litchralee

In a nutshell, revolution turns on information and power asymmetry. Sometimes just one of those is sufficient, having both makes the results highly likely, but not guaranteed.

Stating with information asymmetry, we start with the identifying the usual groups of people. I will be using terminology more akin to the Westminster style of governance, which does not so clearly distinguish the roles. In a governmental revolution, there are those in power (eg a president, prime minister, members of parliament, monarch), there is the state and its institutions (eg military, judiciary, civil service workers in those departments, treasure, welfare, foreign representatives), and then there's the citizenry (aka the people).

Of these, the citizenry are the absolute largest group but the least organized. In a monarchy or autocracy where power is concentrated in the very few, the citizenry are often denied the means of communication or it is strictly censored or controlled. In a republic, the state is created as the organization which is meant to serve the people, and I'm not aware of any republic that has ever created two duplicate organizations to guard against usurpation. To that end, the citizenry are the most dependent on the state and the government for information. Even when it's now technically possible to exchange information using mesh networks, online forums, ham radio, and even plain ol letters, the fact is that convenience means that the majority just aren't dialed into the situation, or that the official mouthpieces have enough sway to quell the public.

But it need not only be the citizenry that are kept in the dark. The government itself can end up being split apart by those who know versus those who don't. As an example, look to the former South Korean president that attempted to impose martial law. In the chaos that ensued, members of the legislature needed to understand what was going on first, in order to combat the situation. It eventually emerged that the legislatute was being blockaded and that a vote would be held to nullify the imposition of martial law. Photos of some legislators scaling the outside wall of the assembly made international headlines. That was only possible because enough representatives got word that a vote was going to happen, and that it wasn't a trap.

The South Korean example also shows what happens when the state is not on the president's side. The military was doubtful that the president could lawfully declare the legislature as acting against the interests of the country, and so they did not substantially mobilize. Likewise, the citizenry were not having it either and protested in public. Perhaps it would have been different if the president was able to sever communications lines, an often-used tactic in the hours prior to a coup.

As for power asymmetry, that's much easier to explain. The same groups as before each wield separate powers, some of which are more effective at times and some less. For example, the military has all sorts of hardware that could be used against the citizenry or against the state institutions. Shopping mall, tax offices, and city halls aren't exactly built to repel RPGs and mortar fire. The government also benefits from having authoritative power, meaning they can claim a mandate (eg from heaven, from the monarch, or from the people) that legitimizes their attacks on the state institutions or the people. See the Stalinist era of the USSR.

Meanwhile, the people have the power of populism, where the influence of social mores can and does have tangible impact. Look to the UK where MPs and cabinet members have been forced to resign "due to scandal", where their position "becomes untenable". From an American perspective, this would seem unusual since a corrupt politician would still end up serving their term. Yet in the UK, they recognize that they cannot continue in their job if nobody will ever look at them with a straight face. No committee would keep them on, they could never hold a cabinet portfolio, they can't effectively represent their constituency, and can't represent the country in good terms overseas. They could just sit there and collect the paycheque, but ultimately, they know their days are numbered or the government will have the police service investigate them. So they resign, simply because of the crushing weight of public opinion. That is power.

Finally, there's the institutions themselves that have power. With the presumption of regularity, institutions hold tremendous soft power. That is, without firing a gun, an IRS tax agent or DMV worker can make someone's day, or make it their worst day. A judge can grant search warrants that authorizes someone's house to be turned upside down. Or a department of transport can start eminent domain proceedings to acquire someone's home. Meanwhile, the central bank can change the value of money, even the banknotes in your wallet, overnight. So powerful are institutions that in at least two places in California law, one of which is the open government act, the law opens with a declaration that "The people of this state do not yield their sovereignty to the agencies which serve them". This is a warning against the institutions to not abuse the power they are entrusted with.

So, what does this mean for revolution? For both information and power, it's not about how much is possessed but how it is used. Sometimes information can coerce power to be used. The Zimmerman telegram was a large part of how the USA joined WWI, because the British intercepted it and realized it would spur Americans to support the war against Germany. Domestically, small power can be used to test a larger power, basically to try calling a bluff. If the police declare a curfew due to false allegations of rioting, protesting is a response to the dare: will the police actually try to pepper spray and arrest thousands of people that show up anyway? If they don't, they've folded. If they do, there is now information (eg video, photos, TV) that can be leveraged to encourage more power (eg more protests, or state intervention against local police). In the most extreme case, the police could respond with overwhelming force (see Kent State Massacre). But in that situation, it was so uncalled for that other powers responded: the USA's involvement in Vietnam and Nixon's presidency became more unpopular than ever, causing mandatory conscription to end in 1973. It has not come back since, because people will still remember that event. Even as the shooters in question escaped legal culpability, it has cost the nation the effective power to call the citizenry into military service. Such power would be tough to regain, because the citizenry would fight it. Hence why all such attempts since in the USA have failed to reintroduce conscription.

TL;DR: the balance of information and power ebbs and flows over time, sometimes yielding unique opportunities or colossal failure.

That ebook reader is wild! Does the text stay in place while you read, or does it scroll past like a stock ticker?

If the latter doesn't exist, I guess I should go push a PR to make that happen on meshcore firmware haha

Hi! Firstly, thank you for using /dev/urandom as the proper source for random bytes.

Regarding the static H1-H4 issue, does your repo have any sort of unit tests that can verify the expected behavior? I'm aware that testing isn't exactly the most pressing thing when it comes to trying to overcome ISP- and national-level blocking. But at the same token, those very users may be relying on this software to keep a narrow security profile.

To be abundantly clear, I'm very glad that this exists, that it doesn't reinvent the WireGuard wheel, and that you're actively fixing bug reports that come in. What I'm asking is whether there are procedural safeguards to proactively catch this class of issues in advance before it shows up in the field? Or if any are planned for the future.

I've had the opposite experience, where NewPipe lagged behind PipePipe in terms of adapting to YouTube-related changes. It had something to do with updating the subscription feed (not that that function is totally reliable on either app).

I also observed this strange issue with NewPipe where if a notification sound interrupts a background-playing video, the audio would stay reduced in volume until the app was brought back to the foreground. A cursory search suggested it was specific to Samsung phones, but when I switched to PipePipe, the issue simply didn't appear.

Grain of salt: I haven't used NewPipe since switching in November.

That's fair, but since OP doesn't have the machine to immediately check the model number, and 2010 is within spitting distance of 2012, I figured I'd provide some additional info, just in case it's older than originally estimated.

That said, a 2010 machine would be fairly ancient. But then again, it's 2026 and DDR3 is somehow relevant again....

If that MacBook is old enough that it's part of the first generation of Intel Mac products, you may have to do a few extra things to account for the 32-bit EFI -- not UEFI; that would come later -- that those machines used. I recall dealing with this myself, back when older versions of Ubuntu provided the ISO for specifically this scenario. Instead, you might want to review this page which describes the problem and how to address it: https://ctrl-alt-rees.com/2024-08-13-operating-system-options-for-32-bit-efi-mac-macmini-11-21-macbook-imac-64-bit-usb-install.html

Note that a 32-bit EFI does not prevent you from installing a modern 64-bit OS. The complexity is just with getting the system to boot from the installer disc.

Ok, I'm curious as to the DPI claims. Fortunately, AmneziaWG describes how it differs from WG here: https://docs.amnezia.org/documentation/amnezia-wg/

In brief, the packet format of conventional WireGuard is retained but randomized shifts and decoy data is added, to avail the packets with the appearance of either an unknown protocol or of well-established chatty protocols (eg QUIC, SIP). That is indeed clever, and their claims seem to be narrow and accurate: for a rule-based DPI system, no general rule can be written to target a protocol that shape-shifts its headers like this.

However, it remains possible that an advanced form of statistical analysis or MiTM-based inspection can discover the likely presence of Amnezia-obfuscated WireGuard packets, even if still undecryptable. This stems from the fact that the obfuscation is still bounded to certain limits, such as adding no more than 64 Bytes to plain WireGuard init packets. That said, to do so would require some large timescales to gather statistically-meaningful data, and is not the sort of thing which a larger ISP can implement at scale. Instead, this type of vulnerability would be against particularized targets, to determine if covert communications is happening, rather than decrypting the contents of said communication.

For the sysadmins following along, the threat of data exfiltration is addressed as normal: prohibit unknown outbound ports or suspicious outbound destinations. You are filtering outbound traffic, right?

Insofar as USA law might apply, it may be useful for you to review the legal case involving Internet Archive's CDL program: https://en.wikipedia.org/wiki/Hachette_v._Internet_Archive

Since the realm of copyright law is inextricably tied to the question, I'm going to try to clarify some points. Firstly, "theft" has never been the correct legal analogy for copyright infringement. That misconception comes from a false equivalency in the late 20th Century to warn would-be infringers of the steep penalties; many Americans will remember the phrase "you wouldn't steal a car", even though the feds cannot charge copyright infringement as theft (which requires a tangible, non-duplicable item, like car theft or wage theft).

In the US at least, it's illegal to stream movies you don't own or don't have the license to stream.

Only the second part is correct: all copyrighted works are used per the license granted from the owner. Such a license may restrict the format that the work is delivered, but not always. The license that accompanies physical media is: 1) irrevocable, and 2) follows the disc's owner (recognized in USA law as the "doctrine of first sale"). So long as the disc is owned and intact, the license is good. Furthermore, under "fair use", it is allowed to make copies of works for either: a) time shifting (ie recording a live broadcast to watch it later) or b) to change the format, aka compatibility. The latter is why it's allowable to rip a DVD into a personal Jellyfin server. It's valid so long as the license is still good, which applies so long as you still own/possess the disc.

By participating in the co-op, when you stream a movie, ownership of that physical media and the digital copy is temporarily transferred to you.

Two counterexamples come to mind, the first being the Internet Archive case that I linked earlier. The second is a Supreme Court ruling against a company that rented miniature TV receivers located in metro areas across the country. In that case, SCOTUS found that although it's fine to rent out a TV receiver, the license for the over-the-air transmission was only valid within physical range of the signal. So conveying the TV content beyond the metro area created a copyright infringement, and the company was actively facilitating that. That company doesn't exist anymore, due to the crushing legal liability.

They are expensive for the library and don't have great selection

Most libraries are funded from a budget, and negotiate e-book and e-movie access based on an approximate estimate of concurrent users, not on a per-user basis. Otherwise, those libraries would have uncontrolled costs if everyone decides to stream Die Hard (1988) at the same time on Christmas Day; it's definitely a Christmas film. Quite frankly, most libraries would be thrilled if more people obtained library cards and used the services, because it justifies the budget for the library and proves its value to the community.

If you aren't finding the content you want at your library, the best thing to do is to request what you want. Libraries are always buying new materials or access to more services. But unless library cardholders voice an opinion, the librarians will just choose generically. Be the change you want to see.

Technologically, creating a co-op is always an possibility. But always remember that the very concept of a public library is "grandfathered" and if we had to reintroduce it, the establishment would never allow it. Cherish libraries as the crucial community resources that they are. The precise form might change, but the library role must always endure.

TL;DR: the idea is legally unsound. Instead, buy discs to form a community library and share the discs, basically a Blockbuster co-op. Or advocate for a better public library.

Because of the AI-induced scraping traffic? While not perfect, Anubis and similar are coarse-but-effective solutions for self-hosting repos.

And if it it were acceptable to outsource such protection to a CDN (eg Cloudflare) in order to retain firm control over the repo, then that's a choice that's also available. Not everyone agrees that CDNs have a role in self-hosting -- fair enough -- but when a project's very repo and existence can be wiped off the internet, owning a domain name and the affirmative upstream repository is a tractable and intermediate goal, even if it doesn't achieve full independence.

Self hosting is an exercise in harm reduction.

I'm of the opinion that hashtags are one of the most egalitarian things recently devised, because they require no advanced arrangements to use, can be created by anyone, can by adopted by everyone, and are amplified solely by their enduring usage. It is very much a popularity contest if a hashtag comes into vogue or if it is abandoned and something else is used, or maybe the specific community isn't as large as imagined. So for any given hashtag, I'd say just try it and see if it sticks. The Internet Police will not issue citations for improper hashtag use.

As for the underlying exercise of inviting LinkedIn people to break into your homelab, I'm not sure I see their incentive to do so. Why would unsolicited people (as in, not the AI bots) have any interest in doing so? If they had the chops to break into a network, why expend that time and effort for bragging rights, when instead that sort of work is billable?

As a general rule, I'm not thrilled when there's an implicit assumption that other people's labor is being valued at $0.00/hr. There's a fine line where it might be OK to ask an expert for a bit of help or advice, but the premise of your request is to get pentest professionals to do work for no compensation, and it's not even for a charitable, educational, or otherwise enriching purpose. Why should they?

I'm reminded of the email exchange referenced in this blog post, where an "unbreakable" encryption scheme is presented to an audience of highly capable cryptographers, and they proceed to demolish the scheme as being wholly broken, because the person who presented it could not take no for an answer. Do not be like this person.

In American English (AmE) and British English (BrE), the verb "to table" is used in legislative debates. But the meaning is diametrically opposite: AmE uses the verb to mean the abandonment of a bill, analogized as though leaving it on the bargaining table to rot. Whereas the BrE verb means to introduce legislation, as in "bringing a bill to the table".

Both clearly share the same origin -- a piece of furniture -- and yet diverged as to what act is described by the word.

Other confusion arises from the verb "to sanction" which can mean "to allow" but sometimes also "to prohibit" or "make punishable".

And a more modern addition in slang vernacular: "to drop". In the context of artists, "dropping a mix tape" would mean to introduce new music. But "dropping a vocalist" means that the band has fired their singer. It would be confusing if both uses were found in the same sentence.

TIL the EAS broadcast on WX band doesn't include a digital sub carrier with a text version of the audio warning. That's an amazing omission, since even the nationwide timekeeping signal out of Colorado has both an audio and digital mode.