Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

16K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

Public
Essem :skeeter:

I THINK THE MATRIX CHAT PROTOCOL SUCKS

A still frame from one of the live action Scooby-Doo movies where Fred is in the middle of saying "I think Coolsville sucks!"
Public
Kevin Karhan :verified:

@esm indeed it does - espechally compared to & !

Public
Essem :skeeter:

@kkarhan xmpp has almost no good clients and yet the ux is still better with it compared to element or any other matrix client

Public
hexaheximal

@esm @kkarhan meanwhile, good lucking finding a good web xmpp client. I tried. didn't go well.

Public *
Kevin Karhan :verified:

@hexaheximal @esm Why would anyone want that anyway?

There are native + client for literally any relevant platform!
mstdn.social/@kkarhan/11140494

Public
hexaheximal

@kkarhan @esm Most people (including me) prefer using those kinds of things in a web browser.

Also, obvious counter-argument for the any platform thing: chromeos

Public
Kevin Karhan :verified:

@hexaheximal @esm

Any with of all Keys should be considered security-sensitive and thus should not he used as a .

Also supports -Apps and if you don't have administrative privilegues on a machine then consider it insecure and nit trustworthy for yourself as a user!

#ArgumentInvalid
Public *
hexaheximal

@kkarhan @esm Not all chromeos devices do. (e.g. ones where apps are restricted by management), and there are still other scenarios where a web app is the best/only way to do it. #ArgumentValid

Public
hexaheximal
@hexaheximal @kkarhan @esm I also forgot about the most obvious thing...

Back in the 90s, Bill Gates infamously decided to kill Netscape. He did it because he knew that web apps would make the operating system irrelevant.

While his solution was wrong, he correctly predicted that web apps were going to take over.

Look at all of the desktop apps which are just Electron wrappers now too. It's very common. (and before you say that electron is bad and discard it, which is likely, https://github.com/nukeop/nuclear/blob/master/docs/electron.md)

> Any #E2EE #Messenger with #SelfCustody of all Keys should be considered security-sensitive and thus should not he used as a #WebApp.

This is irrelevant too. Browsers have really good sandboxing nowadays, and on chromium you can even create multiple profiles within the UI. The reality is that, as long as the client-side code can be trusted (reminder that you can self-host element and/or cinny if you don't trust it - I've done that before) as well as the browser itself, it's about the same in terms of security.

You are fighting against reality.
GitHubnuclear/docs/electron.md at master · nukeop/nuclearStreaming music player that finds free music for you - nukeop/nuclear
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world
You may call me a evangelist but

everytime something that could've been barely Megabytes as an , , or Kilobytes as a tool instead shoves yet another entire half gig copy of the - that is onto the Desktop despite using not even 0,1% of it's featureset

I call this a systemic failure in Software Architecture.

Browsers are the most attacked applications on beyond CMSes and Webservers...

Dec 23, 2023, 05:44 AM·Public
1boost·3favorites
Public
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world ...and even if we think local are a legitimate way to handle sensitive comms - they ain't but let's just assume they are for the sake of argument - WHY would you do anything beyond a .desktop file that includes startup parameters for (or even if you're that kind of Cyber-Masochist!) that specify the browser, and the file to load.

Because any good should be reduceable as + + and measured in kB or maybe a few MB.

Public *
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Shit like is an abomination and only won because regulators are systematically dysfunctional, corrupt and staffed with , otherwise all the , and among others would've been forcibly disbanded the same way was.

Microsoft feared but nowadays they basically gave up on and OSes since , & make the real profits & margins!

blob.cat/objects/29e2ce65-026f

blob.cathexaheximal (@hexaheximal@blob.cat)@hexaheximal @kkarhan @esm I also forgot about the most obvious thing... Back in the 90s, Bill Gates infamously decided to kill Netscape. He did it because he knew that web apps would make the ope...
Public
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world Like & & before them, is working hard to forcibly -ize & -ify (aka. ) their products and subsequently cancel any , / and options until there's only / as a with no control over anything whatsoever...

And OFC that'll be weaponized against anyone and everyone!
twitter.com/frank_rieger/statu

X (formerly Twitter)Frank Rieger (@frank_rieger) on XThe number of network connections required to @Microsoft and @Skype servers, to get Word just to start, is now 31. You can no longer say "I don´t want to send diagnostic data", then Word just quits silently. (Please spare me the Open/LibreOffice gospel, it does not apply here.)
#Enshittification
Public *
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world

So yeah, don't trust any where it's trivial to siphon away credentials.

And don't trust any , because they WILL LIE TO YOU just like the of and @protonmail did/still do.

Keep your keys in self-custody and encryption as well as decryption locally or don't even bother at all!

And I'd certainly not do critical comms from an insecure device where I don't have full control!

dreadytofatroptsdj6io7l3xptbet

Public *
hexaheximal
@kkarhan @esm @hexaheximal @protonmail

1. ProtonMail is not a honeypot. No idea where you got that from.
2. Dead onion link. I actually went out of my way to try it but it lead to nowhere.
3. I already told you that you can simply self-host Element and Cinny.
4. Now, consider, what if a native app does something malicious that's not possible in a browser sandbox. ;)
Public *
Kevin Karhan :verified:

@hexaheximal@blob.cat @protonmail @esm @hexaheximal@wetdry.world

1. People said the same about ...
And sadly my gut feeling and the Intel I get is way more reliable than marketing lies.

Let's just say if I was wrong I'd already be dead a dozen times...


2. It's not dead, because I can just open it, even on Mobile.

Public
hexaheximal
@kkarhan @protonmail @esm @hexaheximal the fact that you avoided responding to points 3 and 4 really says a lot.
Public
Kevin Karhan :verified:

@hexaheximal@blob.cat @protonmail @esm @hexaheximal

3. Why would I want to self-host when it doesn't provide me with any convincing benefits compared to , + or even .

Public
Kevin Karhan :verified:

@protonmail @esm @hexaheximal

4. It's easier to audit a small, native app and even sandbox it into a single user that has literally 0 privilegues because a higher layer that doesn't allow said user to interact with it constricts it.

[Thats's literally done with and where they're run as dedicaded users which have no privilegues excpet their own use-cases

Public
:blobcatverified2:
@kkarhan @hexaheximal
Ok, the Gaslighting seems to be a issue of the federation...
On our server it looks like the order is: Posted, Edited, Answered.
But that doesnt mean that its the same Order for mstdn.social or even in both of your clients.

I know you both wont agree and you dont need to agree, thats fine. I rather suggest to both of you that you keep in mind that Federation has latency, Edits could easily missed and also certain Clients dont display Threads in a intuitive way.

And just to mention, even if it is Gaslighting, it needs more than just once in a heated discussion so that i take actions.
Public
hexaheximal
@Jain @kkarhan Yeah, quite odd. The timing is slightly different between instances but even on mstdn.social it goes in the order of posted, edited, answered. even their screenshot showing my post as edited confirms the timing.

This could mean one of two things:

- On the backend, it updated, but it didn't live-refresh on the frontend.
- Somehow, it managed to have the post come in afterwards but the timestamp does not reflect that.
Public *
hexaheximal
@protonmail @kkarhan @esm @hexaheximal based

I've even looked at the network requests while using protonmail, and the messages are indeed encrypted. However, the subject and other metadata is not. Unfortunate, but understandable considering it's PGP, which does not encrypt metadata afaik.
Public
JesseTong

@kkarhan @hexaheximal@blob.cat @esm @hexaheximal@wetdry.world I don't think it's failure but intentional since those corporate higher ups wants cheap, inexperienced web developers who can create a half-ass app that can cut corner better instead of actualy native app developers who can optimize their apps for most users. Users are nothing to those people, they just ask them for upgrade their hardwares or say f* them instead

Public
hexaheximal
@kkarhan @esm @hexaheximal if you care that much, write your own native app. Problem solved. The reality is that nobody cares - most important things nowadays are either a web app or a wrapper for a web app.
Public
Kevin Karhan :verified:

@hexaheximal@blob.cat @esm @hexaheximal@wetdry.world

Apparently you do care - on grooming your escalating commitment to excuses to not use or even try out something...

But that's your decision.

It's okay to be wrong...

Public
hexaheximal
@kkarhan @esm @hexaheximal I do use XMPP though. I've tried multiple clients even - both native and desktop. Ended up on Dino.
ExploreLive feeds
About