activistPnk @ activistPnk @slrpnk.net

Posts

12

Comments

70

Joined

2 yr. ago

Electrics cars will make it a non issue

I do not see EVs replacing scooters (which are driven by lower budget commuters). A single unmuffled scooter driving through #Paris at 3am can wake up 10,000 people according to Bruitparif. And don’t forget horns. Assholes will used their horns at 3am on my street. The only thing they give a fuck about is their own convenience when their favorite parking spot is taken.

The idea of harsh punishments works if a vehicle is continuously loud because it will eventually cross paths with a cop. So that position is fair enough. But what about horns? There’s never a cop around when horns are misused.

⚠ That article is a bit enshitified and autoplays video. Just a warning to anyone on a limited internet connection.

Perhaps what’s different about Yandex is that it was a leak the revealed their data abuses. The code does not match their claims:

“Remember that Yandex reportedly said that the data it collects is “non-personalised and very limited”? That does not seem to be the case.”

There are other mentions of blatant deanonymization of identities in that article. Whereas Google is relatively transparent about what they do by comparison.

Here’s an interesting point as well:

“In theory you should be able to take your data back if you live in a jurisdiction that requires companies to respect data deletion requests, but the insights derived from that data might be considered that company's work product and not included in that deletion.”

i also wonder- what if you don’t live in Europe.. doesn’t the parent ownership being in Netherlands mean that Yandex is GDPR-obligated to everyone worldwide as if it were an EU company?

What bug report? There’s no bug single report in particular to speak of. I’ve filed hundreds if not thousands of bug reports over the years. The post is a reflection of a subset of those experiences.

When a developer asks a tester to look at a module in the source code, that is not a consequence of a “half assed bug report”. It’s the contrary. When a dev knows a particular module of code is suspect, the bug report served well in giving a detailed idea of what the issue is.

I think it’s somewhat well known that Yandex is a surveillance capitalist, but I’ve heard Yandex-using westerners comment that they have no ties to Russia. Russian business does not appear to be tightly integrated with western businesses. So I think the attitude has been that if they use Yandex whatever data gets collected is less likely to get intermingled or aggregated with western data leeches data sets.

Consider that when you enter the US, customs & immigration sometimes wants probe into your Twitter and Facebook profiles. In one notable story, a student from the middle east managed to get enrolled into an ivy league university like Harvard or something. Customs looked at his FB acct, saw who his friends were, then saw some anti-American messages by his friends (not him). He was blocked from entry and sent back; did not get to attend the school. I wonder if he were using some Russian social media service instead whether it would been a different outcome.

So this news changes the dynamic a bit. If a Dutch company has backroom access to Yandex’s data collection, Europeans do not get that cross-border sense of privacy they thought they had.

OTOH, Russia seems to have no privacy safeguards. IIRC facial rec DBs are shared to everyone so anyone can snap a pic of someone, ID them with the app, and find out where they live. Netherlands has the GDPR, fwiw. So I guess the question is to what extent Yandex is subject to GDPR rules.

Did I say incomplete? You’ll have to quote where you get that from.

Compare like with like. You can have incomplete code, and you can have incomplete bug reports. Neither are relevant here.

So you did not pay,

And? Of course testers do not pay money. Why would they? Devs do not pay for the tester’s work either. Both developers and testers are volunteers who do not pay the other for their work. On free software projects testers and devs pay with their own labor.

much larger contributions of the developers.

It is not “much larger” for a dev to task the tester to implement the fix. The dev is no more than a manager in this case.

Are you a paying customer?

Testers and bug reporters are not paying customers. They are volunteer CONTRIBUTORS.

If so, I understand completely.

Obviously not.

The dev is a bigger volunteer than you.

Nonsense. Contributors are equals. Exceptionally, devs who demand that testers also fix the software are notably smaller (managers, effectively).

That’s fair enough, but it’s a bit of both (satire and reality). It’s actually a true account (details withheld because I have a bit of respect for the developer in the recent case). This is something that really happens. Not often, but occasionally there are devs & others who expect bug reporters to do a fix. There’s a poor attitude that bug reporters are in some way a beneficiary/consumer and the false idea that the devs are working for the bug reporter. There’s also an assumption that the bug reporter is in some way in need of a fix. When in fact the bug reporter is a volunteer contributor, performing work for the project just like the dev. It’s just as wrong for a dev to demand work a bug reporter work on the code as it is for a bug reporter to demand work from a dev. Everyone gives what they can or wants to. A bug report is not an individual support request. It’s a community bug -- one that may or may not even affect the bug reporter.

Someone tasking someone else without paying them is indeed being not where they belong. In the case of the OP, that’s the dev tasking the bug reporter.

Of course.. The reaction shows how seriously wound tight people are. Obviously not much sense of humor in this community.

There are a couple rare cases where devs have tried to coerce me into a fix. Sometimes they outright say they expect the bug reporter to fix it, strangely enough. It never happened in a language that I knew, and weird that bug reporters would be expected to know how to program at all. But it’s far from the norm.

I wondered what that article would say about Ada. No mention. But certainly Ada gives you the ability to have the issues that are listed so apparently Ada is memory unsafe (despite it being highly regarded as a safe language overall).

Also worth noting that Ada developers generally consider rust a watered down lesser alternative. OTOH, rust has memory safety and Ada does not, correct?

I doubt it matters. Two out of 8 of my cards state on the card that it is the property of the card issuer. A few others say use of the card is subject to the terms. The rest make no statement or property claim on the card. I’m not sure if it’s safe to say all cards are claimed by the issuing bank as their property. In the case of the 2 cards, if someone steals them you could say they’ve stolen the property of my bank. In the other cases it’s unclear who is designated as the victim.

I think it’s irrelevant whose property the cards are. Dutch law would state one way or another whether an ATM can (or must) confiscate cards and in which situations, and that law would have force regardless of who in the world owns the card.

EMV chips can only take a certain amount of abrasion. They can also lose conductivity due to a buildup of film/scum. It’s easy to fix: a pencil eraser works well for making the contacts clean again (if not simply rubbing with your finger fails). If it’s worn out from excessive insertions, simply using a different machine might work because the pins won’t necessarily touch the contacts in precisely the same spot (if you look at an EMV chip, you see some variation in alignment of the scratch lines). I see no case for wanting your dysfunctional card to be seized. If you tell your bank your card is broken beyond recovery, the bank will simply believe you. Unless the ATM can dispense a new replacement card on the spot, the confiscation is only an anti-consumer action.

In principle that’s quite useful that some banks can send you a code that bypasses the need of a card. I personally refuse to run non-free software & exclusive google-distributed software, and apps that refuse to run in a VM, so the apps of all my banks fall very short of my requirements. Most of the websites of my banks are a disaster as well. So I’m mostly an offline customer. Nonetheless it sounds like a useful feature for most of the not-so-fussy population.

In any case, that would be a good defense for this ridiculous card-eating ATM.

For those of us without RFid cards, I’m thinking it’s worthwhile to track which ATMs have motorized slots & which ones have manual insertion.

To be clear, we’re not talking payments; this is an ATM. Don’t contactless payments have a low maximum since they don’t require a PIN? A card I use for payments is contactless, but my ATM card uses a chip and PIN. I’d be concerned if someone could steal my card and simply tap it at an ATM to get cash.

Good point. I didn’t notice if that machine had that ability, but I know my card does not.

There are privacy risks either way.

Big banks are obligated to look for Americans using small banks (which report less) & share that data internationally (FATCA). Big banks are fast to sign up for all the data sharing agreements whereas small banks tend to be less aggressive about info sharing. Big banks have the resources to hire data scientists, lawyers, and look for legal loopholes before deliberately oversharing your data.

Small operations can’t afford to invest in exploiting your data for profit. But they have less to spend on security so they are more likely to accidentally leak your data (e.g. hacker exfiltration).

But then small ATMs have other weird risks:

https://slrpnk.net/post/2479741

So it’s not really clear-cut.

So iiuc, you’re saying some care is taken to not expose the transaction data to all the banks. Good to hear.

Some clarity is still needed. E.g. I insert a foreign card by bank X, doesn’t one of the co-op banks have to be selected? The ATM itself must have a bank account where the electronic money lands in exchange for the cash being dispensed. I trust some banks more than others & Ing is low on the trust scale, so I’m a bit bothered by the lack of transparency & lack of choice.

The consolidation is in itself a problem. There are only two major ATM providers (geldmaat & euronet) & the smaller independent ATMs are losing ground. This means consumers only have two practical choices for handles their transaction & in neither case do you know which bank you’re trusting with the data.

thanks for the link. I added that to the end of the OP.