I have submitted a bug report.
https://trisquel.info/en/issues/23824
> With 1 GB (even 2GB) of RAM, I would *really strongly* suggest Xfce, LXDE,
> or LXQt desktop environments instead of KDE or GNOME or a GNOME derivative.
I have 2GB of RAM. I have tried GNOME 3 and indeed is a problem. However, I did
not have any issues with GNOME Fallback when I was using
Sorry, the package name is 'printer-driver-all', with no 's'.
Assuming that you are using Trisquel, try installing the metapackage
printer-drivers-al, either in a terminal with
sudo apt install printer-drivers-all
or by searching for it in Synaptic Package Manager.
Hopefully the required driver is in there and your printer will start working.
If not,
Since I started using mailing lists, I've found them to be far preferable to
forums, especially in Trisquel's case. I use procmail to filter incoming mail,
and each mailing list is sent to its own mailbox. That alone is enough to make
it more convenient than a forum. I can do everything in that
> If you were referring to me
Quantum is probably referring to the individual who has made exactly two posts
in this forum, the first after joining with the express purpose of cheering on
heyjoe, and the second just now doing the same thing.
> As for heyjoe's messages, I did upvote a few of
> sounds like the standard 'dd' approach doesn't work?
With the December ISO neither dd nor Startup Disk Creator worked for me. With
the previous ISO from last summer, SDC did not work but dd did. When I have a
chance to back up by files I'll try installing with the new ISO.
> But then it is a delicate balance between lulling into false sense
> of security and discouraging into abandoning security. I
> acknowledge that new users might not be able to differentiate the
> subtleties and can get over- or under-optimistic (both being
> equally bad) rather easily.
I think
> I used the latest one this February 2018.
Drat. I was hoping the problem would be fixed with the new ISO. I'll try it
this weekend and see if it persists for me as well.
What machine are you using? I had this problem with the December ISO on a
librebooted 64-bit ThinkPad X60. I had no
> If I was a
> conspiracy theorist (I am not), I would suggest heyjoe and you
> infiltrated the Trisquel community to demotivate those who want to
> secure their communications.
I don't think it is fair to say that Abdullah's posts here have had a
demotivating influence. Abdullah has
What is the date of the ISO? I had that problem with the one from last
December. I saw that a new one was uploaded yesterday but I haven't tried it yet
I finally got around to submitting a bug report for this. Do you use Trisquel 7
or 8? I use T8, and I'd like to know whether it affects T7 as well.
> That would be utterly stupid. One's face is not private data, especially in
> the age of social networking with profiles full of pictures.
Exactly.
> BTW M$ has very strange understanding of security. Some time ago I read that
> when you encrypt your disk with Win10 your encryption key is
> >I would again encrypt
> it, but treat it as if it still is in >plain text, and take
> additional precautions accordingly.
>
> How does encrypting something twice transform it from tactical to
> strategic? It sounds like both of these are tactics/methods.
I think by "again" he meant "in this
> Though a better, more deterministic definition should be made, I
> think. Including examples of attack vectors / defenses for each
> level.
I think that this would be valuable. Your framing of the issue is very logical
and practical. I'm generally a fan of approaches like this that can solve
Thanks for this excellent summary. Could you give an example of what you would
consider strategical security? I'm a little unclear on what you mean by that.
> It is free unless you explicitly add the non-OSS repos.
If this page
https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions
is accurate then the kernel also has binary blobs, which do not respect
freedoms 1 and 3. Whether or not you consider that to be a problem is your
decision. I
Meltdown and Spectre are two recently discovered vulnerabilities that affect
many computers.
https://meltdownattack.com
You have a Mac if I recall correctly, so you have an Intel chipset and are
affect by both Meltdown and Spectre. Meltdown has been patched in recent
versions of the Linux
The meltdown patch.
I've learned that the voting system is silly and up/down votes shouldn't be
read into too much. The appropriate use of downvotes is to flag posts that are
inappropriate. If you see a post that has been downvoted even though it does
not violate community guidelines, you can do exactly as you did
On 02/12, ivan.baldino...@gmail.com wrote:
> Long time ago, I bought a raspberry pi for 35 dollars, and I
> installed on it citadel. At the same time for 50 dollars I bought
> my own domain name for 10 years and in a week I had my personal
> email set up on the pi. The best way to respect your
> For instance, it wouldn't call home
> if the browser is not accessing a page with JS which makes outbound
> connections. The JS (and its outbound connections) has nothing to
> do with the spyware or its home address.
Yes, that would be the smart way to do it. I'm glad you don't work for
> > heyjoe i have been following this thread for since it started
> and i registered because of you
>
> Yeah...of course.
What? Normal people don't randomly stumble across and become engrossed in a
comically difficult-to-follow thread on a forum they have no connection to and
follow it for an
> we are not
> really meeting each other, not communing as it were.
Indeed not, and whether you lack self-awareness or just pretend to, it was a
mistake for me to try again. Never mind.
I've noticed the same thing lately.
If I log in, start Abrowser, and try to play html5 audio or video I get "To
play audio, you may need to install the required PulseAudio software."
However, if I play something in mpv or vlc and then restart Abrowser, audio in
Abrowser starts working.
What you're describing sounds more like what heads is intented for.
https://heads.dyne.org/
> I will be working to improve it further after more meticulous testing. Then
> perhaps it would make sense to reopen the repo on GitHub. (not a promise
> though, so don't hold your breath)
You've already done a lot of work and certainly have no obligation to do more,
but if you get around to it
If it's work-related then this is your employer's computing. If they want you
to use proprietary software for their computing they should provide their own
machine for you to use. If they don't do this, the next best thing is to find
another computer to use. One of my jobs is for my university
> Of course, it should probably be said that this is a U.S.-centric viewpoint
> and not necessarily applicable to non-U.S. people.
Absolutely, I thought I had clarified this but now realize I only specified
that the 1923 thing is U.S.-specific. Everything I said after that point is
also
I don't know the answer to all of these situations, but if the author has
explicitly released the work into the public domain you should be fine
modifying and redistributing it (although they should really use CC0 to avoid
ambiguity), while if the author has omitted a license you should assume
> I will never accept anything from anyone who
> tells me "I can potentially help" and then imposes regulations on that
> "help" (however 'ethical' anyone may consider that).
I thought that if a program works as expected and is open and transparent we
don't need additional freedoms. :)
I've
> the gmail account I don't know how to change on
> the forum software is gone gone gone. :)
I've noticed some recent changes to the forum, including that your email
address is no longer publically visable on your user page and that you can now
change your email address by logging in and
> This needs lots of man hours and lots of attention, especially for
> the cryptographic parts (and I am not an expert in that).
There may be people here who can help who aren't following this thread. It
might be worth starting a new thread with a subject line specific to this
project,
mps-youtube is a cli program that searches YouTube for videos to stream with
your preferred player. It is similar to youtube-viewer. With both programs, I
have found that mpv works better than vlc. youtube-dl and avideo are a little
different in that rather than provide your media player with a
> Back to browsers: The discussion with the authors of pyllyukko user.js lead
> to the idea to create a matrix comparing the settings of different similar
> projects, including Tor. So they suggested that I create a repository on
> GitHub where this matrix can be maintained and updated easily when
> You are missing the point of the question.
I did not miss *the* point. There were two points: the specific case of
Palemoon and the general case. My first paragraph addressed the former, while
my second paragraph addressed the latter. You then acted as if focusing on
Palemoon in the first
> https://en.wikipedia.org/wiki/Panopticon
Perfect analogy.
> In this case, the source code gives you...
Well, I'm not certain of that since I'm going off Wikipedia. If you (or you
distro) is allowed to build Palemoon without modifying it and call it Palemoon
then it's the same situation as Firefox. If not, that means every binary called
Palemoon was
> If a program is good (works as expected, doesn't spy or damage
> data) and gives you freedom 0 and 1 - do you really need freedom 2
> and 3?
In this case, the source code gives you all four freedoms (assuming you don't
consider trademark restrictions to be an infringment), while the binaries
> I would like to download the videoes, not only stream
youtube-viewer can download.
Some more things to try:
Do the videos play properly in mpv? While this is a slightly different
situation, I've found that with mps-youtube I get only audio in vlc but it
works fine with mpv.
Does the video
> He explained that he
> deactivated his account
Both deletion (no more account) and deactivation (the account sits waiting for
you to come back) are available, but Facebook goes out of their way to lead
people to deactivate rather than delete. I could not even find the deletion
option in
Does it happen with all videos? Can you get video with mps-youtube or
youtube-viewer? It could be a DRM thing.
> Well, that is no way to make sure, now, is it? What's the license is the
> question you should be asking.
>
> https://www.palemoon.org/redist.shtml
>
> That to me does not seem to be free software. Am I missing something?
This site isn't accessible over Tor without completing one of those
> Because it is stupid and futile.
Yes, we should not have to give up our dignity to void being surveilled, and
I'm not convinced it would work anyway.
> You cannot remove anything from Facebook. It is never deleted, even after
> the account is deactivated. It will stay on FB's servers and be used for all
> kinds of things like facial recognition, machine learning etc.
When I finally smartened up and deleted my account Facebook claimed that my
In FF58:
datareporting.healthreport.service.enabled does not exist in about:config and
datareporting.healthreport.uploadEnabled is true by default.
After going to Help->Health Report and turning off data sharing,
datareporting.healthreport.uploadEnabled is set to false as expected.
In FF52
> Don't tell your family that using facebook is bad.
> It is not bad to share picture with other persons.
>
> Just tell them that when a company like facebook is getting so bigger and
> lets no place for other social medias like diaspora* or gnu social (you can
> add the example of google), this
There's one positive shred in that article.
"a growing number of coders and designers are quitting their jobs in
disillusionment at what their work entails"
It's nice to hear that some individuals in Silicon Valley have a conscience.
Unfortunately, quitting now might be too little too late.
On 01/28, great...@riseup.net wrote:
> I see, masonmate, yeah, as I said in order to preserve my mental
> health I skimmed through the thing, damn thread is yuge. Did you
> test this last one thing I was talking about?
Yes, it's quite the saga. Forunately it seems to be winding down as the
Excellent article. Thanks for sharing.
The package name might be icedove.
> Icecat is already ready. No big issues, it would appear.
In my experience Icecat is barely faster than Tor Browser. I don't know that
everyone would accept it as a substitute for Firefox or Abrowser, at least not
until ESR moves to FF60 in May. I'm looking forward to Tor Browser becoming
> https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
>
> I don't know if you already gave it a try or if you maybe already
> posted it here.
heyjoe already found that this documentation is broken. Bug report is here:
Many proprietary packages can be simply removed. Others may be need to be
modified or replaced. For example, any proprietary firmware removed should be
replaced with with free firmware when available so that as many devices as
possible are supported. Another example is SMPLayer, which in Ubuntu
What version of Trisquel are you using? When I used T7 I found Icecat to be
slow compared to Abrowser, possibilty due to its extra plugins like LibreJS.
The version of Abrowser in Trisquel 8 is based on FF57, so it's much faster now.
I basically agreed with this when you wrote it. Since then the situation has
progressed and I'm reevaluating a few points. You may turn out to have been
right on all points anyway, but I'm going to see how things play out before I
make a conclusion.
Your other post about Tor Browser is
https://trisquel.info/en/wiki/flidas-release-issues
> Is this privacy flop
> inadvertent or is it deliberate?
It's hard to say. The data sent does provide some benefit that I think could be
desirable for many users, but as heyjoe has said users should be aware of it
and have an easy way to disable it. Maybe Mozilla intends for the automatic
> - "Work offline" does not work offline (sends packets on exiting).
> - The documentation is wrong
> - There is no easy way to get privacy (can be considered a feature request)
You are right on all three points. It would be great to fix all three. This is
the strategy I suggest:
(1) Start with
> I don't want to go to the local computer shop and say "Please install
> Trisquel and the above software", when these software are already available
> on the Trisquel operating system Add/Remove Applications list by default.
You shouldn't have to pay someone to help you with basic usage of your
Sorry, I misread your question. onpon4's answer is the correct one.
On 01/24, Mason Hock wrote:
> > Where is it possible to find the list of Trisquel software that
> > comes by default like i.e. LibreOffice?
>
> Most graphical applications will appear under Add/Remove Applicat
> Where is it possible to find the list of Trisquel software that
> comes by default like i.e. LibreOffice?
Most graphical applications will appear under Add/Remove Applications, with
some exceptions. If an application does not appear there, search for it in
Synaptic Package Manager. Synaptic
While I guess I can see how in Mozilla's mind the automatic connections are not
a bug, the documentation bug is undeniable. A documentation page contains
information that is simply inaccurate and incomplete. I believe that they
closed this bug prematurely just because you pissed them off. I
> The main problem here, is *not* that Firefox has so and so flaws
> here and there. The problem is that, Mozilla is NOT behaving. This
> is an attitude problem, is grave, and prone to grave consequences.
I agree. Even if Mozilla were to fix these specific issues I would not use
their browser.
> "Work offline" sends packets on closing of the browser. It is not
> offline at all. So Mozilla can talk nonsense to infinity - this is
I agree that this is an actual bug. Unfortunately it seems that Mozilla will
not acknowledge this.
> So Mozilla can talk nonsense to infinity - this is
> not
https://www.secureauth.com/products/secureauth-idp/behavioral-biometrics
The site can be viewed and navigated with JavaScript disabled. If you don't
already have JS disabled or NoScript installed in your browser, I insist that
you do so before visiting this site. Assuming they eat their own dog
> They edited the bug and
> turned it into a documentation issue instead of looking at the actual
> request to provide an easy (default) setting ensuring real privacy.
I agree that an interface requiring this much work to achieve a theoretically
possible configuration is a software bug. However,
> Just close the browser and reopen it or click on 'new identity',
> which is the same
Alternatively, Ctrl+Shift+L creates a new identity just for the current tab.
> A point of huge importance is missing: your writing style. You
> would be surprised how much it can give away in some cases.
I haven't gotten around to figuring I2P out because I haven't needed it, but
this might be a good place to start:
https://thetinhat.com/tutorials/darknets/i2p.html
> Stop saying that but do something :)
I know... I'll have a busy next couple of days but I should get to it soon. I
just need some time to sit down and figure out how tcpdump works and what I'm
doing wrong.
> Meanwhile
> lots of talks about community control and ideologies :P
When a
That response is promising. Although the fact that Mozilla has a guide for
preventing automatic connections indicates that it they do not consider it a
problem for automatic connections being the default, he at least acknowledges
that background chattering after following that guide is a bug in
> Okay so I have tried installing Trisquel on computers before and
> what I found is that the graphics card is often not properly
> supported so it can't power the full display resolution as the
> proprietary driver thats required to make it work has been removed.
Here's a good resource for
> Just because you can hide your IP address and browser parameters
> doesn't mean you can't be tracked through Tor.
Indeed. Using Tor irresponsibly is worse than not using Tor at all. This is a
good list of common pitfalls that really should be displayed when users start
Tor Browser for the
> Or maybe we could ask them
> which about:config settings we need to clean/disable in order to
> stop the chatter.
That might work. Rather than calling it a bug report or feature request, it
could be framed as a simple support request. You wouldn't be asking them to
change anything about their
> https://developer.arm.com/support/security-update It didn't list
> A20 and said non listed cpus aren't affected. Most arm cpus are
> affected.
It seems I was wrong then. I'm glad to hear it, as a Libre Tea is likely to be
my next computer.
Libre Tea uses an ARM processor, so like pretty much all modern CPUs it is
presumably affected by Spectre. Meltdown has been patched in the linux kernell;
just make sure that yours isn't too old to have received the patch.
> All this makes me think that such brute force cleanup in
> about:config may be possible for other Firefox clones.
Very interesting. Thanks for the time your putting into this. If we can
determine exactly which changes were the one that fixed the problem, I think
asking for those values to be
Arguments can be extremely useful tools for strengthening each other's
understanding. They can become unproductive when the parties involved are more
interested in avoiding concessions than advancing, but there is nothing wrong
with arguments themselves. Both you and onpon4 have been arguing,
Yes, I responded to you too hastily and realized afterward that my response was
unfair.
> http://lists.phcomp.co.uk/pipermail/arm-netbook/2017-December/015062.html
It's been a while since I read something that made me so optimistic. Thanks for
the link.
To clarify, if someone were to refuse to support RISC-V because they felt that
repurposed Intel tech was good enough despite its freedom and security issues,
that would indeed be strange. If that's what you meant I apologize for putting
words in your mouth.
> So, gladly (or otherwise) accepting factory-loaded proprietary
> microcode, and yet rejecting an upgrade, is just... strange, if you
> ask me.
Really? Because not all undesirable things can be avoided at this time we
should not try to avoid any of them? Suppose I approached you from behind and
Nice!
On 01/20, stu...@anchev.net wrote:
> New browser tested:
>
> PaleMoon
>
> Results:
>
> With default ("factory") settings the browser starts with some
> PaleMoon's page which obviously results in packets exchange.
>
> After tightening of privacy settings (similar to previous browsers)
>
> Again: should/could != is. Still you sit in that vehicle and ride, you turn
> on that radio (proprietary chips inside) and listen to music (copyrighted
> non-copyleft material).
Yes, and before libreboot existed RMS must have used a proprietary BIOS. If
instead he had refused to touch a
> I installed totem. However... some YouTube videos don't play.
That is expected behavior. Unfortunately, some YouTube videos cannot be
downloaded without JavaScript, so any program that avoids JavaScript won't be
able to play all videos.
> https://yro.slashdot.org/story/18/01/19/2210246/trump-signs-surveillance-extension-into-law
Ugh.
> I store them in Gnome Keyring.
I store them in my head. :)
> Nothing can save us from Spectre except a new CPU.
Yep, and the new CPUs are sure to require a non-free BIOS. Spectre is very bad
news for freedom and privacy.
> Recently I started doing something which is probably silly: if I
> FWIW in EU GDPR which starts to apply in May 2018 the IP address is now
> considered personal data, legally and must be anonymized. So software
> vendors who provide such "features" or who close tickets because they are
> not in the mood will perhaps be forced to comply with all that. Or who
Of course. Enabling JS is still unsafe, but the particular issue you link to
relies on having the passwords stored in the browser. Even without JS enabled,
another application could exploit Spectre to access your browser, so it is
still wise to avoid storing passwords in your browser. I agree
> Mason, some humans are more vulnerable to these malicious features
My fear is that, even if there currently still exist people who are not
susceptible to Facebook's manipulation, one day soon Facebook will acheive such
efficiency that this is no lnger the case. Facebook isn't a naturally
> Apparently the current packages in belenos are too old?
Maybe. If so, you can get a newer kernel from jxself's repo.
I don't mind verbose.
$ supertramp -v
> 'the eternal present'
Word. This is my greatest fear, that the tyranny of mass surveillance and
proprietary software will reach a level of efficiency such that it will be
impossible to revive freedom or democracy or human dignity. In my mind this is
a
You're right. I forgot to inlude my usual disclaimer for alternativeto.net that
users should check the license themselves before installing and avoid having to
enable JavaScript to filter by license by appending '?license=opensource' to
the URL.
> I use it just because I haven't found anything better (privacy-wise).
I understand how you've come to that conclusion. I won't tell you to change
your decision, but I will explain why I respond differently. The secondary
reason is that I find it very unlikely that Chromium is the most
> If you are asking "Why do you trust Google" - I don't.
You use Chromium desite not understanding every line of source code. You have
argued, and I agree, that this requires trust.
> https://trisquel.info/en/forum/thoughts-about-new-type-network
Great post. I'll probably stop following this
> "I have learned about so many things and met all new kinds of
> people on Facebook."
Facebook uses its psychological profile of you to determine what information to
display at what time in order to addict you. As a side effect, you may find
much of the information interesting. However,
> I don't mistrust a particular group of people. I question
> the value of trust as a whole.
Yes, you have argued that because it is impossible to be 100% certain that a
piece of software is privacy-respecting, we cannot trust free software to
respect our privacy. This in itself is sound, if
> The clarifications I made just for the sake
> of better mutual understanding, not in order to oppose for the
> sport of it (which would be quite silly).
I believe you.
> Initially I shared my findings then tried to explain that careful
> observation, questioning, testing (and _not_ trusting an
You have been making many points that are insightful and worth talking about in
themselves but that don't support a clear argument. This is perhaps a pitfall
of the point-by-point forum response style that I also tend toward. However,
the timing and frequency with which you temporarily reframe
> I have very little to add except for a caution: if you are a
> minor and maybe even if you aren't, please do not email pictures
> of yourself to Facebook addicts.
You are right of course. Sadly, this did not even occur to me, because for
myself and for everyone I know it is far too late to
501 - 600 of 640 matches
Mail list logo
