If someone is offering a public wifi, there is a reasonable expectation that other people sitting in the same cafe for example can’t listen in on what you are doing on your device. As older wifi encyption standards are easily compromised, this requires enforcing a semi-recent wifi-standard. You can of course make your own judgement in your own home, but in a public space it is different.

I think WEP is pretty much dead. Even my first Android (2.2) supported WPA. WPA can still be snooped on with some effort when the attacker has the PW. Apart from that, you’re still trusting whoever supplies the uplink. I do not think people have an expectation of privacy on public networks. There are far too many compromises, the most trivial being an imposter AP. I always tunnel in some way over public wifi by using either Tor or a VPN. So even WEP or fully open is still secure enough for my use.

I would not want user nannying to get in the way of someone who knows how to secure themself. I’m also not quick to support the idea of dumbing down the community so people don’t develop self-defense skills and take personal responsibility. If someone cannot be bothered to tunnel, then hopefully they would buy a device that is configured to insist on WPA3. But in the end this is the user’s responsibility one way or another while nannying is a kind of tyranny.

As for SSL certificates… this isn’t only a captive portal issue. If your device has such outdated root certificates that you run into issues already at the captive portal, you will have also issues with each and every website that uses https.

They are completely independent. I can do what I need so long as the captive portal doesn’t fuck with me. Captive portals can be broken in more ways than the web generally is. And when a captive portal is shit, it’s a disaster across the board… It breaks all apps that need the net.

Root certificates are only cycled out of use for good reasons, such as them becoming compromised, so by using an super old root certificate on your device you are wide open to MITM attacks on supposedly secure connections.

I don’t recall if the sparse cert errors I had were due to root certs or normal certs, but I should indeed pay close attention. My only persistent problem was getting OSMand maps, which I solved by side-loading the maps from a PC.

But enforcing certain security standards on public wifi so that random people can not see everything you are doing online is good.

There is a blind “for security reasons” excuse the industry likes to use to force people to chronically upgrade their hardware… to boost sales. I try to stay immune to that bait.

The access point needs to protect itself – full stop. An access point that oversteps their authority and becomes a nanny that dictates security practices on others without knowing their security posture and threat model to protect people from themselves can bounce. We don’t want their “help”.

In any case, the DB I am proposing is factual. Whether a fact in the DB is “good” or “bad” is for the users of the DB to decide. And either way, it’s useful.

And I would advise against going online with a device so old and unmaintained that it has issues with its SSL root certificate.

Can you give more details? If the certs have not expired, the device is able and willing to make a connection. If the certs fail due to age, the app makes the user aware of the problem (and in the case of OSMand it refuses to use the connection regardless of the user’s wishes). So what’s the issue?

Note the context is with captive portals. If someone thinks it’s a good idea to force a captive portal on a public LAN to get a simple “I agree” signal, why might that be sensible? AFAICT, it’s down to a clumbsy admin who did not think through the consequences of SSL on a captive portal. The captive portal is not in itself a useful resource for the user. It’s just an obsticle with the sole purpose of getting a signal that someone agrees to the text of a policy that is public anyway. Once the obsticle is out of the way, it’s the independent job of every resource to implement appropriate security for the task at hand, which in come cases may not involve SSL at all (e.g. accessing an onion server). But when the captive portal blocks someone due to (what I regard as clumbsyness), the apps the user would use are blocked regardless of how well they are secured.

(edit) Some captive portals collect personal info, where you must submit an email or phone number. SSL is probably unavoidable in those cases, but ideally the app would collect that info as well. We would want the DB to indicate that sharing personal data is a precondition to access.

“A decade after the Paris Agreement, we see little to no action from banks and investors to stop the money pipeline to tropical forest destruction,”

We also see no action from consumers who continue to patronise banks more and more, and who look away from the war on cash.

Individual climate actions against banks:

• https://slrpnk.net/post/4665959
• https://slrpnk.net/post/5114249

I see no mention of GHG. Tree services often cannot find a use for the trees they cut down (which is strange because you would think they could mill it and sell the lumber). In the end, they dump trees they were paid to remove into landfills. When trees rot they release methane gas, which is 10× worse than CO₂.

I bring this up because wouldn’t wood mulch have the same problem?

I got lucky on this recently. Saw someone threw away a working washing machine. I will never buy one because it supports companies who block repair (all of them have contempt for repairers). So the only way for me to get one is to pull one from a dump. I saw on one on a curb saying it just needed to be cleaned or something. I went straight to a shop that has cargo bikes and was able to rent one on the spot. They take reservations but I got lucky. Went straight to the washing machine and it was still there. I was surprised the bike could take the weight and was surprised how well it handled.

but fuck apps

The problem with most shared bikes is they impose a closed-source app exclusively from Google. I got lucky that a local shop has a website for reservations and you can just walk in and pick it up at the shop – which means a human has to collect a cash deposit. But no shitty app.

Mulo seems pricey as well. I would not pay more than $/€ 25/day (not electric). Maybe Mulo is electric.

Locomotion is donation based… interesting that that works.

I can understand the /fuck lawns/ ideology in some specific contexts, like lawns that are in water-starved regions. But I don’t get the across the board blanket stance that all lawns are always a bad idea.

What about buffalo grass lawns, as opposed to blue grass? Or whatever kinds of sustainable grass species that do not need to be watered artificially for a given region?

What about use cases like turf for dogs and kids to play on?

Downtime by a freedom-respecting trully decentralised node like slrpnk.net really exposes how Lemmy clients leave a LOT to be desired.

The prospect of data loss is gutting. A proper client would be syncing threads of interest between the server and my PC, so during downtime I can still at least locally access past content. No proper clients exist for Lemmy.

Indeed. The instances that have solid uptime have, in most cases, sold their soul to the devil (aka Cloudflare, which is a centralised threat on the free world and all things good).

For me, rats are filthy, gross, and creepy. But that is not why I fight them. I normally would not care about their presence as long as they stay on their side of the walls. But I fight them for two reasons:

• Their teeth never stop growing. So they are teething their whole life and also build nests, which means non-stop house destruction.
• They can carry hantavirus. It’s an airborne transmission and can come from rat urine and feces.
• The day I decide to remove my ceilings (likely to take away rat turf), I expect to get a shower of feces.

I’ve heard that as well; and claims that they are essential to keeping the sewer pipes clear. Not sure to what extent I would put stock into all that but they are certainly a pest. Disease, filth, destruction of homes.

My city ultimately considers them a pest considering there is a tax-funded public pest control office fighting rats year round. People can call them and they will come to the home and deploy rat control measures (usually poison) at no cost, just like a pro exterminator.

Would be useful to plant a specie that attracts rats, so the trams can cut down the rat population.

Concur with all of that. I’m not vegan yet but took these easy first steps:

• meat 1-2 times per week, instead of daily. The frequency is dropping from one year to the next.
• refuse to pay full price for meat. Wait until the meat is about to expire and buy it after the grocer is forced to mark it down (30—50% off). This helps quite a bit because you dramatically cut down the profits that drive the meat industry (your portion of those profits). Since beef is the top problem, I insist on a near-expiry markdown of 50% before I will buy it.

Better than vegan: steal the meat. Vegans are just neutral. They neither contribute nor cause detriment to animal agriculture. If you shoplift the meat, you cost them money and make the business case even less sustainable than vegans.

Another option: hunt wild game and eat that in place of farmed meat.

They’re slow

Okay but that’s not the real deterrant. It’s the cost you mention. I would like to take a transatlantic cargo ship despite the extra long journey, but the cost blows it.

I don’t think cargo ships do much better on GHG than jets. But an airship would be vastly more eco responsible than ships or jets. Cost is really the issue though and that can be solved. People taking jets could be forced to subsidize those traveling more responsibly.

Today human hibernation is widely thought to be crazy talk but it’s not far off. We will see it in our lifetime. People in hibernation eat less, need less space, and need less customer service.

The article has some interesting info but there are some oversights:

• Unburnt natural gas is methane gas, which is over 25× more impactful as a greenhouse gas than CO₂. And you cannot burn natural gas without unburnt gas escaping – not just at ignition but the whole infrastructure leaks unavoidably. So some folks are saying natural gas is more environmentally dentrimental than coal. The gas is also toxic and kills brain cells. Nasty stuff.
• Follow the money. If you consume natural gas, you likely pay for it using banking services. Some regions in Europe have secretly/silently removed the option to pay for gas using cash. Banks are terrible for climate (ref: “Banking on Climate Chaos” annual reports). Even if you can pay with cash, the gas companies themselves finance republican politicians in the US. Republicans are terrible for the environment.

Political ads are not designed for targetting unpersuadables. Over the very long term propaganda that over and over blames undocumented people for problems starts to take a toll which could pull someone out of the unpersuadable demographic. But to a great extent they influence pursuadable voters in swing regions.

You say you would not switch to voting for Trump, and yet the sole reason Trump took power in 2016 was precisely due to advertising. Read about Cambridge Analytica and Peter Thiel. If Peter Thiel had not introduced Cambridge Analytica to the Trump campaign and bought Facebook data, Trump would not have taken power in 2016. THAT is how important advertising is. C/A master-minded indentifying the most important pursuadables, did a deep analysis of exactly what issues would be of interest to those individuals, and targeted them surreptitiously.

I strongly recommend you watch the PBS series “Hacking your Mind”. This episode in particular:

https://www.pbs.org/video/weapons-of-influence-gpuj68/

I am just some random stranger on the internet. That is not a credible source to reference particularly if I am the same person giving the citation.

Well to be more accurate, boycotting is the practice of fighting harmful use of money by witholding money. Of course that stands to reason. If your money spent in a certain way is doing harm, you can prevent the harm your money does by not putting it on the harmful path.

I’m not sure what specifically you mean by getting people to reason better (whether you are talking about voting w/money or voting on the ballot in that context). Of course ads work. Political campaigns have started leveraging the same manipulation by ads that works to get people to buy goods and services.

What we certainly know does /not/ work is people thinking they are immune to ads. Everyone thinks that, and marketers prove them wrong over and over again. Advertising is specifically designed to exploit vulnerabilities in the human mind. You have no hope of creating an advertizing-immune population. It would be an ocean-boiling type of endeavor.

The most stark demonstration of money buying politicians seems to be with AIPAC. It happens often enough that a US politician who goes against Israel gets ousted that there’s even verb for it: AIPACed. AIPAC blows a fortune on the campaign of whoever runs against anyone who opposes Israel in any way – and they apparently get their way every time.

• https://www.politico.com/news/2024/03/03/aipac-israel-spending-democratic-primaries-00144552
• https://www.pbs.org/newshour/politics/wesley-bell-backed-by-aipac-defeats-squad-member-cori-bush-in-st-louis-distrct-primary

Also interesting to note that most American Jews are liberal democrats who oppose AIPAC. But what can you do against a massive war chest like that?

but your conclusion doesn’t match your title.

The title is the thesis (thus conclusion). Are you saying the raw figures contradict that? I believe boycotting Google and MS are a pathway to a better environment, even if the footprint is bigger in the short-term. We really don’t have accurate figures to go off of because no one has researched the MS / Google specific footprint per email (AFAIK).

until we switch back to email.

The transition for activists goes like this: MS email (2023) → paper mail (2024) → non-MS email (future)

The only way physical mail could be environmentally-preferable is if we lived in a fantasy world where all mail is local and the mailman rides a bike. Unfortunately, that is not the case.

In my city it is the fantasy you describe. Postal workers are on foot or bicycle for the most part. It’s likely uncommon from a worldwide standpoint but I’m talking about a campaign anyway, not necessarily a permanent transition.

You’re assuming the paper option is the end game, as opposed to a driver for better email.

An “email protest” will not work because they do not care about the individual user.

You don’t really know to what extent the office worker who receives the letter cares. Office workers are largely helpless to make changes from the inside on their own initiative, but if the will is there and they get a complaint from the outside, then the insider who cares is happy to amplify the complaint using the outside complaint as their excuse so that it does not appear to be from them. Your complaint empowers insider pawns to act. Even if the insider pawn does not care about the environment, they still hate having to deal with paper letters (scanning and filing, then stuffing envelopes and applying postage). Then the org has to buy return postage. They hate it to the point that they look for ways to pass costs back onto the consumer. It’s enough disturbance to compel questions about why the electronic system is not working. I will state right in my letters “could not get past your CAPTCHA” or “I don’t do CAPTCHAs”. (btw, most CAPTCHAs are graphical and have a higher GHG footprint than a letter)

Everything you do results in a signal. When you vote in an election, you send a signal that the voting system is working. When you send an email, you signal that email is working and that you are onboard with it. In my case as an admin of my own mail server, I am actually blocked from MS and Google mail servers. So I add that to the msg “could not email you because your server blocked me likely due to an overly aggressive anti-spam policy”. (Of course tech folks know anti-spam is the excuse that ppl just accept without question… it’s really about the bottom line of MS reducing the cost of spam mitigation using sloppy techniques that are high in collateral damage because it has the side-effect of forcing more people onto the platforms of tech giants which effectively grows the monopoly).

For me email to MS and Google users is trivially wholly the wrong answer as climate is not my sole issue. Feeding my oppressors (surveillance advertisers) is a hard NO anyway. Perhaps my stance is a hard-sell to folks who narrowly care about the environment but not privacy, consumer rights, tech rights, etc. So I am curious what people think strictly from the environmental case that I’ve made.

You said it yourself that most companies use these services so unless you can convince thousands of IT admins to pull the plug, the only impact will be a slight increase in emissions from paper mail.

Dropping off a paper letter is like a ballot. You are voting against whatever shitty digital system they are attempting. It’s important to support analog systems for at least as long as the digital systems are in a shitty state. So it’s not just a vote against crappy tech but simultaneously a vote that says “we need to keep analog mechanisms around”. But unlike voting, you need not have a majority. You just need to get attention, which could happen with a well written letter amid a few other letters perhaps w/out reason and the right receiving staff. If the recipient does not give a shit, then indeed it takes enough paper letters to impact the bottom line before they start asking questions, assuming they care about the bottom line.

Sure, but what about the recipient? You overlooked ¶2. It’s not your choice what the other person uses. Of course if the other person has chosen well, and you have also chosen well, then email is the right answer in that very rare case.

I do an MX lookup every time I need to reach an agency or company. My script output looks like this:

$ lookup someone_i_need_reach@govagency.tld

(fail) no PGP key found in public key servers!
(fail) E-mail content is shared with 'Microsoft Corporation', a PRISM company!  Output from dig:
   10 govagency-tld.mail.protection.outlook.com.

I think we are in the 95% territory for their provider being Google or MS (usually MS; Google is more common for individuals). The vanity addresses are deceiving.

That reminds me ­of another possible action. I sometimes provide an onion email address and/or an XMPP address with my correspondence. MS and Google cannot handle onion email addresses or XMPP, so this is a way to give recipients a digital option while preventing MS and Google as MitMs. If they are driven enough to use the email, they will be forced to use a better provider.