hperrin

@hperrin@lemmy.world

I’m Hunter Perrin. I’m a software engineer.

I wrote an email service: port87.com

I write free software: github.com/sciactive

This profile is from a federated server and may be incomplete. View on remote instance

hperrin ,

He’s probably been on drugs for decades. He accused Biden of being on drugs 4 years ago.

Is Privacy Worth It? ( blog.thenewoil.org )

When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no...

hperrin , (edited )

^ This.

I’m a software engineer, and I’ve worked for the big tech giants. I’m familiar with how they track you. VPNs are worthless. Unless you’re trying to hide your activity from your own ISP (like if you’re pirating stuff), the VPN does next to nothing to cover your tracks. And it’s not like they’re gonna advertise their VPN by saying, “you can pirate stuff without your ISP catching you!”

If you want actual privacy, you’ve gotta use something like Tor browser or Tails. Of course, I’ve gotta wonder what you’re up to if you need that kind of privacy. Usually a privacy window is good enough.

hperrin ,

It’s all downhill from here.

hperrin ,

I run a fairly popular open source project called Svelte Material UI, and I can tell you why I use Discord for support. My users want me to use it. GitHub too.

People want to use what they already have, and most people, even developers, don’t care that much about privacy. I would gladly self host a support forum, but tons of people would rather use a different library than sign up for my personal support forum. And the people who really care about privacy wouldn’t trust my self hosted solution either, so there isn’t really a better option than Discord, as much as that sucks.

hperrin ,

I run a few reasonably popular FOSS projects, and basically the reason I use non-free infrastructure where I do is that my users prefer I use that. I love open source, and I love privacy centric services, but not everyone does, and for open source projects, having (and enabling the most) community involvement is more important than privacy centric toolsets.

In a perfect world, I could self host my own code forge and support forum, and everyone would be willing and able to use it, but we don’t live in a perfect world, and I can’t do that yet. If we keep working toward it, I believe it will happen, but it’s just not ready yet.

hperrin , (edited )

I agree that it sucks. I would much rather use a more open platform. But my users don’t want that. Discord is convenient, people want convenience, and I want to give my users convenience (even if it means I have to answer the same questions once in a while).

hperrin ,

I posted like I normally do from the Voyager app, and it shows me that I’ve upvoted it, so I don’t know.

hperrin ,

Sure, but I’ve actually had people ask me to set up a Discord, and no one has ever asked me to set up anything else.

hperrin , (edited )

Typically, what I’ll do is if multiple people ask the same question or need the same guidance, I’ll put it in the readme or the “Quick Guide” section of the demo site. If anyone knows a solution to make the discord server publicly viewable/searchable though, I’d happily implement it.

Right now, if you have a Discord account, you can join and view the server, and post in the support channel and forum. Maybe there’s a Discord bot I could set up to mirror the content.

hperrin ,

Thank you. :) I haven’t. Is there a guide on that?

hperrin ,

Support != documentation. I have plenty of public documentation.

hperrin ,

Right next to the Discord link is my Mastodon link, and no one has ever reached out to me there asking for other platforms.

hperrin , (edited )

I have my email available too. It’s certainly easy to get ahold of me outside of Discord and GitHub.

I feel like what you need to understand is that most people use closed source, commercial services and don’t care about avoiding non-privacy centric services. It’s not like a this kind of developer/that kind of developer thing. You and I are a rare kind of people, even in the developer community.

If I focused on only providing support through privacy focused venues, I would be excluding the people not willing to sign up for those things, which is a vastly larger group than you might think. Much larger than the group of people who wouldn’t sign up for Discord. Additionally, it’s harder to moderate spam on open, federated platforms. So I’d be adding more work for myself that will take up time I could be using to develop SMUI.

I understand why people want to advocate for privacy focused and federated services. I want to too. But my goal as an open source maintainer isn’t to cater to those people or advocate for something like Matrix, it’s to help my users.

And yes, I search around the web once in a while to see what people are saying about SMUI outside of the official channels.

hperrin ,

You know, my code is open source. You’re welcome to fork my project and run your own version with a privacy centric support forum. Maybe you’ll be successful.

You’re partly right though. I care more about serving my community than proselytizing to them. Not that I won’t proselytize to them, but it’s far more important to me to make sure they can use my software library for their projects than to make sure they use only privacy centric services.

I’ve dealt with a lot of people like you, who want to shame me for the decisions I’ve made. I’m pretty thick skinned, so it’s not going to push me away from the open source or privacy centric communities. But it does push some people away, so you should change to a different tactic. It’s kind of like the difference between telling someone how bad they are for eating meat vs telling them how easy and tasty certain meat alternatives are. One of those methods is basically guaranteed to backfire.

hperrin ,

God forbid the public see a nipple.

hperrin ,

69 interrupted by a period.

hperrin ,

You wait your turn, u/9point6.

hperrin ,

Yay Jellyfin! What an awesome app!

hperrin ,

You don’t actually need to run down first. Just a docker compose pull if you haven’t made any changes, then docker compose up -d will restart whatever needs to be restarted.

hperrin ,

Try it. Just change an environment variable, then run up -d and you’ll see.

hperrin ,

A hero.

hperrin ,

I don’t really like this. If my project has one dependency that is one year behind, that’s the same measure as if I have 52 dependencies that are all only one week behind.

As a general indicator, this might be interesting, but it is not useful in determining anything about a piece of software.

You also might want to remain behind, if you support old versions of a runtime, and you shouldn’t be penalized for that. As long as you haven’t missed any security updates, you’re fine.

hperrin , (edited )

It’s the first move to making it normalized. It’s the “toes in the water” stage of advertising in your OS.

hperrin ,

I’m more excited for Linux on RISC-V, but yeah, Arm is neat.

hperrin ,

The UI seemed like it wasted a lot of space. I hope that Cosmic is better in that regard.

What email provider do you use for sign ups?

I used to use Protonmail, however the verification steps become tedious when creating unique emails for sign ups. I've switched to Tutanota despite it contravening their one account policy. What do you all use for one off emails (for sign ups etc )? Or do you prefer one of those 10 minute email sites?

hperrin , (edited )

I use (and created) https://port87.com. It lets you use a different address for every account and keeps them all organized. It’s great for managing accounts. (And I have literally hundreds of accounts.)

One of the nice things is you don’t need to create a new email beforehand. You can give out an email address that starts with yourusername-, and it just works. You get a new label in your account that you can approve and it goes in with all your other labels.

You can also enable screening on a label if you wanna use it for real people, then it will screen new senders before you see their email.

hperrin , (edited )

Sorry, I don’t have the prices up on the landing site. Here’s the breakdown:

  • 500MB of storage, receive unlimited mail, free
  • send mail, $1/month (to prevent spam)
  • 2GB of storage, $2/month
  • 10GB, $6
  • 20GB, $10
  • 100GB, $20
  • 1TB, $40

I’m working right now on custom domains. I haven’t finalized the price, but right now my plan is to do unlimited domains for $10/month, plus $4 for each additional user.

hperrin ,

You could make a new movie library named “Christian Propaganda”, put them all in there, and only give your mom access. She’ll probably be mad, but it’ll be funny and you’re technically abiding by her request. Once you have your laugh, you can change the name to “Christian Movies”.

hperrin ,

Damn dude. Nice score. :D

hperrin ,

Next stop: plausibly deniable end to end encryption.

kbal , to Linux
@kbal@fedia.io avatar

Update available! This version is very old.

Xscreensaver has apparently been checking for updates and is disappointed that it hasn't had one for 14 months because Debian is too stable. Can anyone recommend a linux screensaver which would work with xfce and can be trusted to never do that?

hperrin ,

Exactly. Stable basically means, “you can build your entire workflow around this bug, because we guarantee we won’t be fixing it.”

hperrin ,

Screensavers are arguable completely useless, because you can just turn off the screen now. Screensavers were invented when the computer couldn’t control the screen.

hperrin ,

There’s always the option of renting a low cost VM in the cloud and running your own VPN. They will probably monitor your traffic though.

hperrin ,

Depends what you’re using a VPN for. If you’re using it for privacy, yeah, it wouldn’t help. If you’re using it for geo locked content, it works great. Or for privacy from specifically your ISP.

hperrin , (edited )

If you’re trusting any other VPN provider, then you’re already willing to trust someone. What’s the difference between trusting Proton and trusting Digital Ocean?

If you’re only visiting HTTPS sites then your ISP already can’t snoop your traffic. A VPN gives you very little added privacy.

No matter what you use, you’re really only protecting yourself from your own ISP.

hperrin ,

You think that using a VPN is protecting you from the website you’re connecting to logging that traffic?

No. The website sees the traffic. The only thing they don’t see is your home IP address. That’s not even a useful piece of information for tracking someone. Home IP addresses are usually dynamic.

Websites track you through cookies and etags, and VPNs do not block those. If they did, you wouldn’t be able to log into any websites, and you would always be redownloading JS, CSS, and fonts you’ve already downloaded.

hperrin ,

You think that using a VPN is protecting you from the website you’re connecting to logging that traffic?

No. The website sees the traffic. The only thing they don’t see is your home IP address. That’s not even a useful piece of information for tracking someone. Home IP addresses are usually dynamic.

Websites track you through cookies and etags, and VPNs do not block those. If they did, you wouldn’t be able to log into any websites, and you would always be redownloading JS, CSS, and fonts you’ve already downloaded.

(Copied for convenience, since your comment is duplicated.)

hperrin , (edited )

What personal information do you think the VPN is blocking? Like, exactly. Precisely what information do you believe the VPN prevents a website from seeing about you?

I understand the difference between first and third party cookies. You said you were trying to prevent the website from tracking you. A website’s cookie for its own domain is first party. If you block that cookie, it’s harder for them to track you, and also you can’t log in.

Your IP address is not very useful for tracking you.

  • Residential IP addresses change often.
  • They’re usually shared by a family or organization through NAT.
  • You will often have different IP addresses throughout the day as you switch between WiFi and cell data.
  • Your different devices may or may not share an IP address.

The major ad trackers use cookies and etags to track you. They don’t use your IP address.

hperrin ,

Then we agree that’s the only advantage. So your original reply is wrong. A cloud VM running self hosted VPN protects you exactly as much as a commercial VPN with regard to the website you’re connecting to.

hperrin ,

Also, please prove to me that you are blocking etags, because that is bonkers.

hperrin ,

So just make a snapshot, and every time you want a new IP, create a new VM from the snapshot. Or if there’s an option in your cloud provider, just request a new IP.

Whenever you connect to a VPN, you use the same IP address the whole session. You have to reconnect to a different node whenever you want a new IP.

But I feel like you’re just being contrarian here. Your objections aren’t rooted in any sort of actual concern over privacy, and I don’t think you really understand the systems you’re using. In other words, you’re just being paranoid.

If you want true privacy, use Tor.

hperrin ,

A VPN doesn’t protect you the way OP thinks it does. It just hides your IP address from the websites you visit. Of course, now instead of one website seeing that you visited it, one organization can see everything you visit.

Basically it just moves your trust from your ISP to your VPN provider. So yeah, if you don’t need that, and you don’t need to get around geo blocks, you don’t need a VPN.

hperrin ,

Not really. Unless you’re visiting unencrypted websites. If you’re using HTTPS and DNS over HTTPS, your ISP can only see what IP address you’re connecting to, not the traffic.

hperrin , (edited )

I’ve been a web and network engineer for 15 years, and I run a VPN on my own production cluster, but sure man, I don’t understand VPNs.

Again, you do not understand how trackers work. Trackers don’t use your IP address. And unless Google changed it since I worked there, I can guarantee that.

Prove to me that you block etags, cookies, localStorage, and service workers. Prove to me that every request you make spoofs a new user agent string. Prove to me that when you run JS, it obfuscates your screen dimensions and hardware availability. Prove to me that it obfuscates your font list and the available vendor prefixes. Prove to me that your browser adds artificial jitter to your real time clock, cause you can be tracked through that. Hell, you can be tracked through your latency, so prove to me you add random latency to your fetch calls. Prove to me you block media queries, because you can be tracked through CSS.

You are paranoid, and you don’t even understand what to be paranoid about.

hperrin ,

I’ve been very happy with btrfs. Ext4 is basically rock solid, so you can’t really go wrong with it, but btrfs has some nice features that ext4 doesn’t have, like snapshots. And it’s fast. I have an extremely cheap SSD that’s too slow to run anything with ext4, but actually usable with btrfs.

Nextcloud appreciation post

After months of waiting, I finally got myself an instance with Libre Cloud. I was expecting basic file storage with a few goodies but boy, this is soooo much more. I am amaze by how complete this is!!! Apps let me configure my instance to fit everything I need, my workflow is now crazy fast and I can finally say goodbye to...

hperrin ,

Webmail has been a Nextcloud feature for years. They improved it. That’s literally what you just asked for. Improving the core components.

hperrin ,

Maybe everything was just purple then.

  • ✔️ Feature
  • ❌ Bug
hperrin ,

€2,100 for the base model.

€4,200 for top of the line.

Why would I want to replace my desktop with this?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • All magazines
    •