as is an escape hatch and super dangerous. I think they shouldn’t have given it such a nice name.
unsafeCastAs would have been much better IMHO.
It does require the uglier
as unknown as in cases where it can provide that the cast is impossible. But that still allows many cases such as
Foo|undefined as Bar|undefined working fine (TypeScript assumes
undefined and doesn’t require the cast via
Wow, the general public is smarted than I thought they were.
Internet-connected smart appliances are almost universally a bad idea. In some cases it is just extra features (like remote phone notifications when a laundry cycle ends) but it almost always involves tracking and vulnerabilities that you don’t way.
If there was a good local protocol I would be much more eager, but until Thread catches on it doesn’t really seem like there are great options.
my feeling is that it is reasonable to have the sender of the message set the terms here
This is fundamentally impossible thanks to the analog loophole. The receiver can always copy down the message to a notepad, or just remember it. Exposing this mutual agreement is staying honest and make sure that it is understood by everyone involved.
It is important to remember that disappearing messages (in any application) are only helpful for people who you trust currently. (And until the messages are deleted.)
I don’t use bookmarks often but I really use them just like a prioritized browser history. If I know that I might want to visit a page again I bookmark it, maybe add some keywords, then pull it up by typing in the URL bar. The point of the bookmark is mostly to ensure that is is synced to all devices and ranks with a high priority. However another benefit is for websites with hard-to-understand URLs the bookmark icon can indicate that this is the one that I want.
AI trained on racist data will mirror racism of the input dataset.
Imagine that you create an AI to determine if someone is lying based on a video. If that dataset is human-curated and is labeled with racist tendencies (for example people who look a certain way are labeled as lying more even if that isn’t the truth) then the AI will learn that.
But even a perfectly true dataset can train a racist AI. Imagine that the previous dataset only has lying examples for people who look a certain way (or the vast majority of those examples are lying) whereas another group of people is only lying 10% of the time. The AI will probably extrapolate that all of the first group are lying because they have seen no (or few) counterexamples.
Yes, you need to download all transitive dependencies.
But this isn’t dependency hell, it is just tedious. Dependency Hell is when your dependency tree requires two (or more) version of a single package so that not all of the dependencies can be satisfied.
apt is the tool for downloading packages. So if you don’t have internet access
apt won’t be very useful.
The command to install packages on debian is
dpkg. So if you download a Debian package (usually named
*.deb) you can install it with
dpkg -i $pkg as long as you have the dependencies installed. Of course you can also install the dependencies this way, so just make sure that you bring the package and all packages that it depends on to the target machine.
That just seems to be about granting an app access to all keys, which is not quite the same as per-app keys.
I know that macOS has this for sandboxed apps from the app store, maybe they have it for “sideloaded” apps as well but at least most OSes don’t have that. At least for Windows and Linux there isn’t a good way to identify an “app” to separate it from any other. My macOS knowledge is rusty but IIRC you install apps in a system-owned directory and apps only have permission to update themselves so maybe you could use the application path as a key, but the other listed affected OSes don’t have that.
But the malicious npm package can just read whatever key the app reads then decrypt the values. They are running with the same permission.
The only thing that really improves this is per-app sandboxing but if you are sandboxing the app then it shouldn’t be able to read any arbitrary files out of your home directly anyways.
Keychains are an improvement but not much. 99% of users will just unlock the keychain upon login so it doesn’t really provide much benefit. Unsandboxed apps are indistinguishable to the keyring daemon so they can just request one anothers’ keys. (Maybe windows or mac has some codesigning magic so that the keyring daemon knows the identity of the app at a finer grain than the user level? but at this point we are really just back to sandboxed apps).
Basically there is nearly no point to most apps to doing anything special to store sensitive files. If your app is secure enough that the user will be happy to unlock the keychain on every app launch sure. But that is a nearly non-existent use case. In general the OS should just provide secure storage as the default. For sandboxed apps they won’t have access to each others storage unless explicitly granted, for non-sandboxed apps there isn’t much you can do besides obscurity.
I don’t get it. Of course the app stores these in cleartext, the app needs to access them to login. Sure it could encrypt it but that is just obscurity, the key would have to be stored to somewhere the app has access to for it to use the tokens.
The article doesn’t seem to say that these were world-readable or otherwise visible to other users. So this seems like mostly a non-story. Use full disk encryption and you’ll be fine.
The problem looks pretty clear to me.
Facebook and Instagram both got popular as social media. Interacting with your friends.
However ads stick out like a sore thumb among updates from your friends and your friends don’t create enough interesting content to keep you doom-scrolling all day to view more ads. So both transitioned to public entertainment (still called social media for legacy reasons, there is little social about this side of the platforms, it is just media consumption). However this doesn’t seem to be as popular (young people want to talk to each other and show off to their friends) and other platforms that don’t mascarade as a platform for friends are doing better TikTok and YouTube.
It seems like Zuck needs to either
Communities have RSS feeds of posts. You should just be able to paste the channel URL (such as https://lemmy.ml/c/asklemmy) into your reader. (If your reader doesn’t support auto-discovery there is a feed icon on the channel page).
There are also user feeds. There don’t appear to be feeds for comments on a post or searches but maybe we can see those some day.
Unfortunately this is more or less impossible.
The closest you could get is something that proxies on the TCP level. This would already reveal all of your visitors’ IP addresses and the sites they are visiting. However at this point good DDoS protection is already incredibly difficult because the amount of information they can see about the request is very small.
If you want a full DoS protection and caching solution you will want the proxy to see the traffic, in which case you are back at all of the privacy concerns of Cloudflare.
I’m going to be honest, the main reason that Cloudflare gets hate is that it is popular. This means that it does have a very good view of your web activities because a good chunk of the websites you visit are using Cloudflare. So maybe what you are looking for is just something equivalent to Cloudflare but less popular. This does have privacy benefits because it means that fewer companies have a “global view” of your activity, but isn’t fundamentally different.
To be honest I mostly use Firefox Sync. It is quite good and well integrated but only does the very basics.
For more advanced stuff I use pass. It is nice because it is infinitely flexible and can store binary data if needed.
I take a slightly different approach to RSS that probably doesn’t work well for everyone but is perfect for me.
I get all of my RSS delivered via email by rss-to-email services. I then use filters to sort these updates into dedicated folders. So for example most of the updates go to “News” some feeds go to “Videos” and so on. I even have a few feeds that go directly to my inbox when I want to know about them right away.
The main benefits are:
The main downside is that I haven’t found an email client that pre-downloads images whereas this is a fairly common feature of dedicated readers. But this is a very minor issue for me. (Maybe I’ll send a patch to K9 some day)
I’ve been using this approach for almost a decade and am super happy with it. In fact I created my own rss-to-email service (FeedMail) in the past year to get exactly the behaviour I wanted. It is a paid service (but really cheap) but there are also ad supported options like Blogtrottr (I used their paid plan until I created my own service).
I actually like these (in concept). I agree that hiding things is often a bad Idea but for such fundamental navigation that you use constantly it is fine to have to learn if it makes it easier, faster or has other important benefits (such as reduced screen space usage in this case). Sure you have to learn, but it is a worthwhile investment and you aren’t going to forget.
Funny, I am also being DoSed by Google, although much more mildly: https://kevincox.ca/2022/05/08/google-websub-dos/
It’s actually fairly concerning. I trust encryption but it is still always wiser to practice defense in depth. I’d rather not hand out the cyphertext of my messages to anyone who wants to do sidechannel analysis, encryption implementation failures or even just archiving my messages to crack in 50 years when quantum computers become popular.
I’m curious how this works from a Windows host. Does it transfer the windows version and play it on wine? (Even if there is a Linux build available.) Or does it transfer the shared assets but download the difference?