天空вℓσи∂ @skyblond@qoto.org

DO NOT trust Windows explorer's copy function. Use FastCopy and verify your file.

Pause the sync when you keep changing your files, no matter what sync client you use: Google Drive, MountainDuck, or dropbox.

Use something like 7z and rar to provide some abilities to check file integration.

----

Today I got 30+ files with 0 bytes (the file should be 5MB~10GB), and about five files with missing content (should be 20+MB, but only got first 5~6MB synced).

Those are files I copied from Google Drive and pasted to MountainDuck. I don't know how I got those broken files, but I think it's related to Google Drive. I had a similar experience where the file on Google Drive is good, but downloading gives a broken file. And the sync part, the MountainDuck seems like using timestamp only and choosing the newer file, even if the file in the local disk is bigger while the last modified timestamps are the same.

It's already 3 AM. Have to go to bed.

Good night.

(For English translation, skip the Chinese part.)

打完喷射战士，睡前看了一眼新闻，发现英国女王去世了。
​
​我想，伊丽莎白二世除了作为英国女王，可能也象征了一代人。这一代人经历了二战，经历了战后重建，经历了冷战，经历了互联网革命，也经历了我们这一代小鬼是怎么加入又退出欧盟，怎么愚蠢又聪明地推动了各种各样的社会变革，当然，她也和我们一样，见证了新冠肺炎，见证了安倍遇刺，也见证了许多其他可笑而荒谬的事情。女王去世了，这一代人也逐渐消亡，接手的下一代未曾经历过战争，不曾亲身体会到生命的脆弱与自由的可贵。我们，会把人类文明塑造成什么样子呢？
​
​我不知道。我无从预测未来这个世界将向哪种方向发展，也不知道中国将会发生何种变化。但我对这二者皆持有悲观态度。
​
​逝者安息，R.I.P.

(Below is the English translation)

After playing Splatoon 3, I glanced at the news before went to the bed, and I noticed Queen Elizabeth II had died.
​
​I think, in addition to being the monarch of England, Queen Elizabeth II may also symbolize a generation. This generation has lived through World War II, through post-war reconstruction, through the Cold War, through the Internet revolution, through how our generation joined and left the European Union, and how stupidly and cleverly pushed all kinds of social changes. And, of course, she also, like us, witnessed the covid, witnessed the assassination of Abe, and a lot of other ridiculous while absurd things. The Queen passed away, and this generation also gradually passed away. The next generation who took over has never experienced a war (part of them, they do), and has never experienced the fragility of life and the value of freedom. How will we shape human civilization?
​
​I don't know. I can't predict which direction the world will take in the future, nor how China will change. But I am pessimistic about both.
​
R.I.P.

Just checked Nintendo's netcode (first heard about this word) while waiting for splatoon 3 to unlock.

https://oatmealdome.me/blog/splatoon-2s-netcode-an-in-depth-look/

https://oatmealdome.me/blog/an-in-depth-look-at-the-splatoon-2-ranking-system/

And some people said they would use a new system called NPLN, but I didn't find too much info about that.

It's amazing to see the player community can do such a great reverse engineering, while Nintendo didn't reveal anything (despite some accidental debug info leak).

Hopefully they won't take down Java's mod community to improve player safety and data privacy.

But frankly speaking, this is a good job. When I saw my steam account's history name, I want to DIE (Younger me is so stupid).

This is much better than the reporting system.

----

Mojang is about to make big changes to usernames https://youtu.be/XIU4ECWPDAs 来自 @YouTube

*Me scrolling through the app*

Who posted this super long post? Why can't they make things short?

*Look carefully*

Oh, it's me.

And... I got the speed wrong last night.

I thought I was using a proxy server hosted on Hetzner, but I was actually using a Japanese server.

With a DE proxy not hosted by Hetzner, I got 240 Mbps download, as same as the Google drive (and I think this is the limit of my downlink). The uplink speed is the same.

Solved the mounting issue with mountain duck.

Solved the folder sync/backup issue with duplicati.

Now I can cancel my Google One subscription and call it a day.

So, how can I know if my Windows/Android/some social media platform is tracking me or not?

I don't know. You don't know. Only they know. Since it's a blind watermark or steganography, by design, no one should notice and know the existence of the hidden info, unless they know the mechanism beforehand. The LSB, 2D Fourier transform, jstep methods are old and known by the public. However, it would be easy to develop their way, maybe from scratch, or based on advanced research and paper.

The best way to defeat is turning your screenshots into only white and black, aka binarize. By doing so, all info in the pic will be significantly decreased, while the text on the picture can still be read. This method doesn't work with pictures. Another way to defeat it is taking a photo of your screen, but it's not 100% time working. People have tools to remove hidden info in the picture, and they released their code on GitHub. However, I want to warn you that they are not 100% working. They can only handle the watermark/steganography they know. Just like virus scanning, they can only find the patterns they have already known. You must develop your own methodology to keep yourself safe, like no login if not required, using proxy/vpn/tor, using a virtual machine, describing what you see instead of sending a screenshot, etc.

Automated tools can't solve everything. That's why we need security researchers and people at EEF to keep watching on all possible threats.

(This is the end of the thread)

I talked about this with my friends. This is not the first time that a blind watermark has been used to track the flow of info. They usually are used in enterprise situations, where you want to know who takes a screenshot of the internal IM app and sent on the internet, and I think this is acceptable.

However, tracking regular users is kind of crossing the line. After 30 minutes of diving into the steganography and blind watermark, I think most apps use the blind watermark when dealing with screenshots.

Steganography like LSB or jstep, or even 2D Fourier transform, is not practice. Thinking about LSB or jstep. I post a photo on qoto. No matter your client, it's a small picture on your device. You take a screenshot of what I said with that pic. With this significant scaling, I think most info is lost. With 2D Fourier transform (add high-frequency info to the pic), it would be hard for an app to do this, since they cannot change how Android or iOS render the button, etc. However, I think a modified ROM or hardware can output something secretly when taking screenshots or photos. A simple solution is to encode the Google/Xiaomi/Huawei account id, or IMEI in the screenshot or the photo, and considering this is not a massive amount of information, it shouldn't cause too much interference to the pic. And since it's system/hardware level, it's hard to notice.

The more common way is the blind watermark, aka, an invisible layer with graphical info, like text, on top of the app. The invisible layer tends to use 0.5% transparency, so it can't be detected by the naked eye. However, if you apply a random color map, aka map each color to a random color, the similar, hard-to-detected color will be mapped to a different color, which is likely to be easily detected.

As far as I (and other people on the internet) know, only the watermark is used to track people in public, based on how many things can the target platform control (mostly App).

Also want to talk about the blind watermark on some Chinese social medias, to track user across different platforms.

It's extremely dangerous when someone post those screenshots with their identity to something like twitter, since twitter is blocked in China, and the police can catch and charge you if they can proof you have the account on those platforms.

The best way to defeat that is turning screenshots into pure white and black, works with text, not work with pics.

... And it's too late, I'm on the bed. I'll keep talking this tomorrow (if I can remember).

Even though the people are active at a late time (1:30 AM here), and with a not-so-beautiful web panel compared to Twitter (I'm a PC guy, while my friends prefer mobile), I still love using mastodon.

Seeing different people from different instances reacting to my post is fantastic! And I was amazed by how fast my post spread across the mastodon network (when you need minutes to sync between P2P nodes).

(And I just noticed, even with Grammarly, my English is still bad, by not taking Grammarly's suggestions, LOL)

(You definitely can understand what I'm trying to say, right? ...Right?)

I'm thinking about switching from google drive to dropbox, due to safety reasons (I don't want any suspicious AI spy on my files). Today I noticed the Hetzner Storage box and mountain duck.

Hetzner storage box offers 1TB network drive for 3.2 EUR per month, and mountain duck offers a way to mount that network drive on Windows, with a 39 USD one-time fee. The software is made in swiss.

Due to the god damn GFW in China, the speed can't go over 100KB/s without proxy. Thankfully, with my proxy server set up on the Hetzner FSN datacenter, the upload speed is faster than 4MB/s, which I think is the limit of my network. The download speed is also not bad: 8MB/s at the beginning, drop to 2MB/s, sometimes stuck at 2Mbps. Not sure who should be blamed for this, since there are too many participants involved: mountain duck, my transparent proxy, my network ISP, the proxy server on Hetzner, Hetzner storage box, I don't know. But with WebDAV, it supports random access, which means I can stream a video and scroll back and forth without waiting for the stupid client software to download the entire file (It's you, Google Drive Client).

The price is also the cheapest. Hetzner's price is equivalent to 38.16 USD per TB per year (BX11, with BX41, you get 24.246 USD per TB per year), while Google Drive (2TB annually) is 49.995 USD per TB per year, and dropbox (2TB annually) is 59.94 USD per TB per year. The proxy server is kind of required no matter which service I use, so that's not a big game changer.

I will try this configuration for a while. If I think it's good enough, that would be a great deal.

Recently I'm actively seeking replacement for telegram, since it's not reliable anymore (taking free user's account without any notification). I have tried matrix. It sounds good, but your experience mainly depends on your home server. I set up 3 accounts on matrix.opensuse.org, matrix.qoto.org and matrix.org. The experience is different. The matrix one is the default one, as expected, I need proxy to connect it, beside that, everything works fine. The qoto one is not that smooth, there are lags and errors during my test (matrix.org server cannot connect to the qoto server, I don't know why). The openSUSE one is pretty good, I use their matrix service for almost a year, and the most important thing is I can directly connect to it without using any proxy in China. So, I delete my other 2 accounts and keep using the opensuse one.

Today, Google play recommended me an app called ThreeMa. A one time paid app which offers a full anonymous communication. It don't need any private info to register (while matrix use email, opensuse server use their own SSO login). And it's also e2ee, just like matrix, it also support file, video call etc. And to my surprise, it's not banned in China, I can send message to the echo account without using any proxy (but might be blocked in the future).

I guess they are my current backup communication app for now.

(Also, Briar did a good job too, it can make communication happens only using Bluetooth, WiFi or internet over tor, but it only works on Android, and doesn't have any advance features, it's a good replacement when internet is down or we lose internet access like North Korea)

魔術師解析「扒手」電影片段，示範偷錢包手錶、偷換牌等戲法！ Magician Reviews Visual Tricks Scenes｜經典電影大解密｜GQ Taiwan

https://www.youtube.com/watch?v=fych2e9pRi0