• 1 Post
  • 126 Comments
Joined 3 years ago
cake
Cake day: February 15th, 2021

help-circle
  • Ferk@lemmy.mltoComics@lemmy.mlThe exchange.
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 month ago

    The thing is that we do have “Morning!”, “Hello”, “Hey”, “Yo!”, “Hi!”… and many other greetings that are not in the form of a question that actually leaves it open for the other person to respond with honesty and that is often also used as a conversation starter. If you really aren’t open to a conversation, use one of the shorter friendly greetings.

    If I say “how’s it going?” and they answer with something I don’t have time to hear… at most I would excuse myself and politelly say that I don’t have too much time to talk… but complaining about the other person actually answering truthfully makes no sense.

    Of course it’s just a comic, but still… I don’t think the one answering is in the wrong here.


  • “you want a government backdoor on GPL licensed code? publish the backdoor for everyone to use, see and exploit/check for themselves. And/or watch as people simply take a version of the software built from a more reputable source without that backdoor instead. Thanks for the money!”

    “you want to force all foss projects existing in the global internet across countries to get paid by you or close? enjoy your logistic nightmare as you pay to be made fun of by all other countries while I fork projects with one click”


  • If they really think there’s no reason to hide anything, why are they prosecuting Snowden for exposing something that was hidden?

    Before having surveillance on people, they should have it on themselves.

    Imagine how many corruption cases could have been prevented if the government was publicly monitored, with live streams from all offices, like a “big brother” show set up in the white house with live recordings of all calls and communications, so the voters can judge by themselves and monitor if the person they employed as the servant for the country is doing its job.




  • On Android 12 or later, apps will be autoupdated after the first install or first update, no root, no unlocking, no PrivExt needed. Older apps that can’t be updated will feature a banner explaining why.

    Most old versions of the apps are not build to support that, and you’ll have to manually update each of those apps at least once (after they have been built with support for it). When checking most apps at the moment a banner appears showing how the app does not support automatic updates (yet?)


  • This.

    I don’t understand the appeal of microblogging. The content is generally very low quality, the signal-to-noise ratio is horrible… I’m not interested in the shower thoughts of any particular individual …or in marketing stunts.

    The only individuals I’m interested on are my family & friends, and even for them I’d rather use a more private platform.

    And when I want to read a public post I’d rather it’s well thought and ideally not restricted by micro-limitations. Even better if it’s curated by a public voting process among a community of people with my same interests, or some other process that makes it so I don’t have to waste my time going through tons of content I’m not remotelly interested on.


  • It can be formatted “nicely” with no issue. But that doesn’t necessarily make it easy to understand.

    What that person posted was in a function named smb() that only gets called by rmb() under certain conditions, and rmb() gets called by AdB() under other conditions after being called from eeB() used in BaP()… it’s a long list of hard to read minified functions and variables in a mess of chained calls, declared in an order that doesn’t necessarily match up with what you’d expect would be the flow.

    In the same file you can also easily find references to the user agent being read at multiple points, sometimes storing it in variables with equally esoteric short names that might sneak past the reader if they aren’t pedantic enough.

    Like, for example, there’s this function:

    function vc() {
        var a = za.navigator;
        return a && (a = a.userAgent) ? a : ""
    }
    

    Searching for vc() gives you 56 instances in that file, often compared to some strings to check what browser the user is using. And that’s just one of the methods where the userAgent is obtained, there’s also a yc=Yba?Yba.userAgentData||null:null; later on too… and several direct uses of both userAgent and userAgentData.

    And I’m not saying that the particular instance that was pointed out was the cause of the problem… it’s entirely possible that the issue is somewhere else… but my point is that you cannot point to a snippet of “nicely formated” messed up transpiler output without really understanding fully when does it get called and expect to draw accurate conclusions from it.


  • It doesn’t really matter whether it was “targeted” at Firefox specifically or not, what matters is whether the logic takes the user agent into account and discriminates against Firefox users. Those are different things.

    I wouldn’t be surprised if the whole thing was written by some AI and they just run massive tests with different forms of ad blocking and different browsers to train the AI on how to detect ad-blockers, and this just resulted in Firefox users being given a higher chance of block, so the algorithm set a handicap to Firefox users, as a lower level of protection they added for cases where there’s no 100% confidence an adblock is used.


  • That’s out of context. That snippet of code existing is not sufficient to understand when does that part of the code gets actually executed, right?

    For all we know, that might have been taken from a piece of logic like this that adds the delay only for specific cases:

    if ( complex_obfuscated_logic_to_discriminate_users ) {
    
        setTimeout(function() {
            c();
            a.resolve(1)
        }, 5E3);
    
    } else {
    
        c();
        a.resolve(1)
    
    }
    

    It’s possible that complex_obfuscated_logic_to_discriminate_users has some logic that changes based on user agent.

    And I expect it’s likely more complex than just one if-else. I haven’t had the time to check it myself, but there’s probably a mess of extremely hard to read obfuscated code as result of some compilation steps purposefully designed to make it very hard to properly understand when are some paths actually being executed, as a way to make tampering more difficult.


  • I expect it would be technically possible to have lemmy-like or peertube-like services built on top of the AT protocol Bluesky uses, like with ActivityPub. And I expect if/when that happens the communication across services would probably work too.

    In fact, accounts being “portable” in the AT protocol can potentially make the integration more seamless across different services, not only might the posts be seen from different services, but you might be able to directly access those different services with the same account. Imagine if you could login in lemmy with a mastodon account or vice-versa.

    Bluesky is just one of the possible services. But as long as the invites are private and you can’t host your own instance, I wouldn’t even consider it an alternative. I think it’s a bit early to judge, both its positives and its negatives.


  • Ferk@lemmy.mltoLinux@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    7 months ago

    It’s changing by having a library like wlroots do most of the work.

    When you consider the overall picture, “wlroots + compositor” is actually less complex than “X11 + window manager” because you no longer need to consider the insanely high requirements of having to have a team maintaining the spaghetti mess of X11 code.

    Wayland-based dwl has roughly the same line count as X11-based dwm (about 2.2k), without having to depend on a whole separate service as big as X11.

    But of course, it being a completely different approach, it’s likely that for most smaller projects (ie. not Gnome or KDE) it’s easier to start a new project than creating a layer to maintain two different parallel implementations.

    If you want something that’s more or less compatible with openbox, there seems to be this project, labwc, which claims to be inspired by openbox and compatible with its config/themes… though I haven’t personally tried it.

    Also keep in mind that openbox (and I expect labwc too) doesn’t include any “panels” / “taskbars” or anything like that… and it’s likely your X11 panels might not work well if they do not explicitly support Wayland (but I believe that, for example, xfce-panel now supports both).



  • Wouldn’t it be easier and more direct to simply impose a tax to those external big tech services?

    I don’t understand why using protection against “bad actors” as an excuse is necessary at all if getting money from big tech were the ultimate goal. A lot of people within the EU would happily support such a tax targeting big US companies, it’s the privacy problems what we are pushing against, not the fees. So I’d expect a more direct and honest fee for external companies making business within the EU would be easier to pass if that were what they actually wanted, wouldn’t it?



  • I don’t think EVERYONE needs to understand / know about it. I mean, I remember when I was young most people had no idea how to use the internet (hell, they didn’t even know how to program a VHS), yet I was perfectly happy using that technology.

    I only need a specific set of people and specific communities to be there for it to be worth it. Like I said: I no longer use reddit, even though the fediverse has only a small fraction of the content existing in reddit… I would have expected people in the fediverse would be more receptive to unpopular but technologically/ethically superior alternatives.



  • like how not being able to sign up for something with tor and monero is a privacy violation, it’s not.

    Note that “secrecy” and “privacy” are often understood in Security lingo as different things. One protects confidentiality, the other one protects anonymity.

    It’s possible to have one and not the other…

    You can have a very private system through onion routing but have the contents of the messages exchanged be in plaintext, open to the public. Nobody will be able to know the one who wrote the message was you. But they can see the message. (then there is privacy, but not secrecy).

    Or you can have very strongly encrypted communications (say HTTPS) but have the DNS exchanges (or the TLS handshake, or the IP addresses) be in the clear, so people in the middle (eg. your ISP… or your workplace tech guys) can know exactly that the packages are sent by you and where you sent them, even if their content is encrypted. They can know which service you tried to access to, for how long and how many times (so you have secrecy, but not privacy).


  • But that’s cyclic reasoning. Nothing that you need/want will be on matrix if you (and everyone else) does not think it’s worth to make what you need/want be in matrix…

    I don’t need EVERYTHING to be in Matrix, just the things I’m interested in. So I’m happy when I see a push to have those specific things there. This is the same argument as to why I don’t use Reddit anymore, despite Lemmy/Kbin having only a fraction of the content.

    It also helps the fact that Matrix is very flexible when it comes to mirroring/proxying other protocols. I can easily access IRC communities from Matrix, for example. The integration in that direction is nicer than requiring discord channels to add bots that parrot an IRC chat.