Links 1 and 2 have not had updates in 10 and 8 years respectively, they probably don't even compile anymore. They implement OTRv3 which was published in about 2005 and uses 1536-bits primes. As far as I know, neither the protocol nor the implementations were audited (and especially not audited recently). This is not good encryption at all.
Additionally, OTRv3 does not allow multiple clients per account, which makes it unusable for anyone who wants to chat from two devices.
I use link [1] all the time. It comes pre-compiled for many Linux distributions but not installed by default. And yeah like I said it needs cipher updates like was recently performed in OpenSSH. HN has a handful of cryptographic nerds that could update OTR in their sleep if they so desired maybe even rewrite in Rust but being cryptographic nerds they probably have no need. If the same is true with cryptographers as is with car mechanics and plumbers they probably only use plain text as mechanics have broken down cars in their yards and some plumbers have old leaky pipes due to burn out.
As a mechanic-minded person, all the broken down junk i plan to fix someday has no bearing on the state of the tools i actually use day to day
(In my case, all the old broken guitar pedals and vintage computers littering my house have no bearing on the state of my workstations and gigging setup)
> which has lead to the flagship instance being far bigger than its moderation team can handle, leading to a situation where it's a major source of abuse
Is that still true? As the admin of a small instance, I find the abuse coming from mastodon.social has been really low for a few years. There is the occasional spammer, but they often deal with it as quickly as I do.
> the plausible, strange, not-too-distant future in which AI models are autonomously running things in the real economy.
A plot line in Ray Naylers great book The Mountain in the Sea that plays in a plausible, strange, not-too-distant future, is that giant fish trawler fleet are run by AI connected to the global markets, fully autonomously. They relentlessly rip every last fish from the ocean, driven entirely by the goal of maximising profits at any cost.
Like what? It can already use npm/pip/etc. And if it needs a new APT package or config in /etc/ then you would want to know because you need to document it.
Claude Code on NixOS feels like it has super powers. Being able to spin up a nix-shell with needed dependencies on demand gives it access to all sorts of tools I don't have or want installed on my base system. My "book-recommendation" claude code uses sqlite to manage my reading history and to-read and maybe-read lists but I never installed tools for sqlite and they aren't present on my NixOS desktop. It just launches a nix-shell with sqlite anytime it needs to read/modify the database. As long as the database file is within the directory claude code was launched from, it doesn't need to prompt for permission. With the caching that NixOS does, it's fast enough to not even think about.
> 2. The gatekeeper shall not do any of the following: [...]
> (c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
> (d) sign in end users to other services of the gatekeeper in order to combine personal data,
so Meta may have decided it's not worth fighting it and removed the requirement for Instagram accounts for people connecting from the EU.
reply