are
never actually removed. If that is fine for you, great. If your issue is just with
room specific display names, I would suggest a Matrix client that allows using multiple
different accounts such as [FluffyChat](https://fluffychat.im/) (note: I am a contributor).
Privacy Guides not warning about Matrix may be partially my fault
as [I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50) though.
Privacy Guides not warning about Matrix may be partially my fault as
[I was the team member mainly warning about it and assigned the issue to myself](https://github.com/privacyguides/privacyguides.org/issues/50)
though.
XMPP? Privacy Guides doesn't mention it, because there is no single app
to recommend across all platforms (and I am grateful about that
as opposed to Element not being Element not being Element) and the protocol
doesn't enforce end-to-end encryption. I am not sure if being under control
of the server admin counts as Matrix also allows server admin to perform takeover
and other hostilities. [Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
XMPP? Privacy Guides doesn't mention it, because there is no single app to
recommend across all platforms (and I am grateful about that as opposed to
Element not being Element not being Element) and the protocol doesn't enforce
end-to-end encryption. I am not sure if being under control of the server admin
counts as Matrix also allows server admin to perform takeover and other
hostilities.
[Compatibility suites?](https://xmpp.org/about/myths/#everybody-implements-different-incompatible-extensions),
they don't care.
Speaking of end-to-end encryption, another rejected solution especially for
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going
to blog in the future about) as end-to-end encryption
isn't useful in public channels, it can easily be used in internal network
(maybe accessed by not-misnomer-VPN I wrote about above) or ran in public
allowing Tor access without requiring registration, at the time neither Slack
or Discord provides end-to-end encryption and neither Slack or Element provides
guest access to my knowledge. (The toggle in room settings? It was removed
accidentally without never getting reimplemented).
teams is IRC, especially [Ergo](https://ergo.chat/) (which I am going to blog in
the future about) as end-to-end encryption isn't useful in public channels, it
can easily be used in internal network (maybe accessed by not-misnomer-VPN I
wrote about above) or ran in public allowing Tor access without requiring
registration, at the time neither Slack or Discord provides end-to-end
encryption and neither Slack or Element provides guest access to my knowledge.
(The toggle in room settings? It was removed accidentally without never getting
reimplemented).
Anyway, there may be a time and place for every communication platform,
personally I perform a lot of mix-and-matching as that is what people I
actually do want to communicate with do, I haven't been able to talk my
family from WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave
it pre-pandemic and thus lost access to many people and peer support groups),
I have several Signal contacts, Matrix and IRC are in my daily use and I
don't see XMPP going away any time soon either.
personally I perform a lot of mix-and-matching as that is what people I actually
do want to communicate with do, I haven't been able to talk my family from
WhatsApp by <s>FACEBOOK</s> Meta (I actually tried to leave it pre-pandemic and
thus lost access to many people and peer support groups), I have several Signal
contacts, Matrix and IRC are in my daily use and I don't see XMPP going away any
time soon either.
## What now
I hope leaving Privacy Guides will leave me more time to do things that matter
to me and my hobbies and other things taking time. For example, I am at work
try-out practice, seeking for employment and I have recently agreed to contribute
into [FluffyChat's](https://fluffychat.im/) Finnish translations (while I feel
a bit guilty about the state of Finnish translations in KISS Launcher and Onion Share
that I haven't looked into in ages). Language learning also takes a lot of time
and stubborness to not give up. And then there is this website where I currently
have 49 issues/ideas open (26 of them labeled as blog)
try-out practice, seeking for employment and I have recently agreed to
contribute into [FluffyChat's](https://fluffychat.im/) Finnish translations
(while I feel a bit guilty about the state of Finnish translations in KISS
Launcher and Onion Share that I haven't looked into in ages). Language learning
also takes a lot of time and stubborness to not give up. And then there is this
website where I currently have 49 issues/ideas open (26 of them labeled as blog)
Obligatory: should I be believed on this over Privacy Guides? Neither
should be believed in, take everything with a grain of salt, use your
favourite search engine and reach your own answers. Do also check whether
there is money involved, does the service/app have affiliate programme? I think
a lot of what I am saying is my opinions and privacy sites reflect opinions
of their writers, so I wish you good luck trying to find any absolute fact
that works in every situation should you attempt that venture.
Obligatory: should I be believed on this over Privacy Guides? Neither should be
believed in, take everything with a grain of salt, use your favourite search
engine and reach your own answers. Do also check whether there is money
involved, does the service/app have affiliate programme? I think a lot of what I
am saying is my opinions and privacy sites reflect opinions of their writers, so
I wish you good luck trying to find any absolute fact that works in every
situation should you attempt that venture.
See also [Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).
See also
[Media literacy on Wikipedia](https://en.wikipedia.org/wiki/Media_literacy).

155
blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md
View File

@ -1,22 +1,25 @@
---
layout: post
title: "Matrix abuse protection model for community maintainers: security by obscurity"
title:
"Matrix abuse protection model for community maintainers: security by
obscurity"
category: [english]
tags: [matrix]
lang: en
robots: noai
---
_I am administrator or moderator in multiple communities in Matrix, the most sizable
being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir. And I am tired._
_I am administrator or moderator in multiple communities in Matrix, the most
sizable being 23 rooms + two spaces. I don't have my own homeserver or Mjolnir.
And I am tired._
If I was using Discord, I would make a guild, make roles within it and then
right click people and assign them roles and they would be able to manage all
channels those roles let them. Time estimate less than 15 minutes.
Sadly I am not using Discord, I am using Matrix. This means that while burnt out
it feels like no one has thought of the case where a community with more than
a couple of rooms wants to use Matrix.
it feels like no one has thought of the case where a community with more than a
couple of rooms wants to use Matrix.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -46,93 +49,107 @@ smaller steps:
1. Use https://develop.element.io/ (or have a config.json allowing you to use
labs)
2. Create a space.
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2. **_WARNING_** You should check [the Matrix spec](https://spec.matrix.org/latest/rooms/)
for the latest stable room version. Or maybe the [unstable spec](https://spec.matrix.org/unstable/rooms/)?
Or maybe you should just [search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3. **_WARNING! Always before executing `/upgraderoom` check that everyone in your room has a recent Matrix server that supports your target room version, otherwise you may lock some of your users out._** For example `/invite @version:maunium.net` and once it joins, say
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers that don't support room version {{site.matrixLatestRoomVersion}} yet.
3. Through developer mode `/upgraderoom {{ site.matrixLatestRoomVersion }}`. 2.
**_WARNING_** You should check
[the Matrix spec](https://spec.matrix.org/latest/rooms/) for the latest
stable room version. Or maybe the
[unstable spec](https://spec.matrix.org/unstable/rooms/)? Or maybe you should
just
[search GitHub](https://github.com/matrix-org/matrix-spec-proposals/issues?q=room%20version)? 3.
**_WARNING! Always before executing `/upgraderoom` check that everyone in
your room has a recent Matrix server that supports your target room version,
otherwise you may lock some of your users out._** For example
`/invite @version:maunium.net` and once it joins, say
`!servers upgrade {{site.matrixLatestRoomVersion}}` to get a list of servers
that don't support room version {{site.matrixLatestRoomVersion}} yet.
4. Clear cache and reload so the old space maybe disappears.
5. See also [Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
5. See also
[Element-web#19208: Allow upgrading spaces](https://github.com/vector-im/element-web/issues/19208)
6. Now that there is a space, right click it to create a new room under it and
select that it can only be joined by space members. You will hopefully end up
with room version 9 (the default at time of writing is 6 and has even worse
situation with abuse pretention).
7. Go to room settings and set the room to public join assuming it's supposed
to be public (14 of this worst case scenario are)
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how
to handle a private space (9 rooms in this case).
7. Go to room settings and set the room to public join assuming it's supposed to
be public (14 of this worst case scenario are)
8. Repeat steps 5-7 for all rooms you need, you can hopefully figure out how to
handle a private space (9 rooms in this case).
### Bus factor
As we are a serious organisation using Matrix here, even if we have no money
or people or homeserver or Mjolnir, what happens if you somehow become unable
to access your account or are asleep or something when you are needed? You add
more people with power and also register yourself on multiple homeservers, so
if your main account goes down, you have power somewhere else.
As we are a serious organisation using Matrix here, even if we have no money or
people or homeserver or Mjolnir, what happens if you somehow become unable to
access your account or are asleep or something when you are needed? You add more
people with power and also register yourself on multiple homeservers, so if your
main account goes down, you have power somewhere else.
Let's say you have 20 rooms (you get it a bit more easy than I do), I think
you have three methods to promote your other accounts:
Let's say you have 20 rooms (you get it a bit more easy than I do), I think you
have three methods to promote your other accounts:
**_WARNING: administrator status cannot be removed by others._**
- A. Using the graphical user interface, invite the other administrators to
the room and click the buttons to make them administrators. I am too tired
to check how to do this, but it's a graphical user interface, good luck!
Remember you will do this twenty times, once for every room/administrator.
- B. You can type `/invite @user:example.org` and then `/op @user:example.org 100`
and copy-paste it all the time!
- C. My favourite, you can have a pre-formatted power-level event in json in
a git repository from which you can copy-paste it to all rooms, first `/devtools`,
then "room state", "m.room.power_levels", "edit" and you can paste your new
administrators there and press "send"! This is the only mass option you have,
and you will have to do this in each twenty rooms.
- A. Using the graphical user interface, invite the other administrators to the
room and click the buttons to make them administrators. I am too tired to
check how to do this, but it's a graphical user interface, good luck! Remember
you will do this twenty times, once for every room/administrator.
- B. You can type `/invite @user:example.org` and then
`/op @user:example.org 100` and copy-paste it all the time!
- C. My favourite, you can have a pre-formatted power-level event in json in a
git repository from which you can copy-paste it to all rooms, first
`/devtools`, then "room state", "m.room.power_levels", "edit" and you can
paste your new administrators there and press "send"! This is the only mass
option you have, and you will have to do this in each twenty rooms.
Remember you will have to do this every time you add a new moderator (or they
will be unable to act in the room when they are needed)!
We also have a matterbridge (which has it's own configuration for every room, but
offtopic here) which has administrator / power level 100 in every room, so if
I am not available the administrator team can login as it and take care of
We also have a matterbridge (which has it's own configuration for every room,
but offtopic here) which has administrator / power level 100 in every room, so
if I am not available the administrator team can login as it and take care of
the situation.
## Abuse finds you!
Congratulations, if abuse has found you, the security through obscurity model
has failed and now you get to deal with it! That is very simple, you just check
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all twenty
rooms.
the abuser MXID, and paste `/ban @yourorgisbad:evil.example.invalid` to all
twenty rooms.
Did you find out that you have a lot of abuse from a single server and Matrix
doesn't support wildcards in bans? No problem, [Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
you simply use `/devtools` and ban the entire server by sending a completely new event
`m.room.server_acl`, luckily you are a professional `/devtools` user at this point
so having to do this 20 times is nothing to you.
doesn't support wildcards in bans? No problem,
[Matrix has your back with "Moderation in Matrix!"](https://web.archive.org/web/20211205204104/https://matrix.org/docs/guides/moderation/),
you simply use `/devtools` and ban the entire server by sending a completely new
event `m.room.server_acl`, luckily you are a professional `/devtools` user at
this point so having to do this 20 times is nothing to you.
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside [the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
so as per the guide, you will have to acl those servers too (or the ACL might as well not exist).
_2022-01-10 addition:_ this becomes worse as Matrix Synapse alongside
[the Matrix protocol itself will authorise everything done by servers that don't honour the `m.room.server_acl` event](https://github.com/matrix-org/matrix-spec/issues/928)
so as per the guide, you will have to acl those servers too (or the ACL might as
well not exist).
### Icing on the cake
Could this get any better? Yes, the abuse could happen when you are sleeping
or otherwise out of the picture, so your fellow ICT team member (who has no interest
in touching this mess with a long stick) has to step in for you and resolve the issue.
Could this get any better? Yes, the abuse could happen when you are sleeping or
otherwise out of the picture, so your fellow ICT team member (who has no
interest in touching this mess with a long stick) has to step in for you and
resolve the issue.
It's a stress situation for them, will the ICT team be able to find the shared
password for the Matrix administrator account you hopefully have and speedlearn
to be a `/devtools` professional or able to handle even easier forms of spamming
or flooding without you present? My money is on the spammer. Good luck, high-five
for the next team meeting where you wonder what happened, how to prevent it from
happening again and will you even support Matrix in the future?
or flooding without you present? My money is on the spammer. Good luck,
high-five for the next team meeting where you wonder what happened, how to
prevent it from happening again and will you even support Matrix in the future?
I hope someone thanked you for ever having your organization there, I know
that I have only gotten complaints about matterbridge looking ugly and not
using matrix-appservice-irc, \<redacted-for-similar-trouble\>, matrix-whatever-discord,
etc.
I hope someone thanked you for ever having your organization there, I know that
I have only gotten complaints about matterbridge looking ugly and not using
matrix-appservice-irc, \<redacted-for-similar-trouble\>,
matrix-whatever-discord, etc.
## Aminda, are you ok, has this happened to you?
Thank you for asking, I am not ok, I have a burnout and xmas is poor time for me
in general, and this whole issue is ridiculous, someone could have thought of
it since 2014, everything I am saying is public knowledge, but no one cares.
in general, and this whole issue is ridiculous, someone could have thought of it
since 2014, everything I am saying is public knowledge, but no one cares.
It's whoever is running Matrix without hosting their own homeserver and Mjölnir
(which brings all reasonable management for organizations) who is at fault (me).
@ -143,13 +160,14 @@ it off the internet before beginning.
It's [Pirate Party of Finland](https://piraattipuolue.fi/en). I cannot say
whether it's us or Matrix that is obscure enough to have avoided the nightmare I
painted in this blog post, but as I am the only administrator at Matrix, I
have locked it down so the rest of the ICT team can continue not touching Matrix
or practicing `/devtools` first without a stressful situation.
painted in this blog post, but as I am the only administrator at Matrix, I have
locked it down so the rest of the ICT team can continue not touching Matrix or
practicing `/devtools` first without a stressful situation.
[Our main space](matrix:r/space.piraatit.fi:matrix.org?action=join) requires
knocking before it can be joined. Don't ask me what Matrix clients support
knocking, it's part of [Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
knocking, it's part of
[Matrix spec version 1.1](https://spec.matrix.org/v1.1/rooms/v7/#authorization-rules),
don't even ask me what Matrix servers support it.
Our public rooms within that space require being a member of that space.
@ -157,19 +175,20 @@ Our public rooms within that space require being a member of that space.
Our more sensitive rooms that desire working peace from spammers are in a
subspace, which again require belonging to it, and which requires knocking too.
We have similar system in place at Discord where we just grant people a role
once they have talked a bit and shown themselves to not be malicious and this
is the best <s>we</s> I can do at Matrix.
once they have talked a bit and shown themselves to not be malicious and this is
the best <s>we</s> I can do at Matrix.
The above looks a bit weird as I was going to put the actual json events
there, but I am too tired to bother with that.
The above looks a bit weird as I was going to put the actual json events there,
but I am too tired to bother with that.
## Afterword
If I am wrong at anything I said, please contact me instantly either in [my discussion channels](/discuss),
If I am wrong at anything I said, please contact me instantly either in
[my discussion channels](/discuss),
[the GitHub issue for this post](https://github.com/Mikaela/mikaela.github.io/issues/268)
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my email actively though)
as if I am wrong and there is a reasonable Discord-style interface for this
without additional money, you are improving my life greatly as I am not just
going to stop using Matrix.
or mention `@Mikaela` in any GitHub.com/GitLab.com issue (I am not reading my
email actively though) as if I am wrong and there is a reasonable Discord-style
interface for this without additional money, you are improving my life greatly
as I am not just going to stop using Matrix.
- [Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2021-12-05-matrix-community-abuse-security-by-obscurity.md)

42
blog/_posts/2022-08-22-ssh-signing-verifying-functions.md
View File

@ -6,26 +6,33 @@ tags: [ssh]
robots: noai
---
_I have been using SSH signed git commits from 8 months and started signing things with my SSH key instead of PGP keys and thought to share how to do that more easily_
_I have been using SSH signed git commits from 8 months and started signing
things with my SSH key instead of PGP keys and thought to share how to do that
more easily_
If you didn't know that SSH can be used for this, I suggest reading
- [Andrew Ayer: It's Now Possible To Sign Arbitrary Data With Your SSH Keys](https://www.agwa.name/blog/post/ssh_signatures)
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh) ([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
- [Caleb Hearth: Signing Git Commits with Your SSH Key](https://calebhearth.com/sign-git-with-ssh)
([web.archive.org](https://web.archive.org/web/20211117182628/https://calebhearth.com/sign-git-with-ssh))
## Signing
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is a bit of effort, why not make an alias for it? In my shellrc's I have:
Usually you do `ssh-keygen -Y sign -f MYPUBLICKEY -n TYPE filename`, but that is
a bit of effort, why not make an alias for it? In my shellrc's I have:
```bash
alias ssh-sign-file="ssh-keygen -Y sign -f ~/.ssh/signingkey.pub -n file"
```
As I don't change which key I use so often, I can export my public key to `~/.ssh/signingkey.pub`
or symlink it to the right place and now when I need to sign something, I can just `ssh-sign-file file.txt`
to generate a `file.txt.sig`. Of course this assumes that I always sign files, but I don't remember signing other things as git handles the commits for me.
As I don't change which key I use so often, I can export my public key to
`~/.ssh/signingkey.pub` or symlink it to the right place and now when I need to
sign something, I can just `ssh-sign-file file.txt` to generate a
`file.txt.sig`. Of course this assumes that I always sign files, but I don't
remember signing other things as git handles the commits for me.
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive `hello.txt.sig` containing my signature.
Thus to sign file, I simply say `ssh-sign-file hello.txt` to receive
`hello.txt.sig` containing my signature.
```
Signing file hello.txt
@ -34,7 +41,11 @@ Write signature to hello.txt.sig
## Verifying
There isn't much point in signing things, unless you are able to verify them. The command for this is `ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`, isn't that a bit much to keep in mind? In my opinion it is and thus the function gets a bit more complicated:
There isn't much point in signing things, unless you are able to verify them.
The command for this is
`ssh-keygen -Y verify -f $allowed_signers -I $EMAIL -n file -s SIGNATUREFILE < $2`,
isn't that a bit much to keep in mind? In my opinion it is and thus the function
gets a bit more complicated:
```bash
sshAllowedSigners=$HOME/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers/allowed_signers
@ -44,16 +55,19 @@ ssh-verify-file() {
}
```
First I specify where is my `allowed_signers` file so I don't have to repeat it and in case I misuse the function, it reminds me how to use it:
First I specify where is my `allowed_signers` file so I don't have to repeat it
and in case I misuse the function, it reminds me how to use it:
```bash
% ssh-verify-file hello.txt
ssh-verify-file:1: 2: Usage: ssh-verify-file <email> <file-to-verify>
```
I again don't remember verifying other types of files as git handles it for me and I think it's a safe assumption that the signature ends to `.sig`.
I again don't remember verifying other types of files as git handles it for me
and I think it's a safe assumption that the signature ends to `.sig`.
So to use it properly and verify the previously signed file `ssh-verify-file noreply@aminda.eu hello.txt`
So to use it properly and verify the previously signed file
`ssh-verify-file noreply@aminda.eu hello.txt`
```
Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3Fqn8XFrP0X4mWfCVKf4rWkxERzqPY81U
@ -61,11 +75,13 @@ Good "file" signature for noreply@aminda.eu with ED25519 key SHA256:y2OpGEbett3F
## Extra: having git handle it for me
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git verification commands work with SSH as well:
When git is configured properly with `gpg.ssh.allowedSignersFile` the usual git
verification commands work with SSH as well:
- `git log --show-signature` for the usual git log with signatures visbile
- `git verify-tag 1.0` for verifying a specific tag signature.
- `git verify-commit HEAD` to verify the latest commit signature or just to see that git signing is working.
- `git verify-commit HEAD` to verify the latest commit signature or just to see
that git signing is working.
Isn't the last command again effort? What if I could just say `git verify`?

127
blog/_posts/2024-05-17-https-everywhere.md
View File

@ -11,16 +11,23 @@ lang: en
robots: noai
---
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since the setting often didn't sync and it only applied to me as opposed to everyone using a shared computer. However since I have dived into browser policies, this is no longer an issue for me._
_I used to be sad since the EFF discontinued HTTPS Everywhere extension since
the setting often didn't sync and it only applied to me as opposed to everyone
using a shared computer. However since I have dived into browser policies, this
is no longer an issue for me._
I will be referring to my [shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a lot, particularly
`etc/`, in case the link rots in the future, chances are my git forges still
have that available. I also have [a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash) that creates the directories, symlinks for Chromium-based browsers and sets the permissions properly (if something won't work for you, check the permissions!),
so I only need to manage Chromium to also manage Brave, Google Chrome,
Microsoft Edge, Vivaldi etc.
I will be referring to my
[shell-things](https://gitea.blesmrt.net/mikaela/shell-things/) repository a
lot, particularly `etc/`, in case the link rots in the future, chances are my
git forges still have that available. I also have
[a script etc/init-browser-profiles.bash](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/init-browser-policies.bash)
that creates the directories, symlinks for Chromium-based browsers and sets the
permissions properly (if something won't work for you, check the permissions!),
so I only need to manage Chromium to also manage Brave, Google Chrome, Microsoft
Edge, Vivaldi etc.
Please note that I don't have a Windows or macOS at paw and my only advice
for those is the official documentation (bottom of the page).
Please note that I don't have a Windows or macOS at paw and my only advice for
those is the official documentation (bottom of the page).
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -44,11 +51,11 @@ for those is the official documentation (bottom of the page).
I love Chromium policies as I can just throw them in the directories
`/etc/opt/chromium/policies/{managed,recommended}/` in different `.json` files
and then just copy what I need instead of... Now I am going ahead of myself
with Firefox. Managed means that the setting will be locked for the user
and that is what I am using here, recommended will change the default and
show an indicator for the user about it being recommended while still allowing
it to be changed by the way.
and then just copy what I need instead of... Now I am going ahead of myself with
Firefox. Managed means that the setting will be locked for the user and that is
what I am using here, recommended will change the default and show an indicator
for the user about it being recommended while still allowing it to be changed by
the way.
The case of HTTPS Everywhere is simple. I will copy a bit of my script:
@ -63,8 +70,8 @@ sudo chmod -v a+rx /etc/opt/chromium/policies/{managed,recommended}/
If you don't speak \*nix, `mkdir -vp` creates the directories verbosely
including their parent directories if those don't exist already and
`chmod -v a+rx` verbosely allows everyone to read and execute, which is
required for listing directory contents.
`chmod -v a+rx` verbosely allows everyone to read and execute, which is required
for listing directory contents.
```bash
# An example, without the -p there would be error about the parent directory
@ -78,8 +85,8 @@ mode of '/tmp/meow' retained as 0755 (rwxr-xr-x)
---
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just
a matter of creating a json file there, e.g.
Anyway, HTTPS Everywhere for Chromium. Once the directory exists, it's just a
matter of creating a json file there, e.g.
`/etc/opt/chromium/policies/managed/https-everywhere.json`:
```json
@ -94,28 +101,28 @@ Now visit `about:policy` and see the policy appear (or if Chromium was already
running, click `Update policies`) and you are done. Try visiting
[http.badssl.com](https://http.badssl.com) to see it in action.
Of course the user can still navigate there, but HTTPS Everywhere the
extension had that behaviour too and there is likely a separate policy for
that.
Of course the user can still navigate there, but HTTPS Everywhere the extension
had that behaviour too and there is likely a separate policy for that.
_EncryptedClientHello was added here some hours after publishing the article
alongside with Firefox DNS-over-HTTPS. See the bottom of page for changelog
link._
To put `EncryptedClientHello` simply, it will hide which domain you are
requesting from https capable web server, which may be serving multiple
domains when DNS-Over-HTTPS is used ([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
requesting from https capable web server, which may be serving multiple domains
when DNS-Over-HTTPS is used
([Chromium restriction](https://issues.chromium.org/issues/40935452)), while
generally the query for `example.net` would go in plaintext alongside _Server
Name Indication_.
It's good for your privacy, bad for enterprise network admin or those willing
to perform censorship.
It's good for your privacy, bad for enterprise network admin or those willing to
perform censorship.
### DNS-over-HTTPS
You might have noticed that Chromium no longer allows you to use DNS over
HTTPS since the browser is now "managed by an organization". This will require
another policy that either unlocks it or forces everyone to use it.
You might have noticed that Chromium no longer allows you to use DNS over HTTPS
since the browser is now "managed by an organization". This will require another
policy that either unlocks it or forces everyone to use it.
`/etc/opt/chromium/policies/managed/doh-unlocked-unset.json`:
@ -136,27 +143,28 @@ and the user is once again free to use their preferred DoH provider.
}
```
And the user is using DNS-over-HTTPS from Quad9 with fallback to system
resolver allowed (which for me is encrypted anyway). The `automatic` could be
replaced with `secure` to not allow downgrade, but I had issues with Chromium
losing connectivity entirely.
And the user is using DNS-over-HTTPS from Quad9 with fallback to system resolver
allowed (which for me is encrypted anyway). The `automatic` could be replaced
with `secure` to not allow downgrade, but I had issues with Chromium losing
connectivity entirely.
You may notice that multiple DoH providers are allowed, however I don't know
what logic is used for choosing between them. Oh and the weird https port
5053? It comes from
what logic is used for choosing between them. Oh and the weird https port 5053?
It comes from
[docs.quad9.net/services](https://docs.quad9.net/services/#alternate-ports).
## Firefox
Firefox is a bit more complicated in the sense that everything belongs to one
`policies.json` file, so there is no separating different policies to
different files _and_ there is no direct policy for HTTPS-only mode.
`policies.json` file, so there is no separating different policies to different
files _and_ there is no direct policy for HTTPS-only mode.
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_! [This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
_**WARNING for [LibreAwoo](https://librewolf.net/) users**_!
[This will mask LibreAwoo's policy](https://codeberg.org/librewolf/issues/issues/1767)
(`/usr/share/librewolf/distribution/policies.json`,
[codeberg](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)),
so make sure to copy the parts you wish to use before applying this (although
I think it might have this out of the box).
so make sure to copy the parts you wish to use before applying this (although I
think it might have this out of the box).
Hoping you read the Chromium section above, you may know the drill with the
commands and flags:
@ -198,20 +206,20 @@ editor and have contents similar to:
}
```
After saving and restarting Firefox, `about:policies` should display the
change, `about:config` should display the two preferences as grayed out and
within settings HTTPS-Only mode is used in all windows and grayed out.
After saving and restarting Firefox, `about:policies` should display the change,
`about:config` should display the two preferences as grayed out and within
settings HTTPS-Only mode is used in all windows and grayed out.
An easy test is again [http.badssl.com](http://http.badssl.com).
### DNS-over-HTTPS
_This section was edited in afterwards some hours after the publishing. Refer
to the log link on the bottom for more information._
_This section was edited in afterwards some hours after the publishing. Refer to
the log link on the bottom for more information._
Like Chromium, Firefox also supports DoH, although here it must be in the
same `/etc/firefox/policies/policies.json` file as before. It's simply appended
(or prepended) a bit:
Like Chromium, Firefox also supports DoH, although here it must be in the same
`/etc/firefox/policies/policies.json` file as before. It's simply appended (or
prepended) a bit:
```json
{
@ -243,24 +251,25 @@ The new sections are also quite self-explanatory with boolean `true` or `false`
values.
- Is DoH enabled by default?
- Is it OK to automatically use system resolver if the DoH server doesn't
work? (There is a similar warning as with HTTPS only mode even if this was
`false` like in the example.)
- Is it OK to automatically use system resolver if the DoH server doesn't work?
(There is a similar warning as with HTTPS only mode even if this was `false`
like in the example.)
- Is the user allowed to change these options (including which DoH server (if
any) they want to use) or are they grayed out? I like locking it so I don't
have to worry where else I may have configured it.
- Which URL is used for queries? I am under impression that unlike with
Chromium, multiple addresses aren't allowed here.
_Have you seen a note about temptation to write about IPv6 here? Perhaps you
are looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
_Have you seen a note about temptation to write about IPv6 here? Perhaps you are
looking for `network.dns.preferIPv6` and `network.trr.early-AAAA`?_
**Updated note on Firefox ECH:** DNS-Over-HTTPS is no longer required for ECH,
since `network.dns.native_https_query` exists (if you aren't using ESR
branch on version 115). You should already know how to enable it if you have
read this far 😼
since `network.dns.native_https_query` exists (if you aren't using ESR branch on
version 115). You should already know how to enable it if you have read this far
😼
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
**_SEQUEL ANNOUNCEMENT!_** [Part Ⅱ: Browser policies Ⅱ: Deploying PrivacyBadger
and uBlock Origin]({% post_url blog/2024-05-22-policy-contentblocker %}) is now online!
## Documentation and other policies
@ -277,14 +286,18 @@ complaining about all the nice settings being hidden in browser policy.
- The official documentation:
- [mozilla.github.io/policy-templates](https://mozilla.github.io/policy-templates/)
- [LibreAwoo policies.json could be mentioned here as well](https://codeberg.org/librewolf/settings/src/branch/master/distribution/policies.json)
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/) mostly also applies to Chromium based browsers, who may have their own additions:
- [chromeenterprise.google/policies/](https://chromeenterprise.google/policies/)
mostly also applies to Chromium based browsers, who may have their own
additions:
- [Brave group policy](https://support.brave.com/hc/en-us/articles/360039248271-Group-Policy)
- [Microsoft Edge policy documentation](https://learn.microsoft.com/en-us/deployedge/microsoft-edge-policies)
- Other documentation that may be interesting:
- [Ecosia as default search engine through Group Policy](https://ecosia.helpscoutdocs.com/article/487-windows-group-policy-guides)
- [Privacy Badger enterprise deployment and configuration](https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md)
- [I maybe got involved there too a bit](https://github.com/EFForg/privacybadger/discussions/2947)
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin) and [deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
- [Deploying uBlock Origin](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin)
and
[deploying uBlock Origin configuration](https://github.com/gorhill/uBlock/wiki/Deploying-uBlock-Origin:-configuration)
- These also apply to [AdNauseam](https://adnauseam.io/), just change the
extension ID in your policy.
- Possibly helpful Wikipedia articles:

238
blog/_posts/2024-05-22-policy-contentblocker.md
View File

@ -11,9 +11,15 @@ lang: en
robots: noai
---
_I previously wrote about enforcing HTTPS for all users/profiles through browser policy receiving some positive feedback and I felt like continuing on the subject by instructing with extension installation. This barely scratches the surface of what browser policy can do for you either though._
_I previously wrote about enforcing HTTPS for all users/profiles through browser
policy receiving some positive feedback and I felt like continuing on the
subject by instructing with extension installation. This barely scratches the
surface of what browser policy can do for you either though._
I recommend reading the [browser policy part on enforcing HTTPS only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the Firefox part will continue building on it and I will try to not repeat myself, although that is unavoidable.
I recommend reading the [browser policy part on enforcing HTTPS
only mode]({% post_url blog/2024-05-17-https-everywhere %}) as especially the
Firefox part will continue building on it and I will try to not repeat myself,
although that is unavoidable.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -42,48 +48,105 @@ I recommend reading the [browser policy part on enforcing HTTPS only mode]({
## Chromium
[I previously instructed with the directory creation and permissions in the part ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I also mentioned loving how I can create separate files
there as opposed to messing everything together. I tend to use the filename
`aminda-extensions.json` for all extension related as Chromium isn't perfect
either and only lets the options appear once.
[I previously instructed with the directory creation and permissions in the
part ]({% post_url blog/2024-05-17-https-everywhere %}#chromium) and there I
also mentioned loving how I can create separate files there as opposed to
messing everything together. I tend to use the filename `aminda-extensions.json`
for all extension related as Chromium isn't perfect either and only lets the
options appear once.
So the file may look a bit scary, but it's actually quite simple (and the difficulty comes from getting json formatted correctly, which I am leaving for `pretty-format-json` pre-commit hook), so I am going to explain everything before the actual json:
So the file may look a bit scary, but it's actually quite simple (and the
difficulty comes from getting json formatted correctly, which I am leaving for
`pretty-format-json` pre-commit hook), so I am going to explain everything
before the actual json:
The `3rdparty` and `extensions` let us configure extensions in advance.
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web store which can be seen from its URL: `https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm` and everything specified here will become a part of it's configuration.`trustedSiteDirective` means the sites it will be disabld on, the extension pages are recommended in the documentation and I don't mind Ecosia displaying ads since they go to planting trees. Note that the user can add their own sites or remove these from the extension settings.
`cjpalhdlnbpafiamejdnhcphjbkeiagm` is the ID of uBlock Origin from Chrome Web
store which can be seen from its URL:
`https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm`
and everything specified here will become a part of it's
configuration.`trustedSiteDirective` means the sites it will be disabld on, the
extension pages are recommended in the documentation and I don't mind Ecosia
displaying ads since they go to planting trees. Note that the user can add their
own sites or remove these from the extension settings.
`toOverwrite` says clearly it will overwrite user settings, so the lists everyone on your system wishes to use should be specified here. In this case, this contains the default lists, the Finnish adblocking list and the quick fixes list, which updates more rapidly in cases such as the cat-and-mouse with YouTube and adblockers.
`toOverwrite` says clearly it will overwrite user settings, so the lists
everyone on your system wishes to use should be specified here. In this case,
this contains the default lists, the Finnish adblocking list and the quick fixes
list, which updates more rapidly in cases such as the cat-and-mouse with YouTube
and adblockers.
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam]. You have most likely heard of how ads let content to be free and supports content creators and all that, I don't want to take away their revenue, but I don't want to risk targeted malvertising or manipulation either, so this is my compromise. Respect my privacy, and I will see your ads, or be blocked.
There is also the EFF DNT allowlist which was introduced to me by [AdNauseam].
You have most likely heard of how ads let content to be free and supports
content creators and all that, I don't want to take away their revenue, but I
don't want to risk targeted malvertising or manipulation either, so this is my
compromise. Respect my privacy, and I will see your ads, or be blocked.
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL `https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp` and the settings are clear on what they do. If they are removed, it's up to the default value or user configuration what will happen.
Onwards to [PrivacyBadger], the ID again comes from Chrome Web Store URL
`https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
and the settings are clear on what they do. If they are removed, it's up to the
default value or user configuration what will happen.
This [PrivacyBadger] configuration will simply always set these options on browser start:
This [PrivacyBadger] configuration will simply always set these options on
browser start:
- `"checkForDNTPolicy": true` check if the domain has a [`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so, won't block it.
- `"disabledSites": []` configures the domains that are allowed to perform tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my actual policies I allowlist domains more freely in uBlock Origin than [PrivacyBadger].
- `"learnInIncognito": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) Same as below, but in incognito mode.
- `"learnLocally": true` [**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better) [PrivacyBadger] has rare ability to learn who tracks you without having to ask anywhere else, so with this enabled, it may block something before it gets added to either the premade list or something uBlock Origin has.
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do Not Track and Global Privacy Control signals.
- `"showCounter": true` Whether to display the number of blocked trackers in the [PrivacyBadger] icon.
- `"showIntroPage": false` Whether or not to display the welcome to PrivacyBadger screen on start. In general having less displayed automatically on browser start is a good thing, and if you set this to `true`, [PrivacyBadger] would greet you every browser start and I bet you would get annoyed quickly.
- `"socialWidgetReplacementEnabled": true` Whether to display social media embeds directly or replace them with a notice on how [PrivacyBadger] has blocked them from tracking you with the menu options on what to do.
- `"checkForDNTPolicy": true` check if the domain has a
[`.well-known/dnt-policy.txt`](https://www.eff.org/dnt-policy) and if so,
won't block it.
- `"disabledSites": []` configures the domains that are allowed to perform
tracking/disrespect DNT. While here it's the same as with uBlock Origin, in my
actual policies I allowlist domains more freely in uBlock Origin than
[PrivacyBadger].
- `"learnInIncognito": true`
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
Same as below, but in incognito mode.
- `"learnLocally": true`
[**_WARNING! May make you more trackable_**](https://www.eff.org/deeplinks/2020/10/privacy-badger-changing-protect-you-better)
[PrivacyBadger] has rare ability to learn who tracks you without having to ask
anywhere else, so with this enabled, it may block something before it gets
added to either the premade list or something uBlock Origin has.
- `"sendDNTSignal": true` Whether or not to configure the web browser to send Do
Not Track and Global Privacy Control signals.
- `"showCounter": true` Whether to display the number of blocked trackers in the
[PrivacyBadger] icon.
- `"showIntroPage": false` Whether or not to display the welcome to
PrivacyBadger screen on start. In general having less displayed automatically
on browser start is a good thing, and if you set this to `true`,
[PrivacyBadger] would greet you every browser start and I bet you would get
annoyed quickly.
- `"socialWidgetReplacementEnabled": true` Whether to display social media
embeds directly or replace them with a notice on how [PrivacyBadger] has
blocked them from tracking you with the menu options on what to do.
Now the only thing to do remains actually installing the extension.
**_BONUS!_** [`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability) will extend the time how long until ManifestV3 gets forced (and Google kills content filters).
**_BONUS!_**
[`"ExtensionManifestV2Availability": 2`](https://chromeenterprise.google/policies/#ExtensionManifestV2Availability)
will extend the time how long until ManifestV3 gets forced (and Google kills
content filters).
Anyway there is the same extension ID as before and four new options:
- `installation_mode` has options `normal_installed`, `force_installed` and `blocked`. The first means it's installed by default, but the user can choose to unload it, the second used here will prevent unloading the extension and the third prevents installing and loading it entirely.
- `installation_mode` has options `normal_installed`, `force_installed` and
`blocked`. The first means it's installed by default, but the user can choose
to unload it, the second used here will prevent unloading the extension and
the third prevents installing and loading it entirely.
- Typing this I am not sure if `override_update_url` is actually required.
- `force_pinned` will pin the extension to Chromium toolbar by default and not allow unpinning and moving it to the extension menu. I strongly recommend it with content blockers, especially when there is site breakage as it makes it so much easier to see at a glance when something is blocked. The other option would be `default_unpinned`.
- `update_url` is required for automatically installed extensions and while here it's the Chrome Web Store, it could as well be `https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs are different there, they are again visible in the URL bar.
- `force_pinned` will pin the extension to Chromium toolbar by default and not
allow unpinning and moving it to the extension menu. I strongly recommend it
with content blockers, especially when there is site breakage as it makes it
so much easier to see at a glance when something is blocked. The other option
would be `default_unpinned`.
- `update_url` is required for automatically installed extensions and while here
it's the Chrome Web Store, it could as well be
`https://edge.microsoft.com/extensionwebstorebase/v1/crx` and although the IDs
are different there, they are again visible in the URL bar.
### `/etc/opt/chromium/policies/managed/aminda-extensions.json`
I hope I didn't scare you too badly by saying this isn't scary, but it's all explained above.
I hope I didn't scare you too badly by saying this isn't scary, but it's all
explained above.
```json
{
@ -160,14 +223,22 @@ _2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
## Firefox
If you haven't read the previous blog post yet, please do that now as Firefox forces everything to be in `/etc/firefox/policies.json` and thus this file will begin by expanding the end result from there. And to not repeat myself, please also read the Chromium section above as due to everything being webextensions, the new part within extension configuration is the same.
If you haven't read the previous blog post yet, please do that now as Firefox
forces everything to be in `/etc/firefox/policies.json` and thus this file will
begin by expanding the end result from there. And to not repeat myself, please
also read the Chromium section above as due to everything being webextensions,
the new part within extension configuration is the same.
Let's begin by what differs from Chromium:
- The extension ID is most easily readable from `about:support` instead of addon URL.
- The extension ID is most easily readable from `about:support` instead of addon
URL.
- We can sideload the extension, although that won't affect Firefox sync.
- It's a lot easier to figure out what extension a block belongs to as the names appear here.
- While there is no `ExtensionManifestV2Availability`, there are domains protected by default (`extensions.webextensions.restrictedDomains`) that we could unset.
- It's a lot easier to figure out what extension a block belongs to as the names
appear here.
- While there is no `ExtensionManifestV2Availability`, there are domains
protected by default (`extensions.webextensions.restrictedDomains`) that we
could unset.
_Oh meow, no more json!_ I am sorry.
@ -267,52 +338,97 @@ _Oh meow, no more json!_ I am sorry.
}
```
Doesn't that look familiar? Yes, it's practically the same file [from part ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and the extensions took the exact same values as Chromium, only the IDs and download locations changed and some Chromium extras disappeared.
Doesn't that look familiar? Yes, it's practically the same file [from
part ]({% post_url blog/2024-05-17-https-everywhere %}#dns-over-https-1) and
the extensions took the exact same values as Chromium, only the IDs and download
locations changed and some Chromium extras disappeared.
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage and in the end I removed the extra protection those sites would have from extensions which would permit tracking by Mozilla. However, [PrivacyBadger] would still protect from that while being less likely to break.
Well, in uBlock Origin I did add the Mozilla/Firefox domains to avoid breakage
and in the end I removed the extra protection those sites would have from
extensions which would permit tracking by Mozilla. However, [PrivacyBadger]
would still protect from that while being less likely to break.
_Would you like to restore the protection for Mozilla pages? Replace the `user` in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so it will be restored to default value while `user` persists even if the lines are removed as they appear as if the user had changed them in `about:config`._
_Would you like to restore the protection for Mozilla pages? Replace the `user`
in `status` of `extensions.webextensions.restrictedDomains {}` with `clear` so
it will be restored to default value while `user` persists even if the lines are
removed as they appear as if the user had changed them in `about:config`._
_2024-06-04: I added uBlock Origin Lite here, see the questions and answers._
## Answers to potential questions
As I sometimes tend to be a bit controversial when balancing security,
privacy, digital carbon footprint and all, there are going to be questions
and I keep answering them otherwise too.
As I sometimes tend to be a bit controversial when balancing security, privacy,
digital carbon footprint and all, there are going to be questions and I keep
answering them otherwise too.
## Where can I see what policies extensions can take?
In Chromium `about:policies` has a checkbox "show unset policies" which will bring a long list including the extensions. It also has a lovely search box.
In Chromium `about:policies` has a checkbox "show unset policies" which will
bring a long list including the extensions. It also has a lovely search box.
### Why both PrivacyBadger and uBlock Origin?
I admit they have some overlap, but uBlock Origin relies on human made lists instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't even try to block ads, it happens by accident).
I admit they have some overlap, but uBlock Origin relies on human made lists
instead of an algorhitm to block trackers (note that [PrivacyBadger] doesn't
even try to block ads, it happens by accident).
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I could block JavaScript (which I do), but sometimes I will allow it to a website anyway and then the widget learns I am there even if I had no interest in seeing comments in that case. And if I wanted to allow them somewhere, I could click "always allow this widget on this site".
Additionally uBlock Origin does nothing about Instagram, Disqus, etc. widgets. I
could block JavaScript (which I do), but sometimes I will allow it to a website
anyway and then the widget learns I am there even if I had no interest in seeing
comments in that case. And if I wanted to allow them somewhere, I could click
"always allow this widget on this site".
I also love its ability to self-learn trackers, even if that may make me more trackable. I think there are easier methods to track me (like my HTTP user-agent saying I am on Windows, while my `navigator.useragent or `navigator.platform` say something different) and Firefox Nightly is newer than most people use and there are a countless of small things in browser fingerprinting, which could be it's own blog post.
I also love its ability to self-learn trackers, even if that may make me more
trackable. I think there are easier methods to track me (like my HTTP user-agent
saying I am on Windows, while my `navigator.useragent or `navigator.platform`
say something different) and Firefox Nightly is newer than most people use and
there are a countless of small things in browser fingerprinting, which could be
it's own blog post.
### Why EFF DNT allowlist?
I think I already answered this in the Chromium section, but I don't hate ads. They may be important source of money to creators and I wouldn't mind some financial support as well (if that wasn't practically illegal in Finland).
I think I already answered this in the Chromium section, but I don't hate ads.
They may be important source of money to creators and I wouldn't mind some
financial support as well (if that wasn't practically illegal in Finland).
What I mind is targeted advertising, tracking, the potential for targeted malvertising without it affecting anyone else and how they are used for manipulation especially politically and with elections on discouraging some people from voting.
What I mind is targeted advertising, tracking, the potential for targeted
malvertising without it affecting anyone else and how they are used for
manipulation especially politically and with elections on discouraging some
people from voting.
### Where did uBlock Origin Lite come from?
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed` instead of `force_installed`, because I am worried about ManifestV2 extensions not syncing as the majority probably won't have the policy to allow it configured.
I added it here on 2024-06-04 and set uBlock Origin to `normal_installed`
instead of `force_installed`, because I am worried about ManifestV2 extensions
not syncing as the majority probably won't have the policy to allow it
configured.
This gives the users the choice to use either of the two, both (which may be discouraged) or neither, while PrivacyBadger is forced on and I think it may perform better with ManifestV3 anyway considering the local learning feature, which I consider essential for non-English content anyway.
This gives the users the choice to use either of the two, both (which may be
discouraged) or neither, while PrivacyBadger is forced on and I think it may
perform better with ManifestV3 anyway considering the local learning feature,
which I consider essential for non-English content anyway.
Speaking of PrivacyBadger, other concerns I have with uBlock Origin Lite are:
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I would need to convince the developer to add it, which I am not even going to try, as it would go against the principle of the extension.
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working, so I cannot pre-emptively handle broken captchas or allow Ecosia to show me tracking ads in exchange of them planting trees.</del>. A day later I got `"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock Origin, so any edits outside of the policy will reset upon restart. Then again that may also be a feature, please do send your best regards to Google...
1. I cannot allow non-tracking ads as I cannot add the EFF DNT allowlist. I
would need to convince the developer to add it, which I am not even going to
try, as it would go against the principle of the extension.
1. <del>I didn't get uBlock Origin Lite's `"noFiltering": [""]` policy working,
so I cannot pre-emptively handle broken captchas or allow Ecosia to show me
tracking ads in exchange of them planting trees.</del>. A day later I got
`"noFiltering": [""]` working, but it works like `toOverwrite` from uBlock
Origin, so any edits outside of the policy will reset upon restart. Then
again that may also be a feature, please do send your best regards to
Google...
Google only has themselves to blame for not thinking of the scenario where their users might be ok with non-tracking ads and now have no option to allow them due to being more concerned about malvertising than how advertising businesses are doing, since they they ruined the compromise solution that tried to account both.
Google only has themselves to blame for not thinking of the scenario where their
users might be ok with non-tracking ads and now have no option to allow them due
to being more concerned about malvertising than how advertising businesses are
doing, since they they ruined the compromise solution that tried to account
both.
I may trust myself to avoid malicious content online or that DNS filtering will catch it, but I don't have such trust on my less technical family members.
I may trust myself to avoid malicious content online or that DNS filtering will
catch it, but I don't have such trust on my less technical family members.
I should also say that ManifestV3 and uBlock Origin Lite have good sides as
well, considering it not needing or requesting access to all pages visited out
@ -321,23 +437,39 @@ actually get installed through policy.
### How do I enable more default lists in uBlock Origin?
As you saw, external blocklists are just matter of entering the URL into the policy, but integrated ones are a bit more challenging. See the eye icon in uBlock Origin dashboard? I have been pointing it and looking at the URL which ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be the list name.
As you saw, external blocklists are just matter of entering the URL into the
policy, but integrated ones are a bit more challenging. See the eye icon in
uBlock Origin dashboard? I have been pointing it and looking at the URL which
ends e.g. `/asset-viewer.html?url=fanboy-social` where `fanboy-social` would be
the list name.
More technical solution would be looking into the [`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json) where the same names appear.
More technical solution would be looking into the
[`assets/assets.json` file in uBlock Origin's GitHub repository](https://github.com/gorhill/uBlock/blob/master/assets/assets.json)
where the same names appear.
Remember that [more filter lists make you more identifiable](https://browserleaks.com/proxy) and _do as I say, not as I do_.
Remember that
[more filter lists make you more identifiable](https://browserleaks.com/proxy)
and _do as I say, not as I do_.
## What do you think about this blog post?
I feel a bit disappointed with it, I felt the previous one was more meaningful and did everything better, but I hope this will be some benefit to someone regardless or be something I can link to when I inevitably get asked these questions again.
I feel a bit disappointed with it, I felt the previous one was more meaningful
and did everything better, but I hope this will be some benefit to someone
regardless or be something I can link to when I inevitably get asked these
questions again.
## Will there be browser policies part Ⅲ?
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also just scratching the tip of the iceberg and there is really a lot you can do with browser policies.
Honestly, I don't know. I was surprised part Ⅱ happened, although this is also
just scratching the tip of the iceberg and there is really a lot you can do with
browser policies.
### Where is all the futher reading?
If you have read both blog posts carefully, this one didn't actually say anything new, it's all linked [from part ]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
If you have read both blog posts carefully, this one didn't actually say
anything new, it's all linked [from
part
]({% post_url blog/2024-05-17-https-everywhere %}#documentation-and-other-policies).
_[Obligatory changelog link](https://github.com/Mikaela/mikaela.github.io/commits/master/blog/_posts/2024-05-22-policy-contentblocker.md)_

18
blog/index.html
View File

@ -3,14 +3,26 @@ layout: page
title: Blog
navigation: true
permalink: /blog/
excerpt: "Blog index, posts in English and posts in Finnish — Blogin etusivu, postaukset englanniksi ja postaukset suomeksi."
excerpt:
"Blog index, posts in English and posts in Finnish — Blogin etusivu,
postaukset englanniksi ja postaukset suomeksi."
lang: en
robots: noai
---
<p>
Posts <a lang="en" href="#in-english">in English here</a> &amp;
<a lang="fi" href="#suomeksi">suomeksi täällä</a>.
Posts
<a
lang="en"
href="#in-english"
>in English here</a
>
&amp;
<a
lang="fi"
href="#suomeksi"
>suomeksi täällä</a
>.
</p>
<hr />
<div lang="en">

61
index.html
View File

@ -1,16 +1,26 @@
---
layout: index
title: Index
excerpt: "I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I am familiar with git and looking for employment."
excerpt:
"I am a Highly Sensitive Autistic Pirate with Linux experience since 2008. I
am familiar with git and looking for employment."
robots: noai, nofollow
---
<p id="avatar">
<a class="h-card" href="https://aminda.eu/">
<img src="{{site.avatar}}" alt="Photo of me" /><br />Aminda Suomalainen</a
<a
class="h-card"
href="https://aminda.eu/"
>
<img
src="{{site.avatar}}"
alt="Photo of me"
/><br />Aminda Suomalainen</a
><br />
<small
><a rel="prefetch me" href="https://cv.aminda.eu/"
><a
rel="prefetch me"
href="https://cv.aminda.eu/"
>Curriculum Vitae</a
></small
>
@ -96,20 +106,34 @@ robots: noai, nofollow
<li id="some">
<span class="monospaced">SOME:</span>
<em
><a href="https://gitea.blesmrt.net/mikaela" rel="me"
><a
href="https://gitea.blesmrt.net/mikaela"
rel="me"
>gitea.blesmrt.net</a
></em
>
<a href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2" rel="me"
<a
href="https://bsky.app/profile/did:plc:k4n3logit2gplz7mbgkrsdl2"
rel="me"
>bsky</a
>
<em
><a href="https://github.com/{{ site.github_username }}" rel="me"
><a
href="https://github.com/{{ site.github_username }}"
rel="me"
>GitHub.com</a
></em
>
<a href="https://gitlab.com/Mikaela" rel="me">GitLab.com</a>
<a href="https://git.com.de/mikaela" rel="me">git.com.de</a> (<a
<a
href="https://gitlab.com/Mikaela"
rel="me"
>GitLab.com</a
>
<a
href="https://git.com.de/mikaela"
rel="me"
>git.com.de</a
> (<a
href="http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela"
rel="me"
>&#129477;&#65038;</a
@ -119,11 +143,19 @@ robots: noai, nofollow
href="{{site.keyoxide}}/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY"
>Keyoxide</a
>
<a rel="me" href="https://liberapay.com/Mikaela">LiberaPay.com</a>
<a rel="me" href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
<a
rel="me"
href="https://liberapay.com/Mikaela"
>LiberaPay.com</a
>
<a
rel="me"
href="https://www.linkedin.com/in/{{ site.linkedin_username }}/"
>LinkedIn.com</a
>
<a href="https://git.piraattipuolue.fi/mikaela.suomalainen" rel="me"
<a
href="https://git.piraattipuolue.fi/mikaela.suomalainen"
rel="me"
>git.piraattipuolue.fi</a
>
<a
@ -139,7 +171,10 @@ robots: noai, nofollow
>sauna.social</a
>
</li>
<li class="monospaced" id="ssh">
<li
class="monospaced"
id="ssh"
>
SSH:
<a
href="https://gitea.blesmrt.net/mikaela/ssh-allowed_signers/src/branch/cxefa/aminda/aminda.pub"

4
ipfs-files/README.markdown
View File

@ -4,5 +4,5 @@ published: false
[IPFS](https://ipfs.io) related files
The directory isn't called IPFS in case it would cause confusion to IPFS
capable software.
The directory isn't called IPFS in case it would cause confusion to IPFS capable
software.

4
n/3g.md
View File

@ -7,8 +7,8 @@ sitemap: false
lang: en
---
Finland will mostly discontinue 3G networks by end of 2023. Suomen
yhteisverkko will begins 3G shutdown early 2024.
Finland will mostly discontinue 3G networks by end of 2023. Suomen yhteisverkko
will begins 3G shutdown early 2024.
- [DNA.fi/3g]
- [Elisa.fi/3g]

4
n/5g.md
View File

@ -6,7 +6,9 @@ redirect_from:
- /r/5G.html
sitemap: false
lang: en
excerpt: List of carrier/WISP maps in Finland for quickly finding whether a place has 5G or not. Carriers eagerly sell it to people who don't have signal.
excerpt:
List of carrier/WISP maps in Finland for quickly finding whether a place has
5G or not. Carriers eagerly sell it to people who don't have signal.
---
_{{ page.excerpt }}_

12
n/coauthor.md
View File

@ -1,6 +1,8 @@
---
title: Co-authoring and private emails with Git Forges
excerpt: This note tells how to mark me as a git commit coauthor and my privatized email addresses.
excerpt:
This note tells how to mark me as a git commit coauthor and my privatized
email addresses.
layout: mini
permalink: /n/coauthor.html
sitemap: true
@ -10,11 +12,11 @@ robots: noai
# Git forge private emails
**_WARNING! These are vendor lock-in and contribution activity will not
pass on to other platrforms._** It may not matter much with sign-offs though.
**_WARNING! These are vendor lock-in and contribution activity will not pass on
to other platrforms._** It may not matter much with sign-offs though.
Forges generally have a feature for private email addresses and it can be
used at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
Forges generally have a feature for private email addresses and it can be used
at least by co-authored commits, e.g. [r/coauthor](/r/coauthor.html):
> `Co-authored-by: NAME <NAME@EXAMPLE.COM>`

6
n/copyrightyear.md
View File

@ -9,7 +9,8 @@ lang: en
# Do copyright years need yearly updates?
Apparently it depends on whether you care about when the project enters public domain.
Apparently it depends on whether you care about when the project enters public
domain.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -35,7 +36,8 @@ Apparently it depends on whether you care about when the project enters public d
## Yes
- [Information for maintainers of GNU software, 6.5: copyright notices](https://www.gnu.org/prep/maintain/maintain.html#Copyright-Notices)
- At the time of writing they practically say to update every file that has more than 10 lines.
- At the time of writing they practically say to update every file that has
more than 10 lines.
## Other links

265
n/dns.md
View File

@ -1,6 +1,8 @@
---
title: Philosophical pondering on DNS and its features and usage
excerpt: What DNS server is used, does it support ECS, is that threat or possibility, and everything that doesn't have a better place?
excerpt:
What DNS server is used, does it support ECS, is that threat or possibility,
and everything that doesn't have a better place?
layout: mini
permalink: /n/dns.html
redirect_from:
@ -49,7 +51,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
## Identifying DNS resolver
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under "Network".
- [DNS-OARC's Check My DNS](https://cmdns.dev.dns-oarc.net) - popup under
"Network".
- [dnsleaktest](https://dnsleaktest.com)
- [whatsmydnsserver](https://www.whatsmydnsserver.com)
- [ipleak.net](https://ipleak.net)
@ -57,7 +60,8 @@ _{{ page.excerpt }} For DNS resolvers, refer to [r/resolv.tsv](/r/resolv.tsv)_
- [browserleaks.net/dns](https://browserleaks.net/dns)
- [dnscheck.tools](https://www.dnscheck.tools)
The above list is based on [redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
The above list is based on
[redirect2me/which-dns README alternatives section](https://github.com/redirect2me/which-dns/blob/main/README.md)
---
@ -65,8 +69,8 @@ The above list is based on [redirect2me/which-dns README alternatives section](h
At it's current state of implementation, Encrypted Client-Hello requires
DNS-over-HTTPS in the browser level or it won't be used. If downgrade from
application level DoH to OS resolver is allowed, ECH will get disabled at
least temporary. Thus I think this list belongs here close enough.
application level DoH to OS resolver is allowed, ECH will get disabled at least
temporary. Thus I think this list belongs here close enough.
- [Cloudflare Browser Check](https://www.cloudflare.com/ssl/encrypted-sni/)
which still speaks of ESNI, while ECH replaced Encrypted Server Name
@ -80,32 +84,37 @@ least temporary. Thus I think this list belongs here close enough.
## What is ECS?
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS) [Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS extension letting the authoritative nameserver
know your subnet, generally a `/24` (IPv4) or a `/56` (IPv6), but the revealed
subnet size is up to your DNS resolver configuration.
[EDNS](https://en.m.wikipedia.org/wiki/Extension_Mechanisms_for_DNS)
[Client-Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a DNS
extension letting the authoritative nameserver know your subnet, generally a
`/24` (IPv4) or a `/56` (IPv6), but the revealed subnet size is up to your DNS
resolver configuration.
_See also simpler explanation at [PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
_See also simpler explanation at
[PrivacyGuides.org DNS Overview](https://www.privacyguides.org/en/advanced/dns-overview/#what-is-edns-client-subnet-ecs)._
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx.
The last part of your IP address (the xxx) again is a number between 1
to 254 (since 0 is reserved for the network itself and 255 is the
broadcast address).
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider)
follows [RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177),
it's assigned solely to you meaning the authoritative nameserver will know
the request originated from your network.
- However many ISPs, especially wireless ones,
will just assign you a `64` which is required for
- /24 is the first three parts of your IPv4 address e.g. 192.0.2.xxx. The last
part of your IP address (the xxx) again is a number between 1 to 254 (since 0
is reserved for the network itself and 255 is the broadcast address).
- `/56` includes 256 `/64`s and if your ISP (Internet Service Provider) follows
[RFC 6177](https://datatracker.ietf.org/doc/html/rfc6177), it's assigned
solely to you meaning the authoritative nameserver will know the request
originated from your network.
- However many ISPs, especially wireless ones, will just assign you a `64`
which is required for
[stateless address autoconfiguration](<https://en.m.wikipedia.org/wiki/SLAAC#Stateless_address_autoconfiguration_(SLAAC)>)
which is the most common way of getting IPv6 address in your local area
network as opposed to IPv4 where you would have
[Dynamic Host Configuration Protocol (DHCP)](https://en.m.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
- Your router does get the IPv6 subnet assignment for LAN distribution by means of [DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation) which is also common on mobile networks.
- Your router does get the IPv6 subnet assignment for LAN distribution by
means of
[DHCPv6 Prefix Delegation](https://en.m.wikipedia.org/wiki/Prefix_delegation)
which is also common on mobile networks.
If you are reading my personal notes (that being useful for you would bring me
a bit of happiness), please note that **_I am somewhat indecisive and change
the DNS resolver a lot (at least daily judging by my feelings), but do check
the git log._**
If you are reading my personal notes (that being useful for you would bring me a
bit of happiness), please note that **_I am somewhat indecisive and change the
DNS resolver a lot (at least daily judging by my feelings), but do check the git
log._**
- [History of this page at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/n/dns.md)
@ -113,78 +122,120 @@ the git log._**
_Android DoH3 option:_ `dns.google`
> [...] The longer the distance the data must travel from the data centre to
> the end-user device, the more energy the transmission consumes
> regardless of the transmission path used. Intercontinental transmission
> networks are fundamentally very efficient. Transferring data from the
> United States to Europe may consume a fraction of the energy compared to
> the last kilometre from the base station to the mobile phone.
> [...] The longer the distance the data must travel from the data centre to the
> end-user device, the more energy the transmission consumes regardless of the
> transmission path used. Intercontinental transmission networks are
> fundamentally very efficient. Transferring data from the United States to
> Europe may consume a fraction of the energy compared to the last kilometre
> from the base station to the mobile phone.
- [Green Code](https://www.exove.com/green-code/) ([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf) [txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
- [Green Code](https://www.exove.com/green-code/)
([pdf](https://www.exove.com/app/uploads/2023/09/Green-Code-v2.pdf)
[txt](https://www.exove.com/app/uploads/2023/09/greencode-v2.txt))
If you utilize services of internet giants or content delivery networks, ECS will likely give you [the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing) and may help with decreasing your _digital carbon footprint_.
If you utilize services of internet giants or content delivery networks, ECS
will likely give you
[the shortest distance, the lowest latency, the highest speed](https://en.m.wikipedia.org/wiki/Edge_computing)
and may help with decreasing your _digital carbon footprint_.
_The above means GAFAM, if you don't use them in any form, there may not be a
need for ECS._
If those matter to you, you may also like to consider [increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
If those matter to you, you may also like to consider
[increasing your minimum TTL to around an hour in a local server](https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/).
### Why to not use ECS?
_Android DoH3 option:_ `cloudflare-dns.com`
> [...] we [Cloudflare] dont pass along the EDNS subnet information. This information leaks information about a requesters IP and, in turn, sacrifices the privacy of users. This is especially problematic as we work to encrypt more DNS traffic since the request from Resolver to Authoritative DNS is typically unencrypted. **_Were aware of real world examples where nationstate actors have monitored EDNS subnet information to track individuals,_** which was part of the motivation for the privacy and security policies of 1.1.1.1.
> [...] we [Cloudflare] dont pass along the EDNS subnet information. This
> information leaks information about a requesters IP and, in turn, sacrifices
> the privacy of users. This is especially problematic as we work to encrypt
> more DNS traffic since the request from Resolver to Authoritative DNS is
> typically unencrypted. **_Were aware of real world examples where nationstate
> actors have monitored EDNS subnet information to track individuals,_** which
> was part of the motivation for the privacy and security policies of 1.1.1.1.
>
> [...]
>
> We are working with the small number of networks with a higher network/ISP density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up with an EDNS IP Subnet alternative that gets them the information they need for geolocation targeting without risking user privacy and security. Those conversations have been productive and are ongoing. [...]
> We are working with the small number of networks with a higher network/ISP
> density than Cloudflare (e.g., Netflix, Facebook, Google/YouTube) to come up
> with an EDNS IP Subnet alternative that gets them the information they need
> for geolocation targeting without risking user privacy and security. Those
> conversations have been productive and are ongoing. [...]
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702), emphasis mine.
- [Cloudflare co-founder](https://news.ycombinator.com/item?id=19828702),
emphasis mine.
ECS will decrease the cost of mass surveillance as instead of having to surveill everything happening on the network, anyone between your DNS server and the authoritative nameserver can see which IP addresses access the site with a reasonable accuracy.
ECS will decrease the cost of mass surveillance as instead of having to surveill
everything happening on the network, anyone between your DNS server and the
authoritative nameserver can see which IP addresses access the site with a
reasonable accuracy.
Then there are those with commercial interests, particularly outside of
Europe, advertisers may be interested in making money out of the additional
metadata. There may also be adblockers which don't block the DNS request,
causing the advertising company to receive your IP address (or close enough to
it) even if you didn't see the advertisement itself.
Then there are those with commercial interests, particularly outside of Europe,
advertisers may be interested in making money out of the additional metadata.
There may also be adblockers which don't block the DNS request, causing the
advertising company to receive your IP address (or close enough to it) even if
you didn't see the advertisement itself.
Some say _the less metadata is produced, the smaller incentive there is for
starting collecting and monetizing it._
This isn't even mentioning that the internet isn't a nice place or foreign
advanced persistent threats or threat actors, who may not need a reason to
attack you. [_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
attack you.
[_CISA: Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society_](https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society)
Additionally researchers (below) have used it to perform cache poisoning against an individual target directing them to a wrong location and with low TTL making it near impossible to audit later.
Additionally researchers (below) have used it to perform cache poisoning against
an individual target directing them to a wrong location and with low TTL making
it near impossible to audit later.
What domains do you use? What if someone far above you knew regardless of Encrypted Client-Hello?
What domains do you use? What if someone far above you knew regardless of
Encrypted Client-Hello?
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use HTTPS everywhere? Do you know to not accept warnings about certificate issues? Do the other (less technical) users of your network? Would you or them be a delicious target? Do you even use GAFAM services?
Are the domains you use DNSSEC-signed? Do you verify DNSSEC locally? Do you use
HTTPS everywhere? Do you know to not accept warnings about certificate issues?
Do the other (less technical) users of your network? Would you or them be a
delicious target? Do you even use GAFAM services?
See also:
- [_Understanding the Privacy Implications of ECS_](https://yacin.nadji.us/docs/pubs/dimva16_ecs.pdf)
<del>_Later I have been torn on whether the quote above is correct and helps
decrease my digital climate footprint more or less than adblocking on DNS
level, but what really put the scales towards ECS for me was late night GApple
update that was keeping me from sleeping. So ECS is for busy people who want
to sleep?_</del> _The CISA link above makes me question this the very next day
decrease my digital climate footprint more or less than adblocking on DNS level,
but what really put the scales towards ECS for me was late night GApple update
that was keeping me from sleeping. So ECS is for busy people who want to
sleep?_</del> _The CISA link above makes me question this the very next day
considering I belong to gender and sexual minorities, Pirate Party of Finland,
and everything..._
### Why to use private ECS?
_Android DoH3 option:_ [?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
_Android DoH3 option:_
[?](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
Do you want the benefits of ECS with the privacy and security of not having ECS? Private ECS is a compromise solution in the middle, although not without its own issues.
Do you want the benefits of ECS with the privacy and security of not having ECS?
Private ECS is a compromise solution in the middle, although not without its own
issues.
Your private DNS provider will lie for you and say that your IP address is somewhere else where it will also place many others from your ISP. However what if it says you are a customer of another ISP, possibly even located in another country? It tends to have greater accuracy with IPv4 than IPv6, [see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html). What if no one else uses the same DNS server as you, especially from your ISP? I guess you can always advocate your DNS provider so it could be someone else too (I couldn't)? If it works most of time, does that outweight the times it won't work? Is perfect the enemy of good enough?
Your private DNS provider will lie for you and say that your IP address is
somewhere else where it will also place many others from your ISP. However what
if it says you are a customer of another ISP, possibly even located in another
country? It tends to have greater accuracy with IPv4 than IPv6,
[see AdGuard Google Domains issue](https://adguard-dns.io/en/blog/dns-google-domains-fixed.html).
What if no one else uses the same DNS server as you, especially from your ISP? I
guess you can always advocate your DNS provider so it could be someone else too
(I couldn't)? If it works most of time, does that outweight the times it won't
work? Is perfect the enemy of good enough?
In that case you may <del>get even worse performance</del> be in even worse situation than without ECS. Then again if everything works properly, you will get the benefit of ECS without the privacy impact and lessened security impact.
In that case you may <del>get even worse performance</del> be in even worse
situation than without ECS. Then again if everything works properly, you will
get the benefit of ECS without the privacy impact and lessened security impact.
See the next section for testing "where you are." Consider also what is important for you if you had to pick one or two from privacy, performance and climate.
See the next section for testing "where you are." Consider also what is
important for you if you had to pick one or two from privacy, performance and
climate.
See also:
@ -197,8 +248,8 @@ See also:
It's likely greener to just use adblocking DNS no matter where it is located,
preferably on router level. I don't trust router/DHCP provided DNS and encrypt
it on the end device anyway. And if something needs unfiltered access
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the
ability nowadays.
(AdNauseam?), give it DNS over HTTPS like all browsers and curl have the ability
nowadays.
Are you someone whom someone might want bad things to just for existing?
@ -219,26 +270,38 @@ dig +short TXT whoami-ecs.v6.powerdns.org.
dig +short TXT whoami-ecs.v4.powerdns.org.
```
- Note: [Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
- Note:
[Cloudflare sends ECS only for `whoami.ds.akahelp.net`, nowhere else](https://developers.cloudflare.com/1.1.1.1/faq/#does-1.1.1.1-send-edns-client-subnet-header).
---
## [DNS0.eu] or [Quad9]?
In my experience [DNS0.eu] tends to have better filtering and
[reporting options](https://www.dns0.eu/report) than [Quad9], while [servers being located only in](https://www.dns0.eu/network) the
[European Union](https://european-union.europa.eu) is mildly problematic when your users start traveling
outside it either for work or leisure, which across continents tends to bring
round-trips overseas. Additionally private ECS (see above) tends to be bad
poor for IPv6 and for very small AS like a school, it directs to another side
of the country, but that is a very minor issue.
[reporting options](https://www.dns0.eu/report) than [Quad9], while
[servers being located only in](https://www.dns0.eu/network) the
[European Union](https://european-union.europa.eu) is mildly problematic when
your users start traveling outside it either for work or leisure, which across
continents tends to bring round-trips overseas. Additionally private ECS (see
above) tends to be bad poor for IPv6 and for very small AS like a school, it
directs to another side of the country, but that is a very minor issue.
Meanwhile [Quad9] blocking seems almost as good in [tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/) and they give me impression [of more transparency](https://quad9.net/about/transparency-report) (as opposed to [DNS0.eu only
having a <del>Twitter</del> X account](https://twitter.com/dns0eu)). [Quad9] also has more options on whether to ECS or not (see above).
Meanwhile [Quad9] blocking seems almost as good in
[tests like this](https://techblog.nexxwave.eu/public-dns-malware-filters-tested-in-2024/)
and they give me impression
[of more transparency](https://quad9.net/about/transparency-report) (as opposed
to
[DNS0.eu only having a <del>Twitter</del> X account](https://twitter.com/dns0eu)).
[Quad9] also has more options on whether to ECS or not (see above).
The end-users traveling outside of the EU is also solved as they [have servers all around the world](https://quad9.net/service/locations/).
The end-users traveling outside of the EU is also solved as they
[have servers all around the world](https://quad9.net/service/locations/).
Back to [DNS0.eu], while disabling private ECS is not an option, they do have other options; [default filters](https://www.dns0.eu), [no filters](https://www.dns0.eu/open), [heavier filtering (zero)](https://www.dns0.eu/zero) and [kids](https://www.dns0.eu/kids).
Back to [DNS0.eu], while disabling private ECS is not an option, they do have
other options; [default filters](https://www.dns0.eu),
[no filters](https://www.dns0.eu/open),
[heavier filtering (zero)](https://www.dns0.eu/zero) and
[kids](https://www.dns0.eu/kids).
[DNS0.eu]: https://www.dns0.eu
[Quad9]: https://quad9.net
@ -284,18 +347,19 @@ with desktop versions etc._
### Android
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google`
(which has ECS) as the (Settings → Network & Internet → Advanced →)
_Private DNS_ server as [they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h) and are thus DNS over
HTTPS3 instead of the usual DNS over TLS. This can be confirmed with
[`https://1.1.1.1/help`](https://one.one.one.one/help) (when using
`cloudflare-dns.com`). **_However is connectivity in limited networks and
maybe a bit faster speed in bad network more important than a level of
security reached by a filtering resolver?_**
Use either `cloudflare-dns.com` (which doesn't have ECS) or `dns.google` (which
has ECS) as the (Settings → Network & Internet → Advanced →) _Private DNS_
server as
[they have special handling](https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h)
and are thus DNS over HTTPS3 instead of the usual DNS over TLS. This can be
confirmed with [`https://1.1.1.1/help`](https://one.one.one.one/help) (when
using `cloudflare-dns.com`). **_However is connectivity in limited networks and
maybe a bit faster speed in bad network more important than a level of security
reached by a filtering resolver?_**
Then setup your web browser (including Firefox (other than stable which
disables `about:config`) and Chrome) to use DNS over HTTPS with your preferred
server and while at it enabling HTTPS only mode.
Then setup your web browser (including Firefox (other than stable which disables
`about:config`) and Chrome) to use DNS over HTTPS with your preferred server and
while at it enabling HTTPS only mode.
At least `https://security.cloudflare-dns.com/dns-query` won't downgrade to
system DNS resolver so
@ -317,7 +381,8 @@ If testing Cloudflare, see also:
Do other Android based OSes contain the special handling of specific _Private
DNS_ domains turning into DNS-over-HTTP/3?
- GrapheneOS: [yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
- GrapheneOS:
[yes](https://github.com/GrapheneOS/platform_packages_modules_DnsResolver/blob/13/PrivateDnsConfiguration.h)
- LineageOS:
[yes](https://github.com/LineageOS/android_packages_modules_DnsResolver/blob/lineage-20.0/PrivateDnsConfiguration.h)
- /e/OS:
@ -325,14 +390,13 @@ DNS_ domains turning into DNS-over-HTTP/3?
### [Rethink](https://github.com/celzero/rethink-app)
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on
seeing the IP directly such as wireless debugging LAN IP, Briar LAN
connections, cause warnings in Ooni Probe and disable automatic testing,
Syncthing Fork will not autostart due to detecting the network as metered,
unless it's given permission to run in metered networks.
**_NOTE!_** This pretends to be a VPN and thus breaks things depending on seeing
the IP directly such as wireless debugging LAN IP, Briar LAN connections, cause
warnings in Ooni Probe and disable automatic testing, Syncthing Fork will not
autostart due to detecting the network as metered, unless it's given permission
to run in metered networks.
1. Use either GitHub or F-Droid release as Google Play doesn't have
blocklists.
1. Use either GitHub or F-Droid release as Google Play doesn't have blocklists.
1. Enable it.
1. In Android Settings, Internet, Advanced, VPN, select Rethink, make it
always-on and block connections not using it.
@ -350,19 +414,17 @@ unless it's given permission to run in metered networks.
- Network: _Perform connectivity checks_
1. Remember to also visit Android app details for Rethink, in battery menu
select unrestricted and in network allow unlimited data even with data
saver.
1. I also have a suspicion that Android _Developer_ Setting `Always keep
mobile data active` is interfering with Rethink as always-on VPN causing
connectivity issues or it not being sure whether "metered" or unmetered
network is being used.
select unrestricted and in network allow unlimited data even with data saver.
1. I also have a suspicion that Android _Developer_ Setting
`Always keep mobile data active` is interfering with Rethink as always-on VPN
causing connectivity issues or it not being sure whether "metered" or
unmetered network is being used.
1. The setting is enabled by default nowadays, to access it, go to about
phone and rapidly tap `Software build number`
(backtranslated to English from Finnish (like everything else (TODO:
check in English)).
phone and rapidly tap `Software build number` (backtranslated to English
from Finnish (like everything else (TODO: check in English)).
1. Once you are a developer, `System Settings` (within `Settings`) should
have a new `Developer Settings` menu `Mobile data always active` is
under `Connection properties` section (which is above `Input`)
have a new `Developer Settings` menu `Mobile data always active` is under
`Connection properties` section (which is above `Input`)
Hopefully there is no situation where Rethink stops working and thinks it's
still working. As can be deduced from this section, sometimes Rethink and I
@ -374,10 +436,9 @@ I think a few of the blocklists in Rethink are blocking apkpure's domain
breaking Obtainium and their official app and the steps to fix that are:
1. Use a DNS server that doesn't have the block (`https://open.dns0.eu/` or
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is
desirable?)
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy`
and `Logs`.
`https://unfiltered.adguard-dns.com/dns-query` if private ECS is desirable?)
1. Select `Apps` in Rethink's main screen (the biggest button below `Proxy` and
`Logs`.
1. Search for `Obtainium` or `APKPure` and select it.
1. Select `Domain Rules`.
1. Select the floating `+` from bottom right.

27
n/emoji.md
View File

@ -11,10 +11,8 @@ lang: en
# Unemojied emojis
[John D. Cook shares a nice trick to prevent emojis from being displayed as
emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/) and I
want to store it here alongside the more personally
relevant symbols.
[John D. Cook shares a nice trick to prevent emojis from being displayed as emojis](https://www.johndcook.com/blog/2022/09/30/preventing-emoji/)
and I want to store it here alongside the more personally relevant symbols.
So to make something not an emoji, `U+FE0E` or `&#65038;` and to use emoji,
`FE0F` or (`&#65039`).
@ -49,7 +47,8 @@ _My shellrc has some reminders for me and these are the sequences there._
## aminda.eu
- &#129477;&#65038; Onion: `\u1f9c5` `&#129477;&#65038;`
- I guess it just doesn't have a non-emoji variant at least on my system at the time of writing?
- I guess it just doesn't have a non-emoji variant at least on my system at
the time of writing?
### friends
@ -58,20 +57,26 @@ _My shellrc has some reminders for me and these are the sequences there._
## Flags
- &#127988;&#8205;&#9760;&#65038; Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e` or `&#127988;&#8205;&#9760;&#65038;`
- &#x1F3F3;&#xFE0F;&#x200D;&#x1F308;&#65038; Pride Flag: `&#x1F3F3;&#xFE0F;&#x200D;&#x1F308;`
- &#x1F3F3;&#xFE0F;&#x200D;&#x26A7;&#xFE0F;&#x200D;&#65038; Trans Pride Flag: `&#x1F3F3;&#xFE0F;&#x200D;&#x26A7;&#xFE0F;&#x200D;&#65038;`
- &#127988;&#8205;&#9760;&#65038; Pirate Flag: `\u1f3f4\u200d\u2620\ufe0f\ufe0e`
or `&#127988;&#8205;&#9760;&#65038;`
- &#x1F3F3;&#xFE0F;&#x200D;&#x1F308;&#65038; Pride Flag:
`&#x1F3F3;&#xFE0F;&#x200D;&#x1F308;`
- &#x1F3F3;&#xFE0F;&#x200D;&#x26A7;&#xFE0F;&#x200D;&#65038; Trans Pride Flag:
`&#x1F3F3;&#xFE0F;&#x200D;&#x26A7;&#xFE0F;&#x200D;&#65038;`
## Kingdom Hearts
Well, one must be prepared to discuss the clash between Light and Darkness and the &chi;-blade, in case someone resurrects it?
Well, one must be prepared to discuss the clash between Light and Darkness and
the &chi;-blade, in case someone resurrects it?
- &chi; can be expressed as `\U03C7`, `&#x3C7;` or neatly `&chi;`.
- In case of `&Chi` making it a capital letter turns it into &Chi;, but can you even distinguish that from X?
- In case of `&Chi` making it a capital letter turns it into &Chi;, but can
you even distinguish that from X?
### Roman Numerals
_You have no idea how often I miss these. And I don't even mean to discuss the_ Organization &#8555;&#8544;.
_You have no idea how often I miss these. And I don't even mean to discuss the_
Organization &#8555;&#8544;.
**_WARNING: The first syntax may be incorrect._**

43
n/essentialsoftware.md
View File

@ -32,27 +32,39 @@ _{{ page.excerpt }}_
## Security
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open. Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
- `microcode` - propietary, but otherwise CPU holes are going to be gaping open.
Refer to `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
- Debian calls this as `amd64-microcode` or `intel-microcode`
- `ufw` for Deb-based or `firewalld` on Fedora
- `sshguard` for mitigating shared systems where others refuse to use keys
- `needrestart` for knowing when updates actually require services to be restarted or a kernel upgrade happens and requires reboot
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production rather than local machine.
- `needrestart` for knowing when updates actually require services to be
restarted or a kernel upgrade happens and requires reboot
- `molly-guard` so you won't accidentally `reboot` or `poweroff` production
rather than local machine.
- `apt-listchanges` changelogs are worth knowing when updating.
- `apt-listbugs` known bugs are especially nice when performing bigger updates.
- `chrony` - security demands the time to be correct, Chrony supports NTS and is proper NTP server instead of just SNTP like systemd-timesyncd.
- `chrony` - security demands the time to be correct, Chrony supports NTS and is
proper NTP server instead of just SNTP like systemd-timesyncd.
- alternatively configure `systemd-timesyncd`
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I had it connect to upstream dns\[crypt\]proxy
- alternatively configure `systemd-resolved`. Simultaneously `systemd-networkd` may be a good idea.
- `unattended-upgrades` or `dnf-automatic` so security updates are at least downloaded if not even directly installed (see configuration and systemd units!)
- if `dnf-automatic`, consider `sudo systemctl enable dnf-automatic-install.{timer,service}`
or at least `sudo systemctl enable dnf-automatic-download.{timer,service}`
- `unbound` - my choice for both DNSSEC validating and DNS-over-TLS, even if I
had it connect to upstream dns\[crypt\]proxy
- alternatively configure `systemd-resolved`. Simultaneously
`systemd-networkd` may be a good idea.
- `unattended-upgrades` or `dnf-automatic` so security updates are at least
downloaded if not even directly installed (see configuration and systemd
units!)
- if `dnf-automatic`, consider
`sudo systemctl enable dnf-automatic-install.{timer,service}` or at least
`sudo systemctl enable dnf-automatic-download.{timer,service}`
## Usability
- `nvim git tmux zsh` - good luck without these
- if cryptographic operations are taking ages, consider something like `haveged`. It's controversial, so if there are no issues, don't install a random number generator.
- userspace oom killer, may avoid frozen systems, much more pleasant than actually having to deal with a frozen system.
- if cryptographic operations are taking ages, consider something like
`haveged`. It's controversial, so if there are no issues, don't install a
random number generator.
- userspace oom killer, may avoid frozen systems, much more pleasant than
actually having to deal with a frozen system.
- `earlyoom`
- remember to `sudo systemctl enable --now earlyoom`
- `systemd-oomd`
@ -63,14 +75,16 @@ _{{ page.excerpt }}_
- `thermald` for additional help keeping system cool, especially intel
- `sudo systemctl enable --now thermald`
- `vnstat` - help for observing bandwidth usage
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
- `yggdrasil` - essential for getting through Carrier Grade NAT whether there is
IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.
- `tlp` - for laptop power management, especially ThinkPad.
- `sudo tlp-stat | less`
- `sudo systemctl enable --now tlp`
## Offtopic system configuration
This is just too close to not mention here (and was besides in my planning issue):
This is just too close to not mention here (and was besides in my planning
issue):
### Debian-based
@ -82,4 +96,5 @@ This is just too close to not mention here (and was besides in my planning issue
### SSD
- `sudo systemctl enable --now fstrim.timer`
- check that `/etc/fstab` has `noatime` so every file access isn't written to the disk. BTRFS filesystems should also have `ssd` flag.
- check that `/etc/fstab` has `noatime` so every file access isn't written to
the disk. BTRFS filesystems should also have `ssd` flag.

51
n/f-droid.md
View File

@ -1,6 +1,8 @@
---
title: F-Droid repository list
excerpt: F-Droid is kind of apt for Android with multiple repositories available. This is my note to self on which repositories I tend to have configured.
excerpt:
F-Droid is kind of apt for Android with multiple repositories available. This
is my note to self on which repositories I tend to have configured.
layout: mini
permalink: /n/f-droid.html
redirect_from: /n/fdroid.html
@ -11,7 +13,8 @@ robots: noai
_{{ page.excerpt }}_
Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
Remember to prefer the
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) app!
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -31,32 +34,46 @@ Remember to prefer the [F-Droid Basic](https://f-droid.org/packages/org.fdroid.b
## Official F-Droid repositories
F-Droid and GuardianProject are configured by default, however cloudflare
isn't enabled by default. And for some reason my Yeul decided that it
needs 0 repositories out of the box, so time to add them too.
F-Droid and GuardianProject are configured by default, however cloudflare isn't
enabled by default. And for some reason my Yeul decided that it needs 0
repositories out of the box, so time to add them too.
- [cloudflare.f-droid.org/repo](fdroidrepos://cloudflare.f-droid.org/repo?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)
- <s>[cloudflare.f-droid.org/archive](fdroidrepos://cloudflare.f-droid.org/archive?fingerprint=43238d512c1e5eb2d6569f4a3afbf5523418b82e0a3ed1552770abb9a9c9ccab)</s>
## Additional F-Droid repositories
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a) is a less strictly foss repository by an F-Droid maintainer.
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26) contains Frostnerd's apps, mainly Nebulo.
- [apt.izzysoft.de/fdroid/repo](fdroidrepos://apt.izzysoft.de/fdroid/repo?fingerprint=3bf0d6abfeae2f401707b6d966be743bf0eee49c2561b9ba39073711f628937a)
is a less strictly foss repository by an F-Droid maintainer.
- [fdroid.frostnerd.com/fdroid/repo](fdroidrepos://fdroid.frostnerd.com/fdroid/repo?fingerprint=74bb580f263ec89e15c207298dec861b5069517550fe0f1d852f16fa611d2d26)
contains Frostnerd's apps, mainly Nebulo.
- [guardianproject.info/fdroid/repo](fdroidrepos://guardianproject.info/fdroid/repo?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)
- <s>[guardianproject.info/fdroid/archive](fdroidrepos://guardianproject.info/fdroid/archive?fingerprint=b7c2eefd8dac7806af67dfcd92eb18126bc08312a7f2d6f3862e46013c7a6135)</s>
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242) contains SpiritCroc's apps, mainly SchildiChat.
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225) contains testing versions of SpiritCroc's apps, mainly SchildiChat.
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) contains the DivestOS apps such as Hypatia and Mull Browser (not to be confused with Mullvad Browser).
- [s2.spiritcroc.de/fdroid/repo](fdroidrepos://s2.spiritcroc.de/fdroid/repo?fingerprint=6612ade7e93174a589cf5ba26ed3ab28231a789640546c8f30375ef045bc9242)
contains SpiritCroc's apps, mainly SchildiChat.
- [s2.spiritcroc.de/testing/fdroid/repo](fdroidrepos://s2.spiritcroc.de/testing/fdroid/repo?fingerprint=52d03f2fab785573bb295c7ab270695e3a1bdd2adc6a6de8713250b33f231225)
contains testing versions of SpiritCroc's apps, mainly SchildiChat.
- [divestos.org/apks/official/fdroid/repo](fdroidrepos://divestos.org/apks/official/fdroid/repo?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467)
contains the DivestOS apps such as Hypatia and Mull Browser (not to be
confused with Mullvad Browser).
## Official repositories for a single project
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c) is Bitwarden password manager.
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6) is Briar local mesh/Tor messenger.
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165) is an open implementation of Play Services and used just for devices without them.
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D) is the Goguma IRC client nightly repository.
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba) is the SimpleX messenger repository.
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A) is Molly the Signal fork's repo.
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74) is Molly FOSS the Signal fork's repo without propietary components.
- [mobileapp.bitwarden.com/fdroid/repo](fdroidrepos://mobileapp.bitwarden.com/fdroid/repo?fingerprint=bc54ea6fd1cd5175bcccc47c561c5726e1c3ed7e686b6db4b18bac843a3efe6c)
is Bitwarden password manager.
- [briarproject.org/fdroid/repo](fdroidrepos://briarproject.org/fdroid/repo?fingerprint=1fb874bee7276d28ecb2c9b06e8a122ec4bcb4008161436ce474c257cbf49bd6)
is Briar local mesh/Tor messenger.
- [microg.org/fdroid/repo](fdroidrepos://microg.org/fdroid/repo?fingerprint=9bd06727e62796c0130eb6dab39b73157451582cbd138e86c468acc395d14165)
is an open implementation of Play Services and used just for devices without
them.
- [fdroid.emersion.fr/goguma-nightly/repo](fdroidrepos://fdroid.emersion.fr/goguma-nightly/repo/?fingerprint=ACC8CFEDDF58C590D021FCF37534A54F5919E026D7A8333AA01C1ABB3D34E68D)
is the Goguma IRC client nightly repository.
- [app.simplex.chat/fdroid/repo](fdroidrepos://app.simplex.chat/fdroid/repo?fingerprint=9f358ff284d1f71656a2bfaf0e005deae6aa14143720e089f11ff2ddcfeb01ba)
is the SimpleX messenger repository.
- [molly.im/fdroid/repo](fdroidrepos://molly.im/fdroid/repo?fingerprint=3B7E93B1FE32C6E35A93D6DDFC5AFBEB1239A7C6EA6AF20FF33ED53CDC38B04A)
is Molly the Signal fork's repo.
- [molly.im/fdroid/foss/fdroid/repo](fdroidrepos://molly.im/fdroid/foss/fdroid/repo?fingerprint=5198DAEF37FC23C14D5EE32305B2AF45787BD7DF2034DE33AD302BDB3446DF74)
is Molly FOSS the Signal fork's repo without propietary components.
---

15
n/fairbuds.md
View File

@ -1,6 +1,9 @@
---
title: Fairbuds XL and the equalizer settings
excerpt: I have the misnamed XL and while it's clear, even with factory reset by pushing the joystick to the right until it says "factory reset complete", but the studio eq may not be so clear.
excerpt:
I have the misnamed XL and while it's clear, even with factory reset by
pushing the joystick to the right until it says "factory reset complete", but
the studio eq may not be so clear.
layout: mini
permalink: /n/fairbuds.html
redirect_from:
@ -35,7 +38,15 @@ Shamelessly copied from Matrix.
### 2024-04-11
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db, 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and 10khz levels depending on their taste and "head related transfer function" (rabbit hole, not worth digging into). I could go for one more db on those myself since I tend to prefer that BUT that can also lead to some sharpness for my ears on some tracks. This is a better comfortable level for me. Also those settings don't assume the Fairbuds XL are flat because they're not, instead these settings aim to "correct" the issues I feel they have with the tools given in the app without being silly. :)
> My settings for Studio so far is 60hz+0db, 230hz+2db, 1.1khz+0db, 4khz+5db,
> 10khz+4db. I think the some people may prefer +/- a db or two on the 4khz and
> 10khz levels depending on their taste and "head related transfer function"
> (rabbit hole, not worth digging into). I could go for one more db on those
> myself since I tend to prefer that BUT that can also lead to some sharpness
> for my ears on some tracks. This is a better comfortable level for me. Also
> those settings don't assume the Fairbuds XL are flat because they're not,
> instead these settings aim to "correct" the issues I feel they have with the
> tools given in the app without being silly. :)
In clearer words, in the app drag the four sliders to

34
n/firewalld.md
View File

@ -12,8 +12,8 @@ robots: noai
# Quick note on firewalld usage
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with.
The blog post also predates me having a /n directory here.
This is practically [/ufw](/ufw), but for Firewalld which Fedora comes with. The
blog post also predates me having a /n directory here.
**_After done, run `sudo firewall-cmd --reload`_**
@ -36,12 +36,12 @@ The blog post also predates me having a /n directory here.
## Zones
firewalld zones are privilege of NetworkManager users, this tends to be
a systemd-networkd household. Then again I don't believe in absolutely trusted
firewalld zones are privilege of NetworkManager users, this tends to be a
systemd-networkd household. Then again I don't believe in absolutely trusted
zones.
Zone would be specified by `--zone=home` in the commands. The other zone I
could imagine using is `public`.
Zone would be specified by `--zone=home` in the commands. The other zone I could
imagine using is `public`.
## Protocols
@ -49,8 +49,10 @@ could imagine using is `public`.
sudo firewall-cmd --add-protocol=ipv6-icmp --permanent
```
- Tells computers when things go wrong with IPv6 network. See also [Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
- _Motivation for being here is [20/20 in IPv6-test.com](https://ipv6-test.com)._
- Tells computers when things go wrong with IPv6 network. See also
[Neil Alexander: Understanding ICMP and why you shouldn't just block it outright](https://neilalexander.dev/2017/04/16/understanding-icmp).
- _Motivation for being here is
[20/20 in IPv6-test.com](https://ipv6-test.com)._
## Services
@ -62,11 +64,10 @@ sudo firewall-cmd --add-service=syncthing --permanent
sudo firewall-cmd --add-service=mdns --permanent
```
- I trust Chrony (ntp) to not allow it to be used from outside of LAN
as `firewalld` is apparently not designed with limiting source
addresses in mind.
- `syncthing` is the client, not to be confused with `syncthing-gui`
or `syncthing-relay`.
- I trust Chrony (ntp) to not allow it to be used from outside of LAN as
`firewalld` is apparently not designed with limiting source addresses in mind.
- `syncthing` is the client, not to be confused with `syncthing-gui` or
`syncthing-relay`.
## Ports
@ -75,6 +76,7 @@ sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp
```
- `9001/udp` is Yggdrasil automatic peering, although link-local and
unlikely to be recognised by predefined rules.
- `6771/udp` is [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)
- `9001/udp` is Yggdrasil automatic peering, although link-local and unlikely to
be recognised by predefined rules.
- `6771/udp` is
[Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)

50
n/gpg.md
View File

@ -1,6 +1,8 @@
---
title: GPG notes without a better place
excerpt: Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on Keybase.
excerpt:
Creating Ed25519/future key, configuring WKD, Keyoxide PGP and something on
Keybase.
layout: mini
permalink: /n/gpg.html
redirect_from:
@ -42,8 +44,8 @@ robots: noai
## Ed25519 (or future default) key creation
To create an Ed25519 key, or whatever will be the default version in the
future as defined by your GPG version:
To create an Ed25519 key, or whatever will be the default version in the future
as defined by your GPG version:
```
gpg2 --quick-gen-key address@domain.example future-default
@ -59,26 +61,28 @@ deluid # to delete the uid which doesn't contain your name
save
```
\* [OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
\*
[OpenPGP User ID Comments considered harmful by dkg on debian-administrator.org (via web.archive.org)](https://web.archive.org/web/20201020082313/https://debian-administration.org/users/dkg/weblog/97)
Then you are ready to publish the public key however you generally publish
it, preferably in multiple places from where some recognise revokation
certificates if the time ever comes.
Then you are ready to publish the public key however you generally publish it,
preferably in multiple places from where some recognise revokation certificates
if the time ever comes.
NOTE: You can extend the expiry time of an expired gpg signature by issuing
the `expire` command in `--edit-key` and the key is valid again when the
update is reimported to gpg keyrings by other people.
NOTE: You can extend the expiry time of an expired gpg signature by issuing the
`expire` command in `--edit-key` and the key is valid again when the update is
reimported to gpg keyrings by other people.
## Keybase
To publish the key `keybase pgp select --multi` (where multi
is required for multiple PGP keys per account) and to submit changes to it,
To publish the key `keybase pgp select --multi` (where multi is required for
multiple PGP keys per account) and to submit changes to it,
`keybase pgp update --all` (where --all is again necessary only if you have
multiple keys).
## Claws-mail note that is somewhat related.
Debian: `sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
Debian:
`sudo apt install claws-mail claws-mail-address-keeper claws-mail-attach-warner claws-mail-gdata-plugin claws-mail-pgpinline claws-mail-pgpmime claws-mail-smime-plugin`
Load plugins from Configuration (menu) --> Plugins --> Load, they are all
somewhere in `/usr/lib/x86_64-linux-gnu/claws-mail/plugins` or similar path.
@ -103,17 +107,19 @@ xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
```
Note the empty line in the end, as PGP/INLINE is the way to sign emails,
it the PGP signature comes after it and in my opinion looks a bit cleaner
with the signature ending to an empty line.
Note the empty line in the end, as PGP/INLINE is the way to sign emails, it the
PGP signature comes after it and in my opinion looks a bit cleaner with the
signature ending to an empty line.
---
## WKD
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from
Matt Rude whose page is NXDOMAIN and not in Wayback Machine. [What I find is](https://openpgpkey.mattrude.com/)
pointers to [1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS) [3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
Setting up GPG WKD (Web Key Directory), _mostly stripped/adjusted from Matt Rude
whose page is NXDOMAIN and not in Wayback Machine.
[What I find is](https://openpgpkey.mattrude.com/) pointers to
[1](https://wiki.gnupg.org/WKD) [2](https://wiki.gnupg.org/WKS)
[3](https://tools.ietf.org/html/draft-koch-openpgp-webkey-service)_
Requires a control over domain/.well-known and email under that domain.
@ -126,7 +132,8 @@ Requires a control over domain/.well-known and email under that domain.
7. in Jekyll `_config.yml` ensure existence of `include: [.well-known]` if
applicable.
8. deploy
9. test with `gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
9. test with
`gpg -v --auto-key-locate clear,wkd,nodefault --locate-key email@example.net`
NOTE: The empty `policy` goes to the `openpgpkey` directory, not `hu` (I
initially failed at this part)
@ -144,7 +151,8 @@ commands in `gpg --edit-key "key fingerprint here"`:
- Add notations: `notation`
- Remove notations: `notation` from `showpref` with a `-` in the beginning
Don't forget to `gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
Don't forget to
`gpg --keyserver hkps://keys.openpgp.org --send-keys "your keyid here"` !
### Keyoxide docs

94
n/helen.md
View File

@ -15,7 +15,9 @@ hattiwattlowprice: "10 c/kWh"
lang: fi
---
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
Tuntihinta @
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -40,28 +42,49 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
Helen markkinahintasähkö kuukaudelle {{ page.month }} on {{ page.monthly }}.
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }}, siirron marginaali {{ page.distributionmargin }}.
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
- Helen sähköverkot Oy:n siirron perusmaksu: {{ page.basicdistribution }},
siirron marginaali {{ page.distributionmargin }}.
- Helenin pörssisähkön kuukausihinta: {{ page.basicstock }}, marginaali
{{ page.stockmargin }}.
## Yhtälöt Tuntihinnalle
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helenin markkinasähköhinta + siirtohinta kWh)
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2), **_pyöristettynä alaspäin_**
- Marginaali: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh + pörssisähkön marginaali).
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli {{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
- Kallis: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin korkea hinta + Marginaali)
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli {{ page.hattiwatthighprice }} ja halvan olevan alle {{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
- Halpa: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin matala hinta + Marginaali)
- Kallis: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin korkea hinta + Marginaali)
- Kallis: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
(Helenin markkinasähköhinta + siirtohinta kWh)
- Halpa: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
2</strong> (Helenin markkinasähköhinta + siirtohinta kWh / 2),
**_pyöristettynä alaspäin_**
- Marginaali: <strong>{{ page.distributionmargin }} +
{{ page.stockmargin }}</strong> (Helen Sähköverkot Oy siirtohinta kWh +
pörssisähkön marginaali).
- OmaHelen kohtelee alle {{ page.omahelenlowprice }} halpana ja yli
{{ page.omahelenhighprice }} kalliina, joten vaihtoehtoiset kaavat ovat:
- Kallis: <strong>{{ page.omahelenhighprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelenin
korkea hinta + Marginaali)
- Halpa: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
{{ page.stockmargin }}</strong> (OmaHelenin matala hinta + Marginaali)
- [HattiWatt](https://hattiwatt.com/) vuorostaan sanoo korkean olevan yli
{{ page.hattiwatthighprice }} ja halvan olevan alle
{{ page.hattiwattlowprice }}. Se tosin näyttää hinnan myös liikennevaloin.
- Halpa: <strong>{{ page.hattiwattlowprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
matala hinta + Marginaali)
- Kallis: <strong>{{ page.hattiwatthighprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWattin
korkea hinta + Marginaali)
## Lähteet
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta) määrittää kalliin hinnan.
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin asiakaslehdessä.
- [Helen.fi: Markkinasähkö; ja sähkön markkinahinta](https://www.helen.fi/sahko/sahkosopimus/markkinahinta)
määrittää kalliin hinnan.
- Helen veloittaa sitä markkinasähköasiakkailtaan koko kuukauden ja pyrkii
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
edullisesti.
- Siirtohinta näkyy _Oma Helen_-sovelluksessa ja muutokset ilmoitetaan Helenin
asiakaslehdessä.
<div lang="en">
@ -69,27 +92,44 @@ _Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
Helen's monthly market price for month {{ page.month }} is {{ page.monthly }}.
- Distribution price: {{ page.basicdistribution }} and {{ page.distributionmargin }}.
- Distribution price: {{ page.basicdistribution }} and
{{ page.distributionmargin }}.
- Stock price: {{ page.basicstock }} and {{ page.stockmargin }}.
## Equations for Tuntihinta
_Jekyll doesn't allow maths directly for infosec reasons._
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong> (Helen's Market Price Electricity + distribution margin)
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) / 2</strong> (Helen's Market Price Electricity + distribution margin / 2), **_round down_**
- Margin: <strong>{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (Distribution fee + stock margin)
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over {{ page.omahelenhighprice }} as expensive, so alternative equations are:
- Expensive: <strong>{{ page.omahelenhighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's high price + Margin)
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
- [HattiWatt](https://hattiwatt.com/) again treats over {{ page.hattiwatthighprice }} as high price with low price being {{ page.hattiwattlowprice }}. It however shows price in traffic lights.
- Cheap: <strong>{{ page.hattiwattlowprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's low price + Margin))
- Expensive: <strong>{{ page.hattiwatthighprice }} + {{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's high price + Margin)
- Expensive: <strong>{{ page.monthly }} + {{ page.distributionmargin }}</strong>
(Helen's Market Price Electricity + distribution margin)
- Cheap: <strong>({{ page.monthly }} + {{ page.distributionmargin }}) /
2</strong> (Helen's Market Price Electricity + distribution margin / 2),
**_round down_**
- Margin: <strong>{{ page.distributionmargin }} +
{{ page.stockmargin }}</strong> (Distribution fee + stock margin)
- OmaHelen app treats {{ page.omahelenlowprice }} as cheap and over
{{ page.omahelenhighprice }} as expensive, so alternative equations are:
- Expensive: <strong>{{ page.omahelenhighprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (OmaHelen's
high price + Margin)
- Cheap: <strong>{{ page.omahelenlowprice }} + {{ page.distributionmargin }} +
{{ page.stockmargin }}</strong> (OmaHelen's low price + Margin)
- [HattiWatt](https://hattiwatt.com/) again treats over
{{ page.hattiwatthighprice }} as high price with low price being
{{ page.hattiwattlowprice }}. It however shows price in traffic lights.
- Cheap: <strong>{{ page.hattiwattlowprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
low price + Margin))
- Expensive: <strong>{{ page.hattiwatthighprice }} +
{{ page.distributionmargin }} + {{ page.stockmargin }}</strong> (HattiWatt's
high price + Margin)
## Sources
- Definition of monthly plan price: [Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
- They use it all month following stock market price and trying to get their own citation.
- Definition of monthly plan price:
[Helen: Market Price Electricity](https://www.helen.fi/en/electricity/electricity-products-and-prices/marketpriceelectricity)
- They use it all month following stock market price and trying to get their
own citation.
- Distribution is in _Oma Helen_ and changes are announced in their newspaper.
</div>

6
n/index.html
View File

@ -1,7 +1,11 @@
---
layout: default
title: Notes
excerpt: You have discovered my notes listing, where I ramble about random subjects for future me, so I don't have to rediscover the things again. I tend to access these with direct link, but for your benefit, they are also listed here. It is not without realm of possibility for you to be reading this page already.
excerpt:
You have discovered my notes listing, where I ramble about random subjects for
future me, so I don't have to rediscover the things again. I tend to access
these with direct link, but for your benefit, they are also listed here. It is
not without realm of possibility for you to be reading this page already.
permalink: /n/index.html
redirect_from: /n/n.html
navigation: true

12
n/keyoxide.md
View File

@ -9,10 +9,12 @@ lang: en
robots: noai
---
> Keyoxide is a decentralized tool to create and verify decentralized online identities.
> Keyoxide is a decentralized tool to create and verify decentralized online
> identities.
- For painful OpenPGP proofs using notations refer to [n/gpg](/n/gpg.html).
- For ASP profiles [Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
- For ASP profiles
[Keyoxide-flutter](https://codeberg.org/Berker/keyoxide-flutter).
- [n/obtainium](/n/obtainium.html) is that way.
## My ASP profile
@ -21,6 +23,8 @@ robots: noai
### Proofs
- Plain: [`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
- Plain:
[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)
- <code>[`aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY`](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY)</code>
- Hashed: `$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`
- Hashed:
`$argon2id$v=19$m=8192,t=2,p=4$UeKcKenApsCHc+YGJUGCHw$hoTY1qFVXf56BZpZCUNG39/2IrQjwKrT`

23
n/ksoy.md
View File

@ -11,7 +11,9 @@ stockmargin: "0.23 c/kWh"
lang: fi
---
Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537) [Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
Tuntihinta @
[Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537)
[Google Play](https://play.google.com/store/apps/details?id=fi.fingrid.tuntihinta)
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -33,19 +35,26 @@ Tuntihinta @ [Apple App Store](https://apps.apple.com/app/tuntihinta/id824684537
_Siirtohinnasto ei tiedossa, joten se ei ole mukana yhtälöissä._
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on {{ page.monthly }}.
KSOYn Jatkuvan sähkösopimuksen hinta kuukaudelle {{ page.month }} on
{{ page.monthly }}.
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali {{ page.stockmargin }}.
- KSOY Pörssisähkön hinta: {{ page.basicstock }}, marginaali
{{ page.stockmargin }}.
## Yhtälöt Tuntihinnalle
_Jekyll ei salli matematiikkaa suoraan tietoturvasyistä._
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen hinta)
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen hinta / 2), **_pyöristettynä alaspäin_**
- Kallis: <strong>{{ page.monthly }}</strong> (KSOY jatkuvan sähkösopimuksen
hinta)
- Halpa: <strong>{{ page.monthly }} / 2</strong> (KSOY jatkuvan sähkösopimuksen
hinta / 2), **_pyöristettynä alaspäin_**
- Marginaali: <strong>{{ page.stockmargin }}</strong> (pörssisähkön marginaali).
## Lähteet
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/) määrittää kalliin hinnan.
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian edullisesti.
- [KSOY jatkuva sähkösopimus](https://www.ksoy.fi/sahkon-myynti/sahkoa-kotiin/ksoy-jatkuva/)
määrittää kalliin hinnan.
- KSOY veloittaa sitä jatkuvilta sähköasiakkailtaan koko kuukauden ja pyrkii
sillä kattamaan omat kulunsa ja varmistamaan, ettei myy sähköä liian
edullisesti.

78
n/localectl.md
View File

@ -1,6 +1,8 @@
---
title: Quick localectl config
excerpt: Reminder on systemd keyboard and language settings, also including more regionally tailored ones.
excerpt:
Reminder on systemd keyboard and language settings, also including more
regionally tailored ones.
layout: mini
permalink: /n/localectl.html
redirect_from:
@ -49,22 +51,24 @@ sudo localectl set-x11-locale fi
sudo localectl set-locale LANG=en_IE.UTF-8 LC_TIME=en_DK.UTF-8 LC_MONETARY=fi_FI.UTF-8 LC_NAME=fi_FI.UTF-8 LC_TELEPHONE=fi_FI.UTF-8
```
- Everything will be in English, but time will be in ISO 8601, financial units use Finnish separators, names are sorted according to Finnish alphabet (a, …, x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
- Everything will be in English, but time will be in ISO 8601, financial units
use Finnish separators, names are sorted according to Finnish alphabet (a, …,
x, y, z, å, ä, ö) and phone numbers begin with the Finnish `+358` prefix.
## Explanations
- LANG is the language and defaults for other variables if they are unset.
en_DK gives ISO 8601 date format for everything respecting LC_TIME.
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`,
while `LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
- LANG is the language and defaults for other variables if they are unset. en_DK
gives ISO 8601 date format for everything respecting LC_TIME.
- `LANG=en_IE date` returns `Sun 02 Jun 2024 11:05:04 EEST`, while
`LANG=en_DK date` returns `2024-06-02T11:05:04 EEST`.
- LC_MONETARY sets the currency and how sums of it are managed.
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish
which probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
- LC_NAME sets name format and I prefer Finnish (just the name) to Irish which
probably has `M{r,s,rs}` and I hate them being gendered and I doubt it
understands Mx.
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it
defaults international numbers to +358 and I am more likely to be typing
Finnish numbers than Irish. I imagine it can affect office tools, and
it's here more of just in case.
- LC_TELEPHONE sets telephone number format and I set it to fi_FI as it defaults
international numbers to +358 and I am more likely to be typing Finnish
numbers than Irish. I imagine it can affect office tools, and it's here more
of just in case.
And naturally to use these locales, they must be compiled.
@ -78,13 +82,12 @@ fi_FI.UTF-8 UTF-8
and as always, after editing that file, you must run `sudo locale-gen`.
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges
the editing and locale-gen and that is probably what you are supposed to
use.)
(Debian & deriative users, you have `dpkg-reconfigure locales` that merges the
editing and locale-gen and that is probably what you are supposed to use.)
It seems like I didn't even say anything about that UTF-8 part, but
it's 2024 and everything is UTF-8 (or your things are horribly broken
and the rest of the world hates you).
It seems like I didn't even say anything about that UTF-8 part, but it's 2024
and everything is UTF-8 (or your things are horribly broken and the rest of the
world hates you).
Sources/thanks:
@ -92,32 +95,37 @@ Sources/thanks:
- [Locale Helper: en_IE](https://lh.2xlibre.net/locale/en_IE/)
- [Locale Helper: fi_FI](https://lh.2xlibre.net/locale/fi_FI/)
- [Wikipedia: UTF-8](https://en.wikipedia.org/wiki/UTF-8)
- Random misplaced advice: disable charset fallback in your
IRC client and be UTF-8 only! You will see when someone is not
using UTF-8 and won't submit useless bug reports to
bots/bridges/whatever that are UTF-8 only (as supporting every
charset is impossible, since IRC has nothing to declare character
set, and there is zero reason why you wouln't be using UTF-8! Well nowadays
some have [IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
- Random misplaced advice: disable charset fallback in your IRC client and be
UTF-8 only! You will see when someone is not using UTF-8 and won't submit
useless bug reports to bots/bridges/whatever that are UTF-8 only (as
supporting every charset is impossible, since IRC has nothing to declare
character set, and there is zero reason why you wouln't be using UTF-8! Well
nowadays some have
[IRCv3 `UTF8ONLY` `ISUPPORT` token](https://ircv3.net/specs/extensions/utf8-only)).
- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601)
- You should read it or at least be aware of it especially if you are
in contact with people from other countries and even more if you
are in international communities trying to get anything done with
anything that has to do with time or date!
- You should read it or at least be aware of it especially if you are in
contact with people from other countries and even more if you are in
international communities trying to get anything done with anything that has
to do with time or date!
---
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me
from changing language of GNOME and `sudo dpkg-reconfigure locales` in the
end gave me `*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
2019-12-27: I don't see LANGUAGE mentioned here, but it was blocking me from
changing language of GNOME and `sudo dpkg-reconfigure locales` in the end gave
me
`*** update-locale: Warning: LANGUAGE (en_US:en) is not compatible with LANG (fi_FI.UTF-8). Disabling it.`.
Either I was wrong on it being list of fallback languages I wish to use, or
GNOME has different view on it, but as I think I have seen errors related
to it before, I will drop `LANGUAGE` from the variables I set.
GNOME has different view on it, but as I think I have seen errors related to it
before, I will drop `LANGUAGE` from the variables I set.
---
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my [`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc) works fine as it gets read before my [`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway) anyway.
2024-04-04: `export LANGUAGE=eo:fi:en` in a file read by my
[`zshrc`](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/rc/zshrc)
works fine as it gets read before my
[`startsway`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/usr-local-bin/startsway)
anyway.
---

17
n/matrixspoilers.md
View File

@ -1,6 +1,8 @@
---
title: Spoilers on Matrix protocol
excerpt: Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element Web.
excerpt:
Instructions for proper spoiling on Matrix using FluffyChat, Nheko and Element
Web.
layout: mini
permalink: /n/matrixspoilers.html
redirect_from:
@ -15,10 +17,10 @@ The Matrix specification supports spoilers since version 1.1:
- [Spoiler messages at Client-Server API of Matrix Specification](https://spec.matrix.org/latest/client-server-api/#spoiler-messages)
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when
the spoiler is in the following format; `||Reason why this is a spoiler|Actually
spoilered text.||` It can also be in-line and a spoiler without reason is just
`||spoiler goes here||`.
My favourite Matrix clients, FluffyChat and Nheko, support spoilers when the
spoiler is in the following format;
`||Reason why this is a spoiler|Actually spoilered text.||` It can also be
in-line and a spoiler without reason is just `||spoiler goes here||`.
Element Web supports whole message spoilers through the `/spoiler` command.
@ -28,9 +30,8 @@ Other clients supporting formatting may have to enter the HTML directly e.g.:
<span data-mx-spoiler="REASON HERE">Spoilered text</span>
```
Some clients, like Nheko, have a `/plain` command to disable formatting for
that message which allows sending this message in plain text to help someone
else.
Some clients, like Nheko, have a `/plain` command to disable formatting for that
message which allows sending this message in plain text to help someone else.
```html
/plain <span data-mx-spoiler="REASON HERE">Spoilered text</span>

14
n/nomap.md
View File

@ -19,10 +19,11 @@ excerpt: Previously a blog post, now a note on _nomap in SSID.
_{{ page.excerpt }}_
`_nomap` in the end of your SSID will exclude your network from Google, Apple, WiGLE etc.
`_nomap` in the end of your SSID will exclude your network from Google, Apple,
WiGLE etc.
Microsoft has a separate [location services
opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
Microsoft has a separate
[location services opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
which uses MAC addresses instead.
<!-- editorconfig-checker-disable -->
@ -42,10 +43,13 @@ which uses MAC addresses instead.
## Why?
Privacy. WiGLE.net may point your home directly just by entering the SSID and who knows how many similar services there are. While I have been thinking of this since 2015, there is at least one case where this has been used:
Privacy. WiGLE.net may point your home directly just by entering the SSID and
who knows how many similar services there are. While I have been thinking of
this since 2015, there is at least one case where this has been used:
- [Christian Haschek: The curious case of the Raspberry Pi in the network closet](https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-in-our-network.html)
## `_optout`
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi networks and passwords to all contacts.
Legacy from 2015-2016. Used to be part of Microsoft WiFi Sense that shared WiFi
networks and passwords to all contacts.

78
n/obtainium.md
View File

@ -1,6 +1,9 @@
---
title: Obtainiun
excerpt: Obtainium downloads apps directly from forge/whatever without need for app stores and theoretically I can bootstrap it by copy-pasting the txt linked below into it, especially on devices that Google doesn't smile upon.
excerpt:
Obtainium downloads apps directly from forge/whatever without need for app
stores and theoretically I can bootstrap it by copy-pasting the txt linked
below into it, especially on devices that Google doesn't smile upon.
layout: mini
permalink: /n/obtainium.html
sitemap: true
@ -10,18 +13,20 @@ robots: noai
_{{ page.excerpt }}_
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from forge/whatever without need for app
stores and theoretically I can bootstrap it by copy-pasting the txt linked
below into it, especially on devices that Google doesn't smile upon.
[Obtainium](https://github.com/ImranR98/Obtainium/) downloads apps directly from
forge/whatever without need for app stores and theoretically I can bootstrap it
by copy-pasting the txt linked below into it, especially on devices that Google
doesn't smile upon.
- [Obtainium's latest release](https://github.com/ImranR98/Obtainium/releases/latest)
See also [2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
See also
[2022-01-02 F-Droid Security Issues on privsec.dev](https://privsec.dev/posts/android/f-droid-security-issues/),
regardless of my list containing F-Droids. Regarding that, **prefer
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over
F-Droid** whenever possible (if nearby features aren't required)
as it addesses some issues such as targeting higher API version and having
automatic updates on Android 12+.
[F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic) over F-Droid**
whenever possible (if nearby features aren't required) as it addesses some
issues such as targeting higher API version and having automatic updates on
Android 12+.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -43,8 +48,10 @@ automatic updates on Android 12+.
## Importable app list
- For apps that don't require API keys to be entered into Obtainium, see [txt/obtainium.txt](/txt/obtainium.txt).
- For apps that require GitHub or GitLab API key to be entered into Obtainium, see [txt/obtainium2.txt](/txt/obtainium2.txt)
- For apps that don't require API keys to be entered into Obtainium, see
[txt/obtainium.txt](/txt/obtainium.txt).
- For apps that require GitHub or GitLab API key to be entered into Obtainium,
see [txt/obtainium2.txt](/txt/obtainium2.txt)
## Third party F-Droid repositories
@ -67,34 +74,57 @@ _However I would use [the F-Droid repositories directly](/n/f-droid.html)._
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.malwarescanner`
- Hypatia malware scanner. Third party F-Droid repo.
- `https://divestos.org/apks/official/fdroid/repo?appId=us.spotco.fennec_dos`
- Mull Browser (not to be confused with Mullvad). Often suggested as the closest to [LibreWolf](https://librewolf.net)
on Android. Third party F-Droid repo.
- Mull Browser (not to be confused with Mullvad). Often suggested as the
closest to [LibreWolf](https://librewolf.net) on Android. Third party
F-Droid repo.
## App Stores
_Always exercise caution when installing apps, even from Google Play Store!_
- `https://github.com/accrescent/accrescent`
- Accrescent is a recent App Store which I have seen recommended especially in privacy circles, while it's a bit plain and doesn't have much selection yet.
- Accrescent is a recent App Store which I have seen recommended especially in
privacy circles, while it's a bit plain and doesn't have much selection yet.
- `https://apkpure.net/apkpure/com.apkpure.aegon`
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker and even then would keep my family away from it.
- APK Pure. Full of intrusive advertising, I wouldn't use it without adblocker
and even then would keep my family away from it.
- `https://gitlab.com/AuroraOSS/AuroraStore`
- Open source and anonymous interface for Google Play Store. Google doesn't like it, so the accounts often don't work, which is the reason this section has so many apps regardless of the common advice to install nothing outside of Play Store (that I obviously disagree with as there are dangerous and unwanted apps there too).
- Open source and anonymous interface for Google Play Store. Google doesn't
like it, so the accounts often don't work, which is the reason this section
has so many apps regardless of the common advice to install nothing outside
of Play Store (that I obviously disagree with as there are dangerous and
unwanted apps there too).
- `https://f-droid.org/packages/org.fdroid.fdroid`
- FOSS-only app store with support for additional [repositories](/n/f-droid.html). I prefer the Basic version though, see below.
- FOSS-only app store with support for additional
[repositories](/n/f-droid.html). I prefer the Basic version though, see
below.
- `https://f-droid.org/packages/org.fdroid.basic`
- F-Droid without local application sharing. Used to target higher API level than the main app allowing automatic updates for apps targeting recent enough app version. This is what I recommend and have installed for family for years.
- F-Droid without local application sharing. Used to target higher API level
than the main app allowing automatic updates for apps targeting recent
enough app version. This is what I recommend and have installed for family
for years.
- `https://github.com/Tobi823/ffupdater`
- Installer and updater for privacy friendly browsers (and itself), including, but not limited to Firefox, Chromium and other browsers based on them (except obviously not Google Chrome). Would install for family, if they didn't have Google Play Store.
- Installer and updater for privacy friendly browsers (and itself), including,
but not limited to Firefox, Chromium and other browsers based on them
(except obviously not Google Chrome). Would install for family, if they
didn't have Google Play Store.
- `https://appgallery.huawei.com/app/C27162`
- Huawei App Gallery. I don't think I recommend it, unless it comes with your phone, but it's nice to know it exists and can be installed?
- Huawei App Gallery. I don't think I recommend it, unless it comes with your
phone, but it's nice to know it exists and can be installed?
- `https://github.com/ImranR98/Obtainium`
- An app downloader that can install apps directly from the publishers, a few other app stores and F-Droid repositories (see an earlier section on this page). But you should know that already considering this page is of no interest to anyone else than Obtainium users (and mainly only me).
- An app downloader that can install apps directly from the publishers, a few
other app stores and F-Droid repositories (see an earlier section on this
page). But you should know that already considering this page is of no
interest to anyone else than Obtainium users (and mainly only me).
- `https://uptodown-android.en.uptodown.com/android`
- Uptodown app store, pleasant interface and not so intrusive advertising
as opposed to APK Pure. I would consider installing it for a family member, should they reach ??? apps outside of Play Store that it offers (such as AdGuard (which Google again dislikes), Telegram.org/Android...)
- Uptodown app store, pleasant interface and not so intrusive advertising as
opposed to APK Pure. I would consider installing it for a family member,
should they reach ??? apps outside of Play Store that it offers (such as
AdGuard (which Google again dislikes), Telegram.org/Android...)
- `https://lite-uptodown-app-store.en.uptodown.com/android`
- Lighter version for less powerful phones, thinking of you Android Go Edition, or certain other 8 GB memory phones. Additionally Google is stripped out of it.
- Lighter version for less powerful phones, thinking of you Android Go
Edition, or certain other 8 GB memory phones. Additionally Google is
stripped out of it.
## Other noteworthy apps:

18
n/prettier.md
View File

@ -41,13 +41,16 @@ _{{ page.excerpt }}_
## Installation
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0` or probably just `pnpm install -D` if it's not your project.
1. If they don't exist already `echo "{}" > .prettierrc && touch .prettierignore`
1. `npm install -D -E prettier@3.3.2 prettier-plugin-nginx@1.0.3 @prettier/plugin-ruby@4.0.4 prettier-plugin-toml@2.0.1 @prettier/plugin-xml@3.4.1 prettier-plugin-sh@0.14.0`
or probably just `pnpm install -D` if it's not your project.
1. If they don't exist already
`echo "{}" > .prettierrc && touch .prettierignore`
1. `pnpm exec prettier . --write` or `pnpm exec prettier . --check`
## Configuration
I do with `.editorconfig` what I can, but for example my template `.prettierrc` looks like:
I do with `.editorconfig` what I can, but for example my template `.prettierrc`
looks like:
```json
{
@ -68,7 +71,8 @@ I do with `.editorconfig` what I can, but for example my template `.prettierrc`
}
```
at the time of writing. It's directly from documentation excluding the plugin names, but I will want it everywhere.
at the time of writing. It's directly from documentation excluding the plugin
names, but I will want it everywhere.
## `.pre-commit-config.yaml`
@ -76,7 +80,11 @@ This is the file that controls [`pre-commit`]s behaviour.
### Offline
I accidentally wrote this while updating this page to reflect me using prettier outside of [`pre-commit`] too nowadays. This has the advantage that the same local environment gets reused and dependencies are managed centrally, but assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues I am not thinking of as a not-coder myself.
I accidentally wrote this while updating this page to reflect me using prettier
outside of [`pre-commit`] too nowadays. This has the advantage that the same
local environment gets reused and dependencies are managed centrally, but
assumes everyone uses pnpm, won't work in [`pre-commit` ci] and may have other issues
I am not thinking of as a not-coder myself.
[`pre-commit`]: https://pre-commit.com
[`pre-commit` ci]: https://pre-commit.ci

4
n/puhelin.md
View File

@ -13,8 +13,8 @@ sitemap: false
lang: fi
---
Uudet puhelimet: https://android.com/one
LineageOS-yhteensopivuus: https://wiki.lineageos.org/devices/
Uudet puhelimet: https://android.com/one LineageOS-yhteensopivuus:
https://wiki.lineageos.org/devices/
Käytettyjä puhelimia suomalaisilta tai suomenkielisiltä yrityksiltä:

11
n/reuse.md
View File

@ -35,12 +35,13 @@ SPDX-License-Identifier: CC-BY-SA-4.0
> reuse is a tool for compliance with the REUSE recommendations.
says [their GitHub description](https://github.com/fsfe/reuse-tool) and
in practice this means having a license header in all files or alternatively
a `file.license` file. The tool can generate these, but I never remember
the commands.
says [their GitHub description](https://github.com/fsfe/reuse-tool) and in
practice this means having a license header in all files or alternatively a
`file.license` file. The tool can generate these, but I never remember the
commands.
For more detailed explanation, consult [reuse.software/tutorial](https://reuse.software/tutorial/)
For more detailed explanation, consult
[reuse.software/tutorial](https://reuse.software/tutorial/)
---

31
n/systemd-boot.md
View File

@ -11,9 +11,10 @@ sitemap: false
lang: en
---
This is mostly based on [kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/) which also tells
more clearly what to do. These are my notes on what I have done on top of it
and probably not very much comprehensible by others than me.
This is mostly based on
[kowalski7.cc.xyz instructions](https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/)
which also tells more clearly what to do. These are my notes on what I have done
on top of it and probably not very much comprehensible by others than me.
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
@ -43,17 +44,17 @@ later.
1. `sudo mkdir $(cat /etc/machine-id)` also note the machine-id, it's used a
lot.
1. `sudo dnf install systemd-boot-unsigned sdubby -y`
1. `cat /proc/cmdline` noting it, it will become included in
`kernel_cmdline=""` in `/etc/dracut.conf.d/99-cmdline.conf` (or other
freeform name as long as it ends to .conf?) Might also be worth it to note
other dracut configuration files including defaults
`/usr/lib/dracut/dracut.conf.d`
1. `cat /proc/cmdline` noting it, it will become included in `kernel_cmdline=""`
in `/etc/dracut.conf.d/99-cmdline.conf` (or other freeform name as long as it
ends to .conf?) Might also be worth it to note other dracut configuration
files including defaults `/usr/lib/dracut/dracut.conf.d`
1. TODO BOOTCTL INSTALL FROM ARCH WIKI?
1. TODO `printf "\tsudo mkdir /boot/%b/%b\n" "$MACHINEID" "$EXPECTEDKERNEL"`
1. TODO `printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
1. The original instructions said to `sudo dnf reinstall kernel-core`, but
this has deviated with systemd-uki. They also said to `sudo bootctl` to
see if it got installed properly before...
1. TODO
`printf "\tsudo kernel-install add %b /lib/modules/%b/vmlinuz\n" "$EXPECTEDKERNEL" "$EXPECTEDKERNEL"`
1. The original instructions said to `sudo dnf reinstall kernel-core`, but this
has deviated with systemd-uki. They also said to `sudo bootctl` to see if it
got installed properly before...
1. `sudo reboot`
1. TODO: PROTECTED PACKAGES SHELL-THINGS!
@ -64,9 +65,9 @@ the image, but that doesn't seem to be the case for UKI. TODO!
# REMOVE ME UPON CONFIRMING THE ABOVE IS CORRECT
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and base of this
2. Anaconda inst.sdboot
3.efi mounttaus /efi, fstab
1. Read https://kowalski7cc.xyz/blog/systemd-boot-fedora-32/ very helpful and
base of this
2. Anaconda inst.sdboot 3.efi mounttaus /efi, fstab
3. Mkdir /efi/machine-id
4. systemd-boot-unsigned sdubby
5. cat /proc/cmdline

4
n/telegram.md
View File

@ -1,6 +1,8 @@
---
title: Telegram language links
excerpt: You have ended up to my note-to-self on languages of Telegram that I care about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
excerpt:
You have ended up to my note-to-self on languages of Telegram that I care
about (as /setlanguage/xx[<-beta>] is so difficult to remember)?
layout: mini
permalink: /n/telegram.html
redirect_from: /r/telegram.html

18
n/telia.md
View File

@ -5,20 +5,24 @@ redirect_from: /r/telia.html
sitemap: false
lang: fi
locale: fi_FI
excerpt: Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan häiriön tapahtumista.
excerpt:
Telia on pistänyt silmiini monissa asioissa, etenkin miten monta kertaa heidän
verkkonsa on ollut nurin koko maassa ilman muiden operaattoreiden vastaavan
häiriön tapahtumista.
---
_{{ page.excerpt }}_
Telian IPv6: https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
Telian IPv6:
https://yhteiso.telia.fi/t5/Kiinteat-nettiyhteydet-ja/Telia-IPv6/m-p/190240#M11822
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon
vikatilanteesta johtuen koko Suomessa hätäpuhelujen soittamisessa Telian
liittymistä on ilmennyt häiriöitä."
- 2019-11-22: https://yle.fi/uutiset/3-11082343 "Telian verkon vikatilanteesta
johtuen koko Suomessa hätäpuhelujen soittamisessa Telian liittymistä on
ilmennyt häiriöitä."
- https://yle.fi/uutiset/3-11083175 vaaratiedote ohi
- 2020-02-12: https://yle.fi/uutiset/3-11205636 "Telian mobiiliverkossa oli
laaja vikatilanne "
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia
yhteyksissä vikaa selvitellään parhaillaan, syy ei vielä selvillä"
- 2020-04-25: https://yle.fi/uutiset/3-11323265 "Telialla ongelmia yhteyksissä
vikaa selvitellään parhaillaan, syy ei vielä selvillä"
- 2020-09-21: https://yle.fi/uutiset/3-11554861 "Telian liittymissä oli
häiriöitä hätäpuheluiden soittamisessa Vika on korjattu"

14
n/yrityskone.md
View File

@ -9,9 +9,7 @@ lang: fi
<div lang="fi">Käytettyjä enimmäkseen yrityskoneita suomalaisilta tai suomenkielisiltä
yrityksiltä:
https://cimos.fi/
https://taitonetti.fi/
https://www.inrego.fi/
https://cimos.fi/ https://taitonetti.fi/ https://www.inrego.fi/
Katso myös /n/puhelin
@ -19,13 +17,11 @@ Katso myös /n/puhelin
<div lang="en">
International used devices (the goal of this note is business devices, but
I am unsure whether all here are):
International used devices (the goal of this note is business devices, but I am
unsure whether all here are):
Hungary:
https://www.marseus.com/
Hungary: https://www.marseus.com/
Czech Republic in Czech
https://www.gigacomputer.cz/
Czech Republic in Czech https://www.gigacomputer.cz/
</div>

3
pages/404.markdown
View File

@ -6,4 +6,5 @@ excerpt: "404, not found, don't bother clicking..."
lang: en
---
Sorry, whatever you were looking for, is not here. Maybe the navigation bar above or on the top right on smaller displays will help you?
Sorry, whatever you were looking for, is not here. Maybe the navigation bar
above or on the top right on smaller displays will help you?

158
pages/about.markdown
View File

@ -2,100 +2,100 @@
title: About me
layout: page
permalink: /about.html
excerpt: "A little about me on transness, Asperger's syndrome/autism, feminism, asexuality & using Linux."
excerpt:
"A little about me on transness, Asperger's syndrome/autism, feminism,
asexuality & using Linux."
published: false
lang: en
---
<em>Even if I talk about these things openly here, I prefer that
<strong>you don't talk about me being these minorities to anyone</strong>
and <strong>let me tell by myself</strong> if I see reason to do it.
People interested enough can put my name to any search engine and find here sooner or later.</em>
<em>Even if I talk about these things openly here, I prefer that <strong>you
don't talk about me being these minorities to anyone</strong> and <strong>let me
tell by myself</strong> if I see reason to do it. People interested enough can
put my name to any search engine and find here sooner or later.</em>
<em>If you did out me, you would risk me being treated differently and
possibly cause dangerous concequences.</em>
<em>If you did out me, you would risk me being treated differently and possibly
cause dangerous concequences.</em>
On this page I am trying to explain myself more or those things that you
might wonder in my self-description. Some things that I explain here may
overlap with different features.
On this page I am trying to explain myself more or those things that you might
wonder in my self-description. Some things that I explain here may overlap with
different features.
_For more material about these things, please see [GRSM links](/links2)._
## GirlsLikeUs — I am a trans woman
It simply means that I was incorrectly defined as boy at birth which I
never was. I didn't always know it, but around 14-15 Dysphoria really hit
me.
It simply means that I was incorrectly defined as boy at birth which I never
was. I didn't always know it, but around 14-15 Dysphoria really hit me.
I was always different from boys and I have been always bullied and I
became suicidal and depressed. I was diagnosed with AS which didn't so
much, but finally I came to realization on who I am and started the
progress to be recognized as myself.
I was always different from boys and I have been always bullied and I became
suicidal and depressed. I was diagnosed with AS which didn't so much, but
finally I came to realization on who I am and started the progress to be
recognized as myself.
As the progress is too slow in Finland I ended up starting HRT
([Hormone Replacement Therapy](https://en.wikipedia.org/wiki/Hormone_replacement_therapy))
by myself (like many (if not most) of us here do) and was on it for year
before getting diagnosed and getting HRT officially.
by myself (like many (if not most) of us here do) and was on it for year before
getting diagnosed and getting HRT officially.
Many people have said that I am nowadays happier and smile more and other
things like that and I know this is who I am.
Many people have said that I am nowadays happier and smile more and other things
like that and I know this is who I am.
It's also not very nice when you separate sex and gender by saying "your
gender can be female, but you are always biologically male" and it has
been noted multiple times that gender is biological.
_[GRSM links](/links2)_
It's also not very nice when you separate sex and gender by saying "your gender
can be female, but you are always biologically male" and it has been noted
multiple times that gender is biological. _[GRSM links](/links2)_
- [How to respect a Transgender person at WikiHow](http://www.wikihow.com/Respect-a-Transgender-Person)
_I feel this part doesn't transmit how being trans feels and some things
should possibly be mentioned here..._
_I feel this part doesn't transmit how being trans feels and some things should
possibly be mentioned here..._
## AS - Asperger's Syndrome
I am AS-person and you might see it from the way I write and speak. I have
some over-sensitive senses like sense of hearing and it becomes difficult
for me to speak if I try to look into your eyes at the same time, so I am
not trying to be impolite or anything, it's just easier to not look at you
while I speak. Same applies to understanding your speaking.
I am AS-person and you might see it from the way I write and speak. I have some
over-sensitive senses like sense of hearing and it becomes difficult for me to
speak if I try to look into your eyes at the same time, so I am not trying to be
impolite or anything, it's just easier to not look at you while I speak. Same
applies to understanding your speaking.
_This paragraph is stub -.-_
- [How to understand Autism at WikiHow](http://www.wikihow.com/Understand-Autism)
- Might apply more to children, but it's a feature so one won't simply
get healed from it.
- Might apply more to children, but it's a feature so one won't simply get
healed from it.
_I have afterwards learned that I am also a [Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity), but it
overlaps with autism a little and I don't know what to start typing it and
it's piece of information that would mainly interest another HSP like
many other things on this page, so I am just leaving it here._
_I have afterwards learned that I am also a
[Higly Sensitive Person (HSP](https://en.wikipedia.org/wiki/Sensory_processing_sensitivity),
but it overlaps with autism a little and I don't know what to start typing it
and it's piece of information that would mainly interest another HSP like many
other things on this page, so I am just leaving it here._
## Ace & Relationship Anarchist
_I am asexual and possibly relationship anarchist, but it will be seen..._
I used to define myself as poly-curiuos (wondering if I am poly (capable
of having simultaneous close romantic relationships with two or more
people or not) and demiromantic (the ace of diamonds playing card is their
symbol shared by demisexuals) which means only forming romantic attraction
after forming close emotional bond with the person
I used to define myself as poly-curiuos (wondering if I am poly (capable of
having simultaneous close romantic relationships with two or more people or not)
and demiromantic (the ace of diamonds playing card is their symbol shared by
demisexuals) which means only forming romantic attraction after forming close
emotional bond with the person
At some point I started wondering does touching and caring have to be
limited into relationship and found
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?) which made sense and made
me think that there is no romanticity, just sensuality and in the bottom
relationship anarchy. As what is the difference between friend and partner,
what prevents you from (consentually) cuddling or having sex with friends?
What prevents you from loving your friends and is loving so different from
liking and don't you sometimes use the words interchangeably? What prevents
you from doing all the things you wish to do with your partner with some
friend? What if love comes after you stop for especially looking for one
or multiple people to call as partner(s)?
At some point I started wondering does touching and caring have to be limited
into relationship and found
[Romantic Asexual, or Touch Hunger?](https://abnormaldiversity.blogspot.fi/2012/12/romantic-asexual-or-touch-hunger.html?)
which made sense and made me think that there is no romanticity, just sensuality
and in the bottom relationship anarchy. As what is the difference between friend
and partner, what prevents you from (consentually) cuddling or having sex with
friends? What prevents you from loving your friends and is loving so different
from liking and don't you sometimes use the words interchangeably? What prevents
you from doing all the things you wish to do with your partner with some friend?
What if love comes after you stop for especially looking for one or multiple
people to call as partner(s)?
I have found a word for this, _quoiromantic_ (aka _wtfromantic_ or
_whatromantic_) and I think I can still use the ace of diamonds symbol
as _demisensual_ is the closest to describe my relationship with
touch (meaning that I might like it after there is some sort of a emotional
bond).
_whatromantic_) and I think I can still use the ace of diamonds symbol as
_demisensual_ is the closest to describe my relationship with touch (meaning
that I might like it after there is some sort of a emotional bond).
However labels such as partner still appear to be necessary with unique
relationships based on their development or otherwise I am not understood.
@ -108,24 +108,22 @@ happen will be seen when it happens._
## Feminist
I support equal rights for everyone and the right of self-definition (or
not requiring anyone to define themselves). Everyone should also be the one
to choose what they do with their body (abortion, gender transition etc.)
freely without complicated researchs and other people or society judging
them.
I support equal rights for everyone and the right of self-definition (or not
requiring anyone to define themselves). Everyone should also be the one to
choose what they do with their body (abortion, gender transition etc.) freely
without complicated researchs and other people or society judging them.
_This is basicaly everything, but shouldn't I also say something more?_
## Linux user
I have been used Linux since 2008, I started with [Ubuntu] \(8.04).
My preferred distribution is [Ubuntu MATE] or [Arch Linux] or with servers
[Debian], but I am also familiar with other distributions, mainly
[Debian]-deriatives.
I have been used Linux since 2008, I started with [Ubuntu] \(8.04). My preferred
distribution is [Ubuntu MATE] or [Arch Linux] or with servers [Debian], but I am
also familiar with other distributions, mainly [Debian]-deriatives.
I have experience with [Fedora] and other distributions from that side too
and I am not entirely lost while using them, but somehow I have always
preferred Debian side. Maybe it's just that I have learned to use it.
I have experience with [Fedora] and other distributions from that side too and I
am not entirely lost while using them, but somehow I have always preferred
Debian side. Maybe it's just that I have learned to use it.
[ubuntu]: http://www.ubuntu.com/desktop
[ubuntu mate]: https://ubuntu-mate.org/
@ -143,26 +141,30 @@ getting removed entirely sometime._
## Life
This link list to life post on my blog shouldn't be here, but it has no
better place, so where else should it be?
This link list to life post on my blog shouldn't be here, but it has no better
place, so where else should it be?
_Time of writing in YYYY-MM-DD (ISO 8601): title or what it's about._
- [2015-03-25: Leaving bot communities & a little on my life]({% post_url 2015-03-25-leaving-bots-life %})
- [2015-04-03: Scum]({% post_url 2015-04-03-scum %})
- [2015-04-01: Saasta (same in Finnish)]({% post_url 2015-04-01-saasta %})
- [2015-05-18: Somewhat more on my life & untold background of bots]({% post_url 2015-05-18-life-bot-background %})
- [2015-06-16: Feelings and wounds of school bullying]({% post_url 2015-06-16-feelings %})
- [2015-05-18: Somewhat more on my life & untold background
of bots]({% post_url 2015-05-18-life-bot-background %})
- [2015-06-16: Feelings and wounds of
school bullying]({% post_url 2015-06-16-feelings %})
- [2015-06-29: Google translated "suicide post"](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=fi&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F06%2F29%2Fminusta.html&edit-text=)
- _I was at psychiatrical hospital after writing this._
- [2015-09-09: The most important post that I have written]({% post_url 2015-09-09-act-around-trans %})
- [2015-09-09: The most important post that I
have written]({% post_url 2015-09-09-act-around-trans %})
- [2015-11-03: I moved to Lauttasaari, Helsinki]({% post_url 2015-11-03-moving %})
- way too positive for this section, but where else...
- [2015-11-21: Email to Legal Affairs Committee on how trans law must be based on the right of self-definition](https://translate.google.fi/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2015%2F11%2F21%2Fsahkopostia-lakivaliokunnalle-translaki.html&edit-text=)
- [2017-04-18: Google Translated dance lesson trauma](https://translate.google.com/translate?sl=fi&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fmikaela.info%2Ffinnish%2F2017%2F04%2F18%2Ftanssitunti.html&edit-text=)
- [2017-04-30: After trans process and AvPD, everything is OK]({% post_url 2017-04-30-post-trans %})
- [2017-04-30: After trans process and AvPD, everything
is OK]({% post_url 2017-04-30-post-trans %})
---
_Please keep in mind that everything in this page is just my opinion and
not all trans or AS or \<any group\> people are the exact same._
_Please keep in mind that everything in this page is just my opinion and not all
trans or AS or \<any group\> people are the exact same._

115
pages/browser-extensions.markdown
View File

@ -169,7 +169,9 @@ TODO: Sort this list.
# Chromium flags
These can generally be found from `about:flags` on Chromium based browsers, for Vivaldi explicit `vivaldi://flags` is required and it also has `chrome://settings` for the usual Chromium settings.
These can generally be found from `about:flags` on Chromium based browsers, for
Vivaldi explicit `vivaldi://flags` is required and it also has
`chrome://settings` for the usual Chromium settings.
- `#enable-quic` - enabled
- `#enable-force-dark` - enabled with increased text constract
@ -188,29 +190,49 @@ These likely also exist, but just without the `vendor-` part when searhcing.
# Firefox about:config
_On LibreAwoo or autoconfig, refer to my [conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg) which has kind of replaced this section?._
_On LibreAwoo or autoconfig, refer to my
[conf/librewolf.overrides.cfg in my shell-things repo](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/conf/librewolf.overrides.cfg)
which has kind of replaced this section?._
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to not trust system CA store in case of enterprise MITM
- `security.OCSP.require` to `true` in order to not allow [OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a bit paranoid, but _only the paranoid survive._
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is
used to hide real browser size. [Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
- `security.certerrors.mitm.auto_enable_enterprise_roots` to `false` in order to
not trust system CA store in case of enterprise MITM
- `security.OCSP.require` to `true` in order to not allow
[OCSP](https://en.wikipedia.org/wiki/OCSP_stapling) soft fail. This may be a
bit paranoid, but _only the paranoid survive._
- `privacy.resistFingerprinting.letterboxing` = `true` so letterboxing is used
to hide real browser size.
[Tor Browser support](https://support.torproject.org/tbb/maximized-torbrowser-window/)
- [Bug 70315: text in menus and boxes unreadable if using dark GTK theme](https://bugzilla.mozilla.org/show_bug.cgi?id=70315))
- `image.animation_mode` to `once` in order to have gifs play once and
then stop everywhere (`none` to never have them play).
- `geo.provider.network.url` to `https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in order to send nearby WiFi networks to Mozilla instead of Google. See also [MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
- `network.IDN_show_punycode` to `true` in order to see punycode instead of UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains painful. E.g. Cyrillic alphabet
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to be used on ~all websites and devices (regardless of low RAM?)
- `image.animation_mode` to `once` in order to have gifs play once and then stop
everywhere (`none` to never have them play).
- `geo.provider.network.url` to
`https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%` in
order to send nearby WiFi networks to Mozilla instead of Google. See also
[MLS Software](https://wiki.mozilla.org/CloudServices/Location/Software).
- `network.IDN_show_punycode` to `true` in order to see punycode instead of
UTF-8 in case of spoofing attempt. However makes reading non-ASCII domains
painful. E.g. Cyrillic alphabet
- `reader.parse-on-load.force-enabled` to `true` in order to allow reader use to
be used on ~all websites and devices (regardless of low RAM?)
Future note: [`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263) ?
Future note:
[`network.dns.blockDotOnion;false`](https://bugzilla.mozilla.org/show_bug.cgi?id=1497263)
?
## Advertising
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to other Mozilla products or whoever pays them. See also [Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
Firefox seems to contain a lot of advertising or sponsoring nowadays, whether to
other Mozilla products or whoever pays them. See also
[Bug 1773860: Provide global long-term "disable all promos" flag](https://bugzilla.mozilla.org/show_bug.cgi?id=1773860).
- `browser.newtabpage.activity-stream.showSponsored` & `browser.newtabpage.activity-stream.showSponsored` to `false` to stop sponsored links.
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN advertisements
- `browser.newtabpage.activity-stream.showSponsored` &
`browser.newtabpage.activity-stream.showSponsored` to `false` to stop
sponsored links.
- `browser.vpn_promo.enabled` to `false` to hopefully stop Mozilla VPN
advertisements
- `browser.promo.focus.enabled` to `false` to stop Firefox Focus advertisements?
- `browser.preferences.moreFromMozilla` to `false` to not hear from other Mozilla products?
- `browser.preferences.moreFromMozilla` to `false` to not hear from other
Mozilla products?
## [Cookie banner blocking](https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/)
@ -224,44 +246,69 @@ defaultPref("cookiebanners.bannerClicking.enabled", true);
## DNS over HTTPS
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to explicitly disable. `2` to prefer DoH, but fallback to system also exists.
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289) which encrypts SNI/ClientHello which would still leak which
sites you visit. [Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer is 3 for ESNI/ECH?
- `network.trr.mode` depends, `3` to enforce DoH (required for ECH) or `5` to
explicitly disable. `2` to prefer DoH, but fallback to system also exists.
- [DoH is required by Firefox ESNI/ECH support](https://bugzilla.mozilla.org/show_bug.cgi?id=1500289)
which encrypts SNI/ClientHello which would still leak which sites you visit.
[Another bug about ESNI/ECH + Android DoT](https://bugzilla.mozilla.org/show_bug.cgi?id=1542754#c3)
- Are you using a VPN? Do they provide a DoH server? If yes, maybe the answer
is 3 for ESNI/ECH?
- `network.trr.early-AAAA` `true` to hopefully prefer IPv6
- `network.trr.uri` for the actual resolver address, e.g.
`https://doh.mullvad.net/dns-query`
- and if they provide as SOCKS proxy as a killswitch, `network.proxy.socks_remote_dns` must be `false`
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using NextDNS private ECS.
- and if they provide as SOCKS proxy as a killswitch,
`network.proxy.socks_remote_dns` must be `false`
- `network.trr.disable-ECS` to `false` if preferring speed over privacy or using
NextDNS private ECS.
- [Wikipedia: EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet)
Some notes:
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for blocking.
- You can confirm TRR working by visiting `about:networking#dns` where
you should be seeing DNS cache of Firefox and a lot of `TRR: true`.
- ECH requires `network.dns.echconfig.enabled` and `network.dns.use_https_rr_as_altsvc` to be `true`,
but they seem to default to true at least in Firefox Nightly so maybe no action is needed.
- [While investingating how Android 9 Private DNS works, I also wrote a DNS provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
- There is also `network.trr.exclude-etc-hosts` for those using `/etc/hosts` for
blocking.
- You can confirm TRR working by visiting `about:networking#dns` where you
should be seeing DNS cache of Firefox and a lot of `TRR: true`.
- ECH requires `network.dns.echconfig.enabled` and
`network.dns.use_https_rr_as_altsvc` to be `true`, but they seem to default to
true at least in Firefox Nightly so maybe no action is needed.
- [While investingating how Android 9 Private DNS works, I also wrote a DNS
provider comparsion here on 2019-07-11]({% post_url blog/2019-07-11-android-private-dns-in-practice %})
## SSDs
This information is from [Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
This information is from
[Arch Wiki on Firefox tweaks](https://wiki.archlinux.org/index.php/Firefox/Tweaks)
<!-- - `browser.cache.disk.enable` to `false` to only cache to RAM.
- (`browser.cache.memory.enable` to `true` which should be default) -->
- `browser.sessionstore.interval` to `600000` in order to only store open session every ten minutes (instead of 15 seconds) in case of crashes.
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not store the session data for crash recovery at all. I think this may be the more healthy option with all the information flood and dozens of tabs.
- `browser.sessionstore.interval` to `600000` in order to only store open
session every ten minutes (instead of 15 seconds) in case of crashes.
- alternatively `browser.sessionstore.resume_from_crash` to `false` to not
store the session data for crash recovery at all. I think this may be the
more healthy option with all the information flood and dozens of tabs.
Why?
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is saved in the Firefox cache for future use without the need to download it again. It is estimated that only a fraction of these objects will be reused, usually about 30%. This because of very short object expiration time, updates or simply user behavior (loading new pages instead of returning to the ones already visited). The Firefox cache is divided into memory and disk cache and the latter results in frequent disk writes: newly loaded objects are written to memory and older objects are removed.
> Every object loaded (html page, jpeg image, css stylesheet, gif banner) is
> saved in the Firefox cache for future use without the need to download it
> again. It is estimated that only a fraction of these objects will be reused,
> usually about 30%. This because of very short object expiration time, updates
> or simply user behavior (loading new pages instead of returning to the ones
> already visited). The Firefox cache is divided into memory and disk cache and
> the latter results in frequent disk writes: newly loaded objects are written
> to memory and older objects are removed.
> Firefox stores the current session status (opened urls, cookies, history and form data) to the disk on a regular basis. It is used to recover a previous session in case of crash. The default setting is to save the session every 15 seconds, resulting in frequent disk access.
> Firefox stores the current session status (opened urls, cookies, history and
> form data) to the disk on a regular basis. It is used to recover a previous
> session in case of crash. The default setting is to save the session every 15
> seconds, resulting in frequent disk access.
and this is the reason why Firefox is at times accused of killing SSDs.
---
Changelog: [GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown) | [gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)
Changelog:
[GitHub.com commits](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/browser-extensions.markdown)
|
[gitea.blesmrt.net commits](https://gitea.blesmrt.net/mikaela/mikaela-info/commits/branch/master/pages/browser-extensions.markdown)

165
pages/discuss.markdown
View File

@ -14,9 +14,14 @@ robots: noai
I have multiple instant messaging chatrooms.
- [The ones listed below](#the-links) are for comments to my blog, this website in general, my FOSS <s>spam</s> activity and a contact point for reaching me in general for not so private matters. They are connected together by [Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
- [The ones listed below](#the-links) are for comments to my blog, this website
in general, my FOSS <s>spam</s> activity and a contact point for reaching me
in general for not so private matters. They are connected together by
[Matterbridge](https://github.com/42wim/matterbridge/#matterbridge).
- Many linking here utilize the rules listed below.
- Others are simply curious about protocols, transports, relays, bridges, etc. _Why did they end up on this page when they could have ended up anywhere else?_
- Others are simply curious about protocols, transports, relays, bridges, etc.
_Why did they end up on this page when they could have ended up anywhere
else?_
---
@ -42,43 +47,63 @@ I have multiple instant messaging chatrooms.
## Rules
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/) is the primary Code of Conduct here (which isn't forked due to this community forming around me and my website. Any project growing bigger would have its own), but we do have a couple of other rules too:
[Contributor Covenant 2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct/)
is the primary Code of Conduct here (which isn't forked due to this community
forming around me and my website. Any project growing bigger would have its
own), but we do have a couple of other rules too:
- Don't send private messages without asking for a permission first unless your message is purely moderation related.
- Please include your business in your first message and not only greeting. See [nohello.net](https://nohello.net) for more about that.
- Don't share personal affairs of other people outside of the room. This includes, but isn't limited to, gender/sexual/romantic orientation questioning, plurality, religion, etc. When in doubt, assume it's private.
- Mind the limitations of machines and people especially in the private side. Transport encryption is not [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption), which can be broken by a compromised client device (including, but not limited to bot/relay/bridge) or the protocol in question may neglect to encrypt something [like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
- For other matters, [_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule) applies.
- Don't send private messages without asking for a permission first unless your
message is purely moderation related.
- Please include your business in your first message and not only greeting.
See [nohello.net](https://nohello.net) for more about that.
- Don't share personal affairs of other people outside of the room. This
includes, but isn't limited to, gender/sexual/romantic orientation
questioning, plurality, religion, etc. When in doubt, assume it's private.
- Mind the limitations of machines and people especially in the private side.
Transport encryption is not
[end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption),
which can be broken by a compromised client device (including, but not
limited to bot/relay/bridge) or the protocol in question may neglect to
encrypt something
[like Matrix does for reactions](https://github.com/matrix-org/matrix-spec/issues/660).
- For other matters,
[_Chatham House Rule_](https://www.chathamhouse.org/about-us/chatham-house-rule)
applies.
## Languages
As for languages; English is preferred due to majority of the discussion
participants speaking it, but Finnish and Esperanto are also fine.<br> I sadly
don't consider myself capable of holding a discussion in other languages, but
I do hope to be able to grow this list in the future.
don't consider myself capable of holding a discussion in other languages, but I
do hope to be able to grow this list in the future.
## The links
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info)
my selfhosted IRC server.
- IRC@Etro, [`#mikaela.info`](ircs://etro.mikaela.info:6697/#mikaela.info) my
selfhosted IRC server.
- [(Recommended) Gamja webchat](https://irc.etro.mikaela.info/#mikaela.info)
- `MapAddress etro.mikaela.info otzmigofmchtadpek223bkmrzqoa6mmvhmr5dxqurcrtwalizfibuxid.onion`
- [LiberaChat], [`#mikaela.info`](ircs://irc.libera.chat:6697/#mikaela.info)
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info), [KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning: Libera.Chat has no message history_
- [Gamja webchat](https://web.libera.chat/gamja/#mikaela.info),
[KiwiIRC webchat](https://web.libera.chat/#mikaela.info). _Warning:
Libera.Chat has no message history_
- `MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion`
- [Matrix], [`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
- [Matrix],
[`#aminda.eu:pikaviestin.fi`](matrix:roomid/ruWhXaXgrPjaSSecvb:matrix.org?action=join&via=matrix.org&via=tedomum.net&via=pikaviestin.fi&via=beeper.com&via=envs.net),
a decentralised conversation store.
- [Convene webchat](https://letsconvene.im/app/#/join/%23mikaela.info:matrix.org)
- [PirateIRC], [`#mikaela.info`](ircs://irc.pirateirc.net:6697/#mikaela.info)
- [Gamja webchat](https://webchat.pirateirc.net/)
- `MapAddress irc.pirateirc.net cbmtec5xuhpjwjq245kpp5jk2wij63ydgu5vwbxvdamzibfubc5uzaqd.onion`
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a
popular instant messenger with open source clients.
- [Telegram], [invite link](https://t.me/joinchat/OEuthjzmg60xNzA0) a popular
instant messenger with open source clients.
- [Twitch], [Ciblia](https://twitch.tv/Ciblia), a propietary game streaming
platform.
- Expect my streaming to happen in [mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
- Expect my streaming to happen in
[mikaela@libremedia.video](https://libremedia.video/accounts/mikaela/)
(PeerTube) instead.
- [XMPP], [`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
- [XMPP],
[`mikaela.info@conference.blesmrt.net`](xmpp:mikaela.info@conference.blesmrt.net?join),
a federated chat protocol.
[ergochat]: https://ergo.chat/
@ -90,67 +115,81 @@ I do hope to be able to grow this list in the future.
[twitch]: https://twitch.tv/
[xmpp]: https://xmpp.org/
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by protocol and thus
users joining in the future could see messages up to one year or longer in the
past.
**_NOTICE ON LOG AVAILABILITY!_** The logging and history visiblity varies by
protocol and thus users joining in the future could see messages up to one year
or longer in the past.
## A couple of words on protocols
- _IRC_ was invented in 1988 and regardless of developing integrated message
storage since then, it's still _trivial to setup_ and runs well on _a toaster_.
_IRC servers_ are generally _[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_ and _IRC clients_
widely come with _[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_ where _[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_. My personal
_IRC_ history begins in 2010 as user and since then I have also opered
mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each other
without prior approval, it was originally introduced in 1999. I don't have
a record on when I begun using it as _all multi-protocol chat apps_ that were
common even before 2010 supported it. I haven't had a need or desire to _selfhost_.
storage since then, it's still _trivial to setup_ and runs well on _a
toaster_. _IRC servers_ are generally
_[easy to enable Tor support on](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#tor)_
and _IRC clients_ widely come with
_[proxy settings](https://hexchat.readthedocs.io/en/latest/tips.html#tor)_
where
_[Tor can be enabled](https://weechat.org/files/doc/stable/weechat_user.en.html#irc_tor_sasl)_.
My personal _IRC_ history begins in 2010 as user and since then I have also
opered mostly on _Charybdis+Atheme_ and nowadays on a couple of _Ergos_.
- _XMPP_ runs on _a bit more powerful toaster_ and the servers talk to each
other without prior approval, it was originally introduced in 1999. I don't
have a record on when I begun using it as _all multi-protocol chat apps_ that
were common even before 2010 supported it. I haven't had a need or desire to
_selfhost_.
- _Telegram_ was introduced in 2013 and is a popular _instant messenger_ with
many _open source clients (not server)_ also on minority platforms (by third
parties). It's favoured by many for stickers and ease-to-use, while that
comes with _concern on security and privacy_.
parties). It's favoured by many for stickers and ease-to-use, while that comes
with _concern on security and privacy_.
- _Matrix_ was introduced in 2014 and I started using it in 2016. Many of the
_client and server implementations are heavy_, _especially on server side_ requiring what to outside looks
like _a constant maintenance_ to deal with the _implementation performance issues_,
_I am not interested in even trying to selfhost a Matrix (home)server and bridges
until the situation significantly improves_. _[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
while the _[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152) through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at [all](https://github.com/matrix-org/synapse/issues/7088)_.
- Exception: [Hydrogen](https://hydrogen.element.io) ([GitHub](https://github.com/vector-im/hydrogen-web))
is the only client I have encountered that works well on Nokia 1 TA-1047
or in other words passes the so-called toaster test. It does self-describe
as _A minimal Matrix chat client, focused on performance, offline
functionality, and broad browser support_, which it redeems.
- Good luck to users of either [dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
_client and server implementations are heavy_, _especially on server side_
requiring what to outside looks like _a constant maintenance_ to deal with the
_implementation performance issues_, _I am not interested in even trying to
selfhost a Matrix (home)server and bridges until the situation significantly
improves_.
_[Matrix clients also seldom support connecting through Tor easily](https://github.com/vector-im/element-meta/issues/200)_,
while the
_[Synapse server by Matrix.org team doesn't support connecting](https://github.com/matrix-org/synapse/issues/5152)
through [I2P or Tor](https://github.com/matrix-org/synapse/issues/5455) at
[all](https://github.com/matrix-org/synapse/issues/7088)_.
- Exception: [Hydrogen](https://hydrogen.element.io)
([GitHub](https://github.com/vector-im/hydrogen-web)) is the only client I
have encountered that works well on Nokia 1 TA-1047 or in other words passes
the so-called toaster test. It does self-describe as _A minimal Matrix chat
client, focused on performance, offline functionality, and broad browser
support_, which it redeems.
- Good luck to users of either
[dendrite.matrix.org or matrix.org for entering captchas in Matrix clients.](https://github.com/matrix-org/matrix.org/issues/1314)
## And on transports, relays and bridges
- One of the marketing points of _XMPP_ was to connect to other protocols by
means of transports. They plug into a _XMPP server_ and can be provided either
by yours or be open for other _XMPP servers_.
- The word _relay_ is often used on _bots which copy messages from one protocol/network
and paste (or more simply said relay) it to another_. They aren't transparent and thus the
messages from them appear to be coming from bots beginning with the message
sender instead of being completely transparent. This is what is _commonly
used on IRC to connect to other IRC networks or protocols_.
- The word _relay_ is often used on _bots which copy messages from one
protocol/network and paste (or more simply said relay) it to another_. They
aren't transparent and thus the messages from them appear to be coming from
bots beginning with the message sender instead of being completely
transparent. This is what is _commonly used on IRC to connect to other IRC
networks or protocols_.
- _Matterbridge regardless of the name acts like a relay. Like IRC and XMPP_,
it also _runs on a toaster requiring only [the binary](https://github.com/42wim/matterbridge/releases)
and a [config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
it also _runs on a toaster requiring only
[the binary](https://github.com/42wim/matterbridge/releases) and a
[config file](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/irc/matterbridge/matterbridge-example.toml)_
being trivial to setup anywhere quickly or move around.
- _[Recent IRC development allows (RELAYMSG)](https://github.com/ircv3/ircv3-specifications/pull/417)_
allows relays to be transparent making messages appear from users outside
of the channel that don't actually exist. This is similar to _Discord webhooks
allows relays to be transparent making messages appear from users outside of
the channel that don't actually exist. This is similar to _Discord webhooks
(that Matterbridge also supports) and Matrix Discord bridge_.
- Common complaint from _Matrix_ users is that they look ugly, but as shown
by _IRC and Discord_, that doesn't have to be the case
- Common complaint from _Matrix_ users is that they look ugly, but as shown by
_IRC and Discord_, that doesn't have to be the case
_[and I hope Matrix will fix their issue allowing low-budget "toasterbridges"](https://github.com/matrix-org/matrix-spec/issues/840)_.
- _Bridges are popularised by Matrix_ and _are almost XMPP transports_. However
while _XMPP transports connect to the other protocol, bridges attempt to
copy everything on both sides_ so _Matrix users_ see each other directly instead
of through the _transport_ on the other side and on the other side of _open protocols_
_Matrix users_ can be interacted with as if they were native to it.
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full homeserver
setup._ The _IRC bridge also generally requires blessing from the IRC network_
and while some public bridges exist, they _move the control away from you_
hijacking the room to _their rules_ and often have _performance trouble
compared to "local toaster matterbridge"._
while _XMPP transports connect to the other protocol, bridges attempt to copy
everything on both sides_ so _Matrix users_ see each other directly instead of
through the _transport_ on the other side and on the other side of _open
protocols_ _Matrix users_ can be interacted with as if they were native to it.
- Unlike _XMPP_, the _bridges also tend to be heavy and require a full
homeserver setup._ The _IRC bridge also generally requires blessing from the
IRC network_ and while some public bridges exist, they _move the control
away from you_ hijacking the room to _their rules_ and often have
_performance trouble compared to "local toaster matterbridge"._

121
pages/irc/bot.markdown
View File

@ -3,7 +3,9 @@ layout: page
title: The IRC bot Euforia
permalink: /irc/bot.html
sitemap: true
excerpt: "A little about my IRC bot. Useful links, why it doesn't reply to me, how to make it recognize me, what does it actually do?"
excerpt:
"A little about my IRC bot. Useful links, why it doesn't reply to me, how to
make it recognize me, what does it actually do?"
redirect_from: /bot.html
published: false
---
@ -17,14 +19,13 @@ _Please read also [rules of my channels.](https://mikaela.info/channel.html)_
## Limnoria
My bot is [Limnoria] which is currently the most popular [Supybot] fork
that is still under active development and it has merged in features of
another popular fork, [Gribble].
My bot is [Limnoria] which is currently the most popular [Supybot] fork that is
still under active development and it has merged in features of another popular
fork, [Gribble].
My role with [Limnoria] was Finnish translator and IRC support and I also
made minor changes to make some default configuration variables more
reasonable. Most of [documentation] since [Supybot] and before my leaving
is also written by me.
My role with [Limnoria] was Finnish translator and IRC support and I also made
minor changes to make some default configuration variables more reasonable. Most
of [documentation] since [Supybot] and before my leaving is also written by me.
[supybot]: https://github.com/Supybot/Supybot
[limnoria]: https://github.com/ProgVal/Limnoria
@ -35,8 +36,8 @@ is also written by me.
### Addressing the bot
The following table opens where the bot will reply to in channel. In PM
the bot replies to everything _(without prefix)_.
The following table opens where the bot will reply to in channel. In PM the bot
replies to everything _(without prefix)_.
<table>
<tr>
@ -73,8 +74,8 @@ the bot replies to everything _(without prefix)_.
</tr>
</table>
For checking the channel specific prefixes, refer to the following
commands. They can be used in channel (if you know the prefix) or PM.
For checking the channel specific prefixes, refer to the following commands.
They can be used in channel (if you know the prefix) or PM.
<table>
<tr>
@ -99,28 +100,27 @@ commands. They can be used in channel (if you know the prefix) or PM.
### Quick start
Use `list` command to get list of plugins, `list <plugin>` to get list of
commands in plugin, `help <plugin> <command>` to get usage instructions
for \<command\> in \<plugin\>.
commands in plugin, `help <plugin> <command>` to get usage instructions for
\<command\> in \<plugin\>.
If the bot tells you `(X more messages)`, use the `more` command to see
more output.
If the bot tells you `(X more messages)`, use the `more` command to see more
output.
There are also default plugins which means that when you use only
`<command>` the command is automatically understood as `<plugin> <command>`
for example `tell` is configured to be `later tell` which tells text
to nick next time it's seen. If `command` exists only in one plugin,
it's gets turned to `<plugin> <command>` automatically.
There are also default plugins which means that when you use only `<command>`
the command is automatically understood as `<plugin> <command>` for example
`tell` is configured to be `later tell` which tells text to nick next time it's
seen. If `command` exists only in one plugin, it's gets turned to
`<plugin> <command>` automatically.
In case command exists in multiple plugins, the bot will tell you that
the command exists in multiple plugins and asks you to specify the plugin
before it.
In case command exists in multiple plugins, the bot will tell you that the
command exists in multiple plugins and asks you to specify the plugin before it.
## Users
The bot doesn't allow anyone to register and I will register channel ops
manually on the channels the bot is on. Users are primarily identified by
NickServ account, but on networks where there are no services it's required
to use hostmasks.
NickServ account, but on networks where there are no services it's required to
use hostmasks.
Requirements for getting account:
@ -131,59 +131,60 @@ Requirements for getting account:
### Identifying
_All users have a password in the bot, but I have made them invalid (by
adding `!` in front of the hash in users.conf). If you have password set
separately as said below, it will work._
_All users have a password in the bot, but I have made them invalid (by adding
`!` in front of the hash in users.conf). If you have password set separately as
said below, it will work._
- If you have a password, `/msg <bot> user identify username password`
- Passwords can be asked from me if needed. After getting one, change
it immediately with
`/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
- Passwords can be asked from me if needed. After getting one, change it
immediately with `/msg <bot> user set password OLDPASSWORD NEWPASSWORD`
- If you use NickServ account:
- Use the `auth` command.
- `/cycle` so extended-join sends your account name to the bot.
- `/kick <bot>` so the bot will automatically rejoin and send whox
requests to the channel receiving your NickServ account.
- `/kick <bot>` so the bot will automatically rejoin and send whox requests to
the channel receiving your NickServ account.
- [Other methods / Official documentation](https://limnoria-doc.readthedocs.org/en/latest/use/getting_started.html#making-supybot-recognize-you)
## Channels
List of the channels where the bot is on can be seen with /whois. However
this list doesn't include secret/private channels (mode +s/+p).
List of the channels where the bot is on can be seen with /whois. However this
list doesn't include secret/private channels (mode +s/+p).
The bot can also be requested to join other channels, but I reserve the
right to not join it anywhere or to not register specific channel ops
to the bot.
The bot can also be requested to join other channels, but I reserve the right to
not join it anywhere or to not register specific channel ops to the bot.
## What does the bot do?
Currently the bot is primarily spamming my channels with new items in some
RSS feeds. You can find list of the feeds added to the bot at
Currently the bot is primarily spamming my channels with new items in some RSS
feeds. You can find list of the feeds added to the bot at
[the web documentation for RSS plugin](https://bot.mikaela.info/plugindoc/RSS/),
but listing the feeds automatically announced on the channel isn't
possible [yet](https://github.com/ProgVal/Limnoria/issues/1085).
but listing the feeds automatically announced on the channel isn't possible
[yet](https://github.com/ProgVal/Limnoria/issues/1085).
It's also protecting channels from spam using the [AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
It's also protecting channels from spam using the
[AttackProtector plugin.](https://github.com/ProgVal/Supybot-plugins/tree/master/AttackProtector)
The bot also has `ops` command for getting op attention, but it requires
correct prefix to be used.
The bot also has `ops` command for getting op attention, but it requires correct
prefix to be used.
## Issues you may encounter
For all known issues, see the issue tracker link below relevant subtopic
as this section only lists those that you are likely to see or that others
have asked about from me.
For all known issues, see the issue tracker link below relevant subtopic as this
section only lists those that you are likely to see or that others have asked
about from me.
I am trying to run [the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
I am trying to run
[the latest released version of Limnoria.](https://github.com/ProgVal/Limnoria/tags)
External plugins are updated whenever I see need for it, but at least when
I upgrade Limnoria.
External plugins are updated whenever I see need for it, but at least when I
upgrade Limnoria.
### Limnoria issues
- Issue tracker: https://github.com/ProgVal/Limnoria/issues
_Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
_Includes Limnoria core and
[included plugins](https://github.com/ProgVal/Limnoria/tree/master/plugins)._
- [Title is only told for the first link in a message](https://github.com/ProgVal/Limnoria/issues/152)
- [Some commands using hostmasks behave weirdly](https://github.com/ProgVal/Limnoria/issues/281)
@ -195,11 +196,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
- [Meta descriptions for links aren't told](https://github.com/ProgVal/Limnoria/issues/650)
- these could be useful with news sites.
- [DNS command doesn't mention CNAMEs/ALIASes](https://github.com/ProgVal/Limnoria/issues/864)
- Internet whois is quite broken [1](https://github.com/ProgVal/Limnoria/issues/993) [2](https://github.com/ProgVal/Limnoria/issues/994)
- Internet whois is quite broken
[1](https://github.com/ProgVal/Limnoria/issues/993)
[2](https://github.com/ProgVal/Limnoria/issues/994)
- [RSS: no announced feeds in web interface](https://github.com/ProgVal/Limnoria/issues/1085)
- [html/javascript redirects aren't followed](https://github.com/ProgVal/Limnoria/issues/1120)
- you will especially see this if you encounter links to my
"URL shortener"
- you will especially see this if you encounter links to my "URL shortener"
- [Google says: Error invalid resultSize](https://github.com/ProgVal/Limnoria/issues/1163)
- [Web title & titlesnarfer are broken](https://github.com/ProgVal/Limnoria/issues/1173)
@ -207,11 +209,12 @@ _Includes Limnoria core and [included plugins](https://github.com/ProgVal/Limnor
- Issue tracker: https://github.com/ProgVal/Supybot-plugins/issues
_Includes plugins from @ProgVal's/pinkieval's [plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
_Includes plugins from @ProgVal's/pinkieval's
[plugin repository.](https://github.com/ProgVal/Supybot-plugins)_
- LinkRelay
- [Doesn't sync topics between relayed channels](https://github.com/ProgVal/Supybot-plugins/issues/31)
- [Status of user in the channel isn't shown](https://github.com/ProgVal/Supybot-plugins/issues/60)
- [What the bot says isn't relayed.](https://github.com/ProgVal/Supybot-plugins/issues/288)
- **This is currently the most visible issue on channels where
LinkRelay is used.**
- **This is currently the most visible issue on channels where LinkRelay is
used.**

45
pages/irc/channel.fi.markdown
View File

@ -3,7 +3,9 @@ layout: page
title: IRC-kanavien ja muiden sellaisten säännöt
permalink: /irc/channel.fi.html
sitemap: true
excerpt: "IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää, ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
excerpt:
"IRC-kanavieni säännöt. Lyhyesti: Käytä maalaisjärkeä, ole kiva, ei syrjintää,
ei julkisia lokeja, älä tuo botteja ilman lupaa. Kiitos ♥"
redirect_from:
- /kanava.html
- /channel.fi.html
@ -12,10 +14,11 @@ published: false
**[In English](channel.html)**
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt
koskettavat pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole
kovin hyvä paikka, koska monet asiakasohjelmat piilottavat sen jonnekin
(joka tosin tapahtuu kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
Säännöt kanavalle X verkossa Y.<br/>Kanavien, joita nämä säännöt koskettavat
pitäisi linkittää tälle sivulle ENTRYMSG:ssä (tai muussa botin automaattisesti
lähettämässä viestissä) tai topic:issa. Kanavan URL ei ole kovin hyvä paikka,
koska monet asiakasohjelmat piilottavat sen jonnekin (joka tosin tapahtuu
kaikilla muillakin tavoilla TOPICcia lukuunottamatta).
_[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
@ -24,35 +27,37 @@ _[Lisää botistani (joka on tai ei ole kanavalla) (englanniksi).](bot.html)_
- Vahdi kielenkäyttöäsi, älä kiroile tai hauku.
- Ellet (englantia puhuessa) ole varma mitä pronominejä käyttää, käytä
[singular theytä)](https://en.wikipedia.org/wiki/Singular_they)
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille,
lisäämällä niiden eteen `[NSFW]` tai jotakin vastaavaa.
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä
kysymättä ensin.
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää
sinulle yksityisviestejä, mikäli sitä vaaditaan mahdollisen
ongelman ratkaisuun rauhallisesti._
- Ilmaise selkeästi mitkä linkit eivät ole turvallisia kaikille, lisäämällä
niiden eteen `[NSFW]` tai jotakin vastaavaa.
- Kunnioita muiden rajoja, älä lähetä ihmisille yksityisviestejä kysymättä
ensin.
- _Opeille voi lähettää yksityisviestejä tai opit voivat lähettää sinulle
yksityisviestejä, mikäli sitä vaaditaan mahdollisen ongelman ratkaisuun
rauhallisesti._
- Älä julkaise kanavan lokeja.
- Älä tuo kanavalle botteja kysymättä ensin opeilta.
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja),
jos näet heidän rikkovan näitä sääntöjä, sano se._
_Nämä säännöt koskevat myös (puoli)operaattoreita (ja korkeampia tahoja), jos
näet heidän rikkovan näitä sääntöjä, sano se._
- Mikäli tarvitset apua kanava-operaattorilta...
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat
estää kaikki yksityisviestit.
- pingaa tai lähetä yksityisviesti, mutta pidä mielessä, että he voivat estää
kaikki yksityisviestit.
- jos verkko tukee sitä ja sinulla on oikeat liput (voice?),
`/msg memoserv sendops #kanava <ongelma tähän>`
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti
käsittelee sen, mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
- `!ops` saattaa toimia mikäli opit pingaavat siihen tai botti käsittelee sen,
mutta tämä ei ole yhtä suositeltu tapa, kuin muut.
- ellei kanav-operattoreita ole paikalla, yritä otaa yhteyttä
verkko-operaattoreihin, heillä pitäisi olla liput auttamista varten.
Lisälukemista:
- [Pidä opit oppeina (englanniksi)]({% post_url blog/2015-04-01-keep-the-ops-opped %})
- [Kaikkien yksityisviestien estäminen oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
- [Kaikkien yksityisviestien estäminen
oletuksena (enlanniksi)]({% post_url blog/2015-04-02-umodeg %})
Muutosloki ([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
Muutosloki
([GitHubissa](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.fi.markdown)):
- 2015-06-28: lisää yleistystä ja selvennetty yksityisviestejä (rajojen
kunnioittamisessa)

47
pages/irc/channel.markdown
View File

@ -3,7 +3,9 @@ layout: page
title: Rules of my IRC channels and others like that
permalink: /irc/channel.html
sitemap: true
excerpt: "Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination, no public logging, don't bring bots without permission. Thanks ♥"
excerpt:
"Rules of my IRC channel. TL;DR: Use common sense, be nice, no discrimination,
no public logging, don't bring bots without permission. Thanks ♥"
redirect_from:
- /channel.html
- /channel.en.html
@ -13,51 +15,52 @@ published: false
**[Suomeksi](channel.fi.html)**
Rules of channel X in network Y.<br/>The channels which use these rules
should link to this page in ENTRYMSG (or other automatic msg by bot) or
topic. Channel URL is not so good as many clients hide it somewhere (which
actually happens with everything else than topic)
Rules of channel X in network Y.<br/>The channels which use these rules should
link to this page in ENTRYMSG (or other automatic msg by bot) or topic. Channel
URL is not so good as many clients hide it somewhere (which actually happens
with everything else than topic)
_[More about my bot (which might or might not be on this channel) here.](bot.html)_
- **Use common sense.**
- Be nice, no discrimination
- Mind your language, not everyone is e.g. your brother ("bro"), don't
swear or use slurs.
- In case you aren't sure which pronouns to use about someone else,
please use [singular they](https://en.wikipedia.org/wiki/Singular_they)
- Clearly tell when links aren't safe for everyone by prefixing them
with `[NSFW]` or similar.
- Mind your language, not everyone is e.g. your brother ("bro"), don't swear
or use slurs.
- In case you aren't sure which pronouns to use about someone else, please use
[singular they](https://en.wikipedia.org/wiki/Singular_they)
- Clearly tell when links aren't safe for everyone by prefixing them with
`[NSFW]` or similar.
- Respect boundaries, don't PM people without asking first.
- _You may PM ops or ops may PM you if it's required for solving
potential channel issue peacefully._
- _You may PM ops or ops may PM you if it's required for solving potential
channel issue peacefully._
- Don't log the channel publicly.
- Don't bring bots to the channel without asking ops first.
_These rules also affect (h)ops (and higher), if you see them breaking
these rules, please do say it._
_These rules also affect (h)ops (and higher), if you see them breaking these
rules, please do say it._
- If you need help from channel op...
- ping or PM them (but keep in mind they might be blocking all PMs)
- if the network supports it and you have correct flags (voice?),
`/msg memoserv sendops #channel <the issue>`
- `!ops` might work if the ops are highlighting on it or there is bot
handling it, but it's not as recommended as the other ways.
- if there are no ops present, try contacting the network operators,
they should have flags to help.
- `!ops` might work if the ops are highlighting on it or there is bot handling
it, but it's not as recommended as the other ways.
- if there are no ops present, try contacting the network operators, they
should have flags to help.
Furher reading:
- [Keep your ops opped!]({% post_url blog/2015-04-01-keep-the-ops-opped %})
- [Blocking all PMs by default]({% post_url blog/2015-04-02-umodeg %})
Changelog ([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
Changelog
([at GitHub](https://github.com/Mikaela/mikaela.github.io/commits/master/pages/channel.markdown)):
- 2015-06-28: more generalization & clarifying on PMing (on respecting
boundaries)
- 2015-05-07: make getting help from ops a little more clear
- 2015-05-03: add TL;DR to meta description & remove weird feeling line &
fix language & Finnish translation
- 2015-05-03: add TL;DR to meta description & remove weird feeling line & fix
language & Finnish translation
- 2015-05-02: no \*isms --> no discrimination & cleaning
- 2015-04-26: typo fixes, cleaning up
- 2015-04-14: Initial version

30
pages/irc/irc.markdown
View File

@ -3,23 +3,25 @@ layout: page
title: IRC
navigation: true
permalink: /irc/
excerpt: "Where do you find me at IRC and verify that it's me. Also includes my IRC related posts that are hopefully helpful."
excerpt:
"Where do you find me at IRC and verify that it's me. Also includes my IRC
related posts that are hopefully helpful."
robots: noai
---
IRC has been a big part of my life, I discovered it during junior high school
and have several friends and communities there. This is also shown by
the amount of blog posts, I have below.
and have several friends and communities there. This is also shown by the amount
of blog posts, I have below.
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info) ([webchat](https://irc.etro.mikaela.info/))
and oper on a couple of other networks too. For a list of my registered IRCaccounts
in general, please see [txt/irc.txt](/txt/irc.txt)
and [my discuss page](/discuss) for registered channels outside of IRC@Etro.
I am running my own [IRC@Etro](ircs://etro.mikaela.info:6697/#mikaela.info)
([webchat](https://irc.etro.mikaela.info/)) and oper on a couple of other
networks too. For a list of my registered IRCaccounts in general, please see
[txt/irc.txt](/txt/irc.txt) and [my discuss page](/discuss) for registered
channels outside of IRC@Etro.
### IRC-related posts
_Note that this section is manually updated and might be missing some
links._
_Note that this section is manually updated and might be missing some links._
- General
- [Getting help from network operators when channel ops are away]({% post_url blog/2015-01-24-getting_help_with_channel_issues %})
@ -27,10 +29,14 @@ links._
- [Keep the ops opped]({% post_url blog/2015-04-01-keep-the-ops-opped %})
- [IRC over TLS is not pointless.]({% post_url blog/2015-04-22-IRC-over-TLS %})
- [Forming irc:// or ircs:// links]({% post_url blog/2015-05-18-ircs_links %})
- [Making channel secret or private]({% post_url blog/2015-06-08-private_secret_channels %})
- [Atheme quickstart: NickServ, HostServ, ChanServ & GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
- [Making channel secret
or private]({% post_url blog/2015-06-08-private_secret_channels %})
- [Atheme quickstart: NickServ, HostServ, ChanServ
& GroupServ]({% post_url blog/2015-09-19-atheme-quickstart %})
- Oper
- [Channels & Hostmask groups: A Basic howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
- [Channels & Hostmask groups: A
Basic
howto]({% post_url blog/2015-01-10-channels-hostmask-groups-a-basic-howto %})
- WeeChat
- [Easy instructions for using SASL PLAIN]({% post_url blog/2015-03-26-weechat-sasl-simply %})
- [Ignoring with /filter]({% post_url blog/2015-05-31-weechat-filter %})

39
pages/irc/znc.markdown
View File

@ -10,8 +10,8 @@ published: false
## ZNC
Vardiera is hosting stable ZNC (latest git tag) where people I trust can
get accounts.
Vardiera is hosting stable ZNC (latest git tag) where people I trust can get
accounts.
### Simple rules
@ -21,33 +21,34 @@ get accounts.
- accounts can be removed at any time.
- it can crash any time without me being there to fix it.
- it can be restarted any time to install upgrades.
- No logging unless you load the log module by yourself (log access
requires shell access which I don't give!)
- No logging unless you load the log module by yourself (log access requires
shell access which I don't give!)
- If you use the [SASL](http://wiki.znc.in/sasl) or
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored
in plain text.
- I won't ever read it there, but I think it should be mentioned. Don't
use server password unless you have to as that password is thrown
to my eyes in ZNC startup messages.
[NickServ](http://wiki.znc.in/nickserv) module, your password is stored in
plain text.
- I won't ever read it there, but I think it should be mentioned. Don't use
server password unless you have to as that password is thrown to my eyes in
ZNC startup messages.
- In case more networks are needed, contact me.
### Tips & tricks
1. Read the [ZNC wiki], at least [FAQ].
2. **Load savebuff** so your buffers aren't lost on restart/crash/etc.
- **Don't specify a password or I am going to be angry and you are
going to lose your account!**
3. If your network has NickServ, [load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
- **Don't specify a password or I am going to be angry and you are going to
lose your account!**
3. If your network has NickServ,
[load SASL and read it's wiki page for automatic identification.](http://wiki.znc.in/sasl)
[znc wiki]: http://wiki.znc.in/
[faq]: http://wiki.znc.in/FAQ
#### Accessing webadmin
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid
fingerprints are listed below)
- https://znc.mikaela.info/ (CloudFlare, https only between you and
CloudFlare (aka not recommended or use only if you have to))
- https://vardiera.mikaela.info:1234/ (invalid certificate, valid fingerprints
are listed below)
- https://znc.mikaela.info/ (CloudFlare, https only between you and CloudFlare
(aka not recommended or use only if you have to))
### Certificate fingerprints
@ -71,9 +72,9 @@ SHA512 Fingerprint=FF:B3:D6:8B:EB:2E:2B:96:10:C0:7C:F0:7A:17:28:8F:77:14:73:FC:6
_If you forget -ssl, `/set irc.server.WHATEVER.ssl on`_
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want
to read at least the _Enabling server-time & other IRCv3 capabilities_ to
make your experience smoother.
Read also [WeeChat page on ZNC wiki](http://wiki.znc.in/WeeChat). You want to
read at least the _Enabling server-time & other IRCv3 capabilities_ to make your
experience smoother.
### Webchat

4
pages/keys.markdown
View File

@ -10,6 +10,8 @@ redirect_from:
- /pgp.html
- /wire.html
redirect_to: /keys.txt
excerpt: "My public key fingerprints (that I think can be put here, if I am missing something, tell me) for secure communication with me."
excerpt:
"My public key fingerprints (that I think can be put here, if I am missing
something, tell me) for secure communication with me."
lang: en
---

20
pages/links2.markdown
View File

@ -7,9 +7,9 @@ sitemap: false
lang: en
---
_This page has some kind of link list on minorities which mostly somehow
affect me and is probably always under construction. The order is somewhat
random and [improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
_This page has some kind of link list on minorities which mostly somehow affect
me and is probably always under construction. The order is somewhat random and
[improvements are welcome here.](https://github.com/Mikaela/mikaela.github.io/edit/master/pages/links2.markdown)_
_This page is also in need of attention._
@ -47,13 +47,13 @@ _This page is also in need of attention._
- I think there are a lot better pages telling this than this one.
- [Review article provides evidence on the biological nature of gender identity](http://medicalxpress.com/news/2015-02-article-evidence-biological-nature-gender.html)
- [Sex redefined](http://www.nature.com/news/sex-redefined-1.16943?WT.mc_id=FBK_NatureNews)
- _So if the law requires that a person is male or female, should that
sex be assigned by anatomy, hormones, cells or chromosomes, and what
should be done if they clash? “My feeling is that since there is not
one biological parameter that takes over every other parameter, at
the end of the day, gender identity seems to be the most reasonable
parameter,” says Vilain. In other words, if you want to know whether
someone is male or female, it may be best just to ask._
- _So if the law requires that a person is male or female, should that sex be
assigned by anatomy, hormones, cells or chromosomes, and what should be done
if they clash? “My feeling is that since there is not one biological
parameter that takes over every other parameter, at the end of the day,
gender identity seems to be the most reasonable parameter,” says Vilain. In
other words, if you want to know whether someone is male or female, it may
be best just to ask._
- [Gender identity is biological study says](https://gma.yahoo.com/gender-identity-biological-study-says-090824140--abc-news-health.html)
- [Stop Using Phony Science to Justify Transphobia - Scientific American Blog Network](https://blogs.scientificamerican.com/voices/stop-using-phony-science-to-justify-transphobia/)

653
pages/matrix.markdown
View File

@ -11,11 +11,12 @@ robots: noai
---
Just like [IRC](/irc/), _Matrix_ has became a part of my social life online. My
room can be found from [my discuss page](/discuss) alongside
some protocol comparison and my main accounts are in [index](/).
room can be found from [my discuss page](/discuss) alongside some protocol
comparison and my main accounts are in [index](/).
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which [has SSH signature](/txt/matrix.txt.sig).
Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
I also have a [txt with a list of all my accounts](/txt/matrix.txt) which
[has SSH signature](/txt/matrix.txt.sig). Some of my accounts are also on my
[Keyoxide ASP profile](https://keyoxide.org/aspe:keyoxide.org:LGWNUB7QG4M326FXXBH5Z6PLVY).
[Questions and Answers about Matrix](#questions--answers)
@ -23,12 +24,14 @@ Some of my accounts are also on my [Keyoxide ASP profile](https://keyoxide.org/a
## Matrix-related posts
_Note that this section is manually updated and might be missing some
links._
_Note that this section is manually updated and might be missing some links._
- Critique
- [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %})
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely on security through obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
- [Without selfhosting a homeserver or even then, Matrix moderation tools rely
on security
through
obscurity]({% post_url blog/2021-12-05-matrix-community-abuse-security-by-obscurity %})
- [A couple of words on protocols (on the Discuss page)](/discuss.html#a-couple-of-words-on-protocols)
## Questions & Answers
@ -80,10 +83,14 @@ links._
### Where else can I read about Matrix?
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to contribute to.
- [Miki is the Matrix wiki](https://en.miki.community/) where I will attempt to
contribute to.
- [Matrix.org](https://matrix.org/) is the official website.
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix), they predate Miki and I hope to sort more relevant or historical parts there.
- PPFI also has [a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix), ([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
- [My gist repository also has notes on Matrix, mostly /devtools related ones](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix),
they predate Miki and I hope to sort more relevant or historical parts there.
- PPFI also has
[a couple of Matrix files](https://git.piraattipuolue.fi/Pikaviestimet/Pikaviestimet/src/branch/master/matrix),
([GitHub mirror](https://github.com/piraattipuolue/pikaviestimet)).
<!-- and [PPFI wiki page has an article](https://wiki.piraattipuolue.fi/Matrix) ([waybackmachine](https://web.archive.org/web/20230000000000*/https://wiki.piraattipuolue.fi/Matrix)).-->
_Note that they are in Finnish_.
- This site has random assortment of Matrix details around.
@ -91,22 +98,25 @@ links._
- [n/matrixspoilers](/n/matrixspoilers.html) has a quick note on spoilers.
- [the-apothecary.club has a Matrix Tips & Tricks page](https://the-apothecary.club/coc/matrix-tricks/)
- At the time of writing also on using spoilers and custom emotes/stickers.
- Cos has written [Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you) containing a FAQ, hints and guides.
- Cos has written
[Matrix tips they don't tell you](https://wordsmith.social/cos/matrix-tips-they-dont-tell-you)
containing a FAQ, hints and guides.
### Is there any kind of Matrix etiquette I should know about?
Not particularly, you will find the same kind of social expectations like
anywhere else, such as at IRC or Telegram. Here are some guidelines:
- Ask for a permission in room before starting a private/direct message/discussion with someone.
- There is commonly an exception when you are contacting a moderator of about an issue in
the chat and wish to avoid getting attention on yourself.
- Ask for a permission in room before starting a private/direct
message/discussion with someone.
- There is commonly an exception when you are contacting a moderator of about
an issue in the chat and wish to avoid getting attention on yourself.
- When you eventually do message someone, state your business, without leaving
your first message to a greeting. For more information about this, refer to
[nohello.net](https://nohello.net/).
- When creating a new room, avoid advertising it in existing rooms. The
first guideline also applies, refrain from inviting random people from
other rooms without their permission.
- When creating a new room, avoid advertising it in existing rooms. The first
guideline also applies, refrain from inviting random people from other rooms
without their permission.
- If you do perform mass inviting of strangers, you will be considered as a
spammer and most likely end up on shared banlists resulting a significant
portition of Matrix communities instantly banning you even if you never
@ -133,90 +143,124 @@ profiles.
### How do you do custom not-emoji reactions?
As long as your client isn't by Element HQ ([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
As long as your client isn't by Element HQ
([element-hq/element-web#19409](https://github.com/element-hq/element-web/issues/19409),
[matrix-org/matrix-react-sdk#6628](https://github.com/matrix-org/matrix-react-sdk/pull/6628#issuecomment-1598708914)),
there are a couple of methods to try:
- Reply to the message you wish to react to with `/react something`. This will
commonly add a reaction `something` to the message.
- This works at least within [FluffyChat](https://fluffychat.im), [Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages) and [Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
- This works at least within [FluffyChat](https://fluffychat.im),
[Gomuks](https://docs.mau.fi/gomuks/commands.html#sending-special-messages)
and
[Nheko](https://github.com/Nheko-Reborn/nheko/blob/master/man/nheko.1.adoc#custom-messages).
- Hold the message and look at the emoji bar. There may be a `…` allowing for
free-form reactions.
- This works at least within [Hydrogen](https://github.com/element-hq/hydrogen-web/).
- Does the emoji bar have search? Some allow entering arbitary reactions
through it offering a `react` button or `react with <your query>` option.
- This works at least within [Cinny](https://cinny.in) and [SchildiChat](https://schildi.chat).
- This works at least within
[Hydrogen](https://github.com/element-hq/hydrogen-web/).
- Does the emoji bar have search? Some allow entering arbitary reactions through
it offering a `react` button or `react with <your query>` option.
- This works at least within [Cinny](https://cinny.in) and
[SchildiChat](https://schildi.chat).
Please note that your **_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_** even in encrypted
rooms. See also my blog post, [Inconsistency issues of Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
Please note that your
**_[reactions are NOT encrypted](https://github.com/matrix-org/matrix-spec/issues/660)_**
even in encrypted rooms. See also my blog post, [Inconsistency issues of
Element, Element and Element, also privacy concerns]({% post_url blog/2021-08-03-matrix-perfect-privacy-not %}).
### What are ghost and puppets?
They are related to bridging Matrix with other protocols.
- A ghost is a virtual user account created by a bridge service to represent a user from another protocol (controlled by the actions of that user). They appear when an entire room is bridged. Some protocols like Discord or Slack have no native support for ghosts but can approximate them by changing the display name and avatar of the messages sent by the bridge.
- A puppet is a real user account controlled by a bridge service (based on their actions on another protocol). They may arise from personal bridging but also from room-level bridging when the target protocol does not support ghosts (such as IRC). Unlike a ghost, it's possible to log in to a puppet account using a normal client application so it's impossible to tell at a glance if the controller is a human or a bridge service (however message contents may provide hints).
- Double puppeting is when a user bridges their real accounts from two protocols so their actions on either side are mirrored on the other.
- A ghost is a virtual user account created by a bridge service to represent a
user from another protocol (controlled by the actions of that user). They
appear when an entire room is bridged. Some protocols like Discord or Slack
have no native support for ghosts but can approximate them by changing the
display name and avatar of the messages sent by the bridge.
- A puppet is a real user account controlled by a bridge service (based on their
actions on another protocol). They may arise from personal bridging but also
from room-level bridging when the target protocol does not support ghosts
(such as IRC). Unlike a ghost, it's possible to log in to a puppet account
using a normal client application so it's impossible to tell at a glance if
the controller is a human or a bridge service (however message contents may
provide hints).
- Double puppeting is when a user bridges their real accounts from two protocols
so their actions on either side are mirrored on the other.
### What does the public history visibility mean? I don't want to appear in search engines
The public/world-readable history visibility option means exactly what it says,
public even without joining the room. These rooms are accessible to tools
such as [Matrix Static](https://view.matrix.org/) and its successor [Matrix Viewer](https://github.com/matrix-org/matrix-viewer)
and thus their history is visible in search engines.
public even without joining the room. These rooms are accessible to tools such
as [Matrix Static](https://view.matrix.org/) and its successor
[Matrix Viewer](https://github.com/matrix-org/matrix-viewer) and thus their
history is visible in search engines.
Note that as the option name hints, the history visibility option will not
apply to previous messages. Thus if you first make room public and then
restrict it to members only the messages between these two changes are public
and new users will see them. Same if messages are visible to members and
then restricted further.
Note that as the option name hints, the history visibility option will not apply
to previous messages. Thus if you first make room public and then restrict it to
members only the messages between these two changes are public and new users
will see them. Same if messages are visible to members and then restricted
further.
Another thing worth noting here is that encryption will not prevent new users
from reading the future messages, Matrix will share keys to new joiners to
some extent. For more information refer to [Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1)
and related issues.
from reading the future messages, Matrix will share keys to new joiners to some
extent. For more information refer to
[Matrix Spec issue #1](https://github.com/matrix-org/matrix-spec/issues/1) and
related issues.
### Can I see who is in any specific room without being there?
It depends.
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g. for Matrix HQ ~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
or~~ [matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org) ([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc))
or [view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
You can try [Matrix Viewer](https://github.com/matrix-org/matrix-viewer/), e.g.
for Matrix HQ
~~[archive.matrix.org/r/matrix:matrix.org](https://archive.matrix.org/r/matrix:matrix.org)
or~~
[matrix-archive.evulid.cc/r/matrix:matrix.org](https://matrix-archive.evulid.cc/r/matrix:matrix.org)
([@evulid-crawler:evulid.cc](matrix:u/evulid-crawler:evulid.cc)) or
[view.gaytix.org/r/matrix:matrix.org](https://view.gaytrix.org/r/matrix:matrix.org)
omitting the leading `#`.
_Until 2023-06-27 [Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
so some outdated or intentionally misbehaving archive instances may still reveal information.
_Until 2023-06-27
[Matrix Foundation considered members-only rooms as public](https://matrix.org/blog/2023/07/what-happened-with-the-archive#a-note-on-shared-history-visibility)
so some outdated or intentionally misbehaving archive instances may still reveal
information.
[Method to opt-out is still not in sight.](https://github.com/matrix-org/matrix-viewer/issues/47)_
Alternatively if the room in question has an alias, you can try poking the room directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org): [https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org), you get the room ID and list of homeservers in it and if you see a single user (or otherwise not so popular homeserver), you can make educated guesses on who may be in the room. Note that this particular link requires `matrix.org` to be in the room and aware of the alias.
Alternatively if the room in question has an alias, you can try poking the room
directory API e.g. for [#matrix.fi:matrix.org](matrix:r/matrix.fi:matrix.org):
[https://matrix-client.matrix.org/\_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org](https://matrix-client.matrix.org/_matrix/client/v3/directory/room/%23matrix.fi%3Amatrix.org),
you get the room ID and list of homeservers in it and if you see a single user
(or otherwise not so popular homeserver), you can make educated guesses on who
may be in the room. Note that this particular link requires `matrix.org` to be
in the room and aware of the alias.
Otherwise no, you cannot.
### How can I remove my messages automatically like on Signal, WhatsApp, Telegram and everything else?
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For
more information including countless reasons why you would like to do this, consult
Matrix doesn't support it, but some clients, mainly Nheko (nightly) do. For more
information including countless reasons why you would like to do this, consult
[Element Meta discussion #682: Self-destructing/disappearing messages](https://github.com/vector-im/element-meta/discussions/682).
#### How can I remove my messages automatically on Nheko?
Assuming you are on nightly build, there are three steps:
1. In global settings of Nheko, enable _Periodically disable expired events_,
it will affect all profiles upon restart.
2. In the room where you wish to automatically remove your messages, go to
room settings and select _Configure_ next to _Automatic event deletion_.
There you will find the options _Expire events after X days_, _Only keep
latest X events_, _Always keep latest X events_ and _Include state events_.
1. In global settings of Nheko, enable _Periodically disable expired events_, it
will affect all profiles upon restart.
2. In the room where you wish to automatically remove your messages, go to room
settings and select _Configure_ next to _Automatic event deletion_. There you
will find the options _Expire events after X days_, _Only keep latest X
events_, _Always keep latest X events_ and _Include state events_.
3. Keep your Nheko running for at least 20 minutes. Nheko will automatically
remove the messages older than the time you specified and will check for
event expiry occassionally after running for at least 20 minutes,
regardless of which client send the event in the first place or whether
Nheko was online at that time.
event expiry occassionally after running for at least 20 minutes, regardless
of which client send the event in the first place or whether Nheko was online
at that time.
Secretly it's also possible to configure defaults for all rooms using Element
Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
Web's `/devtools` through
[`im.nheko.event_expiry` account data event](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/account-data/im.nheko.event_expiry/README.md).
```json
{
@ -225,21 +269,21 @@ Web's `/devtools` through [`im.nheko.event_expiry` account data event](https://g
}
```
This configuration would make Nheko remove all other messages than state
events when they became one year old (and the scheduled expiry job ran after
Nheko being online for around twenty minutes).
This configuration would make Nheko remove all other messages than state events
when they became one year old (and the scheduled expiry job ran after Nheko
being online for around twenty minutes).
I am intentionally not going into deeper detail since that may be dangerous
and if you cannot figure it out, you probably shouldn't be touching it.
I am intentionally not going into deeper detail since that may be dangerous and
if you cannot figure it out, you probably shouldn't be touching it.
#### How can I install Nheko nightly?
I use the nightly flatpak which is easy to install for all users as you
just add the nightly repo and install it. However I am assuming you have
already performed the [Flathub setup](https://flathub.org/setup).
I use the nightly flatpak which is easy to install for all users as you just add
the nightly repo and install it. However I am assuming you have already
performed the [Flathub setup](https://flathub.org/setup).
_Note that `#` means a comment and is there just to explain what is being
done, not to be actually entered into the terminal._
_Note that `#` means a comment and is there just to explain what is being done,
not to be actually entered into the terminal._
```bash
# Add the Nheko nightly remote onto your system
@ -253,8 +297,8 @@ sudo flatpak install nheko-nightly im.nheko.Nheko --assumeyes
For installing it just for one user, omit `sudo` and append `--user`.
To run it, either use the new application menu icons or `flatpak run
im.nheko.Nheko//master`.
To run it, either use the new application menu icons or
`flatpak run im.nheko.Nheko//master`.
To use something else than flatpak, ask someone else like Nheko documentation.
@ -264,49 +308,66 @@ The term is used least in two different scenarios:
- when your display name and/or avatar return back to what they were previously
without anyone doing anything.
- more seriously when the Matrix federation decides that the room is actually
in the past adding/removing users who were (or weren't) in the room at that time.
- more seriously when the Matrix federation decides that the room is actually in
the past adding/removing users who were (or weren't) in the room at that time.
This also affects administrator/moderator access.
[This issue was supposed to be fixed at room version 2 with State Resolution Version 2](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions),
but regardless [still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629) ([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)). If you are affected, your best bet is to
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in `/devtools`, which is a bit distruptive operation as all your users have to join the upgraded version and all homeservers involved must support it.
but regardless
[still happens in all versions after that](https://github.com/matrix-org/synapse/issues/8629)
([element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629)).
If you are affected, your best bet is to
`/upgraderoom {{site.matrixLatestRoomVersion}}` in developer mode enabled in
`/devtools`, which is a bit distruptive operation as all your users have to join
the upgraded version and all homeservers involved must support it.
You shouldn't just trust me or the variable on this site on what is the latest version, [consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and add [Version Checker](matrix:u/version:maunium.net) or [their sibling](https://github.com/maubot/rsvc) to your room and once they join, `!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the {{site.matrixLatestRoomVersion}} with your target version.
You shouldn't just trust me or the variable on this site on what is the latest
version,
[consult the Spec](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
and add [Version Checker](matrix:u/version:maunium.net) or
[their sibling](https://github.com/maubot/rsvc) to your room and once they join,
`!servers upgrade {{site.matrixLatestRoomVersion}}` replacing the
{{site.matrixLatestRoomVersion}} with your target version.
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
- See also
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
#### How about DAG splits?
DAG splits are a phenomenon somehow related to state resets above, but instead
of all servers accepting the same old state, they disagree and split to different
directions with varying severity.
of all servers accepting the same old state, they disagree and split to
different directions with varying severity.
In minor case some servers may decide that a user is not in the room and not
display messages from them, while in more severe situations the room may practically
be two different rooms with no new messages in common between different sides
kind of resembling [IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
display messages from them, while in more severe situations the room may
practically be two different rooms with no new messages in common between
different sides kind of resembling
[IRC's netsplits before sync.](https://en.wikipedia.org/wiki/Netsplit)
People understanding state resolution (which by the way don't include me)
disagree on the exact cause only agreeing that it's difficult to fix. From
what is told to me, I understand it to be tracked [in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629) or actually [element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
disagree on the exact cause only agreeing that it's difficult to fix. From what
is told to me, I understand it to be tracked
[in the same Synapse issue #8629](https://github.com/matrix-org/synapse/issues/8629)
or actually
[element-hq/synapse#8629](https://github.com/element-hq/synapse/issues/8629).
- See also [Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
- See also
[Matrix spec issues reported by Neil](https://github.com/matrix-org/matrix-spec/issues/neilalexander).
### Can I have a non-federated room?
Yes, there are two methods.
1. During room creation, Element Web offers an option to have a non-federated
room. That will permanently prevent any other homeserver from joining and
to change that a manual room upgrade is required.
room. That will permanently prevent any other homeserver from joining and to
change that a manual room upgrade is required.
1. What I recommend instead is setting a server ACL, so if necessary it can be
changed later. This may be helpful when migrating to another domain (which
Matrix doesn't support) or cooperation with another entity with their own
homeserver or anything.
The second method begins with the usual `/devtools`, explore room state, `Send
custom state event`, enter type as `m.room.server_acl` and contents:
The second method begins with the usual `/devtools`, explore room state,
`Send custom state event`, enter type as `m.room.server_acl` and contents:
```json
{
@ -316,8 +377,8 @@ custom state event`, enter type as `m.room.server_acl` and contents:
}
```
Now assuming all homeservers in the room implement ACL, only `example.org`
users can join the room.
Now assuming all homeservers in the room implement ACL, only `example.org` users
can join the room.
For futher reading about ACL:
@ -332,14 +393,15 @@ Room upgrading basically means:
1. Create a new room.
1. Send an event to old room saying "the room has now moved to new room"
1. Unless upgraded manually, the client copies some state such as power
levels from the old room to the new one.
1. Unless upgraded manually, the client copies some state such as power levels
from the old room to the new one.
Manual upgrading means poking the API endpoint manually and thus not copying
creation event (non-federation state) or power levels. For an example see my
[matrix-tombstone-room.bash script](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/matrix-tombstone-room.bash)
See also [Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
See also
[Matrix Specification on room versions](https://spec.matrix.org/latest/rooms/)
or `CTRL-F` this page for `/upgraderoom {{site.matrixLatestRoomVersion}}`
(Element Web `/devtools` _developer mode_ command to perform the upgrade).
@ -349,14 +411,14 @@ I think there are three important questions that will each require
consideration:
- Do you want to encrypt the room?
- Is the room public? If so, encryption will just cause strange issues for
you to troubleshoot and hinder the purpouse of the channel (which you
should also consider).
- Is the room public? If so, encryption will just cause strange issues for you
to troubleshoot and hinder the purpouse of the channel (which you should
also consider).
- Do you want to use bridges or integrations? Unless you or someone close to
you is selfhosting those, they are untrusted and will defeat the point of
encryption, so don't encrypt.
- Does the room only contain trustworthy participants? Encryption may be
your friend.
- Does the room only contain trustworthy participants? Encryption may be your
friend.
- Who can see the room history?
- If you want everyone to be able to read it, choose everyone or
`world_readable`.
@ -364,21 +426,27 @@ consideration:
publish the history further), choose members-only or `shared`.
- If you want users to see the history since they were invited to the room,
select `invited`
- Otherwise select `joined` to have users only see history since they
joined.
- Otherwise select `joined` to have users only see history since they joined.
- Who can join the room? This is self-explanatory so probably everyone or
invited users.
- However my favourite rules are `knock` so that users have to ask for permission to
join and `knock_restricted` so users in trusted rooms can join directly
without knocking.
- However my favourite rules are `knock` so that users have to ask for
permission to join and `knock_restricted` so users in trusted rooms can join
directly without knocking.
If you choose to make your room public as in joinable by anyone and history
viewable by members joining in the future, _please communicate that in the room
topic_.
> Some projects may wish to log their channels publicly, if you do so the logging should be authorised by the channel owners and users in the channel should be notified (through for instance the topic, entry message, or similar) that public logging is taking place. Channel operators should consider ways for users to make unlogged comments and a process for requesting the removal of certain logs.
> Some projects may wish to log their channels publicly, if you do so the
> logging should be authorised by the channel owners and users in the channel
> should be notified (through for instance the topic, entry message, or similar)
> that public logging is taking place. Channel operators should consider ways
> for users to make unlogged comments and a process for requesting the removal
> of certain logs.
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging) which I consider as good advice regarldess of being written for IRC rather than Matrix.
- [Libera.Chat policies on public logging](https://libera.chat/policies/#public-logging)
which I consider as good advice regarldess of being written for IRC rather
than Matrix.
Sample events for `/devtools`
@ -431,130 +499,185 @@ Sample events for `/devtools`
### What are these idlekicks for inactivity, why are they for?
Some Matrix rooms decide to connect their channel to IRC maintaining the same users on both sides, which can be heavy for the IRC network depending on bridge type of which there are three "major" variants:
Some Matrix rooms decide to connect their channel to IRC maintaining the same
users on both sides, which can be heavy for the IRC network depending on bridge
type of which there are three "major" variants:
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC side. All of these pretend to be separate clients, so if you have 1000 ghosts at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times every few minutes and so will every message received.
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything separate for every user or a single bot connection to IRC while creating puppets for IRC users to use at Matrix. It also supports RELAYMSG for more modern IRC networks.
- matterbridge is the most lightweight of the three working as a traditional relaybot on both sides. Unlike the others, it doesn't require selfhosting your own homeserver making it the most accessible for those with less resources and the option I use whenever possible. Sadly it doesn't look that great [without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
- matrix-appservice-irc which creates a ghost for every Matrix user on the IRC
side. All of these pretend to be separate clients, so if you have 1000 ghosts
at IRC, all internal PING/PONG (keepalive) traffic will be sent 1000 times
every few minutes and so will every message received.
- heisenbridge has two modes, either it acts as a IRC bouncer keeping everything
separate for every user or a single bot connection to IRC while creating
puppets for IRC users to use at Matrix. It also supports RELAYMSG for more
modern IRC networks.
- matterbridge is the most lightweight of the three working as a traditional
relaybot on both sides. Unlike the others, it doesn't require selfhosting your
own homeserver making it the most accessible for those with less resources and
the option I use whenever possible. Sadly it doesn't look that great
[without RELAYMSG support I live in hope of Matrix implementing one day](https://github.com/matrix-org/matrix-spec/issues/840).
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators generally have agreement with IRC networks (or are IRC networks by themselves) to remove unused connections after a month or three of inactivity, which is judged by lack of public read-receipts anywhere the bridge can see. It could have been implemented better [pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329), which would have a problem of practically being `root` and thus not many IRC networks would open their door to a third party bridge and the Ergo IRCd doesn't even support server linking (opting to be HA instead, but more of that in "Why should I use Matrix instead of IRC?").
As matrix-appservice-irc very quickly becomes traffic-intensive, its operators
generally have agreement with IRC networks (or are IRC networks by themselves)
to remove unused connections after a month or three of inactivity, which is
judged by lack of public read-receipts anywhere the bridge can see. It could
have been implemented better
[pretending to be a server instead](https://github.com/matrix-org/matrix-appservice-irc/issues/329),
which would have a problem of practically being `root` and thus not many IRC
networks would open their door to a third party bridge and the Ergo IRCd doesn't
even support server linking (opting to be HA instead, but more of that in "Why
should I use Matrix instead of IRC?").
Being a server would also resolve IRC users getting annoyed by huge disconnection floods whenever matrix-appservice-irc restarts as it could be [batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
Being a server would also resolve IRC users getting annoyed by huge
disconnection floods whenever matrix-appservice-irc restarts as it could be
[batched by the IRCd users are connected to](https://ircv3.net/specs/batches/netsplit).
The issues of matrix-appservice-irc grow worse when the room has bridges to other protocols, as those grow the IRC user count, use nicknames (sometimes capturing nicknames of people using both protocols and may be difficult to regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially when the other protocol doesn't support direct/private messages and doesn't have even that excuse of using a connection slot.
The issues of matrix-appservice-irc grow worse when the room has bridges to
other protocols, as those grow the IRC user count, use nicknames (sometimes
capturing nicknames of people using both protocols and may be difficult to
regain if the bridge doesn't answer to `!irc nick SomethingElse`) especially
when the other protocol doesn't support direct/private messages and doesn't have
even that excuse of using a connection slot.
I hope this answer helped explain why this behaviour exists and that IRC users aren't opposed to bridging out of malice.
I hope this answer helped explain why this behaviour exists and that IRC users
aren't opposed to bridging out of malice.
#### But the relaybots look so ugly
IRC users have dealt with them since always, I tend to use Limnoria IRC bot which is forked from Supybot and has had the Relay plugin (for relaying messages between multiple IRC networks) [since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e) and I imagine it was far from the first IRC relay.
IRC users have dealt with them since always, I tend to use Limnoria IRC bot
which is forked from Supybot and has had the Relay plugin (for relaying messages
between multiple IRC networks)
[since possibly before `Wed Feb 2 06:45:35 2005 +0000`](https://github.com/progval/Limnoria/commit/e4e5c1482489451c1ae9b6b4ee9b9147a295320e)
and I imagine it was far from the first IRC relay.
This means that even before IRCv3 RELAYMSG and displayname proposals, which I wish to merge so modern clients could show displaynames and legacy RELAYMSGs, there have been client-side solutions that have also been evolving:
This means that even before IRCv3 RELAYMSG and displayname proposals, which I
wish to merge so modern clients could show displaynames and legacy RELAYMSGs,
there have been client-side solutions that have also been evolving:
- Irssi I haven't used personally, but I hear it has a [detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit like it's made with Heisenbridge in mind.
- WeeChat used to have a separate script for this, but at version 1.1 in gained the Trigger plugin able to perform actions without scripts, thus meaning you can use something like [this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2) without having to install anything (while `/script` would be easy too).
- Irssi I haven't used personally, but I hear it has a
[detelexify](https://github.com/zouppen/irssi-detelexify/) that looks a bit
like it's made with Heisenbridge in mind.
- WeeChat used to have a separate script for this, but at version 1.1 in gained
the Trigger plugin able to perform actions without scripts, thus meaning you
can use something like
[this Relaybot 2 Trigger example](https://github.com/weechat/weechat/wiki/Triggers#relaybot-2)
without having to install anything (while `/script` would be easy too).
I hope Matrix will get better at this too.
### I am told that I should Matrixify my IRC channel, what does that mean?
You are likely using IRCnet and I am sorry that you have to deal with this raider group. It means some mix of:
You are likely using IRCnet and I am sorry that you have to deal with this
raider group. It means some mix of:
- setting a Matrix avatar to the room
- removing the `#` from the name of the Matrix room
- setting a main alias to the Matrix room that doesn't contain the IRC network's name
- bridging to Matrix in a way that Matrix user (that may not be you) has full power over the room, potentially also over the bridge bot
- setting a main alias to the Matrix room that doesn't contain the IRC network's
name
- bridging to Matrix in a way that Matrix user (that may not be you) has full
power over the room, potentially also over the bridge bot
- be careful if you are told to answer a bot `yes` in a `/query`!
### Why should I use Matrix instead of IRC?
No reason, if IRC suits you better than Matrix. As I have said before, I find
maintaining IRC easier. IRC also tends to work better for me in poor network conditions
and with [IRCv3](https://ircv3.net/) specifications and implemented draft proposals,
it can be very pleasant modern experience without the issues that come from federation.
maintaining IRC easier. IRC also tends to work better for me in poor network
conditions and with [IRCv3](https://ircv3.net/) specifications and implemented
draft proposals, it can be very pleasant modern experience without the issues
that come from federation.
There is a usecase for every tool and while federation is important feature
in general I am yet to miss it in IRC.
There is a usecase for every tool and while federation is important feature in
general I am yet to miss it in IRC.
I keep mentioning Ergo IRCd, which [scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability), has serverside history and integrated bouncer
feature so it's just a matter of adding it to your IRC client alongside your
SASL credentials and you will receive your offline messages whenever you
reconnect. Ergo also supports `RELAYMSG` making messages from other protocols
seem more native to read and many graphical IRC clients even provide integrated
image uploading support.
I keep mentioning Ergo IRCd, which
[scales](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#scalability),
has serverside history and integrated bouncer feature so it's just a matter of
adding it to your IRC client alongside your SASL credentials and you will
receive your offline messages whenever you reconnect. Ergo also supports
`RELAYMSG` making messages from other protocols seem more native to read and
many graphical IRC clients even provide integrated image uploading support.
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based [PirateIRC](https://pirateirc.net/)
and [its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we have to leave other protocols
or they would be unusable otherwise.
[Pirate Party of Finland](https://piraattipuolue.fi/en) considers Ergo-based
[PirateIRC](https://pirateirc.net/) and
[its webchat](https://webchat.pirateirc.net/) a reasonable fallback should we
have to leave other protocols or they would be unusable otherwise.
#### Why isn't Pirate Party of Finland using Matrix?
This goes a bit past my personal Q&A, but we are using it kind of as a "tech demo".
However it cannot currently mature past that as:
This goes a bit past my personal Q&A, but we are using it kind of as a "tech
demo". However it cannot currently mature past that as:
- we don't have people interested in Matrix (obviously excluding me).
- we don't have resources for hosting a Matrix homeserver, while we had IRC before we were founded.
- moderation tools are so bad it's only me dealing with them (see critiques near top of the page).
- we don't have resources for hosting a Matrix homeserver, while we had IRC
before we were founded.
- moderation tools are so bad it's only me dealing with them (see critiques near
top of the page).
- [Matrix flagship clients, Element Web, Element Android and Element iOS don't support knocking](https://github.com/vector-im/element-meta/issues/43)
which has been supported by Matrix Specification since September 2021 or so meaning
users of those aren't able to request access to our rooms, unless they
which has been supported by Matrix Specification since September 2021 or so
meaning users of those aren't able to request access to our rooms, unless they
are members of an allowed rooms first.
If you want in, your options are:
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists
Finnish speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
- Due to aforementioned lack of moderation tools, this can be withdrawn should that become necessary to mitigate abuse.
- Knock one of our rooms using Nheko and [hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
- Come to [#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you aren't a bot) that you wish in.
- Join [Matrix Suomi Space](matrix:r/matrix-suomi:kapsi.fi), which lists Finnish
speaking rooms and then [our space](matrix:r/space.piraatit.fi:matrix.org).
- Due to aforementioned lack of moderation tools, this can be withdrawn should
that become necessary to mitigate abuse.
- Knock one of our rooms using Nheko and
[hope someone is watching from Nheko](https://github.com/Nheko-Reborn/nheko/issues/1226).
- Come to
[#verkkopalvelut using PrateIRC webchat](https://webchat.pirateirc.net/?channel=#verkkopalvelut)
and tell `AmindaSuomalainen` your Matrix ID in a nice message (to show you
aren't a bot) that you wish in.
### I don't currently want to touch Matrix, but I am seeing abuse from there, what can I do?
If you are using Telegram or Discord, you are out of luck, as while you can
remove messages, that may get removed from Matrix, you cannot remove the
abusive users. If you are using XMPP you may be out of luck.
remove messages, that may get removed from Matrix, you cannot remove the abusive
users. If you are using XMPP you may be out of luck.
However if you use IRC and the Matrix users are behind matrix-appservice-irc
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md) or your network operators) you may be in luck as long as
([check this list](https://github.com/matrix-org/matrix-appservice-irc/blob/develop/docs/bridged_networks.md)
or your network operators) you may be in luck as long as
[you or your ops haven't answered "yes" to the Matrix bot](https://github.com/matrix-org/matrix-appservice-irc/issues/462).
Matrix-appservice-irc attempts to sync permissions from IRC in a limited fashion,
and if it's unable to join a ghost (see an earlier question), it will kick the
user from Matrix for as long as the ban stays in place.
Matrix-appservice-irc attempts to sync permissions from IRC in a limited
fashion, and if it's unable to join a ghost (see an earlier question), it will
kick the user from Matrix for as long as the ban stays in place.
In other words, if you were using Matrix personally, the IRC bridge would
drastically increase the moderation tools available for you! You can now use
wildcard bans that aren't natively supported and even extbans like (LiberaChat's)
`/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org users from your
channel or set `+e` ban exceptions on them!
wildcard bans that aren't natively supported and even extbans like
(LiberaChat's) `/mode #yourchannel +b $r:*:matrix.org*` to ban all matrix.org
users from your channel or set `+e` ban exceptions on them!
_Note: this obviously stops working should the Matrix user change their
gecos/"real name" in which case your only option is to ban the entirety of
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming
your abusers don't have a cloak (vhost in any other IRC network)._
Matrix. E.g. on LiberaChat `/mode +b _!_@2001:470:69fc:105::/64` assuming your
abusers don't have a cloak (vhost in any other IRC network)._
#### I fear someone has said yes
In that case someone may have near absolute power on the Matrix side and could have
removed the matrix-appservice-irc bot from power thus preventing it from
In that case someone may have near absolute power on the Matrix side and could
have removed the matrix-appservice-irc bot from power thus preventing it from
kicking users banned from IRC letting them spam freely on Matrix while being
invisible to IRC. In even worse scenario the abusive user was given power
and they are immune to whatever is done from IRC.
invisible to IRC. In even worse scenario the abusive user was given power and
they are immune to whatever is done from IRC.
There is also the chance that [a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
There is also the chance that
[a netsplit gives a Matrix user moderator permissions that are never removed when sync occurs](https://github.com/matrix-org/matrix-appservice-irc/issues/518).
##### That doesn't help me
If everything else fails, you can always mail abuse at matrix dot org, who
will want the following details (as of 2022-10-16):
If everything else fails, you can always mail abuse at matrix dot org, who will
want the following details (as of 2022-10-16):
- Your matrix ID
- the room ID(s) your report is about
- timestamps or links to the events you are telling us about
Assuming you are an IRC user and thus unable to provide the two first,
I would include:
Assuming you are an IRC user and thus unable to provide the two first, I would
include:
- IRC network in question
- IRC channel in question
@ -571,25 +694,25 @@ sending raw events in JSON to them.
My reasons for that are many and I am often proved correct in them.
- By having multiple accounts on different homeservers, there is no single
entity that can decide whether I participate on Matrix or not. This is also
a benefit of decentralisation in general.
entity that can decide whether I participate on Matrix or not. This is also a
benefit of decentralisation in general.
- Matrix rooms are hosted on all homeservers that have at least one account
joined to them.
- In case of federation meltdown, I have multiple entrypoints to send events
and thus hopefully one of them goes through faster. There have been
multiple incidents where this could have been useful for room
administrators.
- In case of federation meltdown, I have multiple entrypoints to send events and
thus hopefully one of them goes through faster. There have been multiple
incidents where this could have been useful for room administrators.
- Matrix homeservers used to allow open registration with no kind of
protection and no warnings they are being ran with that configuration
until some time before room version 10 was released. This
allowed multiple rooms to be spammed trivially and it took days for all
homeservers to sync ACL bans in the worst cases. It also resulted to a lot
of state resetting so the affected rooms never got cleaned up as the spam
users kept coming back and clients had issues handling so inflated rooms.
- Federation also fails when a spammer sends messages after getting banned
and thus moderation bots fail to remove messages from them as those don't
get to the banning server. Thus moderators need more accounts again.
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329). [The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
protection and no warnings they are being ran with that configuration until
some time before room version 10 was released. This allowed multiple rooms
to be spammed trivially and it took days for all homeservers to sync ACL
bans in the worst cases. It also resulted to a lot of state resetting so the
affected rooms never got cleaned up as the spam users kept coming back and
clients had issues handling so inflated rooms.
- Federation also fails when a spammer sends messages after getting banned and
thus moderation bots fail to remove messages from them as those don't get to
the banning server. Thus moderators need more accounts again.
- [matrix-org/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/matrix-org/synapse/issues/9329).
[The issue was migrated to element-hq/synapse#9329: Soft-failures make federated bans racy and frustrate redaction](https://github.com/element-hq/synapse/issues/9329)
- State resets keep happening and thus I cannot trust other accounts than the
one which created a room in question stay as power level 100.
- Homeservers come and go, sometimes with little to no warning. As I have many
@ -600,62 +723,90 @@ My reasons for that are many and I am often proved correct in them.
##### Brief history of my experiences with dead homeservers
Believe my concern on homeservers coming and going or not, no homeserver is
safe, you should have backup accounts on multiple independent ones. Or maybe
I am just personally unlucky?
safe, you should have backup accounts on multiple independent ones. Or maybe I
am just personally unlucky?
1. 2018-09-07: [Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
1. 2019-04-12: [Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
1. 2018-09-07:
[Disroot.org announced Matrix closure](https://disroot.org/en/blog/matrix-closure).
1. 2019-04-12:
[Matrix.org was compromised](https://matrix.org/blog/2019/04/11/we-have-discovered-and-addressed-a-security-breach-updated-2019-04-12)
resulting the homeserver being down for a while, some integrations even
longer and the XMPP bridge returned months later.
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks <em>as</em>sociation, thinking that homeserver being a paid
membership benefit would help it to stay up and be reliable. However in
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt) and [early
2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt) we decided to disband the association due to
COVID-19 pandemic, lack of volunteers, lack of money (which wasn't helped
by [Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
1. From Disroot I moved to Feneas, the <em>Fe</em>derated <em>ne</em>tworks
<em>as</em>sociation, thinking that homeserver being a paid membership
benefit would help it to stay up and be reliable. However in
[late 2021](https://gitea.blesmrt.net/mikaela/gist/src/commit/b50dacc0a457754c44ee901ce9e78988a39714fa/associations/feneas/meeting-logs/2021-12-09-annual-general-assembly.txt)
and
[early 2022](https://gitea.blesmrt.net/mikaela/gist/src/commit/f3277852084d1a644189c7f9198f0bf470bc0ba4/associations/feneas/meeting-logs/2022-01-04-annual-general-meeting.txt)
we decided to disband the association due to COVID-19 pandemic, lack of
volunteers, lack of money (which wasn't helped by
[Finnish money gathering law issues](https://github.com/liberapay/liberapay.org/issues/30))
etc.
1. Around 2023-04-24 the-apothecary.club went down and returned sometime
2023-05-06. That would have been a long time with no communication on
Matrix and not having access to any rooms, but luckily I have been using my
account there just for accessibility testing and even if it was my primary
account, I would have had backup accounts. I still don't know what exactly
happened there, but I am not an active member of their community and they
are volunteers like most of Matrix (excluding EMS and other paid homeserver
2023-05-06. That would have been a long time with no communication on Matrix
and not having access to any rooms, but luckily I have been using my account
there just for accessibility testing and even if it was my primary account, I
would have had backup accounts. I still don't know what exactly happened
there, but I am not an active member of their community and they are
volunteers like most of Matrix (excluding EMS and other paid homeserver
offerings).
1. 2023-05-08 13:15 [Kapsi.fi](https://www.kapsi.fi/english.html)
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488) taking down their homeserver and
[pikaviestin.fi](https://www.pikaviestin.fi) (alongside [sauna.social](https://sauna.social)
and [järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It
returned a couple of days later on the evening of 2023-05-11.
1. On 2023-10-25 [IT group of Pirate Party Austria made an announcement that
pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
1. 2023-12-24 saw that _[the hard drive hosting the jae.fi matrix server shat
itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_ and as per that
announcement, it's not returning anytime soon. My matterbridge had account
#4 there while it later returned to account #3 on tedomum.net.
1. 2024-01-18 brought the [shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
[database server physically died](https://www.kapsi.fi/tiedotteet/2023.html#488)
taking down their homeserver and [pikaviestin.fi](https://www.pikaviestin.fi)
(alongside [sauna.social](https://sauna.social) and
[järkkää.fi](https://jarkkaa.fi)) which hosts my main account. It returned a
couple of days later on the evening of 2023-05-11.
1. On 2023-10-25
[IT group of Pirate Party Austria made an announcement that pirateriot.net pirateriot.net shut down on 2023-10-31](https://web.archive.org/web/20231027060957/https://t.me/globalpirates/39814).
1. 2023-12-24 saw that
_[the hard drive hosting the jae.fi matrix server shat itself](https://soc.jae.fi/notes/9nmcgdonjxailf51)_
and as per that announcement, it's not returning anytime soon. My
matterbridge had account #4 there while it later returned to account #3 on
tedomum.net.
1. 2024-01-18 brought the
[shutdown of Diasp.in PirateIRC bridge](https://github.com/ppau/PirateIRC/pull/39)
and their [call for volunteers page](https://diasp.in/volunteer) has sunset
date set for 2024-01-31. As I have been PirateIRC operator since
2017-05-11, Diasp.in received a spot in this listing.
date set for 2024-01-31. As I have been PirateIRC operator since 2017-05-11,
Diasp.in received a spot in this listing.
#### Why do you use Matrix URI scheme instead of matrix.to?
I dislike matrix.to as a concept. It's a centralized service on decentralized protocol and in my opinion it shows lack of self-esteem on Matrix side considering neither XMPP or IRC require something like it, both of those trust being known or handled appropiately.
I dislike matrix.to as a concept. It's a centralized service on decentralized
protocol and in my opinion it shows lack of self-esteem on Matrix side
considering neither XMPP or IRC require something like it, both of those trust
being known or handled appropiately.
#### Why does one of your accounts have capital letter in the username?
In 2016 or so I mistakenly thought that usernames would be case-insensitive
and they only [got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
In 2016 or so I mistakenly thought that usernames would be case-insensitive and
they only
[got banned in Synapse on 10th November 2017](https://github.com/matrix-org/synapse/pull/2662).
#### Which client do you recommend?
Honestly the only one that I can recommend is [Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
Honestly the only one that I can recommend is
[Nheko nightly flatpak](#how-can-i-install-nheko-nightly).
I have also said it before, but for any serious use of Matrix, you will need [Element Web](https://github.com/vector-im/element-web) and especially the `/devtools` command it has.
I have also said it before, but for any serious use of Matrix, you will need
[Element Web](https://github.com/vector-im/element-web) and especially the
`/devtools` command it has.
If you absolutely need Matrix somewhere neither fits you, ~~maybe [Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your needs don't include too many Matrix accounts ([#783](https://github.com/vector-im/hydrogen-web/issues/783), [#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you [don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela) ([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or [Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~ Good luck!
If you absolutely need Matrix somewhere neither fits you, ~~maybe
[Hydrogen](https://github.com/vector-im/hydrogen-web) is your _PWA_ hoping your
needs don't include too many Matrix accounts
([#783](https://github.com/vector-im/hydrogen-web/issues/783),
[#817](https://github.com/vector-im/hydrogen-web/pull/817)) and hoping you
[don't use SailfishOS](https://forum.sailfishos.org/t/progressive-web-app-pwa-in-native-browser/3867?u=mikaela)
([#1000](https://github.com/sailfishos/sailfish-browser/issues/1000)) or
[Ubuntu Touch (#1144)](https://github.com/ubports/ubuntu-touch/issues/1144).~~
Good luck!
On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdroid/repo) ([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many Element shortcomings being a fork and Matrix isn't too mobile friendly protocol in my opinion. (For my view of the repo fingerprints, refer to [n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
On Android I often find myself using
[SchildiChat](https://s2.spiritcroc.de/fdroid/repo)
([Beta](https://s2.spiritcroc.de/testing/fdroid/repo)), which suffers many
Element shortcomings being a fork and Matrix isn't too mobile friendly protocol
in my opinion. (For my view of the repo fingerprints, refer to
[n/f-droid](/n/f-droid.html), but note the pages intend of _my personal use._)
<!-- The one that fits your needs. Personally I mix-and-match:
@ -674,58 +825,74 @@ On Android I often find myself using [SchildiChat](https://s2.spiritcroc.de/fdro
I don't know, I have
[spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
which doubles as a critique towards Matrix room directory, which is
centralized and everyone wants to be on `matrix.org` room directory, which
again leads to them registering on `matrix.org` to add themselves there and
did I mention that on 29-02-2024 it has been locked for a couple of months for
a cleanup?
which doubles as a critique towards Matrix room directory, which is centralized
and everyone wants to be on `matrix.org` room directory, which again leads to
them registering on `matrix.org` to add themselves there and did I mention that
on 29-02-2024 it has been locked for a couple of months for a cleanup?
> Of course this file makes me the curator/authority of room listing and thus
> I challenge you, the reader, to make your own space or version of this file,
> Of course this file makes me the curator/authority of room listing and thus I
> challenge you, the reader, to make your own space or version of this file,
> maybe I can even link to your list here? :smiley_cat:
- [spaces.md](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/matrix/spaces.md)
#### Which homeserver do you recommend?
I am hesistant to recommend any. Finnish users may be interested in the [Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be served by [joinmatrix.org listing](https://servers.joinmatrix.org).
I am hesistant to recommend any. Finnish users may be interested in the
[Linux.fi wiki listing](https://www.linux.fi/wiki/Matrix), everyone else may be
served by [joinmatrix.org listing](https://servers.joinmatrix.org).
#### Why don't you run your own?
As can be read between the lines from my critiques, I don't consider any homeserver to be in the state that it's either safe to run legally or lightweight enough or not require constant maintenance as opposed to IRC which I do selfhost.
As can be read between the lines from my critiques, I don't consider any
homeserver to be in the state that it's either safe to run legally or
lightweight enough or not require constant maintenance as opposed to IRC which I
do selfhost.
The world situation in general discourages me from anything as heavy.
#### Why cannot I see history in your Matrix rooms?
Matrix doesn't support self-destructing messages or message expiry in general, so
I don't feel comfortable with world-readable logs (which would easily end to
Matrix doesn't support self-destructing messages or message expiry in general,
so I don't feel comfortable with world-readable logs (which would easily end to
search engines forever).
If you need to see something in the backlog, I suggest
using IRC (IRC@Etro or PirateIRC especially) or XMPP which each store messages
only for 7 days (Ergo default) or some months (Prosody default) on a single server.
If you need to see something in the backlog, I suggest using IRC (IRC@Etro or
PirateIRC especially) or XMPP which each store messages only for 7 days (Ergo
default) or some months (Prosody default) on a single server.
#### So do you wish Matrix to fail?
No, I have been using countless of hours at writing these critiques and performing "quality assurance"/testing,
localizing clients to Finnish, providing support on their rooms for users of those clients, writing a Matrix
Spec Change proposal (that was merged), having coauthored another, writing or contributing documentation in two languages
and whatever else I have been doing since 2016.
No, I have been using countless of hours at writing these critiques and
performing "quality assurance"/testing, localizing clients to Finnish, providing
support on their rooms for users of those clients, writing a Matrix Spec Change
proposal (that was merged), having coauthored another, writing or contributing
documentation in two languages and whatever else I have been doing since 2016.
Matrix has a place in my heart, just as IRC and XMPP and while none of the three are perfect, I wish for the issues
get resolved and the fighting between them to end and I am tired of the "stop having fun" or "you are worse person for still using deprecated IRC"
or "I wish IRC/XMPP just died already as it's so old" or whatever attitude I see amongst certain Matrix user/enthustiastic groups.
Matrix has a place in my heart, just as IRC and XMPP and while none of the three
are perfect, I wish for the issues get resolved and the fighting between them to
end and I am tired of the "stop having fun" or "you are worse person for still
using deprecated IRC" or "I wish IRC/XMPP just died already as it's so old" or
whatever attitude I see amongst certain Matrix user/enthustiastic groups.
However I admit sometimes having difficult time believing that either _Matrix
Foundation_ or _New Vector trading as Element_ has their users best interests
in heart. On my worse days, I especially hardwordedly criticise [media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193) ([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
or [fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845) ([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
and especially [lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
Foundation_ or _New Vector trading as Element_ has their users best interests in
heart. On my worse days, I especially hardwordedly criticise
[media never being removed](https://github.com/matrix-org/synapse/issues/1263#issuecomment-1120225193)
([element-hq/synapse#1263](https://github.com/element-hq/synapse/issues/1263))
or
[fear that Matrix may endanger gender or sexual minorities by leaking room-specific profiles](https://github.com/matrix-org/synapse/issues/5677#issuecomment-894831845)
([element-hq/synapse#5677](https://github.com/element-hq/synapse/issues/5677))
and especially
[lack of self-destructing messages (that is nowadays a discussion rather than an issue)](https://github.com/vector-im/element-meta/discussions/682#discussioncomment-3803806)
considering even [DeltaChat (also known as an email client)](https://delta.chat)
manages to implement it without control over the underlying protocol and even
less guarantees!
---
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do [consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions) and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from [Version Checker](matrix:u/version:maunium.net) or [their siblings](https://github.com/maubot/rsvc)._
_The lucky Matrix number is `{{site.matrixLatestRoomVersion}}`, but do
[consult the Spec for that](https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions)
and definitely ask `!servers upgrade {{site.matrixLatestRoomVersion}}` from
[Version Checker](matrix:u/version:maunium.net) or
[their siblings](https://github.com/maubot/rsvc)._

9
pages/some.markdown
View File

@ -13,12 +13,13 @@ excerpt: "Links to my my referral links around the internet."
lang: en
---
Looking for my social media accounts? They have moved to the [index](/index.html#web).
Looking for my social media accounts? They have moved to the
[index](/index.html#web).
- [Wolt](http://get.woltapp.com/93O1)
- "_Every time a new friend signs up to Wolt with your personal code
and makes their first order, they get a €5.00 discount and you get
€5.00 worth in credits. Happy sharing!_"
- "_Every time a new friend signs up to Wolt with your personal code and makes
their first order, they get a €5.00 discount and you get €5.00 worth in
credits. Happy sharing!_"
- `93O1`
- [N26](https://n26.com/r/mikaelas0922)
- `mikaelas0922`