• 2 Posts
Joined 2Y ago
Cake day: Jan 21, 2021


I’m curious how this works from a Windows host. Does it transfer the windows version and play it on wine? (Even if there is a Linux build available.) Or does it transfer the shared assets but download the difference?

as is an escape hatch and super dangerous. I think they shouldn’t have given it such a nice name. unsafeCastAs would have been much better IMHO.

It does require the uglier as unknown as in cases where it can provide that the cast is impossible. But that still allows many cases such as Foo|undefined as Bar|undefined working fine (TypeScript assumes undefined and doesn’t require the cast via unknown).

I’ve been using Wayland every day for years with no issue (GNOME 3 on AMD graphics).

And the best part is that my OS isn’t actively hostile towards me (Windows) or at least want to control what I do with my computer (macOS).

Wow, the general public is smarted than I thought they were.

Internet-connected smart appliances are almost universally a bad idea. In some cases it is just extra features (like remote phone notifications when a laundry cycle ends) but it almost always involves tracking and vulnerabilities that you don’t way.

If there was a good local protocol I would be much more eager, but until Thread catches on it doesn’t really seem like there are great options.

That sounds like it could be a recipe for disaster if they as the owner decide to fuck you over. The nice thing about actually owning the domains is that even if your registrar goes rogue you can still transfer it out (although it may be painful).

This is the same. You trust the recipient but don’t wan the messages to be stored for a long time.

my feeling is that it is reasonable to have the sender of the message set the terms here

This is fundamentally impossible thanks to the analog loophole. The receiver can always copy down the message to a notepad, or just remember it. Exposing this mutual agreement is staying honest and make sure that it is understood by everyone involved.

It is important to remember that disappearing messages (in any application) are only helpful for people who you trust currently. (And until the messages are deleted.)

I think that is an enforcement problem. The law is intended to stop people from doing this. If examples are found the government now has a reason to hunt them down and a punishment to discipline them with.

I’m sure that most violations of most laws aren’t caught. That doesn’t make the law useless.

In settings there is a checkbox “Bot Account”. Just check it and save.

I don’t use bookmarks often but I really use them just like a prioritized browser history. If I know that I might want to visit a page again I bookmark it, maybe add some keywords, then pull it up by typing in the URL bar. The point of the bookmark is mostly to ensure that is is synced to all devices and ranks with a high priority. However another benefit is for websites with hard-to-understand URLs the bookmark icon can indicate that this is the one that I want.

gamers will lose online play

It could be much worse. It seem that at least most of these games will mostly function without the online component.

AI trained on racist data will mirror racism of the input dataset.

Imagine that you create an AI to determine if someone is lying based on a video. If that dataset is human-curated and is labeled with racist tendencies (for example people who look a certain way are labeled as lying more even if that isn’t the truth) then the AI will learn that.

But even a perfectly true dataset can train a racist AI. Imagine that the previous dataset only has lying examples for people who look a certain way (or the vast majority of those examples are lying) whereas another group of people is only lying 10% of the time. The AI will probably extrapolate that all of the first group are lying because they have seen no (or few) counterexamples.

Ads and donations are not necessarily mutually exclusive. For example a good way to do this may be that donators don’t get ads. (Of course talk to a lawyer if this still counts as a “donation”.) That way everyone is supporting the server but they have some choice in how they wish to do so.

Yes, you need to download all transitive dependencies.

But this isn’t dependency hell, it is just tedious. Dependency Hell is when your dependency tree requires two (or more) version of a single package so that not all of the dependencies can be satisfied.

I don’t remember that working but I haven’t used Debian in years so it could be.

apt is the tool for downloading packages. So if you don’t have internet access apt won’t be very useful.

The command to install packages on debian is dpkg. So if you download a Debian package (usually named *.deb) you can install it with dpkg -i $pkg as long as you have the dependencies installed. Of course you can also install the dependencies this way, so just make sure that you bring the package and all packages that it depends on to the target machine.

That just seems to be about granting an app access to all keys, which is not quite the same as per-app keys.

I know that macOS has this for sandboxed apps from the app store, maybe they have it for “sideloaded” apps as well but at least most OSes don’t have that. At least for Windows and Linux there isn’t a good way to identify an “app” to separate it from any other. My macOS knowledge is rusty but IIRC you install apps in a system-owned directory and apps only have permission to update themselves so maybe you could use the application path as a key, but the other listed affected OSes don’t have that.

Do you have links to “set up properly”. The problem is that for most systems other than maybe some of the “app store” type setups the OS has not concept of “application”. The credentials are just the user and that is the same for all unsandboxed apps.

But the malicious npm package can just read whatever key the app reads then decrypt the values. They are running with the same permission.

The only thing that really improves this is per-app sandboxing but if you are sandboxing the app then it shouldn’t be able to read any arbitrary files out of your home directly anyways.

Keychains are an improvement but not much. 99% of users will just unlock the keychain upon login so it doesn’t really provide much benefit. Unsandboxed apps are indistinguishable to the keyring daemon so they can just request one anothers’ keys. (Maybe windows or mac has some codesigning magic so that the keyring daemon knows the identity of the app at a finer grain than the user level? but at this point we are really just back to sandboxed apps).

Basically there is nearly no point to most apps to doing anything special to store sensitive files. If your app is secure enough that the user will be happy to unlock the keychain on every app launch sure. But that is a nearly non-existent use case. In general the OS should just provide secure storage as the default. For sandboxed apps they won’t have access to each others storage unless explicitly granted, for non-sandboxed apps there isn’t much you can do besides obscurity.

I don’t get it. Of course the app stores these in cleartext, the app needs to access them to login. Sure it could encrypt it but that is just obscurity, the key would have to be stored to somewhere the app has access to for it to use the tokens.

The article doesn’t seem to say that these were world-readable or otherwise visible to other users. So this seems like mostly a non-story. Use full disk encryption and you’ll be fine.

The problem looks pretty clear to me.

Facebook and Instagram both got popular as social media. Interacting with your friends.

However ads stick out like a sore thumb among updates from your friends and your friends don’t create enough interesting content to keep you doom-scrolling all day to view more ads. So both transitioned to public entertainment (still called social media for legacy reasons, there is little social about this side of the platforms, it is just media consumption). However this doesn’t seem to be as popular (young people want to talk to each other and show off to their friends) and other platforms that don’t mascarade as a platform for friends are doing better TikTok and YouTube.

It seems like Zuck needs to either

  1. Figure out how to monetize actual friend-to-friend interaction.
  2. Build a platform that is designed for public entertainment, not pretending to be for friends.

I’d be surprised if the devs were against it. Probably just that no one has done it yet.

Communities have RSS feeds of posts. You should just be able to paste the channel URL (such as https://lemmy.ml/c/asklemmy) into your reader. (If your reader doesn’t support auto-discovery there is a feed icon on the channel page).

There are also user feeds. There don’t appear to be feeds for comments on a post or searches but maybe we can see those some day.

It’s a nice sunny day after a few days of thunderstorm. Have a busy day at work but the job is interesting enough. After work looking forward to working on my own stuff.

Do you mean that the entry names are unencrypted? If so yes that is definitely a major downside of pass. But for my use case I have decided that it is acceptable.

Unfortunately this is more or less impossible.

The closest you could get is something that proxies on the TCP level. This would already reveal all of your visitors’ IP addresses and the sites they are visiting. However at this point good DDoS protection is already incredibly difficult because the amount of information they can see about the request is very small.

If you want a full DoS protection and caching solution you will want the proxy to see the traffic, in which case you are back at all of the privacy concerns of Cloudflare.

I’m going to be honest, the main reason that Cloudflare gets hate is that it is popular. This means that it does have a very good view of your web activities because a good chunk of the websites you visit are using Cloudflare. So maybe what you are looking for is just something equivalent to Cloudflare but less popular. This does have privacy benefits because it means that fewer companies have a “global view” of your activity, but isn’t fundamentally different.

To be honest I mostly use Firefox Sync. It is quite good and well integrated but only does the very basics.

For more advanced stuff I use pass. It is nice because it is infinitely flexible and can store binary data if needed.

I take a slightly different approach to RSS that probably doesn’t work well for everyone but is perfect for me.

I get all of my RSS delivered via email by rss-to-email services. I then use filters to sort these updates into dedicated folders. So for example most of the updates go to “News” some feeds go to “Videos” and so on. I even have a few feeds that go directly to my inbox when I want to know about them right away.

The main benefits are:

  1. I already have email clients that I like and am used to.
  2. Feeds and read/unread state are already synced across all of my devices.
  3. My email has powerful filters available which allows me to further organize.

The main downside is that I haven’t found an email client that pre-downloads images whereas this is a fairly common feature of dedicated readers. But this is a very minor issue for me. (Maybe I’ll send a patch to K9 some day)

I’ve been using this approach for almost a decade and am super happy with it. In fact I created my own rss-to-email service (FeedMail) in the past year to get exactly the behaviour I wanted. It is a paid service (but really cheap) but there are also ad supported options like Blogtrottr (I used their paid plan until I created my own service).

Hmm, maybe our rulesets are slightly different. I don’t think I should have anything for this site specifically. But I got just “the article you want” until I disabled it then I get the cookie banner and stuff.

Shout-out to uBlock Origin which actually blocked everything.

I actually like these (in concept). I agree that hiding things is often a bad Idea but for such fundamental navigation that you use constantly it is fine to have to learn if it makes it easier, faster or has other important benefits (such as reduced screen space usage in this case). Sure you have to learn, but it is a worthwhile investment and you aren’t going to forget.

I don’t think that is the case. There is not general-purpose compression applied to HTTPS as it may leak information like auth tokens. Compression would be transport-encoding compression which is also available in HTTP.

They don’t. Their tablets and laptops are on USB-C but the phones are still Lightning.

It’s actually fairly concerning. I trust encryption but it is still always wiser to practice defense in depth. I’d rather not hand out the cyphertext of my messages to anyone who wants to do sidechannel analysis, encryption implementation failures or even just archiving my messages to crack in 50 years when quantum computers become popular.

I’m not a huge fan of Thunderbird but after years of trying everything I still can’t find a better alternative. Definitely the least bad option out there.

Luckily Thunderbird is slowly and steadily improving. I hope that it keeps that trend!