• 0 Posts
  • 47 Comments
Joined 4 years ago
cake
Cake day: February 15th, 2021

help-circle
  • You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that’s the whole point of making them portable).

    I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker’s store. The point is that portability shouldn’t be so user-friendly / transparent that it becomes exploitable.

    That said, I don’t know if this new protocol makes things THAT easy to port (probably not?).



  • My worry is that the other 20% might actually come from other forms of partnerships and integrations not unlike what they probably had in mind with this, and that dropping Google might actually make them more dependent on seeking this kind of initiatives, not less.

    I don’t know how many people you actually need to maintain a browser. But if it’s actually possible to do it without any kind of money from any of those sources in a way that can be sustained, then it would make more sense to make a fork (or alternative, like Ladybird) and just use that.

    Like I said, I think it’s too late for Mozilla to shift course, I don’t expect they’ll ever do that. At least not until they are forced by a competing project if it happens to become successful (or a similar huge wake up call that leaves them no alternative).



  • Is “intent” what makes all the difference? I think doing something bad unintentionally does not make it good, right?

    Otherwise, all I need to do something bad is have no bad intentions. I’m sure you can find good intentions for almost any action, but generally, the end does not justify the means.

    I’m not saying that those who act unintentionally should be given the same kind of punishment as those who do it with premeditation… what I’m saying is that if something is bad we should try to prevent it in the same level, as opposed to simply allowing it or sometimes even encourage it. And this can be done in the same way regardless of what tools are used. I think we just need to define more clearly what separates “bad” from “good” specifically based on the action taken (as opposed to the tools the actor used).


  • I think that’s the difference right there.

    One is up for debate, the other one is already heavily regulated currently. Libraries are generally required to have consent if they are making straight copies of copyrighted works. Whether we like it or not.

    What AI does is not really a straight up copy, which is why it’s fuzzy, and much harder to regulate without stepping in our own toes, specially as tech advances and the difference between a human reading something and a machine doing it becomes harder and harder to detect.


  • Which is why you should only care about the personal opinion of those people when it actually relates to that reliability.

    I don’t care whether Linus Torvalds likes disrespecting whichever company or people he might want to give the middle finger to, or throw rants in the mailing list or mastodon to attack any particular individual, so long as he continues doing a good job maintaining the kernel and accepting contributions from those same people when they provide quality code, regardless of whatever feelings he might have about whatever opinions they might hold.

    You rely on the performance of the software, the clarity of the docs, the efficiency of their bug tracking… but the opinions of the people running those things don’t matter so long as they keep being reliable.


  • Ferk@lemmy.mltoLinux@lemmy.mlHyprland is now fully independent!
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    edit-2
    4 months ago

    I have contributed to other projects without really needing to get involved in their community in any personal/parasocial level, though.

    I just make a pull request and when the code was good it was accepted, when not it got rejected. Sometimes I’ve had to make changes before it getting merged, but I had no need to engage in discussions on discord or anything like that. I’ve been in some mailing lists to keep track on some projects, but never really engaged deeply, specially if it goes off-topic.

    If I find that a good code contribution is rejected for whatever toxic reason, then the consequence of that is the code would stop being as good as it could have (because of the contributions being rejected/slowed down), so it’s then that forking might be in order. Of course the code matters.


  • Ferk@lemmy.mltoLinux@lemmy.mlHyprland is now fully independent!
    link
    fedilink
    arrow-up
    11
    arrow-down
    2
    ·
    edit-2
    4 months ago

    To his point: if not “discuss”, what is the correct approach against fascism? war and murder? dismiss it, try to “cancel it” without giving any arguments so it can continue to fester on its own and keep growing in opposition?

    To me, fascism is a stupid position that doesn’t make much sense, to the point that it falls on itself the moment you “discuss” it.

    I would have expected that it would be the fascists the ones unable/unwilling to discuss their position, since it’s the least rational one. So it’s certainly very jarring whenever I hear people jumping to defend against fascism while at the same time stopping in their tracks when it comes to discussing it. Even if those unable to reason might not be convinced by our arguments, anyone with reason would. Rejecting discussion does a disservice, because it does put off those willing to listen and strengthens those who didn’t really want an argument anyway.

    Like flat-earthers, they should be challenged with reason, with discussion. Not dismissed as if it were true that there’s a huge conspiracy against them. Whether they listen or not to that reason, dehumanizing them and rejecting civil and rational discourse would play in favor of their movement.

    Stating “genocide is bad” should NOT be a statement of faith. Faith is the shakiest of the grounds, if we are unable to articulate the specific reasons that make genocide be bad, then we are condemned to see it repeat itself. So, I’d argue it’s for the sake of the victims in Auschwitz that antifascism should not be turned into a religion, but into a solid and rational position that’s not distorted nor used willy-nilly.



  • Bash. By default it might seem less featureful than zsh… but bash is a lot more powerful and extensible than some give it credit for. It might be more complex to set it up the way you like it, but once you do it, that configuration can be ported over wherever bash exists (ie. almost everywhere).


  • In that counter argument they are essentially admitting that 99% of their content was distributed without the copyright holder’s consent.

    In the CDL lawsuit, they have admitted that of the millions of books we have digitized, they themselves have only made about 33,000 available to libraries; only about 1% of what we have done, and only under restrictive and expensive license agreements. This is, they claim, the essence of their copyright rights: the ability to restrict access to information as they see fit, to further their theoretical economic interests, without regard to libraries traditional functions and the greater public good.

    Was it fair use in the past to redistribute reprints/format-conversions of works without the copyright holders consent?

    I agree that copyright law sucks… but that’s why it needs to change so it actually serves “the greater public good”. The judiciary system is not the right place to advocate for that (they don’t make the law, just interpret it), so I don’t really think there’s much hope in them winning this. Sadly.


  • If they really think there’s no reason to hide anything, why are they prosecuting Snowden for exposing something that was hidden?

    Before having surveillance on people, they should have it on themselves.

    Imagine how many corruption cases could have been prevented if the government was publicly monitored, with live streams from all offices, like a “big brother” show set up in the white house with live recordings of all calls and communications, so the voters can judge by themselves and monitor if the person they employed as the servant for the country is doing its job.


  • It can be formatted “nicely” with no issue. But that doesn’t necessarily make it easy to understand.

    What that person posted was in a function named smb() that only gets called by rmb() under certain conditions, and rmb() gets called by AdB() under other conditions after being called from eeB() used in BaP()… it’s a long list of hard to read minified functions and variables in a mess of chained calls, declared in an order that doesn’t necessarily match up with what you’d expect would be the flow.

    In the same file you can also easily find references to the user agent being read at multiple points, sometimes storing it in variables with equally esoteric short names that might sneak past the reader if they aren’t pedantic enough.

    Like, for example, there’s this function:

    function vc() {
        var a = za.navigator;
        return a && (a = a.userAgent) ? a : ""
    }
    

    Searching for vc() gives you 56 instances in that file, often compared to some strings to check what browser the user is using. And that’s just one of the methods where the userAgent is obtained, there’s also a yc=Yba?Yba.userAgentData||null:null; later on too… and several direct uses of both userAgent and userAgentData.

    And I’m not saying that the particular instance that was pointed out was the cause of the problem… it’s entirely possible that the issue is somewhere else… but my point is that you cannot point to a snippet of “nicely formated” messed up transpiler output without really understanding fully when does it get called and expect to draw accurate conclusions from it.


  • It doesn’t really matter whether it was “targeted” at Firefox specifically or not, what matters is whether the website has logic that discriminates against Firefox users. Those are 2 different things. “End” vs “means”.

    I wouldn’t be surprised if the logic was written by some AI, without specifically targeting any browser, and from the training data the AI concluded that there’s a high enough chance of adblocking to deserve handicapping the UX when the browser happens to be Firefox’s. Given that all it’s doing is slowing the website down (instead of straight out blocking them) it might be that this is just a lower level of protection they added for cases where there’s some indicators even if there’s not a 100% confidence an adblock is used.


  • That’s out of context. That snippet of code existing is not sufficient to understand when does that part of the code gets actually executed, right?

    For all we know, that might have been taken from a piece of logic like this that adds the delay only for specific cases:

    if ( complex_obfuscated_logic_to_discriminate_users ) {
    
        setTimeout(function() {
            c();
            a.resolve(1)
        }, 5E3);
    
    } else {
    
        c();
        a.resolve(1)
    
    }
    

    It’s possible that complex_obfuscated_logic_to_discriminate_users has some logic that changes based on user agent.

    And I expect it’s likely more complex than just one if-else. I haven’t had the time to check it myself, but there’s probably a mess of extremely hard to read obfuscated code as result of some compilation steps purposefully designed to make it very hard to properly understand when are some paths actually being executed, as a way to make tampering more difficult.


  • I expect it would be technically possible to have lemmy-like or peertube-like services built on top of the AT protocol Bluesky uses, like with ActivityPub. And I expect if/when that happens the communication across services would probably work too.

    In fact, accounts being “portable” in the AT protocol can potentially make the integration more seamless across different services, not only might the posts be seen from different services, but you might be able to directly access those different services with the same account. Imagine if you could login in lemmy with a mastodon account or vice-versa.

    Bluesky is just one of the possible services. But as long as the invites are private and you can’t host your own instance, I wouldn’t even consider it an alternative. I think it’s a bit early to judge, both its positives and its negatives.


  • Ferk@lemmy.mltoLinux@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    It’s changing by having a library like wlroots do most of the work.

    When you consider the overall picture, “wlroots + compositor” is actually less complex than “X11 + window manager” because you no longer need to consider the insanely high requirements of having to have a team maintaining the spaghetti mess of X11 code.

    Wayland-based dwl has roughly the same line count as X11-based dwm (about 2.2k), without having to depend on a whole separate service as big as X11.

    But of course, it being a completely different approach, it’s likely that for most smaller projects (ie. not Gnome or KDE) it’s easier to start a new project than creating a layer to maintain two different parallel implementations.

    If you want something that’s more or less compatible with openbox, there seems to be this project, labwc, which claims to be inspired by openbox and compatible with its config/themes… though I haven’t personally tried it.

    Also keep in mind that openbox (and I expect labwc too) doesn’t include any “panels” / “taskbars” or anything like that… and it’s likely your X11 panels might not work well if they do not explicitly support Wayland (but I believe that, for example, xfce-panel now supports both).



  • Wouldn’t it be easier and more direct to simply impose a tax to those external big tech services?

    I don’t understand why using protection against “bad actors” as an excuse is necessary at all if getting money from big tech were the ultimate goal. A lot of people within the EU would happily support such a tax targeting big US companies, it’s the privacy problems what we are pushing against, not the fees. So I’d expect a more direct and honest fee for external companies making business within the EU would be easier to pass if that were what they actually wanted, wouldn’t it?