notabot

If you`re struggling to get jeans to a particular fit, you can get them custom made to your required measurements at https://www.makeyourownjeans.com/. They've got a good selection of fabrics, and I can recommend getting a gusset put in to significantly extend the life of the jeans.

I'm a satisfied customer but have no other affiliation with them.

Very gouda. You deserve a rind of applause for that one.

I'm using Hacker's Keyboard, it's got all the keys where I expect them. None of the others feel right, but the fact it hasn't been updated in years does worry me. If anyone knows of a keyboard with a similar layout (separate number row, ctrl, esc, alt and cursor keys in place and the usual symbols as long press on the numbers) I'd love to try it out.

Spray-paint a polar bear orange and stick a mane on it. Confusing and scary.

He just wants to be wanted by somebody. He was wanted for stealing a vehicle, so logically he stole another one so they would want him even more.

Do you swing them to and fro?

Tsk, everyone knows you shouldn't use magnets to hold floppy disks. Just staple them into your lever arch file.

It depends what you want to do with it. If it's just for storing files/backups then encrypt them before uploading and make sure the key never goes anywhere near the VPS. If it's for serving up something like a simple website, you probably care more about data integrity than exfiltration, so make sure you have the security, including selinux or equivalent, locked down, and regularly run integrity checks. If it's for running something interactive, or where data will be generated or downloaded to the machine, you're out of luck, there's no even theoretical way of securing that against an adversary with that much access.

Not morons, just not educated enough about them to understand exactly what the implications of that action are.

I agree that them having users' phone numbers isn't ideal. There are other identifiers they could use that would work just as well. However, both the client and server are open source, so you can build, at least the client, yourself. If you can content yourself that it does not leak your ID when sending messages, then you don't need to trust the server as it does not have the information to build a graph of your contacts. Sealed sender seems to have been announced in 2018, so it's had time to be tested.

Don't get me wrong, the fact they require a phone number at all is a huge concern, and the reason I don't really use it much, but the concern you initially stated was addressed years ago and you can build the client yourself to validate that.

You're correct that if you use the system the way it used to work they can trivially build that connection, but (and I know this is a big assumption) if it does now work the way they say it does, they do not have the information to do that any more as the client doesn't actually authenticate to the server to send a message. Yes, with some network tracing they could probably still work out that you're the same client that did login to read messages, and that's a certainly a concern. I would prefer to see a messaging app that uses cryptographic keys as the only identifiers, and uses different keys for different contact pairs, but given their general architecture it seems they've tried to deal with the issue.

Assuming that you want to use a publicly accessible messaging app, do you have any ideas about how it should be architected? The biggest issue I see is that the client runs on your phone, and unless you've compiled it yourself, you can't know what it's actually doing.

Strictly you're having to trust the build of the client rather than the people running the server. If the client doesn't send/leak the information to the server, the people running the server can't do anything with it. It's definitely still a concern, and, if I'm going to use a hosted messaging app, I'd much rather see the client built and published by a different group, and ideally compile it myself. Apart from that I'm not sure there's any way to satisfy your concerns without building and running the server and client yourself.