When it’s libre software, we’re not banned from fixing it.

Signal is a company and a network service and a protocol and some libre software.

Anyone can modify the client software (though you can’t actually distribute modified versions via Apple’s iOS App Store, for reasons explained below) but if a 3rd party actually “fixed” the problems I’ve been talking about here then it really wouldn’t make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.

Only Signal (the company) can approve of changes to Signal (the protocol and service).

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

I don’t know what you mean by “bait” here, but…

Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

(fuck whatsapp and discord too, of course.)

it’s being answered in the github thread you linked

The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to “unsealed sender”.

That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does “enable sealed sender indicators”).

This can be separated into two different questions:

1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

The strongest possibly-true statement i can imagine about sealed sender’s utility is something like this:

For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

This is a vastly weaker claim than saying that “by design” Signal has no possibility of collecting any information at all besides the famous “date of registration and last time user was seen online” which Signal proponents often tout.

False.

edit: it’s funny how people downvoting comments about signal’s sealed sender being a farce never even attempt to explain what its threat model is supposed to be. (meaning: what attacks, with which adversary capabilities specifically, is it designed to prevent?)

You can configure one or more of your profiles’ addresses to be a “business address” which means that when people contact you via it it will always create a new group automatically. Then you can (optionally, on a per-contact basis) add your other devices’ profiles to it (as can your contact with their other devices, after you make them an admin of the group).

It’s not the most obvious/intuitive system but it works well and imo this paradigm is actually better than most systems’ multi-device support in that you can see which device someone is sending from and you can choose to give different contacts access to a different subset of your devices than others.

You can just make a group for each contact with all of your (and their) devices in it.

Messages are private on signal and they cannot be connected to you through sealed sender.

No. Signal’s sealed sender has an incoherent threat model and only protects against an honest server, and if the server is assumed to be honest then a “no logs” policy would be sufficient.

Sealed sender is complete security theater. And, just in case it is ever actually difficult for the server to infer who is who (eg, if there are many users behind the same NAT), the server can also simply turn it off and the client will silently fall back to “unsealed sender”. 🤡

The fact that they go to this much dishonest effort to convince people that they “can’t” exploit their massive centralized trove of activists’ metadata is a pretty strong indicator of one answer to OP’s question.

deleted by creator

it’s among the many OSes you can run in an emulator in your web browser at https://copy.sh/v86/

Lmao that my pedanticism could be perceived as BSD advocacy - fwiw, I primarily use GNU/Linux, I develop GPL-licensed software, and I think GPLv3 or AGPLv3 are good choices for many new projects starting today.

My opinions about the history and future of copyleft are somewhat complicated but I didn’t mention any opinions in the comment you’re replying to - I was just correcting your factual misunderstandings about the accepted definitions of these terms.

sometimes a footprint represents humanity

sometimes, but in GNOME’s case i think it is not intended to be a human foot but rather the foot of a mythological creature (a gnome). note that it has a squashed aspect ratio compared to a human foot, and also has only four toes.

apparently it’s also problematic in some cultures: https://wiki.gnome.org/Engagement/FootAndCulturalIssue

Why memorize a different command? I assume sudoedit just looks up the system’s EDITOR environment variable and uses that. Is there any other benefit?

I don’t use it, but, sudoedit is a little more complicated than that.

When invoked as sudoedit, the -e option (described below), is implied.

       -e, --edit
               Edit one or more files instead of running a command.   In  lieu
               of  a  path name, the string "sudoedit" is used when consulting
               the security policy.  If the user is authorized by the  policy,
               the following steps are taken:

               1.   Temporary  copies  are made of the files to be edited with
                    the owner set to the invoking user.

               2.   The editor specified by the policy is run to edit the tem‐
                    porary files.  The sudoers policy  uses  the  SUDO_EDITOR,
                    VISUAL  and  EDITOR environment variables (in that order).
                    If none of SUDO_EDITOR, VISUAL  or  EDITOR  are  set,  the
                    first  program  listed  in the editor sudoers(5) option is
                    used.

               3.   If they have been modified, the temporary files are copied
                    back to their original location and the temporary versions
                    are removed.

               To help prevent the editing of unauthorized files, the  follow‐
               ing  restrictions are enforced unless explicitly allowed by the
               security policy:

                •  Symbolic links  may  not  be  edited  (version  1.8.15  and
                   higher).

                •  Symbolic links along the path to be edited are not followed
                   when  the parent directory is writable by the invoking user
                   unless that user is root (version 1.8.16 and higher).

                •  Files located in a directory that is writable by the invok‐
                   ing user may not be edited unless that user is  root  (ver‐
                   sion 1.8.16 and higher).

               Users are never allowed to edit device special files.

               If  the specified file does not exist, it will be created.  Un‐
               like most commands run by sudo, the editor is run with the  in‐
               voking  user's  environment  unmodified.  If the temporary file
               becomes empty after editing, the user will be  prompted  before
               it is installed.  If, for some reason, sudo is unable to update
               a file with its edited version, the user will receive a warning
               and the edited copy will remain in a temporary file.

tldr: it makes a copy of the file-to-be-edited in a temp directory, owned by you, and then runs your $EDITOR as your normal user (so, with your normal editor config)

note that sudo also includes a similar command which is specifically for editing /etc/sudoers, called visudo 🤪

encryption would prevent the modem from seeing it when someone sends it, but such a short string will inevitably appear once in a while in ciphertext too. so, it would actually make it disconnect at random times instead :)

(edit: actually at seven bytes i guess it would only occur once in every 72PB on average…)

As I wrote in the thread about this last month on !linux@lemmy.ml:

I wonder how much work is entailed in transforming Fedora in to a distro that meets some definition of the word “Sovereign” 🤔

Personally I wouldn’t want to make a project like this be dependent on the whims of a US defense contractor like RedHat/IBM, especially after what happened with CentOS.

and, re: “what do you mean ‘redhat is a defense contractor’?!”: here are some links.

(source)

you could edit your post title

Have you tried https://mike-fabian.github.io/ibus-typing-booster/ ?

I have not, but I think it does what you’re looking for.

The demo video emphasizes its use as an emoji picker but it was originally created for typing Indic languages.

At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.

I used to use it long ago, and was pretty happy with it.

Nope.

Nope, it is.

It allows someone to use code without sharing the changes of that code. It enables non-free software creators like Microsoft to take the code, use it however they like, and not have to share back.

This is correct; it is a permissive license.

This is what Free Software prevents.

No, that is what copyleft (aims to) prevent.

Tired of people calling things like MIT and *BSD true libre/Free Software.

The no True Scotsman fallacy requires a lack of authority about what what constitutes “true” - but in the case of Free/Libre software, we have one: https://en.wikipedia.org/wiki/The_Free_Software_Definition

If you look at this license list (maintained by the Free Software Foundation’s Licensing and Compliance Lab) you’ll see that they classify many non-copyleft licenses as “permissive free software licenses”.

They’re basically one step away from no license at all.

Under the Berne Convention of 1886, everything is copyrighted by default, so “no license at all” means that nobody has permission to redistribute it :)

The differences between permissive free software licenses and CC0 or a simple declaration that something is “dedicated to the public domain” are subtle and it’s easy to see them as irrelevant, but the choice of license does have consequences.

The FSF recommends that people who want to use a permissive license choose Apache 2.0 “for substantial programs” because of its clause which “prevents patent treachery”, while noting that that clause makes it incompatible with GPLv2. For “simple programs” when the author wants a permissive license, FSF recommends the Expat license (aka the MIT license).

It is noteworthy that the latter is compatible with GPLv2; MIT-licensed programs can be included in a GPLv2-only work (like the Linux kernel) while Apache 2.0-licensed programs cannot. (GPLv3 is more accommodating and allows patent-related additional restrictions to be applied, so it is compatible with Apache 2.0.)

What is a U.S.-sanctioned place? Why does the U.S. government think this is a bad thing?

https://en.wikipedia.org/wiki/United_States_government_sanctions

🎉 sometimes US sanctions actually do lead to positive outcomes :)