Chobbes

Chobbes, 8 months ago

I guess it would contribute to the confusion too. Works on my computer.

Chobbes, 8 months ago

Weird that your father-in-law is a teenager.

Chobbes, 8 months ago

I guess it depends how much of a frequency shift you do, but I imagine with the blanking intervals it will mostly just sound like a nasty sawtooth wave?

Chobbes, 8 months ago

You’ll need to pay $35 (I think?) and write a multiple choice exam.

arrl.org/find-an-amateur-radio-license-exam-sessi…

The exam is relatively easy, and you can find lots of resources for practice exams and stuff. At first you’ll have a hard time with some specific questions, but you’ll get the hang of it. If you want they usually let you write the general and the extra exams after the technician for no extra fee (they’re harder but give you a better license with more permissions. Technician gives you a lot, though)

If you’re at all interested you should do it! Getting licensed doesn’t take much time, even if it seems a little daunting at first. Then you’re ready to go when you get the itch!

Chobbes, 8 months ago

I think there’s an EchoLink repeater near me? I just have a baofeng. I’m planning on building a QMX soon because I feel like CW and digital modes would be fun and I kind of want to go on bike trips and do radio or something. I think I need to look up how POTA and SOTA work. I’m not a big talker in real life, I’ve always kind of preferred written communication, so I’m hoping Morse code helps, haha.

The other thing is I’m just kind of worried about getting the etiquette wrong or doing something wrong, even though it doesn’t really seem that complicated.

Chobbes, 8 months ago

Yeah, I had a couple of good conversations on repeaters when I first got my license, but I’m a bit of an introvert so I always feel a bit weird after a conversation like “did I fuck this up?” haha. And the extra rules and unspoken etiquette around radio is a bit intimidating, but I think as long as you identify every 10 minutes or whatever and stay in band nobody will get too mad at you.

I’m really excited about getting into CW actually, and QRP seems interesting and like a really fun challenge. I actually built a pixie kit recently, but I used it as soldering practice before building the QMX mini that I got recently. Hopefully I’ll have some time to build that soon :). I can mostly copy short 5 or so letter words in my head now at 40 WPM, but I haven’t practiced in a few weeks (and obviously I fall behind on complex words or longer ones). I’m a bit nervous about trying to actually send and receive Morse in the wild though, and I REALLY don’t know the etiquette and q-codes and shorthand associated with that yet, but I guess I’ll learn!

Chobbes, 8 months ago

My understanding is that DXVK implements the Direct3D API using vulkan behind the scenes. So, sure, there might be a bit of overhead versus a more direct implementation. Frankly this doesn’t feel all that different from something like SDL to me. Shaders will have to be compiled into shaders that Vulcan understands, but you could just think of this as part of the front end for shader compilation.

I do agree that it feels less native to me too (particularly over the rest of wine), but it’s sort of an arbitrary distinction.

Chobbes, 8 months ago

It depends what you’re comparing against, but I had plenty of games on Linux when steam released their Linux client. 10 years ago was the start of a huuuge shift. It died down a little bit after a few years (I think a lot of developers stopped caring when steam machines petered out and developers started to decide the Linux releases weren’t worth it), but then after a little while Proton started kicking off and the rest is history. Obviously you didn’t have nearly the selection of windows, but there was still selection.

Chobbes, 9 months ago (edited 9 months ago)

That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not.

Why would TLS 1.3 prevent this kind of downgrade attack? The issue is that TLS has never been a requirement for e-mail servers, so for interoperability they only do TLS opportunistically. Even if you configure your own e-mail server to only talk over TLS, nobody else knows that your server only speaks TLS (or speaks TLS at all), so if somebody is pretending to be your mail server they can just claim to only speak plain text and any sender will be more than happy to default to it. If you support DNSSEC you can use DANE to advertise that your mail server speaks TLS, and even fix the certificates that are allowed, but senders will actually have to check this in order to make sure nobody can intercept your e-mail. Notably both outlook and gmail do not support this (neither for sending nor receiving!), they both instead rely on the weaker MTA-STS standard.

my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all

They absolutely do :).

I highly doubt the “in most circumstances” line

That was maybe too strong of a statement, at least with the recent adoption of MTA-STS this is at least less trivial to do :). The intent of this statement was more “if you are in the position to be a man-in-the-middle between two generic e-mail servers it is trivial to downgrade the connection from TLS to plaintext”. I wouldn’t be surprised if it was hard-coded that gmail and outlook should only talk to each other over TLS, for instance, which should prevent this for e-mails sent between the two (I also wouldn’t be surprised if this wasn’t hard-coded either… There’s sort of a bad track record with e-mail security, and the lack of DNSSEC from either of these parties is disappointing!). Ignoring special configuration like this, and without MTA-STS or DANE these downgrade attacks are trivial. Now with the advent of MTA-STS you’ll probably have a reasonably hard time downgrading the connections between some of the large e-mail providers. Though notably this is not universally supported either, iCloud supports neither MTA-STS nor DANE for instance, and who knows about all of the various providers you never think of. This is a bit of a tangent, but a good talk about how large mail providers might not be as well configured as you’d hope: www.youtube.com/watch?v=NwnT15q_PS8

Chobbes, 9 months ago

AFAIK DKIM/DMARC now is mandatory on most servers.

DKIM and DMARC don’t have anything to do with this. DKIM is a way for e-mail servers to sign e-mails with a key that’s placed in DNS in an attempt to prevent e-mail spoofing, but this in no way protects e-mails you send from potentially being read in plain text. DKIM is also not necessarily mandatory, and you can potentially get away with just SPF. Many mail servers also do not have strict sender policies, which could potentially allow for spoofing in certain situations. Also neither DKIM / SPF provide any protections if an attacker is able to poison DNS records.

GPG. Or other E2EE.

I mean, yes, but that’s not really the point. PGP has essentially nothing to do with the e-mail protocols aside from the S/MIME extensions. Almost no institution is using PGP to secure e-mails. You could also encrypt something using PGP before you sent it over the fax lines in theory.

Chobbes, 9 months ago

Nowdays client-server and server-server communication is ecrypted and signed, so no an issue now.

This is probably true, but in a very unsatisfying way. It’s not accurate to say this is not an issue now because mail servers talk to each other with opportunistic encryption — if both ends say “hey, I support TLS” they’ll talk over TLS, but if either end claims to not support TLS they’ll default to plain text. This is deeply concerning because it’s very possible for somebody to mimic another server and get the connection downgraded to plain text, bypassing TLS altogether. There are standards to deal with this, like DANE, but most large e-mail providers don’t support this… The other more recent standard to address this is called MTA-STS, but it’s much weaker than DANE and can potentially be exploited (but at least gmail and outlook support it, I guess). E-mail security is in a weird place. It’s slightly better than the “completely unencrypted” situation that people seem to think it is… But it’s also pretty much impossible to guarantee that your e-mail will not be sent over plain text.

Chobbes, 9 months ago

No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.

This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.

Chobbes, 9 months ago (edited 9 months ago)

Neither TLS provide in such case. Attacker can request ACME cert.

Depends whose DNS you can mess with, but yes! It may be possible to poison DNS records for one e-mail server, but ACME certificate providers like letsencrypt (supposedly) try to do DNS lookups from multiple locations (so hopefully a simple man-in-the-middle attack will not be sufficient), and they do lookups directly from the authoritative DNS servers. This is, of course, not perfect and theoretically suffers from all of the same mitm problems, but it’s more thorough than most mail servers will be and would potentially limit who would be in the position to perform these attacks and get a bogus certificate issued.

With DNSSEC and DANE you are even able to specify which TLS certificate should be used for a service in a TLSA record, and you can protect your A records and your CAA record which should make it much harder to get bogus certificates issued. Of course you need to trust the TLDs in order to trust DNSSEC, but you already do implicitly (as you point out, if you control the TLD you can get whatever certificate you want issued through ACME). The reality right now is that all trust on the web ultimately stems from the TLDs and DNS, but the current situation with CAs introduces several potential attack vectors. The internet is certainly a lot more secure than it used to be even 10 years ago, but I think there’s still a lot of work to be done. DNSSEC, or something like it, would go a long way to solving some of the remaining issues.

Chobbes, 9 months ago

I’m not responding to that comment?

Chobbes, 9 months ago

I don’t think it’s that clear cut to be honest. More code doesn’t mean the package benefits more from optimizations at all, and even if that were true you might care more about the performance of the kernel or various small libraries that are used by a lot of programs as opposed to how fast some random application that depends on qt-WebKit is:

Chobbes, 10 months ago

I would disagree. I feel like nixpkgs has pretty much everything, more so than any other distro in my experience. The differences in how NixOS work can make it a little weird to run something off the cuff, but steam-run has your back in those situations.

Chobbes, 10 months ago

It’s the probably the best distro for dev work imo. Nix in general is really nice for development. Games work fine — you can just install steam or putrid or whatever, and you can run normal binaries with steam-run.

Chobbes, 10 months ago

For sure! I don’t think we’re actually in disagreement at all, just the limits of text communication :). NixOS is certainly less important to me and I don’t really care if people use it or not at all (it’s nice but there’s enough differences that you have to be aware of that it’d be frustrating to some people — even if ultimately those differences are something that can be worked around… If you’re well versed in nix and Linux NixOS is kind of a no brainer, though). Nix for development (or something like it) is legitimately enough of a game changer to warrant some of the evangelism in my opinion, particularly since as you mention it’s pretty much free to try on any (non-windows) system, and adding nix to a project doesn’t harm non-nix users (more than they’re already harmed anyway, haha). I’ll admit that I worry about how “nix ugly and unintuitive” seems to be a huge problem for adoption, and frankly I don’t blame people for bouncing off of nix (I bounced off of nix in 2011 or so and didn’t come back to it for like 10 years — though it was a bit of a brain worm nagging at me the whole time). That said I think the impression people have of nix being this horrible and completely ugly language (an impression I’ve had in the past as well) is also somewhat untrue. The nix language itself isn’t so bad, but the expectation is for it to just be yaml because “I just want to list dependencies”, which is fair and it might be nice if we had some better abstractions to make that more clear. All of the phases in a nix derivation are confusing and poorly documented, and some operations on attribute sets should probably just have nice special syntax instead of these fancy update fixpoints that the average developer isn’t going to understand… ultimately I’m a little unclear on how much of this is “the nix language sucks and needs to be thrown out” and how much is “we really need a better introduction to what this is and how to use it, especially with some beginner examples and best practices for different languages”. I worry a bit about non-nix nix package managers just from the perspective that it’s really nice to have the one tool to rule all development environments, but maybe fragmentation won’t be a huge problem.

Chobbes, 10 months ago

I think it depends on the user :P. NixOS is pretty hard to get into because the documentation isn’t great… but I’d argue it’s one of the most user friendly ways to configure a system, and it can be really nice to copy configurations from other people.

Chobbes, 10 months ago (edited 9 months ago)

I don’t think it’s an apt comparison of the distros, but I agree that both have a cult-like following. I also feel like there’s a bit of a difference in the evangelism of both distros… I don’t really understand why people evangelize Arch, and my impression is largely that (1) people mention that they’re on Arch so others know they might be having different configuration issues, or less charitably (2) people mention Arch as a weird brag because it’s seen as an “advanced” distro. In contrast people seem to recommend nix and NixOS because it solves a frankly ridiculous amount of real problems that people experience with development environments, package managers, and system management. I.e., we bring up nix and NixOS because we care about you and think it might actually be useful for you. I don’t really want to dictate what other people use or brag about using nix / NixOS, but people complain to me about different problems constantly that are just resolved by nix, so it feels wrong not to mention it. It’s frustrating because it definitely makes you seem like you’re in a cult, but it really is the right level of abstraction for package management, and as a result it solves so many problems and little frustrations.

Honestly, it’s kind of frustrating to watch people not use nix. I have nix set up for the projects at work because I got tired of them not building and people randomly changing dependencies and it taking 3-4 weeks for somebody new to the project to get the thing to compile. Everybody new that I have set up with nix gets the project working instantly, and everybody else ends up spending weeks flailing around with installation. Unfortunately, I’ve given up on recommending people use nix for the project because a number of senior people have decided that they don’t like nix and there’s a bizarre amount of drama whenever I recommend a newbie just use it to get set up (even though it has always worked out better for them). It’s just not worth the headache for me to stick my neck out, but I feel bad and it’s really frustrating how literally everybody else takes 3-4 weeks to get up and running without nix :|.

Chobbes, 10 months ago

Trackballs are great! I wouldn’t necessarily recommend anybody switch if they’re happy with what they have, but they work pretty much as well as a mouse for most tasks, can be better for RSI, and don’t need as much desk space because the device is just stationary. I have both a mouse and a trackball on my desk to switch things up, but the trackball gets the most use. My main gripe with the trackball is just that you have to clean the gunk out every so often, but otherwise it’s awesome.

Chobbes, 11 months ago

The human genome one was the one that stood out to me. I’d be curious to see a source from the time if you’ve got one!