DarthYoshiBoy @ DarthYoshiBoy @kbin.social

Posts

0

Comments

82

Joined

2 yr. ago

I genuinely hope that you're kidding. If you're not. No. Just no.

A process running as root does not need a prompt or any user interaction to do whatever the hell it wants on most (nearing ALL, but I'd be wary of absolutes with Linux) systems. I'm unaware of any means that a Desktop Environment could restrict a process running with root permissions by requiring an interactive prompt of some sort for anything. If your DE is running as root, all of its children are also running as root (unless you've rigged things up to run explicitly as other users) which means just about anything you are doing could be running rampant malicious actors on your system and nothing would seem amiss until it made itself evident.

Now, it does seem unlikely that anyone has written any malicious code that would run in a browser expecting to be root on a Linux system, so that's likely the saving grace here, but that's only security through obscurity and that's not much to hang your hopes on for any system you care about.

Whoever paid that $40 got a decent deal. https://www.pricecharting.com/game/super-nintendo/final-fantasy-iii

My favorite Libertarian society experiment. I mean, it's the only one that I'm aware of, but that it ended about as well as you'd expect is just fantastic.

Your Mastodon data is already an open book to Meta if they care to have it. The protocol is open, they could already be black-ops scooping up everything that's fit to federate without turning on Threads federation, so them doing that really changes nothing. And what I mean by that is that they could already have set up unknown instances to leech whatever data they want out of the Fediverse, which instances masquerade as normal mom and pop installs just federating and sucking up everything without bringing anything back to the table. There's literally nothing stopping them from leeching everything out of the Fediverse at any time other than people being better at detecting their activity (and actively thwarting that activity) than Meta is at keeping it off the radar.

In this case they're making it so that I might have a chance to follow and interact with people already in the Meta/Instagram/Threads atmosphere without having to convince those people to leave the confines of what they're comfortable with and find a Mastodon instance to sign up for. Maybe they'll be more comfortable with leaving Meta after dipping their toes in the open spec?

How is that not a win? If Meta/Threads decide that they want to fracture the protocol and go do their own thing later, so what? We'll go right back to where we were before they brought their users into the Fediverse. If people decide that they value the Threads extras/connections more than they value the purity of the ActivityPub protocol then maybe Meta is actually providing something that matters and we've lost by not supplying that need before the corporate interest figured out that it existed. In that case we'll deserve the death that causes in use of the open spec, but the open spec will still be there and people who want to do their own thing with it can't be stopped now. The code to run an open ActivityPub Mastodon instance is already out there and it's impossible to take it back now.

Everyone is out here decrying this as a subtle takeover of the Fediverse by Meta, but did Facebook "takeover" the HTTP spec when they started operating facebook (dot) com on the world wide web over the HTTP protocol? It's an insane assertion. I've been running my own opensource web servers since well before Facebook was a thing and I've continued to do so despite most people opting to depend on a mega-corp to be steward of their online presence. That Meta has a very successful and popular website that I've never been a fan of has never impacted my ability to use the open protocol they operate on to continue doing my own thing. The same thing will be true here.

It really seems like people are just upset that Threads might bring ActivityPub to the mainstream and force them to contend with the realization that a diaspora of open spec implementations already lost the war to Meta/Facebook. We had that once before. It was called the World Wide Web and you could go and find forums, fan pages, company websites, and everything else back then that has since moved to Facebook (or other content aggregator sites) because people value the network effects and homogenization more than they care about one big company being in charge of it all. (...and not to belabor the point, but most of that stuff is still out there, it's just waned in popularity because the network effects are not there.) Here we are with a chance to try and break things out again and people are seemingly worried that we can't if we let the Meta users in? Maybe they're right, maybe it's impossible to achieve victory here, but gatekeeping the standard and enacting some purity test for which providers are allowed on the protocol isn't going to tip the scales in favor of the open standards implementation.

If the protocol is truly open, then how can a corporation embracing it be a danger? We're all free to adopt any changes or not at any point in the journey so it's impossible to lose, you're free to keep doing your own thing any way you look at it. Tell me how any of this is untrue.

TL;DR: Threads coming to the Fediverse is a good thing. It'll make it possible to expand the network effects of an open protocol far faster and more than any amount of Fedinerds proselyting the gospel of ActivityPub ever will. The only thing that is at risk of being lost is that we'll refuse to adapt to what end users want fast enough to keep a large corporation from bending the spec to their ends. Which loss again only means that you'd be cutting yourself off from those who WANT to embrace the revised spec by not adopting those changes yourself. That option (to just not adopt changes to the spec) can't be taken away from you in the future, so worrying is only warranted if you feel like your ideal ActivityPub implementation can't win out in the marketplace of ideas and that you're owed that victory even if others are able to expand it in ways that people actually want to use enough to dismiss whatever downsides it contains.

I've a Mazda with Android Auto that doesn't use a touch screen. It's all controlled with a joystick/knob/button setup that is actually really nice. I wish my Nissan had a similar setup all the time.

In the Mazda I know how many physical interactions will get me the result I want, it takes barely more than a glance at the screen to know what's up. With the touch interface I have to put my eyes on the screen to confirm that the car didn't bounce when I went to tap a "button" and/or confirm that the tap was actually registered. I know that GM has to know that Android Auto supports non touchscreen interactions. If they're concerned about how unsafe touchscreens are, just add a knob to the center console that doubles as a 4-way joystick like Mazda has and all those concerns go away. It's really that simple and it IS miles better than using touch for everything.

Why aren’t people pushing at Apple users to make that switch themselves

If you've ever tried to get someone to use the non-default... anything, you would probably note that most people will not go out of their way to use something that isn't the default. The fact that Apple doesn't allow you to set another messenger app means that your appeal to most Apple users will quickly run into the neat wall that Apple keeps around their garden. It doesn't hurt Apple's defense of that default that they convey a special status to users of the default, why would someone who is special in the default app (blue bubble) go out of their way to be a normie elsewhere?

Megatron

• Not religious
• Not a surname
• Not a place
• Doesn't rhyme with Aden
• Is a sci-fi name

The only issue little Megatron will ever face in life is the possibility of an Optimus Prime showing up some day, he's otherwise right on the path to world domination, and who couldn't love that? 😉

Funny story time, intentionally vague to shield identities:

I have a friend who was hired to teach a course at a local University for their new CS degree that had a focus on video games some while ago. He was a bit of an expert in a particular portion of the material that they needed, and when they started putting out feelers to find someone to teach the subject matter, everyone locally in the industry gave him the highest praise and said he was the man for the job. The University met with him and eventually selected him to teach, which he did for 3 semesters. After 3 semesters, they dropped him because he didn't himself have a college degree in what he was teaching (which was something he made very clear in the hiring process.)

He went into making games straight out of high school, he was basically there at the ground floor, self taught, acknowledged by everyone in the industry locally as a foremost expert in the field where they had him teaching, and they couldn't keep him because they couldn't have him teach when he didn't have a degree in the field. Without his having a degree their program couldn't be accredited. So... They wanted him to have a degree in a subject he was an originator of and without that degree they had to drop him.

He makes financial software now because the games industry was/is brutal and he wanted to see his family now and then. I've always found it hilarious that a University had to let him go because otherwise the snake wasn't eating its own tail and the ouroboros apparently can't have that.

As always, there is an XKCD for this.

https://xkcd.com/538/

Aside the whole issue that a single component in a system exfiltrating data without cooperation from many of the other components in the system is just patently absurd, the honest truth is that anyone who wants to break your security isn't going to go to the extreme length of making certain your screen is replaced with a covert unit that can somehow inform them of anything you're doing when for most cases a pair of binoculars will get the same job done for much cheaper and is at least half as convoluted, a hit to the head with a $5 wrench gets your fingerprint much more easily than a replacement fingerprint scanner does, and most compromises of a user would be far more effectively done in software rather than hardware. Software which constantly has new bugs to exploit while getting a crooked piece of hardware navigated into place is just an absurdly unlikely occurrence that would require a massive coverup the size of which is out of the reach of most entities in existence.

I'm in the middle of a fairly populated US suburb, and Apple maps still sends anyone trying to find my house 3 blocks away, so I'm going to say that it's not "finally good."

As soon as I get those people to use Google Maps, they're on their way without issues. I can see why Apple Maps might make the mistake that they do, but the fact is that Google Maps doesn't and hasn't ever in the last 15 years. I recently had a bunch of contractors around for quotes on some renovations and the iOS users ended up lost every time while the Android users never had a problem.

I look back at the PS2’s library (to be fair, it was enormous even for its own time) and everything on the Switch feels tiny in comparison.

https://en.wikipedia.org/wiki/ListofPlayStation2games(A%E2%80%93K) vs. https://en.wikipedia.org/wiki/ListofNintendoSwitchgames

If there aren't legit more Nintendo Switch games than there were PS2 games right now, I imagine that the Switch will just trample the PS2 before its end.

I guess I'm just the sort of guy who'd rather have to do a CAPTCHA every time than have some invisible (to me) test determining whether I measure up to their standards or not and have no means of understanding why I failed when/if I do. I hate CAPTCHAS, but I hate impermeable black boxes 1000000x more, and I hate this WEI nonsense far more than that.

Any sites that attempted to restrict browser access based on WEI signals alone would have also restricted access to a significant enough proportion of attestable devices to disincentivize this behavior.

If it's actually a "significant enough proportion of attestable devices to disincentivize this behavior" why would anyone want to rely on this mechanism? I have a means to check if a device should be trusted, but it fails enough of the time that I shouldn't depend on it... Why would I ever depend on it? What use case allows for an expected 10% failure rate?

The objective of WEI is to provide a signal that a device can be trusted

This is exactly the opposite of everything anyone would learn in CompSci 101.

NEVER TRUST THE CLIENT. CLIENTS CANNOT BE TRUSTED. CLIENTS ARE NOT SANE. THAR BE DRAGONS THERE. (Maybe that last one is pirate treasure maps, but I think it holds.)

Anyone who is buying this guy's argument that they're trying to make it so you can trust clients, should immediately be removed from any computers they are in possession of and be "invited" by men in black suits to go live on a nice agrarian farm where the only computer available is an air-gapped Tandy TRS-80 MC-10. They can rejoin humanity when they've relearned the lessons of the last 40 years and understand why this is just patently insane.

Joke's on you. Anyone can be a literal pirate right now, no boat required. Just grab a BitTorrent client and off you go. 🏴‍☠️🏴‍☠️🏴‍☠️

Honestly, I'd choose that technically correct option because it's probably the one that makes it easiest to get and maintain insulin, which I need to live.

1996 is on the latter end of what I consider the early internet, but I really miss the Video Game FAQ Archive (GameFAQs) which was murdered by a thousand cuts culminating in the death of the gamefaqs.com domain. FAQs used to be so good, these days the same information is dispersed over 50 pages of an HTML "guide" that is more ads than information, and often for less complete information, if it's not just a YouTube video that's even worse and shows you things but doesn't explain them at all.

Find some "work" shoes. They're more comfortable, and they hold up much longer than a brand's regular wares. They're often sold as non-slip shoes.

https://reebokwork.com/
https://www.adidas.com/us/healthcarecollection
https://www.puma-safety.com/us/en
https://www.newbalance.com/men/shoes/work-shoes/
https://www.skechers.com/technologies/collections/work-safety/
https://www.shoesforcrews.com/
https://www.timberland.com/en-us/c/timberland-pro/mens-footwear/work-shoes-10173
https://www.dsw.com/en/us/category/mens/shoes/work-safety

I've personally had some daily wear Skechers "work" shoes that after 5 years of comfortable wear, I finally had to replace the insoles, but they're otherwise still holding up as well as the day I bought them. Every pair of shoes I've ever owned long term have been "work" shoes. Shoes for Crews are pretty expensive, but I had a pair of them last long enough that I finally ditched them because they just looked old fashioned, they were otherwise still wonderfully intact.

https://i.imgur.com/ySFnDVM.png

I choose to believe he's just doing this for memes at this point. I can't accept humans are capable of these depths through inadvertent action, it's just too dumb.