• 0 Posts
  • 58 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle







  • Yes.

    They will often display prompts while driving that are on a timer “suggesting” route changes or alternates and auto selecting yes.

    To abbreviate massively and not dox myself, this caused me serious financial harm as a road trip rerouted onto roads unsafe for my vehicle.

    I loathe Google and many tech companies for their sheer and ardent refusal to have proper customer service, or any method of customer feedback. A/B testing will never tell you that the top navigation directions should focus on the major high numbers and road names, not what road segment you are on. I need to know what lane to be in for my next turn in 5 miles, not how many times I will fade merge between segements only to have you finally tell me the lane when I’m a quarter mile away.

    Google Maps is fucking awful in so many ways that are inexcusable, and worst of all they were allowed to fucking buy more of their competitors. Right now Magic Earth is a distant also ran in this field, and due to Google’s massive proprietary features always will be without support.

    And I haven’t even mentioned how my map results are plastered with promoted ads and locations. Which is just useless and infuriating when I am searching for a specific placename.


  • KeePassXC you would put the sync-file itself into syncthing or something, and then KPXC would resolve changes between the sync file back to the main vault. I don’t use this method directly so I might be incorrect on the details, but it is possible to setup in a device to device manner.

    You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices. It does not use cloud hosting or servers. It has the equivalent of a 90s FPS matchmaking lobby, so you can find your own devices latest IP.

    You register the devices with each other with their generated ID codes. Then you ask the matchmaking server when it last saw that alias. It gives you the last IP that checked in with that unique alias. It then contacts that OP, and performs a handshake. If it passes, your two devices can now sync directly. The matchmaking relay has 0 data of yours, and 0 ability to associate your unique ID with a name, hardware, or anything other than a last seen IP. When on the same LAN, devices don’t even query the matchmaking relay if you don’t want. It’s totally offline.

    If you elect to, you can allow relays to let you tunnel of you have NAT issues, and your end to end encrypted data can be synced through a relay. In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM. If this makes you paranoid, you can easily add a password to the sync folder itself, encrypting it unless another user inputs the password on the other end. Adding another layer if you wanted.

    I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily. Syncthing works for tons of devices and other purposes as well, preventing to host a password sharing only tool, and just letting you use a direvy device to device sync tool. I don’t know how or why you would have vault conflicts, but it really does sound like something fixable. Running this for years and I’ve never run into it.


  • This is one of the rare cases where I believe security through obscurity applies.

    What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don’t know is passwords or porn.

    Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.

    Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).

    And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.

    Point is, I’d rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe’s Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.


  • In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.

    For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.

    However KeePassXC’s sync feature does sync the vault.

    Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

    If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.

    Syncthing is a direct device to device transfer. No server in the middle unless you want it.

    https://docs.syncthing.net/users/relaying.html


  • This still requires a server setup, focused entirely on passwords. Why do that?

    Why not just use KeePass or KeePassXC, and use Syncthing for this and general files, or KeePassXC’s keeshare sync to sync the files without any hosting, server, or other services.

    Extremely simplified tldr: both of these are like a authenticated private bittorrent, where the “tracker” only helps you find yourself on another devices, no data is ever sent outside of your authenticaed devices, and all transmissions are encrypted as well.




  • If you’re in prison for life, and you want to kill yourself because of gender dysphoria, providing you the medical care to avoid that is the humane thing to do. Period.

    If you are an immigrant detained for 6-12 months before deportation, the the odds of this applying to detained immigrants is near 0, but let’s say 1% it does, this would be tailored at ensuring they can have the drugs they require.

    Keeping people from shooting out the back of their fucking heads or swallowing a bottle of painkillers to end it all is always the humane choice.

    Don’t worry, we could fund it all by just not administering a few death penalties (those are more expensive than life imprisonment).





  • “Moving the goal posts” I fail to see how I’m changing the conditions. I’m explaining a clear and obvious issue in that image which is why it’s not a good comparison.

    Okay, extensions require container processes, for each one. Each new extension add to the RAM usage. For both Firefox and Chrome.

    So already the comparison is flawed because Firefox now requires more base memory to load those extensions out the gate.

    But now, Firefox is clearly showing Tampermonkey in the toolbar, a userscript extension. Let’s just say I run a script that fetches competing price info from temu.com when you browse a site like amazon. Not uncommon.

    Let’s say I set that to loop, so it’ll work on infinite scroll pages too.

    Okay, now if you leave your browser alone for an hour and it’s refreshing these scripts, guess what happens to the memory?

    Every test of current builds of FF vs Chrome has found extremely negligible performance differences when both are stock installs.