The Social Web Foundation Adds End-to-End-Encryption to Mastodon and Why This Is Probably Not a Great Idea

---

As gregarious as people are, they also love their privacy. Eavesdropping, reading over the shoulder, going through personal affects? Everyone can agree, it is egregious behavior when your privacy is violated, even when justified. Thusly, it is in one's nature – innocent or otherwise – to engage in the right of privacy. What people do not have the right to, is to demand provision of this privacy from external sources. Historically, you learn to wear your own mask, to bury your own secrets.

Simultaneously, we continue to see that people are contrarian. As much as the people love their anonymity, they equally love their identity, expressing themselves in both private and public spaces such as bars, clubs, boardwalks, or even Social Networking Services (SNS) like Mastodon. Within these spaces people hold a reasonable expectation to both privacy and respect, i.e. not to be harassed, mocked, doxxed, stalked, have their personal space, or likeness violated, etc. Unfortunately, this cannot always be guaranteed in public or even in private spaces, leading us to the necessity of moderation, which we will touch on later.

Considering these facts, you are likely to enjoy the idea of secure and private conversations with your associates. If this is the case, you are probably looking for a service that offers End-to-End-Encryption (E2EE). There are many services to choose from, some more secure than others. Whatsapp for example offers convenient but highly insecure E2EE, while Signal Messenger offers a less convenient, but more secure implementation.

---

E2EE explained simply is when everyone has two keys and a signature. You generate these keys, one public, one private, then start trading public keys and signatures with known associates. When you send a message to anyone, it will be encrypted using their public key & decrypted only by their private key. Your message stays secure in transit. Seal that letter with your signature we mentioned and you've proven yourself as the origin, avoiding impersonation.

Note: E2EE doesn’t stop the network from seeing who talks to who, when, or how often – “privacy” is leaky even if message content is encrypted.

Many individuals – including myself – have recommended using PGP's key generation, signing & message encryption/ decryption capabilities to send encrypted messages “anywhere”... this is less than ideal in 2026. The author of The PGP Problem – lvh – stated that if you want to talk,

Use Signal. Or Wire, or WhatsApp, or some other Signal-protocol-based secure messenger.

Modern secure messengers are purpose-built around messaging. They use privacy-preserving authentication handshakes, repudiable messages, cryptographic ratchets that rekey on every message exchange, and, of course, modern encryption primitives. Messengers are trivially easy to use and there’s no fussing over keys and subkeys. If you use Signal, you get even more than that: you get a system so paranoid about keeping private metadata off servers that it tunnels Giphy searches to avoid traffic analysis attacks, and until relatively recently didn’t even support user profiles.

As for email?

Don't.

---

Now that we have explained what E2EE is, 'The PGP Problem', and the use of dedicated tools, let us take a look at this – From the Social Web Foundation, Implementing Encrypted Messaging over ActivityPub:

“Encrypted messaging has become a common feature on many social networks since ActivityPub was created, and its lack has inhibited Social Web adoption and public trust in the network.”

Do you genuinely believe the lack of E2EE is keeping the masses at bay? The grandmas and grandpas who just want to message their grandchildren? The mothers who just want to know when the next soccer meet is? I assure you, not a single “normie” is worried about E2EE unless they have swallowed marketing material. Perceived low conversion rates are because these people are literally addicted to their dopamine apps. The “Social Web” is fundamentally not Facebook, that is what you're observing.

---

Everyone has some expectation of privacy, particularly in regards to federated SNS. Many users are tired of service providers like Facebook “harvesting their data points for actionable business insights” leading them to options that provide a semblance of self agency and sovereignty. On one hand, these services do not traditionally track users, on the other hand, ActivityProtocol (AP) is running behind the scenes as the language of many of your favorite services, i.e. Mastodon. This type of protocol and the way it behaves is referred to as a broadcast protocol. Everyone, everywhere can see you and what you do, who you talk to, and when.

This is especially true when the other server is not fully respecting the protocol, when disrespected, “private” accounts and posts requiring follower approval may not be entirely private. This can lead to confusion and anger between users and operators for being followed by people who shouldn't have access, bots, or tracking services, each of which are disrespecting wishes, consent, or the protocol.

Because of these quirks, there are some nuanced avenues for harassment I will not outline here. Actively processing, investigating, and remediating the deluge of reports in the attempt to promptly moderate against rule breakers, abuse, harassment, exploitation, scams, etc. is already a Herculean and Sisyphean task. Due to abuse by both network users and operators, there are now regulations around the world regarding data retention or lack thereof, along with legal obligations and potential demand.

---

Everything so far leads the question with E2EE & SNS to quickly become: How do we deploy this at scale, without breaking moderation, without confusing users, & without inviting legal or security failure?

If an operator offers E2EE on an SNS like Mastodon – due to the nature of the protocol being comparable to a public space – suddenly we see the landscape become exponentially difficult, if not impossible to moderate. Operators will place themselves into the unfortunate position where they cannot properly serve and protect their users, or their legal obligations. Additionally, if you offer a secure service and it is not secure or your implementation is bad, what will you do if a litigious troll attempts to sue?

To introduce E2EE into public‑facing SNS while simultaneously trying to “solve” abuse, moderation, & legal exposure, the path of least resistance is likely to be “just verify everyone”, pushing identity‑linked, KYC‑style identity checks as a way to “anchor” trust & accountability. The loudest users and largest operators may start demanding identity verification to ease this friction.

---

This appears in the long run to be potentially bad for privacy, and it’s exactly why I strongly believe E2EE should be kept out of the core social layer & kept within dedicated tools instead. If people want to hide themselves, they have many options – third party clients, applications, and tools – as they have always had the ability and right to do/ use. It is not the operators responsibility to provide their users the ability to hide. Don't know how to encrypt your own messages? Talk on Signal. Mastodon is a public space, take your private conversation elsewhere. Don't forget, people were writing encrypted messages by hand before computers.

The cost outweighs the benefit. Please, make the sane decision, don't over complicate the backend and keep the public social layer unencrypted. Mastodon is a public space, use purpose built tools like Signal for your private conversations.

---

P.S. You do not need E2EE everywhere. If you indiscriminately E2EE with everyone across your personal, business, and social life, then a single impersonation can spread everywhere. At that point, the question becomes: how do you prove an imposter is not you?

---

Yes, at the moment these are optional features, but we ultimately teach our users unsafe and unsanitary practices by telling them it is alright to shit where they eat. Once it is the social norm, even if optional, it will be hard to offer a service that doesn't let users shit where they eat. In the long run this idea appears horrible. As the user, why are you putting the burden of your secrecy on the operator? As the operator, what will you do when users start placing the burden of their secrecy on you?

Source: https://socialwebfoundation.org/2025/12/19/implementing-encrypted-messaging-over-activitypub/

---

Update: Was informed of and removed mention of GPG as it is insecure, that same friend just provided this article as well, it is a wonderful read, and I will be updating this piece accordingly:

https://www.lvh.io/posts/the-pgp-problem/

Second Update: Removed this following section and updated due to old/ misinformation -

If you want to send encrypted messages anywhere, regardless of service, you could do-it-yourself by using PGP's key generation & message encryption/ decryption capabilities, alongside something like openBSD's Signify for signing and verification. There is also terminology like key rotation and key recovery but these over-complicate things for a simple chat between known associates.

Trade public keys, treat private-key leaks as full identity compromise, and keep circles small to foster high-trust networks.

screenshot of a windows 11 vm guest with gpu hardware acceleration

the first thing that came to my mind when you need to have a gpu passthrough, Often it requires another secondary dedicated graphics card that's unused by the host. if not that, then paravirtualization solution such as virtualbox/vmware/spice guest tools, or virgl3d.

but then we have sr-iov which specially targets a intel processor computer that let us create a virtual function (VF) of Intel UHD Graphics iGPU. This lets us to be able to do gpu passthrough to our VM without needing to have it being unused. in this blog, i will talk on how i set this up

disclaimer: sriov is still considered experimental. things might break here if you're unlucky, but it shouldn't be.

setting up

you will need to ensure that the intel processor that you are using is Gen 9.5 and newer for the best experience as possible. Ensure that both VT-x and VT-d are enabled on the bios settings so you can use IOMMU for hardware passthrough, otherwise you will still limited in paravirtualization.

the operating system that i use at the time of this writing is arch linux. kernel is the default arch kernel. since sriov hasn't getting mainstreamed yet, so we just install the i915-sriov dkms module via aur:

yay -S i915-sriov-dkms

just to make it compatible with other kernel, i will use the dkms variant since it's easier to maintain and switch kernel back and forth just in case.

for your convenience, please add yourself to kvm group: usermod -aG kvm you

kernel

continuing, we begin by explicitly making the kernel to enable intel iommu by adding this to the kernel boot param. 1 VFs is generally enough. you can pick which driver you will want to use in between the two:

i915:

intel_iommu=on i915.enable_guc=3 i915.max_vfs=1 module_blacklist=xe

xe (the new experimental driver. you will need it if you have for like, Intel Arc/Iris):

intel_iommu=on xe.max_vfs=1 xe.force_probe=device-id module_blacklist=i915

You can also try to use xe on iGPU, however given how new this driver is, it might be unstable

To get device-id, You can obtain it by executing lspci -nn | grep -i vga and then obtain the 16 bit hexadecimal digit of the iGPU id:

[yonle@yonle ~]$ lspci -nn | grep -i vga
0000:00:02.0 VGA compatible controller [0300]: Intel Corporation Alder Lake-UP3 GT1 [UHD Graphics] [8086:46b3] (rev 0c)

as you see here, the device id of my iGPU is 46b3, which then you will use this for the boot param above and later on.

now reboot, and then check dmesg to see whenever SR-IOV is actually loaded properly:

[yonle@yonle ~]$ doas dmesg | grep -i sriov
[    5.169765] i915: You are using the i915-sriov-dkms module, a ported version of the i915/xe module with SR-IOV support.
[    5.169767] i915: Please file any bug report at https://github.com/strongtz/i915-sriov-dkms/issues/new.
[    5.169768] i915: Module Homepage: https://github.com/strongtz/i915-sriov-dkms
[    5.289502] intel_sriov_compat: loaded

replace “doas” as “sudo” if you use sudo.

if you saw intel_sriov_compat: loaded, you're good to go.

making the virtual function

technically, you can manually load it via command line. but for some reason it might give you more works than necessary to get your things working.

so, assuming you're on arch linux, make a systemd-tmpfiles config specifically to make just 1 vf. edit /etc/tmpfiles.d/i915-set-sriov-numvfs.conf:

#Path                                              Mode UID  GID  Age Argument
#Uncomment the next line and change the argument to the number of VFs you want
w /sys/devices/pci0000:00/0000:00:02.0/sriov_numvfs -    -    -    -   1

and then, make a udev rules to block vf (except host) to be used as a main by host (eg, your main de/wm). edit /etc/udev/rules.d/99-i915-vf-vfio.rules:

ACTION=="add", SUBSYSTEM=="pci", KERNEL=="0000:00:02.1", ATTR{vendor}=="0x8086", ATTR{device}=="0x46b3", DRIVER!="vfio-pci", RUN+="/bin/sh -c 'echo \$kernel > /sys/bus/pci/devices/\$kernel/driver/unbind; echo vfio-pci > /sys/bus/pci/devices/\$kernel/driver_override; modprobe vfio-pci; echo \$kernel > /sys/bus/pci/drivers/vfio-pci/bind'"

note: replace 46b3 with your gpu device id that you obtained above.

then, reboot.

you must see 2 iGPU now when running lspci now:

[yonle@yonle module]$ lspci | grep -i vga
0000:00:02.0 VGA compatible controller: Intel Corporation Alder Lake-UP3 GT1 [UHD Graphics] (rev 0c)
0000:00:02.1 VGA compatible controller: Intel Corporation Alder Lake-UP3 GT1 [UHD Graphics] (rev 0c)

remember: your guest must only use the vf one, in this case, it's 0000:00:02.1

kvmfr

as we're also going to use looking glass, let's prepare kvmfr for the shared memory.

first, ensure that your kernel header has been installed properly before installing the dkms module.

installing manually

obtain the source code tarball from here, and then extract module folder, and then,

cd module
doas dkms install .

caution: you must rebuild the DKMS on each kernel update / when you switch to different kernel.

installing via AUR

yay -S looking-glass-module-dkms

👍

configuring kvmfr

you should be able to load kvmfr now:

doas modprobe kvmfr static_size_mb=32

the looking glass docs has a fantastic explanation on how do you determine a shared memory for your DMA, which you should read.

now, let's make this module gets loaded automatically on boot. First we need to set the default kvmfr load param by editing /etc/modprobe.d/kvmfr.conf, then putting this:

options kvmfr static_size_mb=32

then edit /etc/modules-load.d/kvmfr.conf and add this:

kvmfr

now, we make a udev rule to ensure that the device got a proper permission. edit /etc/udev/rules.d/99-kvmfr.rules:

SUBSYSTEM=="kvmfr", OWNER="user", GROUP="kvm", MODE="0660"

replace user with your username.

to apply the udev permission immediately, do

doas chown you:kvm /dev/kvmfr0
doas chmod 660 /dev/kvmfr0

now edit /etc/libvirt/qemu.conf, and uncomment cgroup_device_acl and add /dev/kvmfr0 in it:

cgroup_device_acl = [
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/userfaultfd",
    "/dev/kvmfr0"
]

then restart libvirtd daemon.

make a vm

we will use libvirt with virt-manager as the client.

the vm that we will create will be a Microsoft Windows 11 VM.

before you begin your installation, Do a customization first. On [Overview]'s XML, Replace the following top:

<domain type="kvm">

with this:

<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">

and then, add the following inside the <domain> field:

  <qemu:commandline>
    <qemu:arg value="-device"/>
    <qemu:arg value="{'driver':'ivshmem-plain','id':'lg','memdev':'looking-glass'}"/>
    <qemu:arg value="-object"/>
    <qemu:arg value="{'qom-type':'memory-backend-file','id':'looking-glass','mem-path':'/dev/kvmfr0','size':33554432,'share':true}"/>
  </qemu:commandline>

replace 33554432 with your calculated shared memory.

then, [Add Hardware] –> [PCI Host Device], Look for your VF iGPU (from the previous lspci, it must be 0000:00:02.1)

remove the existing keyboard and tablet input, and make new inputs for both things with virtio bus in it. Additionally, If there's “EvTouch” or anything outside of “ps2” and “virtio” inputs, you may also want to attach it too.

and then proceed installation with vga as usual until you finished installing the OS with Intel Graphics Driver and Windows Virtio Drivers installed.

Since i'm in Gen 12th alder lake, I installed the ones with version 32.0.101.7085 as of the time of this writing (or, “Intel® 11th – 14th Gen Processor Graphics – Windows*“).

you should only need to install Intel Graphics Driver and that's all it takes to work. after installation, reboot to ensure that the driver is actually being loaded properly and then check via device manager (right click on the start button and then go from here). it should look like this:

note: i will guide you on setting up Virtual Display Driver from here

until looking glass and VDD has been configured, you must not turn VGA to None until you finished following the steps below

Virtual Display Driver (VDD)

usually, you use a dummy HDMI or DP adapter to make GPU start drawing a screen. Since we can't do that via VF, We basically make a screen of our own here.

open your terminal, and execute

winget install --id=VirtualDrivers.Virtual-Display-Driver -e --source winget

once succesfully installing it, open new terminal tab, and type

& 'VDD Control.exe'

It will launch new window looking like this:

Press [Install Driver] and proceed driver installation. If succeed, The OS will make an animation as if a secondary monitor has got plugged in.

Looking Glass

Now, Install looking glass on your host machine:

yay -S looking-glass

and then on your VM, Install the Looking Glass Host, which you can obtain from here,

after getting looking glass host started in VM, try connecting it on the host machine by just typing looking-glass.

if you saw the virtual display monitor from here, then congrats. your setup works properly.

now, power off your VM, and then set VGA to None. and then start the VM. The console display won't be visible, then launch Looking Glass on your host machine again.

after you finished configuring the display here, it should look like this now:

audio enhancement

the default ich9 sound driver suffer through latency issues if got bombarded with a lot of things all at once, especially rhythm games that requires low latency.

we can use scream audio driver here. but do the following first: – ensure that the network card is virtio, if not, switch to it – remove ich9 audio card

for arch linux, you can get scream receiver via aur:

yay -S scream-git

and then just launch the receiver in the background:

scream -u -o jack -i virbr0

note: this assumes that your setup is using pipewire, and it's recommended that you use jack as the output. ensure you have pipewire-jack installed on your host.

note2: in case if you need a serious low latency audio need (eg, editing, rhythm gaming, etc) and jack did not make it well, use sndio, however this would require all apps on your system to not even playing any audio first.

while it's chilling in the background, let's set up the windows driver for it.

first, turn on test mode. open terminal as administrator (right click start –> Terminal (Admin)), run:

bcdedit /set testsigning on

then restart the vm. You must see [Test Mode] on the bottom-right corner of your wallpaper.

download the non-source zip (Usually named in ScreamX.X.zip) from here, extract it, Navigate to <scream folder>/Install/driver/x64/ and open terminal as an admin here, then run:

pnputil /add-driver .\Scream.inf /install

before we finally disable test mode:

bcdedit /set testsigning off

configure the scream audio driver via registry editor. in this case, it can be done via command line below:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Scream\Options /v UnicastIPv4 /t REG_SZ /d "192.168.122.1" /f
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\Scream\Options /v UnicastPort /t REG_DWORD /d 4010 /f

Replace 192.168.122.1 to your local address of your host that's being assigned by your virtual bridge, eg virbr0.

and then reboot.

caveats

• if you only loaded i915 with xe blacklisted, any activities on the host (except the guest) that has involvement of vulkan may start slowly / temporarily stall the entire drm. this can be fixed by trying to use the xe driver instead, however
• xe can get both OpenGL and Vulkan properly, but might stall the entire drm once the vm finished booting

loading both drivers simultaneously does not currently resolve these problems.

if these issues become annoying, consider adding a separate bootloader entry that disables SR-IOV and IOMMU entirely. This allows you to boot into a normal configuration when you don't plan to run a VM.

extra

if necessary, you can try debloat your windows VM by using these tools: – raphire/Win11Debloat to remove most of the bloats – es3n1n/defendnot to disable windows defender by pretending there's other antivirus in order to reduce load

cpu usage:

ram usage:

extra note: if at some point you plan to do gaming here, including low latency gaming, consider attaching your input devices (keyboard, mouse) into your VM via passthrough, as the existing input grabber is meant for a normal workstation purpose.

extra note2: given that you have installed virtio drivers above, switch your VM network card to virtio for best performance.

extra note3: if you're still overwhelmed by both visual and audio latency even with solutions above, consider using dGPU passing and passing external soundcard into VM instead.

---

if you need to see how the config looks like on the system, you can check on my dotfiles to see what has been configured here and there.

troubleshooting

looking glass suddenly stuck on [The host application seems to not be running]

the VF of your iGPU could have been overwhelmed probably due to multiple reusage (eg, constant reboot, you suspended your laptop while VF is still in effect, etc). to fix this, try reboot your host. if this still didn't fix the problem, then try reinstalling the intel graphics driver inside the VM.

mouse sensitivity is way too high on looking glass

trying to navigate the display without capturing your mouse will have this kind of behavior by default. enable capture mode by pressing the looking glass's escape key (the default is scrolllock. you can change this by setting -m KEY_<KEY> when launching looking glass via command line).

---

aand that's it.

for references: – Looking Glass B7 Installation Documentation – i915-sriov-dkms docs – Libvirt: Domain XML Format documentation – Github: Scream audio driver README

honorable mention: My best friend ArionnLovelace for informing me with his experiments and then help me a bit

happy VM-ing once again.

p.s.: you can try to apply the same logic if you have a spare dGPU by skipping the intel sr-iov & iommu step

there are times when i join a group of some sort just to hang out with these folks, literally have zero goal of being their “member” or “part of their goals” or something.

but then i got dragged.

years ago, when some of the people from that group saw me somewhere outside of the platform that i was in to talk to these folks, first thing that happen to me when these folk saw me first is basically,

are you XXXXXXXX member?

wasn't once, twice. if you know that was me, can you just, not drag that to where i was in

as if i am being the representative of the organization that I literally have zero goal on being participating with? to put on top of that, despite the requirement, i literally never joined or requested for joining their github org.

honestly, it felt like i was being watched. one thing that's obvious here, i really despise someone who literally take any kind of member to be their organization representative like literal, where if one did bad thing, then they got relentlessly fucked to death to the point they reach out to the irl stuff.

ever since i disconnect myself from that place, it never felt anything better. for one, there's someone who just realized why i despise a lot of things from them and then afraid of me hating them for eternity. “you just gave me a new lesson”, they say. does their trial and errors is all done for the sake of “lesson” that would be only better to them? the scratch is still on my mind.

i accepted their apologize. but i remain despising how it all went.

it's simply no good.

College. first year – April 9th 2026

right now just majoring CS in my College. Still on the first year so i don't expect much or even thinking that i would success on this one.

Simply said, i'm in the college simply just wanna learn new things. If i can't really finish some of the assignments properly, then so be it.

the first semester score of mine is lower than everyone else compared. quite surprising, but i don't really mind as i know why that is as it's mostly all my fault

wish i can be careful on this one.

short journal: January 13th 2026

It's January 13th 2026 as of the time i am writing this.

This year, is different. Now I basically live independently from the previous high school years where i was close with my mom, continuing study by going to a rather simple college. I must be honest here, I did not perform really well and ended up repeating what i did during mid and high school: Ignoring assignments, which now i had a bunch of them stacked which makes me never stop thinking about it.

Since i move to a city, I learned lots of things on my own with the help of various technologies that we basically knew, And also listened to some of my friends about what his past life was, and how he's doing today, and what he learn from what he experienced, etc.

Meanwhile, I still have no job yet. I do plan to make my own little business with the skills that i have, But i really have zero experience on doing business at all. So it's between wanting to had a job or making a little business by my own will.

I am still financially funded by my Dad. I do plan to be independent... I actually know many ways to earn it but i am the one who refused to do it... Simply said, I am really stubborn. Quietly stubborn. To be honest, I really need to control myself to be not so picky.

Well, I wish i can get myself a little better and achieve what i am trying to accomplish... But for now it seems impossible.

That's all from now. Until the next time.

Yonle January 13th 2026

foto: laptop lamaku

sebelumnya, saat saya sedang mari laptop untuk menggantikan laptop lamaku yang Pentium T4400, gw ketemu juga sama laptop-laptop ThinkPad, terutama di mall-mall di Batam seperti di Nagoya Hill. Setiap ThinkPad yang ada disini berbeda-beda modelnya, namun setelah ku lihat,

sebenarnya tidak ada satupun laptop yang dijual memiliki spek yang kurang nanggung untuk harga yang sama dengan laptop yang aku pakai saat ini.

rata-rata processor yang dipakai di Thinkpad ini berkisaran i3 sampai i5 yang hanya terbatas pada gen dari 6 sampai 10. Itupun dengan RAMnya kadang nanggung juga speknya tak peduli jika ku pakaikan linux ke laptopnya.

pada akhirnya, aku beli MSI Modern 14 C12MO yang memiliki prosesor i3-1215u (alder lake, gen 12), dengan NVME Phison 256 GB & RAM sekitaran 8 GB. Walaupun RAMnya masih nanggung, namun untuk harga dan pilihan yang ada, kira-kira inilah yang cocok untuk kerjaanku yang dimana lagipula, Gw bukan seorang gamer yang sering ngegame berat.

“[brand] punya masalah engsel”

awalnya kenalan kuliahku infokan bahwa laptop MSI condong rentan sama masalah engsel, namun menurutku ini masalah yang sebenarnya biasa di semua laptop jenis engsel verleher 2. Jadi maupun aku beli yang bermerek ASUS vivobook pun, secara durabilitas sama saja.

pemakaian dengan arch linux sudah lebih dari 6 bulan, dan syukurlah masih awet.

kebetulan, ada orang yang beli laptop asus atau thinkpad karena sparepartnya mudah dicari, namun menurutku,

semakin tua umur sebuah laptop, maka semakin langka pula sebuah sparepart untuk bagian-bagian laptopnya. Merek apapun laptop itu, Sparepartnya tetap sulit dijangkau walaupun stoknya banyak.

framework, walau secara desain memang modular, Secara spesifikasi & modal sebenarnya nanggung. Itu pula belum termasuk biaya bea cukai / pajak dll sebagainya yang dikirim antar benua.

jadinya, laptop apapun itu, sebaiknya dijaga sebaik mungkin apapun mereknya. walau sparepartnya ada, kadang ngeservisnya yang bakalan ribet atau justru nanggung sampai di titik dimana lebih waras menabung untuk menggantikan laptop dengan laptop baru.

---

pokoknya poinku begini: fokus pragmatis dulu. jangan beli gegara gengsi atau branding atau janji-janji segala macem kalau ujung-ujungnya bakalan sama aja kayak hardware lainnya.

---

sepucuk tips sederhana.

jika ada sebuah model sebelahan yang memiliki spek yang 2x lipat lebih besar dengan harga yang 10% lebih mahal daripada opsi yang kamu kejar, lain kali tabunglah untuk mesin itu.

kadang ada kalanya kamu mungkin awalnya agak terganggu sama dompet yang kering, tapi lama kelamaan hasilnya tidak akan mengecewakan. karena sebenarnya, kadang beli yang kecil lebih mengecewakan dan kandang malah merugikan.

In physics, we basically do measurement on all things that can measured. We see a phenomenon or an object, we observe it, take a measurement, and make a mathematical model for describe and predict the behavior of those things.

Since ancient times, Human love to compare things. Imagine if we want to take a free pizza from a party, we would try to see which one is bigger or smaller piece, and of course we will take a bigger piece, right? but how do we know it is bigger that the other piece? simple, just compare it with other piece and you can tell by just looking at it. hey it is a bigger pizza.

Then, there is a question, if something is big, how big is it? If something is long, how long is it compared to another one? Which one is actually bigger? We cannot just say “big” or “small” without knowing how much, right? So we need a way to compare a quantity with another quantity of the same kind. From there, math number is introduced to define and express that quantity clearly.

lets take an example, there is a book and there are identical pens. how we can define how long that book is? we can put pens in row along book and we can tell

“Hey, the book is two pens long”. The length of the book, which is what we measure, is called a quantity. The pen is the object we use as a comparison, which we call a unit, and 2 is the measurement value. With this, we know the length of the book equals the length of 2 pens.

That is measurement. Measurement is the process of comparing a object quantity with another object as a unit. We only can do measurement with comparing quantity with same quantity. length book with length pen, weight with weight, and much more.

The Systeme International (SI) of Units

Imagine we take a measurement like in the example before. Lets say our friend measures the same book using his own pen as a unit of comparison. There is a problem here are the length of his pen might be different from ours, right? If that happens, the measurement value can change. The book might be measured as 3 pens long simply because his pen is smaller. This can lead to confusion.

Now, let’s say another friend measures the same book, but instead of using a pen, he uses a marker, which is a totally different unit. He might find that the length of the book is one and a half markers, while we got a result of 2 pens. This means we can try to convert our unit (length of pen) into his unit (length of marker), which sounds great. However, there is a problem, the conversion process can lead to inaccuracy.

This problem actually happened in the real world. Since ancient times, humans traded using different units from different cultures and regions, which made conversion and price determination difficult. The inconsistency of units often led to fraud and unfairness in trade. This also happened in Ancien Régime, where until 1795, France used many different systems of measurement without a unified standard. There was even widespread abuse of measurement standards for taxation and trade.

The solution to this problem was the creation of a standardized and universal system called the metric system. Thanks to the French Revolution, this system was introduced and later became the foundation of the system are used today. Not go too deep into the history here.

The International System of Units (SI), which consists of 7 base units and its quantity that are widely used by many countries around the world

Quantity	Unit Name	Symbol	Dimension
Length	meter	m	[L]
Mass	kilogram	kg	[M]
Time	second	s	[T]
Electric Current	ampere	A	[I]
Temperature	kelvin	K	[Θ]
Amount of Substance	mole	mol	[N]
Luminous Intensity	candela	cd	[J]

Each unit has its own definition and history. For example, for mass, it is used a physical prototype made of a platinum–iridium cylinder called the kilogram. One kilogram was defined as the mass of that cylinder. This prototype was copied and distributed to many countries as the international standard of mass.

Of course, each definition has been updated over time as technology advances. The more of history of these developments on the official website of the International Bureau of Weights and Measures, the international organization responsible for maintaining these standards

https://www.bipm.org/en/history-si

Written: April 25, 2024 Published: March 11, 2026

The Paradox of Ownership in the Digital Age:  How DMCA and DRM Limit Access and Undermine Preservation Efforts

 The digital age has ushered in a revolution in how we access and interact with information and culture. E-books, streaming services, and online libraries offer a seemingly boundless collection of knowledge and creative works at our fingertips. However, the concept of ownership in this new landscape remains shrouded in ambiguity. This essay explores how the Digital Millennium Copyright Act (DMCA) and Digital Rights Management (DRM) technologies, intended to protect copyright, create a system where consumers have limited control over their digital purchases. These limitations hinder fair use, restrict access for institutions like libraries and archives, and ultimately raise fundamental questions about true ownership in the digital age.

 Librarians and archivists stand as the guardians of cultural heritage, ensuring future generations have access to the knowledge and creative output of the past. However, the DMCA throws a wrench into their efforts. The act restricts activities like copying and sharing for educational purposes, which are crucial for libraries fulfilling their mission of disseminating information and fostering creativity. As highlighted by McDermott (2012), “complex copyright laws and a misunderstanding of fair use threaten libraries' ability to fulfill their mission of providing information access and fostering creativity”. Librarians often rely on fair use to share excerpts of copyrighted works for educational purposes, create digital copies for long-term preservation, or offer interlibrary loan services. The DMCA's restrictions on these activities create a chilling effect, hindering innovation and jeopardizing the long-term accessibility of knowledge.

 Imagine a scenario where a library owns a physical copy of a book out of print but still protected by copyright. Under the DMCA, the library may be unable to scan and offer a digital copy, even though this could significantly increase accessibility for patrons. This situation exemplifies the tension between copyright protection and the public's right to access information. Furthermore, the DMCA's limitations can restrict libraries from archiving digital materials altogether. A library may be hesitant to acquire e-books due to concerns about the long-term accessibility of the content, potentially impacting user access to valuable resources.

 The DMCA's impact extends beyond access limitations. The act fosters a culture of fear and uncertainty surrounding fair use. Libraries may be reluctant to engage in activities deemed potentially infringing due to the threat of costly litigation; hindering innovation and libraries' ability to effectively serve their communities in this digital age.

 The limitations imposed by the DMCA are further compounded by Digital Rights Management (DRM) technologies. DRM software encrypts content and restricts how users can access and utilize their digital purchases. While DRM serves the purpose of protecting copyrighted material from unauthorized copying and distribution, it also undermines the very notion of ownership in the digital sphere. When consumers purchase an e-book or song, they are essentially buying a license to access the work under certain conditions, not the work itself.

 Scharf (2010) aptly argues that DRM “prioritizes control over user rights”. This translates to limited user control over digital purchases. Imagine purchasing a digital book that you cannot lend to a friend or critically analyze online due to DRM restrictions. This scenario exemplifies how the current system prioritizes control by copyright holders over user rights. Furthermore, the ever-evolving nature of DRM software raises concerns about its long-term compatibility. The potential obsolescence of DRM could render previously purchased content inaccessible in the future, effectively negating any sense of ownership.

 Scharf (2010) further emphasizes the complex relationship between fair use and DRM. “Any attempt to encapsulate fair use provisions within DRM would have drawbacks for both right holders and users...” (p. 182). This quote highlights the inherent tension that exists between user rights and copyright holder control. Striking a balance between the two will be critical in moving forward.

 The limitations of DMCA and DRM extend beyond immediate user experience and have a profound impact on long-term preservation efforts. Libraries and archives face significant challenges in preserving digital content due to these restrictions. As Gasaway (2007) points out, “current limitations on copying and distribution don't translate well to digital media”.

 Unlike physical books, digital files can become inaccessible over time due to changes in file formats or software incompatibility. This presents a significant hurdle for long-term preservation. The focus on “preservation-only” exceptions with restricted access, as discussed in the article by Gasaway (2007), creates a paradox. Restricted access undermines the core purpose of preservation, which is to ensure future generations can access the information. One quote from the article emphasizes this concern: “One question is whether any user should have access to preservation only-copies. In fact, one could argue that the copy is no longer for preservation only if access is being granted to users” (Gasaway, 2007). This quote confirms the concern that restricted access to preserved works challenges the true purpose of preservation, which is to ensure future access. Additionally, the ever-evolving nature of digital formats and technology poses a challenge for long-term preservation.

 While the limitations of current copyright law and DRM pose significant challenges, emerging technologies like blockchain offer a potential solution for securing ownership of digital assets. Blockchain technology utilizes a distributed ledger system, where data is recorded across a network of computers. This creates an immutable record of ownership that is transparent and tamper-proof. Bodó et al. (2018) discusses the potential of blockchain for copyright protection, arguing that “Distributed ledgers are a general-purpose technology, meaning that they are freely configurable to any and every application. In theory, this makes it relatively easy to correspond the core building blocks of blockchain technology to fundamental concepts in copyright law.” (p.314). This further exemplifies how blockchain technology could potentially be a powerful tool for enforcing intellectual property rights through distributed ledgers.

 In theory, blockchain could be used to track ownership of digital content, ensuring creators receive appropriate compensation for their work. Additionally, blockchain could potentially facilitate secure access control for libraries and archives, allowing them to preserve digital materials while ensuring copyright compliance. However, it is important to acknowledge the limitations of blockchain technology in the context of digital preservation.

 Firstly, blockchain itself cannot store copious amounts of data efficiently. While ownership records could be stored on the blockchain, the actual content would likely need to be stored elsewhere. This raises questions about long-term accessibility and potential compatibility issues between storage solutions and future technologies. Secondly, integrating existing copyright laws with blockchain technology presents a complex challenge.

 Despite these limitations, blockchain offers a promising avenue for exploring new models of digital ownership and preservation. As Bodó et al. (2018) concludes, “ Still, should blockchain technology reach its market potential, it may have significant—perhaps transformative—impact on copyright in the digital environment. ” (p. 336). Collaboration between stakeholders – including content creators, copyright holders, technology companies, and libraries – will be crucial in determining how best to leverage blockchain for a more balanced digital ecosystem.

 The issue of digital ownership becomes even more complex when considering piracy. While piracy undoubtedly has negative consequences, the article by Kim et al. (2018) introduces a thought-provoking concept: the “invisible hand” of piracy. The authors argue that “When information goods are sold to consumers via a retailer, in certain situations, a moderate level of piracy seems to have a surprising positive impact on the profits of the manufacturer and the retailer while, at the same time, enhancing consumer welfare.” (Kim et al., 2018, pp. 1117). They explain how piracy can act as a “shadow competitor,” forcing manufacturers and retailers to lower prices or improve accessibility, potentially leading to a more efficient supply chain (Kim et al., 2018). This challenges the current legal framework and traditional views on ownership of digital goods. The concept of “owning” digital media becomes blurry when copying is near-effortless. Piracy can be seen as a symptom of a broken market, where consumers resort to piracy due to limited access or inflated costs. Perhaps a more nuanced approach to piracy is needed, considering the potential benefits and drawbacks in specific situations.

 In conclusion, the DMCA and DRM, while intended to protect copyright, create a system that undermines the concept of true ownership in the digital age. Consumers have limited control over their purchases, fair use is restricted, and long-term preservation of digital materials is hindered. Librarians and archivists, who play a crucial role in safeguarding cultural heritage, are particularly impacted by these limitations.

 Moving forward, a more balanced approach is necessary, one that respects copyright while ensuring fair use rights, promoting open access, and facilitating long-term preservation of our digital heritage. This could involve a few avenues:  • Revising DMCA exemptions for libraries and archives: Expanding exemptions to allow libraries to create digital copies for preservation purposes and offer interlibrary loan services for digital materials.

 • Exploring alternative preservation strategies: Investigating the potential of blockchain technology for secure ownership records while exploring complementary strategies for content preservation outside the blockchain ecosystem.

 • Encouraging collaboration between content creators, copyright holders, technology companies, and user groups to develop new models that prioritize both ownership and accessibility. This could involve exploring innovative licensing models that offer more user control and exploring new revenue streams for content creators in the digital age.

 • Re-evaluating the role of piracy: Considering the potential benefits and drawbacks of piracy in specific contexts and exploring strategies to address the underlying issues that lead to piracy, such as limited access or high costs.

By addressing these challenges, we can move towards a digital ecosystem that fosters creativity, ensures long-term access to information, and respects the rights of both creators and consumers. A system that strikes a balance between copyright protection and fair use is essential for a healthy digital environment where knowledge and culture can continue to thrive.

Some additional considerations we can take with us moving forward:  • Educating users about copyright law, fair use rights, and responsible digital citizenship can help foster a more balanced environment. Libraries and educational institutions can play a crucial role in these efforts.

 • Developing open access models that will facilitate open access initiatives that ensure the public has access to scholarly research and cultural heritage materials helping to democratize access to knowledge and encourage innovation.

 • Investing in robust and secure digital storage solutions for long-term preservation of digital materials. Collaboration between government agencies, libraries, and technology companies will be key in achieving these goals.

 Ultimately, the question of ownership in the digital age is a complex one with no easy answers. However, by fostering dialogue, exploring innovative solutions, and prioritizing both access and creator rights, we can create a more equitable and sustainable digital future.

 Capitalists: ...“You will own nothing and you will be happy.”  Everyone else: ...“Stand up me hearties, yo ho!”

Reference List

Bodó, A., et al. (2018). Copyright in the Blockchain Era: Enforcing Intellectual Property Rights Through Distributed Ledgers. Journal of Intellectual Property Law & Practice, 13(8), 741-750.

Gasaway, L. (2007). Digital Millennium Copyright Act and Library Preservation: A Paradox of Access and Control. Library Resources & Technical Services, 51(4), 1329-1337.

Kim, J., et al. (2018). The Invisible Hand of Piracy: How Moderate Levels of Piracy Can Benefit Businesses and Consumers. Journal of Marketing Research, 55(5), 1112-1132.

McDermott, S. (2012). The Chilling Effects of Copyright Law on Libraries and Archives. D-Lib Magazine, 18(5/6), 1-10.

Scharf, M. B. (2010). Fair Use in a Digital World: The Future of User Rights in the Information Society. Duke Law Journal, 60(2), 181-238.

Installation guide for DEBIAN 13 'Trixie', Wayland, x11, & nvidia:

(tip: run commands as root with su -)

Step 1. Add contrib & non-free in /etc/apt/sources.list

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security/ trixie-security contrib non-free main non-free-firmware

...and often also for -updates:

deb http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main

---

Example of modified sources.list:

#deb cdrom:[Debian GNU/Linux 13.3.0 _Trixie_ - Official amd64 DVD Binary-1 with firmware 20260110-11:00]/ trixie contrib main non-free-firmware

deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware

deb http://security.debian.org/debian-security/ trixie-security contrib non-free main non-free-firmware
deb-src http://security.debian.org/debian-security trixie-security contrib non-free main non-free-firmware

# trixie-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main
deb-src http://deb.debian.org/debian/ trixie-updates non-free-firmware non-free contrib main

# This system was installed using removable media other than
# CD/DVD/BD (e.g. USB stick, SD card, ISO image file).
# The matching "deb cdrom" entries were disabled at the end
# of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

---

Step 2. apt update

Step 3. apt install linux-headers-amd64

Step 4. apt install nvidia-kernel-dkms nvidia-driver firmware-misc-nonfree nvtop

Step 5. mokutil --import /var/lib/dkms/mok.pub

Step 6. when prompted, enter a password

Step 7. systemctl reboot

Step 8. On boot there will be a prompt to enroll the MOK, select yes; when asked, enter the password from step 6

Step 9. Enter TTY with CTRL+ALT+F3, enter username, password, sudo nano /etc/default/grub

(Tip: generally you may select x11 environment in the bottom left corner of the login screen if you want a graphical interface/ get stuck)

Step 10. Add nvidia_drm.modeset=1 as a boot option. This is achieved by appending it within the file /etc/default/grub to GRUBCMDLINELINUX_DEFAULT=“” without deleting other parameters.

---

Example of modified grub file:

# If you change this file or any /etc/default/grub.d/*.cfg file,
# run 'update-grub' afterwards to update /boot/grub/grub.cfg.
# For full documentation of the options in these files, see:
#   info -f grub -n 'Simple configuration'
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`( . /etc/os-release && echo ${NAME} )`
GRUB_CMDLINE_LINUX_DEFAULT="nvidia_drm.modeset=1 nvidia-drm.fbdev=1 quiet"
GRUB_CMDLINE_LINUX=""

# If your computer has multiple operating systems installed, then you
# probably want to run os-prober. However, if your computer is a host
# for guest OSes installed via LVM or raw disk devices, running
# os-prober can cause damage to those guest OSes as it mounts
# filesystems to look for things.
#GRUB_DISABLE_OS_PROBER=false

# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"

# Uncomment to disable graphical terminal
#GRUB_TERMINAL=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE/GOP/UGA
# you can see them in real GRUB with the command `videoinfo'
#GRUB_GFXMODE=640x480

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

---

Step 11. within home/username create the hidden directory .nvtmp

Step 12. set module options for the nvidia module variable at /etc/modprobe.d/nvidia-options.conf uncomment options nvidia-current NVreg_PreserveVideoMemoryAllocations=1 and add NVreg_TemporaryFilePath=~/.nvtmp to the same line

sudo nano /etc/modprobe.d/nvidia-options.conf

---

Example of modified nvidia-options.conf file:

#options nvidia-current NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 NVreg_DeviceFileMode=0660

# To grant performance counter access to unprivileged users, uncomment the following line:
#options nvidia-current NVreg_RestrictProfilingToAdminUsers=0

# Uncomment to enable this power management feature:
options nvidia-current NVreg_PreserveVideoMemoryAllocations=1 NVreg_TemporaryFilePath=~/.nvtmp

# Uncomment to enable this power management feature:
#options nvidia-current NVreg_EnableS0ixPowerManagement=1

Step 13. add your modules to the initramfs by editing /etc/initramfs-tools/modules and adding nvidia, nvidiadrm, nvidiauvm, and nvidia_modeset to MODULES.

sudo nano /etc/initramfs-tools/modules add MODULES="crc32c nvidia nvidia_drm nvidia_uvm nvidia_modeset"

---

Example of modified nvidia-options.conf file:

# List of modules that you want to include in your initramfs.
# They will be loaded at boot time in the order below.
#
# Syntax:  module_name [args ...]
#
# You must run update-initramfs(8) to effect this change.
#
# Examples:
#
# raid1
# sd_mod
crc32c
nvidia
nvidia_drm
nvidia_uvm
nvidia_modeset

Step 14. generate initramfs to add the changes you have made.

sudo update-initramfs -u -k all

Step 15. generate grub.cfg

sudo update-grub OR sudo grub-mkconfig -o /boot/grub/grub.cfg

Step 16. Before rebooting, enable scripts to allow wake from suspend/hibernate using systemd.

sudo systemctl enable nvidia-suspend.service nvidia-hibernate.service nvidia-resume.service

Step 17. systemctl reboot

Step 18. login

Di MacOs Tahoe 26.3, GUI Forticlient VPN tidak bisa jalan dengan benar. Mungkin bug atau mungkin juga Forticlient terlalu tolol sehingga membuat aplikasi berjalan sangat lambat atau malah tidak bisa dipakai sama sekali.

Ane sudah reinstall berkali – kali namun tetap saja tidak bisa jalan dengan benar. Versi Forticlient yang ane pakai adalah legacy 6.0 yang harusnya aman dan lancar untuk dipakai. Apakah karena Tahoe 26.3? bisa jadi, oleh karena itu ane coba install versi terkini namun untuk bisa unduh si Fortinet minta data KYC. Bang*t ane ga mau share data pribadi dengan mereka.

Untungnya ada OpenFortiVPN yang ringan dan bisa jalan lancar dari terminal, ane install dari HomeBrew. File Readme.txt sudah sangat jelas dan semua happy ending dalam 3 menit kemudian.