In a nutshell, revolution turns on information and power asymmetry. Sometimes just one of those is sufficient, having both makes the results highly likely, but not guaranteed.

Stating with information asymmetry, we start with the identifying the usual groups of people. I will be using terminology more akin to the Westminster style of governance, which does not so clearly distinguish the roles. In a governmental revolution, there are those in power (eg a president, prime minister, members of parliament, monarch), there is the state and its institutions (eg military, judiciary, civil service workers in those departments, treasure, welfare, foreign representatives), and then there’s the citizenry (aka the people).

Of these, the citizenry are the absolute largest group but the least organized. In a monarchy or autocracy where power is concentrated in the very few, the citizenry are often denied the means of communication or it is strictly censored or controlled. In a republic, the state is created as the organization which is meant to serve the people, and I’m not aware of any republic that has ever created two duplicate organizations to guard against usurpation. To that end, the citizenry are the most dependent on the state and the government for information. Even when it’s now technically possible to exchange information using mesh networks, online forums, ham radio, and even plain ol letters, the fact is that convenience means that the majority just aren’t dialed into the situation, or that the official mouthpieces have enough sway to quell the public.

But it need not only be the citizenry that are kept in the dark. The government itself can end up being split apart by those who know versus those who don’t. As an example, look to the former South Korean president that attempted to impose martial law. In the chaos that ensued, members of the legislature needed to understand what was going on first, in order to combat the situation. It eventually emerged that the legislatute was being blockaded and that a vote would be held to nullify the imposition of martial law. Photos of some legislators scaling the outside wall of the assembly made international headlines. That was only possible because enough representatives got word that a vote was going to happen, and that it wasn’t a trap.

The South Korean example also shows what happens when the state is not on the president’s side. The military was doubtful that the president could lawfully declare the legislature as acting against the interests of the country, and so they did not substantially mobilize. Likewise, the citizenry were not having it either and protested in public. Perhaps it would have been different if the president was able to sever communications lines, an often-used tactic in the hours prior to a coup.

As for power asymmetry, that’s much easier to explain. The same groups as before each wield separate powers, some of which are more effective at times and some less. For example, the military has all sorts of hardware that could be used against the citizenry or against the state institutions. Shopping mall, tax offices, and city halls aren’t exactly built to repel RPGs and mortar fire. The government also benefits from having authoritative power, meaning they can claim a mandate (eg from heaven, from the monarch, or from the people) that legitimizes their attacks on the state institutions or the people. See the Stalinist era of the USSR.

Meanwhile, the people have the power of populism, where the influence of social mores can and does have tangible impact. Look to the UK where MPs and cabinet members have been forced to resign “due to scandal”, where their position “becomes untenable”. From an American perspective, this would seem unusual since a corrupt politician would still end up serving their term. Yet in the UK, they recognize that they cannot continue in their job if nobody will ever look at them with a straight face. No committee would keep them on, they could never hold a cabinet portfolio, they can’t effectively represent their constituency, and can’t represent the country in good terms overseas. They could just sit there and collect the paycheque, but ultimately, they know their days are numbered or the government will have the police service investigate them. So they resign, simply because of the crushing weight of public opinion. That is power.

Finally, there’s the institutions themselves that have power. With the presumption of regularity, institutions hold tremendous soft power. That is, without firing a gun, an IRS tax agent or DMV worker can make someone’s day, or make it their worst day. A judge can grant search warrants that authorizes someone’s house to be turned upside down. Or a department of transport can start eminent domain proceedings to acquire someone’s home. Meanwhile, the central bank can change the value of money, even the banknotes in your wallet, overnight. So powerful are institutions that in at least two places in California law, one of which is the open government act, the law opens with a declaration that “The people of this state do not yield their sovereignty to the agencies which serve them”. This is a warning against the institutions to not abuse the power they are entrusted with.

So, what does this mean for revolution? For both information and power, it’s not about how much is possessed but how it is used. Sometimes information can coerce power to be used. The Zimmerman telegram was a large part of how the USA joined WWI, because the British intercepted it and realized it would spur Americans to support the war against Germany. Domestically, small power can be used to test a larger power, basically to try calling a bluff. If the police declare a curfew due to false allegations of rioting, protesting is a response to the dare: will the police actually try to pepper spray and arrest thousands of people that show up anyway? If they don’t, they’ve folded. If they do, there is now information (eg video, photos, TV) that can be leveraged to encourage more power (eg more protests, or state intervention against local police). In the most extreme case, the police could respond with overwhelming force (see Kent State Massacre). But in that situation, it was so uncalled for that other powers responded: the USA’s involvement in Vietnam and Nixon’s presidency became more unpopular than ever, causing mandatory conscription to end in 1973. It has not come back since, because people will still remember that event. Even as the shooters in question escaped legal culpability, it has cost the nation the effective power to call the citizenry into military service. Such power would be tough to regain, because the citizenry would fight it. Hence why all such attempts since in the USA have failed to reintroduce conscription.

TL;DR: the balance of information and power ebbs and flows over time, sometimes yielding unique opportunities or colossal failure.

That ebook reader is wild! Does the text stay in place while you read, or does it scroll past like a stock ticker?

If the latter doesn’t exist, I guess I should go push a PR to make that happen on meshcore firmware haha

Hi! Firstly, thank you for using /dev/urandom as the proper source for random bytes.

Regarding the static H1-H4 issue, does your repo have any sort of unit tests that can verify the expected behavior? I’m aware that testing isn’t exactly the most pressing thing when it comes to trying to overcome ISP- and national-level blocking. But at the same token, those very users may be relying on this software to keep a narrow security profile.

To be abundantly clear, I’m very glad that this exists, that it doesn’t reinvent the WireGuard wheel, and that you’re actively fixing bug reports that come in. What I’m asking is whether there are procedural safeguards to proactively catch this class of issues in advance before it shows up in the field? Or if any are planned for the future.

I’ve had the opposite experience, where NewPipe lagged behind PipePipe in terms of adapting to YouTube-related changes. It had something to do with updating the subscription feed (not that that function is totally reliable on either app).

I also observed this strange issue with NewPipe where if a notification sound interrupts a background-playing video, the audio would stay reduced in volume until the app was brought back to the foreground. A cursory search suggested it was specific to Samsung phones, but when I switched to PipePipe, the issue simply didn’t appear.

Grain of salt: I haven’t used NewPipe since switching in November.

That’s fair, but since OP doesn’t have the machine to immediately check the model number, and 2010 is within spitting distance of 2012, I figured I’d provide some additional info, just in case it’s older than originally estimated.

That said, a 2010 machine would be fairly ancient. But then again, it’s 2026 and DDR3 is somehow relevant again…

If that MacBook is old enough that it’s part of the first generation of Intel Mac products, you may have to do a few extra things to account for the 32-bit EFI – not UEFI; that would come later – that those machines used. I recall dealing with this myself, back when older versions of Ubuntu provided the ISO for specifically this scenario. Instead, you might want to review this page which describes the problem and how to address it: https://ctrl-alt-rees.com/2024-08-13-operating-system-options-for-32-bit-efi-mac-macmini-11-21-macbook-imac-64-bit-usb-install.html

Note that a 32-bit EFI does not prevent you from installing a modern 64-bit OS. The complexity is just with getting the system to boot from the installer disc.

Ok, I’m curious as to the DPI claims. Fortunately, AmneziaWG describes how it differs from WG here: https://docs.amnezia.org/documentation/amnezia-wg/

In brief, the packet format of conventional WireGuard is retained but randomized shifts and decoy data is added, to avail the packets with the appearance of either an unknown protocol or of well-established chatty protocols (eg QUIC, SIP). That is indeed clever, and their claims seem to be narrow and accurate: for a rule-based DPI system, no general rule can be written to target a protocol that shape-shifts its headers like this.

However, it remains possible that an advanced form of statistical analysis or MiTM-based inspection can discover the likely presence of Amnezia-obfuscated WireGuard packets, even if still undecryptable. This stems from the fact that the obfuscation is still bounded to certain limits, such as adding no more than 64 Bytes to plain WireGuard init packets. That said, to do so would require some large timescales to gather statistically-meaningful data, and is not the sort of thing which a larger ISP can implement at scale. Instead, this type of vulnerability would be against particularized targets, to determine if covert communications is happening, rather than decrypting the contents of said communication.

For the sysadmins following along, the threat of data exfiltration is addressed as normal: prohibit unknown outbound ports or suspicious outbound destinations. You are filtering outbound traffic, right?

Insofar as USA law might apply, it may be useful for you to review the legal case involving Internet Archive’s CDL program: https://en.wikipedia.org/wiki/Hachette_v._Internet_Archive

Since the realm of copyright law is inextricably tied to the question, I’m going to try to clarify some points. Firstly, “theft” has never been the correct legal analogy for copyright infringement. That misconception comes from a false equivalency in the late 20th Century to warn would-be infringers of the steep penalties; many Americans will remember the phrase “you wouldn’t steal a car”, even though the feds cannot charge copyright infringement as theft (which requires a tangible, non-duplicable item, like car theft or wage theft).

In the US at least, it’s illegal to stream movies you don’t own or don’t have the license to stream.

Only the second part is correct: all copyrighted works are used per the license granted from the owner. Such a license may restrict the format that the work is delivered, but not always. The license that accompanies physical media is: 1) irrevocable, and 2) follows the disc’s owner (recognized in USA law as the “doctrine of first sale”). So long as the disc is owned and intact, the license is good. Furthermore, under “fair use”, it is allowed to make copies of works for either: a) time shifting (ie recording a live broadcast to watch it later) or b) to change the format, aka compatibility. The latter is why it’s allowable to rip a DVD into a personal Jellyfin server. It’s valid so long as the license is still good, which applies so long as you still own/possess the disc.

By participating in the co-op, when you stream a movie, ownership of that physical media and the digital copy is temporarily transferred to you.

Two counterexamples come to mind, the first being the Internet Archive case that I linked earlier. The second is a Supreme Court ruling against a company that rented miniature TV receivers located in metro areas across the country. In that case, SCOTUS found that although it’s fine to rent out a TV receiver, the license for the over-the-air transmission was only valid within physical range of the signal. So conveying the TV content beyond the metro area created a copyright infringement, and the company was actively facilitating that. That company doesn’t exist anymore, due to the crushing legal liability.

They are expensive for the library and don’t have great selection

Most libraries are funded from a budget, and negotiate e-book and e-movie access based on an approximate estimate of concurrent users, not on a per-user basis. Otherwise, those libraries would have uncontrolled costs if everyone decides to stream Die Hard (1988) at the same time on Christmas Day; it’s definitely a Christmas film. Quite frankly, most libraries would be thrilled if more people obtained library cards and used the services, because it justifies the budget for the library and proves its value to the community.

If you aren’t finding the content you want at your library, the best thing to do is to request what you want. Libraries are always buying new materials or access to more services. But unless library cardholders voice an opinion, the librarians will just choose generically. Be the change you want to see.

Technologically, creating a co-op is always an possibility. But always remember that the very concept of a public library is “grandfathered” and if we had to reintroduce it, the establishment would never allow it. Cherish libraries as the crucial community resources that they are. The precise form might change, but the library role must always endure.

TL;DR: the idea is legally unsound. Instead, buy discs to form a community library and share the discs, basically a Blockbuster co-op. Or advocate for a better public library.

Because of the AI-induced scraping traffic? While not perfect, Anubis and similar are coarse-but-effective solutions for self-hosting repos.

And if it it were acceptable to outsource such protection to a CDN (eg Cloudflare) in order to retain firm control over the repo, then that’s a choice that’s also available. Not everyone agrees that CDNs have a role in self-hosting – fair enough – but when a project’s very repo and existence can be wiped off the internet, owning a domain name and the affirmative upstream repository is a tractable and intermediate goal, even if it doesn’t achieve full independence.

Self hosting is an exercise in harm reduction.

I’m of the opinion that hashtags are one of the most egalitarian things recently devised, because they require no advanced arrangements to use, can be created by anyone, can by adopted by everyone, and are amplified solely by their enduring usage. It is very much a popularity contest if a hashtag comes into vogue or if it is abandoned and something else is used, or maybe the specific community isn’t as large as imagined. So for any given hashtag, I’d say just try it and see if it sticks. The Internet Police will not issue citations for improper hashtag use.

As for the underlying exercise of inviting LinkedIn people to break into your homelab, I’m not sure I see their incentive to do so. Why would unsolicited people (as in, not the AI bots) have any interest in doing so? If they had the chops to break into a network, why expend that time and effort for bragging rights, when instead that sort of work is billable?

As a general rule, I’m not thrilled when there’s an implicit assumption that other people’s labor is being valued at $0.00/hr. There’s a fine line where it might be OK to ask an expert for a bit of help or advice, but the premise of your request is to get pentest professionals to do work for no compensation, and it’s not even for a charitable, educational, or otherwise enriching purpose. Why should they?

I’m reminded of the email exchange referenced in this blog post, where an “unbreakable” encryption scheme is presented to an audience of highly capable cryptographers, and they proceed to demolish the scheme as being wholly broken, because the person who presented it could not take no for an answer. Do not be like this person.

In American English (AmE) and British English (BrE), the verb “to table” is used in legislative debates. But the meaning is diametrically opposite: AmE uses the verb to mean the abandonment of a bill, analogized as though leaving it on the bargaining table to rot. Whereas the BrE verb means to introduce legislation, as in “bringing a bill to the table”.

Both clearly share the same origin – a piece of furniture – and yet diverged as to what act is described by the word.

Other confusion arises from the verb “to sanction” which can mean “to allow” but sometimes also “to prohibit” or “make punishable”.

And a more modern addition in slang vernacular: “to drop”. In the context of artists, “dropping a mix tape” would mean to introduce new music. But “dropping a vocalist” means that the band has fired their singer. It would be confusing if both uses were found in the same sentence.

TIL the EAS broadcast on WX band doesn’t include a digital sub carrier with a text version of the audio warning. That’s an amazing omission, since even the nationwide timekeeping signal out of Colorado has both an audio and digital mode.

No constitution, no hard checks and balances

I’m an American, but IIRC, the UK does have an unwritten constitution, one that incorporates all the landmark legislation over a millennium. That is to say, rather than a dedicated, singular document that “constitutes” the boundary of the law, the British look to their still-active laws to ascertain what core rights and responsibilities must exist, and extrapolate from there. If this sounds wishy-washy, it’s remarkably no different to how the USA Constitution is interpreted, under the “living document” doctrine. That doctrine in American law simultaneous recognizes that: 1) the exact text of the constitutional provisions must be adhered to (this is a basic tenant of “rule of law”, and 2) those provisions may extend to analogous situations. Right-wing conservatives over here attempt to ignore the second, adopting the so-called doctrine of “textualism” (which would only recognize strictly the first aspect) but this “doctrine” only seems to be cited out when it’s convenient, and hand-waved away when it’s not. Hardly a doctrinal approach.

As an example of what is universally understood as being part of the British constitution, see the Magna Carta. Many of its provisions might no longer be part of the formal British body of law, but were translated into formal statute law, with its lineage acknowledged when it comes up in civil rights litigation. The current status makes the Magna Carta more akin to the US Declaration of Independence, which formally grants or recognizes zero rights but is still important in American constitutional jurisprudence. In that sense, the Declaration of Independence is a part of the supplementary body of the American constitution.

As for checks and balances, since the UK adopts the notion of parliamentary supremacy – and still does, even after the creation of the UK Supreme Court in the 21st Century – the checks exist within the Westminster parliamentary system. As currently formulated, the UK Parliament is composed of a lower and upper house, with the former seating representatives of the people and the latter seating representatives of … nobility? The church? I’ll just say that the House of Lords represents the “establishment”. Not like “deep state capital-E Establishment” but just the institutions at-large. In that sense, the check-and-balance is one where the populist will is anchored by institutional momentum.

Is this alright? Personally – and again, I’m an American, not a UK citizen – it does seem rather backwards that the PM can advise the Monarch to create and appoint more hereditary peers in the House of Lords, which could stack parliament against the interest of the citizenry. I think the existence of bicameral legislative bodies to be an anachronism, especially in the USA where both end up being population-based (because prior court rulings ruled that land-based representation was unconstitutional, except the US Senate). The Nebraska unicameral legislature shows what can be done when the law-making process (committees, 1st reading, 2nd reading, floor vote, etc…) is consolidated, where testimony doesn’t have to be taken twice and citizens need only voice public comment at one committee.

But I digress.

No guarantee of stability, a new govt can repeal any of the previous govt’s laws

Yes, and no. The UK has a very rich tradition of inking out their party platforms, to the point that when a new government and party are in power, it’s not at all a surprise what laws they will change. Indeed, it would have been obvious for months to years, since the minority party forms the “shadow government”, which is basically a demo to the citizens about what the government would look like if they were in power. Note to fellow Americans: “shadow” in this case does not mean nefarious, but rather that each designated person from the minority will “shadow” the actual minister (eg Dept for Transport) and thus go on TV to give interviews about how the minority party would have done things differently. If a journalist needs to fill airtime with multiple points-of-view, going to the shadow minister on that topic is a quick way to get an opposing perspective.

The only question then, in terms of stability, is which party prevails after an election. In this sense, while there may not be absolute continuity, there is still practical continuity: businesses and individuals can make plans in advance when they learn what’s in the platform of the minority party, can start actioning those plans if the party has a likelihood of winning an election, can brace for change if a close election is called, and ultimately be ready for when the new party takes power and implements their changes. It’s a pragmatic approach: change is the only constant, so might as well give sufficient notice when things do change. I would offer Brexit as an example of managed chaos, since the lead-up to the election made it very clear that the UK might indeed fall out of the European Union. And indeed, they did, but only after 4-ish years of uncertainty and negotiations, which while extraordinarily tumultuous for the country, did not somehow devolve into wholesale governmental collapse or the sudden breakdown of civic life. So even in a near-worst case scenario that changed the very fabric of the UK’s legal situation, it’s still holding on. Not too shabby.

As for repealing “any” prior law, technically yes. But the institutional inertia is partially what blunts this power. Public advocacy organizations are – to this American – seemingly more transparent in their operations, and astroturfing is less an issue because of open-transparency when it comes to forming a legal company at Companies House. Likewise, the interests of businesses, the Church of England, the universities, workers unions, etc all find representation somewhere. So it’s much harder than, say in the USA, to ignore whole segments of the population to make sweeping changes.

In English, the example I would proffer is “attorney general”, which as-written refers to the chief lawyer that advises a state (sometimes exceedingly badly). But if reversed, “general attorney” could plausibly refer to a lawyer that can take on any type of legal work, not self-limited to ones within a particular specialty (eg divorce law, personal injury, copyright, etc).

This is in the realm of postnominal adjectives, although not all reversals will yield recognizable phrases, and some will be nonsensical, like “the incarnate devil”.

I have a suspicion that the closest that English gets to the Japanese kanji-switch might be in technical writing, specifically for the name for pharmaceuticals. Such names are often order-specific, because they draw from the chemical structure of a molecule. From the minimal Japanese that I know – thanks anime! – I’m aware that the word for “carbon monoxide” is composed of one carbon and one oxygen. But if I were a chemist or pharmacist, I might recognize the root components in the names “paracetamol” and “acetaminophen”, which are the same thing.

I was going to write about how an existing tax agency (the California FTB) is already aggressive at tracking down high-earning residents that leave the state – whether in-fact or on-paper – in order to collect precisely what the state is owed per the tax code. That is, the FTB already engages and challenges the precise amounts that these former residents write on their final California tax returns, with some more spectacular results being some incredibly detailed timelines for when someone finally stops being a resident in California, as defined in state law.

But then I noticed that because of California’s proposed wealth tax (aka Billionaire Tax) on the November 2026 ballot, the SF Chronicle has already started a series of articles to answer the specific what-and-hows of the wealth tax. This is the first article, pertaining to enforcement, and it agrees that the FTB would be capable of pursuing any high-wealth individuals that the proposal would tax. https://www.sfchronicle.com/california/article/ca-billionaire-tax-mechanism-21330110.php

This proposed tax in California is written as a one-time tax, so the question of whether high-wealthy people could flee the state is nearly irrelevant, because either they’re subject to the tax or they’re beyond the reach of the US courts (eg Venus). Almost. The remaining questions are legal in nature, and don’t really change how the tax would be pursued. Whether FTB simply hires a dedicated team or outsources to private investigators, the task is still straightforward: follow the money.

Unlike civil lawsuit plaintiffs, who have more limited means of chasing down a defendant’s assets in order to get paid on a judgement, the California tax authorities enjoy the benefit of the subpoena power, that can be used to compel companies and banks to tell the tax authorities about where and how wealth is being held. It is, after all, a core power of a US state to administer a tax, especially when the tax is authorized directly from the sovereign power (ie the citizenry). Any other result would conflict with the very purpose of a republic: to unyieldingly serve the people.

(short on time, so here’s an overview to answer part of the question)

All password managers that are worth their salt (cryptography pun intended) have to anchor their trust to something, be it the OS’s secret-storing APIs or a piece of hardware like a TPM (typically built into your machine’s motherboard), an HSM (eg Yubikey) device, or an external source of authentication outright (eg a smart card, akin to what the USA Military does). Without any sort of trust anchor, a password manager is little else than a random program that happens to invoke a few cryptographic algorithms. It would be almost trivial for a malicious actor to use a bog-standard debugger like GDB to read the program’s memory and steal the secrets, either after it has been conveniently decrypted by the program or by spying on the program while it performs the cryptographic algorithms.

Since a password manager runs within an OS, meaning that you already have to trust that your OS isn’t an NSA backdoor, it makes sense to rely on the OS for storage of secrets. What the password manager does is provide the frontend for adding/updating secrets from the OS’s store, while also making sure to authenticate the user prior to allowing access to the store of secrets. Once again, this is where hardware modules can come into play, but it can also be done using a main password. That is, you need to unlock the password manager before the secrets it contains are available for use.

Rather conveniently, the OS can also provide this authentication functionality: if you have already successfully logged into the computer, then that’s a form of authentication. The most basic-but-reasonably-secure password manager would use two APIs to offload the difficulty tasks to the OS: the authentication API and the secrets API. That’s the absolute bare minimum.

What Firefox’s password manager provides, by default, is exactly that. But you can choose to upgrade to a Firefox-specific main password, so that if you forget to lock the computer, someone can’t just open Firefox and use your secrets. This is one step above the minimum for a reasonably secure password manager, but it comes with the inconvenience of having to unlock the password manager every time you want to use a secret.

By and large, all password managers make these types of tradeoffs between convenience and additional layers of protection against certain threats. If your machine is inside the vault of Fort Knox and is actively guarded by people with machine guns and a keycard bullet proof door, then Firefox password manager is plenty acceptable.

Whereas a shared home computer in a situation where the disclosure of the secrets would cause a grave problem – eg if an irate person finds that their spouse has a login for the local family court’s online website, which might suggest a forthcoming divorce proceeding – this might make sense to add additional layers. Indeed, some password managers can provide a decoy set of secrets, as a way of forming plausible deniability. If your situation needs plausible deniability, then Firefox’s built-in password manager might not fit the bill.

I want to stress that using any password manager at all is already a massive improvement in security posture, and that any additional features and frills are merely refinements. Some folks are in high-risk situations where they cannot accept the possibility of off-device secrets synchronization, which would rule out Firefox password manager. But if you don’t have such requirements, and if you can trust your OS, then you can also trust Firefox to store and manage secrets.

I have a rule which is that when anyone asserts that something is “more secure” or “more performant”, they need to come with specific evidence for those claims. IMO, those two phrases are often used to “handwave” away any criticism for the asserted position, as a form of thought-termination. I would suggest that you always ask “more secure from what threat?” in response to such empty assertions. If they answer you with a specific scenario, then you can assess for yourself if that even applies to you. If they cannot answer with specificity, then Hitchen’s Razor should apply.

without always accounting for development speed, cross-platform consistency, ecosystem maturity, plugin/runtime complexity, UI flexibility, and the fact that some apps are doing much more than others

From the perspective of a user, why would they care about development speed? A user, by sheer definition of wanting to use the software, can only use software that is already developed. If it’s not actually developed yet… they can’t use it. So either they see the software at the end of the development cycle, or they never see it at all. Development speed simply isn’t relevant to a user at that point. (exception: video games, but I’m not aware of any desktop game developed using a web framework)

As for platform consistency, again, why would the user care? Unless each user is actually running the same software on multiple platforms (ie a Windows user at work, Arch at home, and BSD at their side-gig), this is a hard sell to get users to care. A single-platform user might never see what the same software looks like on any other platform. Even mobile apps necessarily differ in ways that matter, so consistency is already gone there.

What I’m getting at is that the concerns of developers will not always be equally concerning to users. For users to care would be to concern themselves with things outside of their control; why would they do that?

Was this question also posted a few weeks ago?

In any case, what exactly are the requirements here? You mentioned encrypted journaling app, but also gave an example of burning a handwritten sheet. Do you need to recover the text after it is written, or can it simply be discarded into the void once it’s been fully written out?

If encryption is to protect the document while it’s still a draft, then obviously that won’t work for handwritten pages.

At least for Lemmy – I have no idea about kbin or other ActivityPub software – there isn’t a user-accessible way to back up one’s account on an instance, nor to preserve any communities that you’re a mod for. So yeah, if the instance goes down unexpectedly like due to data loss or an FBI raid, the communities and users that were on that instance will disappear.

It’s true that other servers will have a cache of some of the existing community posts and the users on the departed server. But it’s exactly that: a cache, which will eventually be evicted.

A similar situation occurs when a Lemmy instance changes domain name: all prior posts to the community (and the community itself) were homed to the old domain. So a new domain cannot have the same identity as the old; it will simply be a separate entity, even if all posts were somehow preserved and reposted on the new instance.

Is this Lemmy-specific? No, Mastodon and I think all other ActivityPub software, plus BlueSky have this property, because they anchor identities to DNS names. From that, the posts to a community are anchored to the instance, and the instance is anchored to DNS.

So if the domain is lost, then it’s game over. But if the domain is still there but the disk got wiped, then it would be a matter of recovery from a backup. You do have a 3-2-1 backup strategy, right?

I will note that Mastodon has a user-initiated export feature, which functions as a backup, something that Lemmy doesn’t have. A Mastodon user can export their data and then move their identity to a new instance. Lemmy can’t do that today, but it should be possible. Though in both cases, only the saved account is preserved. To restore a Lemmy community would require a disk-level backup image.

(this is all conjecture based on my limited knowledge of Lemmy. A better answer would come from an instance admin or one of the Lemmy devs)

128 MB (1024 Mb) of RAM, 32 MB (256 Mb) of Flash

FYI, RAM and flash sold to consumers is always in Bytes (big B); it’s only RAM manufacturers (and EEPROMs) that use the bit (small b) designation for storage volume, I think. If you’re using both to avoid any confusion, I would suggest the following instead: 128 MByte. No one will ever get that confused with megabits, and it’s the same style used for data transfer, which does still use bits: Mbit/sec.

I wish you the best of luck in your search.