Just yesterday I setup a bot which is easy via botfather
And also, setup an app (claude built it but I had to fiddle with it, it works like pagerduty) but uses cloudflate worker to push downtime/errors (via fcm) in production (from graphana) via webhooks to "full screen, by pass dnd, alerts, with loud music, this one: https://www.youtube.com/watch?v=H0IQBWWabuU )
I named the app "Siren".
It's not straightforward to have durable hard to miss alerts about your production enviornment but good thing is this doesn't cost a cent.
Telegram group alerts are from my teammates (small team 3 members) via bot.
And Siren is for only me as I am responsible for the backend with 10 microservices, centralized logging via graphana, alloy, loki, and for metrics Prometheus.
It's all working reasonably well for me, this makes your life so much better as you fix the issues before they turn into nightmare.
I personally don't use whatsapp because I like it, but because all my contacts in my country are over there. It is officially more used than SMS here. It is not optional in my case :/
Saw this exact claim on a billboard not too long ago
It's a strangely worded statement. What about data collection, metadata, other third parties
Maybe it's related to the fact that plaintiffs lawyers are now trying to verify what's going on inside Meta with WhatsApp through litigation discovery:
You can't unless you've chosen to back up your WhatsApp messages to iCloud/Google in which case it's Apple/Google responsible for preserving the messages and subject to their encryption standards, nothing to do with Meta.
Try logging in on a new device and putting your main device into aeroplane mode as soon as the login succeeds. Loading of old messages on the new device will stop.
Moxie Marlinspike (founder of Signal) [0]implemented the same E2EE algorithm as Signal (Signal Protocol) into WhatsApp, but that was 10 years ago, so who knows if things have changed since then.
Practically speaking, it isn't secure; no closed app can be. It receives regular compulsory updates (old versions refuse to work) and there's nothing at all stopping Zuck from sneaking in backdoors targeted at you personally.
Maybe, as I don't know if I got a special version that exfiltrates data to somewhere else. But this does not improve SMS security in any way. Another software also potentially being bad has no influence here.
Nobody gives a damn. What matters is that it works even on a potato.
SMS security only became a problem due to 2FA, which is just one of many use cases, and the failure isn't even technical here but organizational. I agree it should've prompted more pressure to secure the system against SIM-swapping; alas this is too close to the Real World, so the tech industry instead responded with alternative that side-steps the problem by offering zero customer support. No humans to talk to = no humans to social engineer = secure. So much win.
(I'd also say the 2FA proliferation is itself a problem, but that's an unpopular opinion and for a separate discussion.)
> Nobody gives a damn. What matters is that it works even on a potato.
It doesn't work on my computer, nor does it work on my phone when I'm traveling (different SIM), so I give a damn. WhatsApp, iMessage, Signal etc. do both. I really wish there was an open, federated standard (and no, RCS is neither), but until then, I'll use what actually works for me.
SMS just sucks, and I hate that it's become so ubiquitous an authentication method when it's not even secure.
You can rent a virtual mobile number in your home country and consult SMSs on the web or even redirect them to email. I have done this for years, using Twilio for 2€ a month. Can't say the UX is great but it certainly fixes the whole problem.
I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Yeah, that's a good workaround. Google Voice can work too.
Unfortunately, more and more services are declining to send to VoIP numbers because of seCurItY, so it's a game of cat and mouse.
Fortunately SMS is so expensive in parts of Europe and it's not allowable anymore to use SMS by itself for online payment authentication, and both issues combined have slowly been pushing companies to explore alternatives.
There unfortunately seems to be no such pressure in the US. Passkeys could solve the issue, but probably increase support request volumes enough for most companies to not bother unless forced.
It's easy and cheap to determine the original carrier (or its sucessor) for a US phone number. It costs money to do a porting lookup to determine the current carrier.
Most of the reason to deny voip users is that many voip services give phone numbers away like candy and then those phone numbers are used to abuse other services, so checking the original carrier tends to be enough for abuse screening.
Some use cases want more though. Banking KYC has some back channel to get subscriber identification or be alerted when ownership changes; those institutions may be willing to pay for current carrier lookups and deny usage of numbers where they don't have a back channel to the current carrier.
I thought that too but many carriers around me don't allow porting any VoIP-using number back to cellular. (Not sure if you were making a distinction between landline and cellular)
Unfortunately that means that my cell number which I wanted to temporarily park into VoIP while abroad is now permanently VoIP.
In the US, I belive there are three number categories in the NANP porting database (wireline, cellular, and VoIP), and SMS senders can definitely tell, even though it might take a while (presumably there's a lot of caching going on).
If you're lucky, the service you care about only validates at number registration time, not at text sending time, and you can get away with it indefinitely, I suppose.
> I've never understood why so many people still chain their identities to physical SIM or even eSIMs. It's so fragile.
Living in a place where getting a replacement sim is gated behind obtaining an id from the police tied to your national id number, I wish there were other identity systems which were as robust. Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device, than relying on backup services you need one of your digital id devices to access in the first place, especially if they're all lost at the same time in a house fire or something. The police will presumably get all my photo backups and savings if they ask nicely anyways, so the big threat to the single point of failure doesn't have a great marginal impact, while I dread the possibility of having to recover the accounts I can't get back through the local legal system given the poor 2fa recovery ecosystem.
>Much easier to get back to normal operations when the id device becomes damaged or lost with a physical sim you can shove into a cheap replacement device
If the device can get damaged or lost, then the SIM can too. To buy a physical SIM or rent a virtual number online, in most jurisdictions you need to provide ID docs these days, so nothing is changed there.
Second this. Their API is such a breeze and it is so much more automation friendly than any other messenger platform. It has a good adoption % too, otherwise Signal is the real winner if we account for privacy.
It's a bit less automation-friendly because the UX is not great when the bot doesn't have its own phone number (which costs money). I think it has better privacy, though. Matrix server operators can read message metadata.
From what I understand you can have secure chats e2ee ? I like that I can login from multiple devices and continue the conversation. This was always annoying with whatsapp and signal. Worst case is mildly embarrassing stuff leaks.
whatsapp, facebook messenger, imessage all support multi-device and it's pretty convenient, in fairness to telegram they launched a bit before double ratched was invented, but still, they've had over a decade to switch to it...
That's still one device. If you turn the primary phone off, the secondary device stops working. WhatsApp just proxies everything through the primary device, it's like WhatsApp Web.
They used to, but that hasn't been true for a few years now.
Now it uses the Signal protocol's native multi-device capabilities, specifically in the "key per device" variant (unlike signal itself, which uses "key per account" if I'm not mistaken).
> You can now use the same WhatsApp account on multiple devices at the same time, using your primary phone to link up to four devices. You’ll need to log in to WhatsApp on your primary phone every 14 days to keep linked devices connected to your WhatsApp account.
Messenger seems to be properly multi-device, but you pay for this by some PIN code bullshit (maybe they removed that, I haven't seen a popup about this for over a year now?) and having to sync chat history in the background, through a process that is, of course, broken and unreliable.
I'm actually still jaded about this. Messenger worked fine before they broke it by introducing E2EE; it took years for them to fix the problems this caused (at least the ones that were immediately user-perceptible).
yeah messenger still has the pin code thingy, i'm curious why they do it at all that way, can't you just have your keys on fb servers encrypted with another set of keys derived from your password, which is much stronger than a 4-6 digit key?
It's still broken if you're like me and you clear cookies
"Let's take people's years-long history between each other and just utterly break it. Why? 'privacy'" but they've never cared about it, they're opportunistic fucks. It's Zuckerberg's company to do with it "as he wishes" https://news.ycombinator.com/item?id=16770818
It's not true for Signal either. Why don't you try it for yourself instead of spreading outdated (at best) information? Signal supports native multi-device capabilities without relaying everything through the "primary" device.
It's called iMessage. It's possible, Telegram just doesn't care. All their differentiating features (large groups, channels, device sync) is directly enabled by the lack of encryption.
they do have encryption, just not e2ee, and in fairness to them, it doesn't make sense to have e2ee on a channel or a group with 100k ppl in it, also device sync is possible with e2ee, it's just a slower
What are you talking about? WhatsApp, iMessage, and Signal all have multi-device support and are E2E encrypted, just to name a few very popular options.
I'll second the "Telegram is great for bots". It's the reason OpenClaw users use it.
I stopped using OpenClaw a while ago, but I did vibe code the very basic automations I had used OpenClaw for. Getting it to work with Telegram was trivial.
I don't use Telegram for chatting. In fact, I try not to use any IM tools with humans. ;-)
Be careful though - telegram is heavily compromised.
e.g. their backend just 2 days ago (and since at least start of the year) was replacing referral links to amex (and i bet many other banks etc) with custom referral codes from russian guys (so when I sent my friend my referral link - it showed another referral link in out chat history on both ends).
and their security team says its all good.
so unless you are using it for useless info - better use something else.
please provide a proof. if this is the case, then telegram is not to be trusted. but it needs to be proven. otherwise a lot of people trust their business and personal data to telegram.
I see AI has great utility and we'll figure out ways to better it. If I had any power, i would run Nuclear Power plants to run AI dafacenters and find other near infinite sources of energy to create deeper and deeper AIs. This level of ai tech is at its infancy, it's evidently clear. People are assuming it will stall soon, and won't go beyond a certain point. I don't believe this at all, I am believing it will go much much fatherer then this
An LLM is never, ever going to find "other near infinite sources of energy". All it can do is predict the next word in an effort to make the user stop prompting it. That's all it does. It does not have the ability to find solutions to the worlds problems.
Weird comparison - The P4 was a major flop out of the gate (rambus anyone?) and at least by any good metric took three revisions (P4c - hypertheading) to make it come out where it should have ahead of its predecessor. The Pentium 3, before it that you are perhaps referring to was the peak of its era. So...it's going downhill right or what are you even saying?
I’m seeing these extremely short but supremely confident hot takes with nothing to back them up on HN more and more these days. It’s like X is leaking.
* S3 is super expensive, unless you use Glacier, but that has a high overhead per file, so you should bundle them before uploading.
* If your value your privacy, you need to encrypt the files on the client before uploading.
* You need to keep multiple revisions of each file, and manage their lifecycle. Unless you're fine with losing any data that was overwritten at the time of the most recent backup.
* You need to de-duplicate files, unless you want bloat whenever you rename a file or folder.
* Plus you need to pay for Amazon's extortionate egress prices if you actually need to restore your data.
I certainly wouldn't want to handle all that on my own in a script. What can make sense is using open source backup software with S3/R2/B2 as backing storage.
In terms of software I've been impressed by restic, and as a developer who wants to be able to not back-up gitignored files the rustic clone of restic.
In terms of cloud storage... well I was using backblaze's b2 but the issues here are definitely making me reconsidering doing business with the company even if my use of it is definitely not impacted by any of them.
I like how you can set multiple keys (much like LUKS) so that the key used by scheduled backups can be changed without messing with the key that I have memorized to restore with when disaster strikes.
It also means you can have multiple computers backing up (sequentially, not simultaneously) to the same repository, each with their own key.
It's nothing new, dunning kruger existing long before AI entered coding realm.
Several years ago ran into one american company which consulted with me. They had 4000 paying customers and they rolled out their billing solution which accept crypto, paypal and stripe.
They had problem with payment going missing, i migrated them to WHMCs with hardening and they never had any issues after.
Now people may laugh at whmcs but use the right tool for job
U need battle tested billing solution then whmcs does count it can support VAT, taxes, reporting/accounting and pretty all which you'll error while you try to do it all yourself.
Too bad there aren't battle tested opensource solution for this
AI empowers bullshitters but for sure they existed before. The guys who do something quickly and are gone before it starts to fall over. It often works because everyone is impressed with them and the problems that arise are seen as the fault of whoever is left to clean up the mess. You can probably detect my bitterness :-D
>- what was written 5000 yrs ago may not be what you are reading now. lots of people may have created their own versions or modified the original in ways you did not foresee
india vedic texts are passed through "oral tradition" where you recite same text backward and forward and through patterned permutations of words, if there is error it shows up, it's like redundant error-correcting encoding / repetition validation
Dude, that sort of transmission is only applicable to the four vedas (and even they exist in rescensions, some have later insertions eg: Maitrayani samhita, and the meter is generally lost due to language shifts). When you say "Vedic" those are the texts which count. Rāmāyana and Mahabhārata are not really "vedic" nor subject to such accurate transmission rules.
So they exist in many rescensions across India each with their own edits and interpolations. Some attempt has been made to create "critical" editions by taking the intersection of existing manuscripts but since there's no expectation of fidelity in transmission, we will never know what the original stories were.
So you can get even the western indologists to agree the battle of 10 kings mentioned in Rigveda very likely happened, and a Vasishtha and a Vishwamitra and a Trasadasyu existed in real life. However the epics leave out or conflict in many details with the aforementioned Vedic texts. Eg: a shantanu finds mention in Rigveda, a Parikshit and Janamejaya are mentioned in later samhitas. However there's no mention of pāndavas, kāuravas or a grand scale war. Neither there is a mention of a vyāsa / krishna dvaipayana in vasishtha's lineage in the accurately transmitted texts. It's very difficult to take Mahābhārata as an accurate historical document.
reply