I mean, OK, it’s a vulnerability and there are interesting implications, but this is hardly significant in any pracitcal sense of the word.

the potential victim has to run their system without a firewall, has to print to the printer they’ve never interacted with before and then the attacker can run shit with whatever the printing system’s user id is, which shouldn’t be an issue on any reasonably modern distro.

I routinely remove cups and friends from any system I run because I have no need for printing and it bothers me to see it constantly during every system upgrade.

https://github.com/morgant/mlvwm

I wanted to write the same thing. have the notes app do the notes thing and handle encryption elsewhere.

as to apps, I suggest QOwnNotes. it’s markdown, highly configurable so you can make it minimalistic AF, stores notes in invidual files and folders. it also has a bunch functionality like syncing to nexctcolud and such, but I’d advise against it, just use it as a notes editor. you don’t have to selfhost anything, make it use the e.g. Documents/Notes folder and you can use syncthing to securely replicate it to other devices.

because things moved forward in the last decade or so and it’s not viable. the same way matrix and element and those ridiculous things aren’t viable and never will be. can you use it today? absolutely. can you convert normies to it and make it an actual widely used comms platform? no. fucking. way.

this is coming from a guy running their own prosody instance and utilizing rocketchat on two separate client instances. yeah, I know how to set it up and deploy it; but the amount of absolutely credible complaints I get from normies forced to use it staggering.

to me it looks and feels like shit, compared to Durov’s spyware it’s like a PoC from 2015 looking for funding. fine demo you got there, now bring us the real thing.

but, to practical things, I lose/sell/buy/switch devices frequently. with telegram, I can lose all my devices, log on from a fresh one and all my shit is there - a decade+ of convos with 100s of people with valuable info. no juggling around with the crappy electron desktop app that doesn’t give me access to convos or the inane procedure to replace a lost device and restore chat history… the other day, I successfully retrieved a piece of info from a convo from a decade prior.

I realize there are people out there that need that sort of security, but I don’t. I just want Telegram with an OTR plugin (OMEMO nowadays) that prevents any nascent mass surveilance and LLM ingestion and I’m golden. but that shit’s explicitly against Telegram’s ToS; the only logical conclusion is they’re adamant about leaving all your shit unencrypted in the cloud for some specific reason.

I can’t think of any such reason that’s not malevolent.

regarding its UX, nothing close exists; when it comes to converting normies, so you have someone to actually talk to, then there are no alternatives. that’s a pretty shitty state of affairs for something that shoulda been solved a long time ago.

lesson learned, I guess, don’t put all your eggs in one basket and have multiple fallback solutions. I’ve begrudingly moved to Signal and I’m cursing it out at least once per day, can’t believe the navel-gazing, self-righteous cluelessness behind it; but that’s the best there is at the moment. it’s beyond shitty that we’re having trouble achieving what we had in like 2012 by way of XMPP and friends, let alone surpassing it.

any way to read this without a telegram account?

I’m trying to utilize a couple of core 2 duo macbooks for the same purpose and it’s not going great. I have twice the cores and RAM but they’re stuck at 800 MHz, because of no batteries.

anyhow, very slow and issues with a lot of codecs I throw at them. try mpv without a DE/WM.

air tags function by utilizing the ad-hoc network all Apple devices create - if you run an Apple device, you’re involuntarily part of this P2P network, even when your device is supposedly off. otherwise, said tags wouldn’t be able to send you status reports from the other side of the planet. that’s just how they and find-my-shit apps work, there are no alternatives to global availability.

all that’s kinda antithetical to the whole privacy thing, so you’ll have to balance the good with the bad and determine how much spyware you will tolerate to gain this sort of convenience.

I’m sorry for being slightly off-topic, but ONE THOUSAND clams for an easily breakable/losable thief magnet is just bonkers to me. my desktop, laptop, tablet and phones cost way less than that in total.

you sure you separated your “needs” from your “wants”?

straight out of the “silicon valley” timeline, I can practically see Jian-Yang pitching it

recently I got me a pair of Soundpeats Air4 Pro; initially wanted to repurchase a pair of Air3 HS Pro that I had and was very satisfied with the sound but lost one earpiece and found out that replacing it is nigh impossible. so, Air4 was like $5 more and I wanted to try the ANC part of it. none of those models are in-ear headphones, I’m done with shoving things in my ear canals.

so the sound is OK to me (I have tinnitus and don’t hear that well to begin with, so I’m not an expert on judging these things) but the ANC is not what I expected it to be. to me, what it does is just flood my ears with bass. the music i listen to and the occasional podcast sound OK to me but I don’t perceive any noises to be “cancelled”, i still hear all irritants (buses passing me by, dogs barking, people talking, etc.) but they’re somewhat droned out by the bassy sound.

the way I understand ANC, it uses multiple mics to generate an inverse sound that cancels out the ones reaching the microphones. so this should work without music, i just turn ANC on and I “hear” silence. nothing close to that is happening.

anyhow, both of those have some app that you need to get from google play and I haven’t done so for either of them. judgging by the screenshots the app doesn’t do anything of value, so you’re safe to run it without.

edit: I just checked and it appears I was the victim of wanting things to be true; the website lists the feature as “Hybrid ANC” (emphasis mine). I’m not even gonna bother with reading up what their definition of it is, so I guess it was a con job from the start.

if they run hardware that’s not cutting edge, by all means, that’s the best solution as a first distro.

ubuntu is important as a stepping stone. myself and everyone I know that’s on Fedora et al started with Ubuntu. we learned what’s what and how to go about doing things and after hitting the ceiling one too many times, we tried other stuff, found better havens and finally abandoned it forever.

so I’d caution against any action aimed at hurting it. leave it be and know that it’s still the most user-friendly solution out there and the one that’s most likely to “just work” for most people. it’ll convert people over, whether from Windows or MacOS. once they’ve crossed over, they’re more likely to wander further.

a combination; some have swap as a btrfs subvolume, some as a swapfile in root and those are encrypted, when the system boots it requests the encryption passphrase, regardless if it coldboots or restores. restores from swap are way faster than coldboot plus all your stuff is how you left it.

on some systems I have a separate swap partition outside of luks2/btrfs and that one’s unencrypted. when it restores from there, it doesn’t request the passphrase and the boot is even faster. that’s obviously less secure but my threat model is a lost/stolen laptop, I seriously doubt someone’s gonna forensic the shit out of my swap, it’s more likeky it’s gonna get wiped and sold.

to fully utilise this tech, it’s essential to set up suspend-then-hibernate, another awesome feature that’s way too cumbersome to set up. the laptop suspends for like 60 minutes and if it’s not woken up, it hibernates to disk.

I’ve made it work on arch, debian and fedora, on a T420s, T480s, T14 AMD, MBPr 2012, each on luks2 + btrfs with systemd-boot, and it works flawlessly on all of them. the setup is super-involved and cumbersome though but it’s easily accomplished once you get the hang of it.

the links posted here along with the arch wiki is what I used. it helps if it’s not your primary and only device, so you have time to retry until you get it right.

well yeah, just a simple private/public key solution for encrypting chat and cloud. transfer your private key to a forked desktop app and access your encrypted chat history from there as well.

just basic stuff, not something for people running from nation-state actors, but to prevent LLM ingestion and mass surveilance. but OP says that’s against Telegram’s ToS, so no dice here.

because Telegram’s UI/UX is second to none; possibly iMessage or whatever it’s called is close, albeit with way limited functionality. Signal and friends look like a PoC from 2015 in comparison. also the apps, on mobile and on desktop, have a low memory footprint with no bloated electron crap, the cross-device sync is phenomenal and there’s the virtually unlimited cloud storage. if an addon could piggyback off of that, that would be spectacular.

however, OP’s insight as to this being against ToS is obviously a deal breaker. seeing as how they’re adamant about leaving all your shit unencrypted in the cloud I’m looking for other havens, begrudgingly; I’ve been a user from the early days.

do any of these forks support E2EE? I don’t mean the OG “private chat” thingy that Telegram supports.

I mean like an add-on, the way pidgin had an OTR plugin that enabled private comms over Google’s unencrypted XMPP servers.

as a consequence, that would also encrypt everything in the cloud and prevent your chat history being ingested for LLM training and whatnot.

I feel the 50 years support claims, whether in hardware or software, should be of little concern; you’ll grow tired of it, no one is going to rock the same phone for 10 years, replacing components as they fail and whatever Fairphone’s delusion is.

as to concrete recommendations, take a look at Xiaomi phones (Mi/Redmi/Poco/etc.). they ship with a bloated spyware called MIUI which is such a horrific mess on so many levels I can’t begin to count the ways it sucks. even moderately competent phones have trouble keeping up with the bloat, they glitch out, drop frames, freeze, etc. so people just get rid of them and upgrade to something snappier. as a consequence, they can be had for cheap on the used market.

the good news is, they have snapdragon models with super competent hardware and a good portion of them have lineageOS support (and by extension, many other derivative OS) - Poco F1 is one of the rare semi-modern phones that also has postmarketOS support.

the bad news is, the bootloader unlock process takes a week, just because; do yourself a favor and don’t connect this monstrosity to your LAN while you wait for the timer to expire. also, they’re chaotic (to say the least) with their model naming, with zero consistency what each suffix means (T, Pro, etc.) and it’s not rare that they do a model “refresh” where they replace snapdragon with mediatek in the “updated” version.