Permanently Deleted
balsoft @ balsoft @lemmy.ml Posts 4Comments 306Joined 1 yr. ago
Permanently Deleted
That burner phone can still be traced back to you.
Depending on what that means, sure. Most likely scenario is that you get apprehended, can't discard the phone for whatever reason, and the cops search it. In that case yeah sure it can be traced back to you.
If you are careful and only use it for (careful) photography and maps (as OP requested), then I feel like it can't really be traced back to you if you discard it or give it to someone else etc, except maybe fingerprints and DNA (but cops likely won't have the resources to do that for everyone in the entire protest). And for situations like this it a digital camera or a paper map could be traced all the same.
All “feature phones” are running some form of Android
I'm not talking about "feature phones". Just a regular old midrange smartphone. E.g. the original Samsung Galaxy A-series.
That burner phone is likely going to require you to sign into a Google account with a phone number before it will do absolutely anything
Some of them will, sure. Check before buying (or just make a new Google account without linking it to a phone number - might require a VPN to somewhere else but doable). I've had plenty of smartphones where you can just skip it. You won't have access to Google Play and such but that might be a bonus :)
Android requires this in their ToS
I'm too lazy to check but I highly doubt it - Google is not available in China at all and yet there are plenty of Android smartphones sold there. Also Android is mostly open-source and different vendors can and do build different versions of it.
Permanently Deleted
As others said, you can reuse burner phones, and they can be really really cheap. You can get a 10-year-old midrange phone from an e-waste place for free or close to that, replace the battery (which tends to be much easier on old phones), and it will do everything you need just fine. I think it's the sweet-spot between convenience (e.g. navigation is really useful if the crowd carries you to part of the city you don't know, taking photos/videos, etc) and safety (even if you get caught, and are forced to unlock the phone, there's virtually nothing on it that cops can rummage through). Just make sure to pre-download maps and other resources you may need (for maps on a cheap old device I would recommend this: https://f-droid.org/en/packages/app.comaps.fdroid), but don't log in to any accounts. Unless you really need to communicate with others over the phone, keep the airplane mode on. If you're savvy enough, while replacing the battery you can also physically disconnect the antennae from the modem too for extra peace of mind.
Oh, also, I don't know about your country but in some places you can still get "anonymous" pre-paid SIMs from sellers in shady underpasses for cash. If you really must communicate with others via cellular/need mobile internet, that's also an option to put in your burner phone. But once again, avoid logging in to any accounts or calling anyone you know unless absolutely necessary.
I was more talking about (+ a b)
and such.
Eh, reads pretty naturally to me. That said, (like I lisp)
Don't forget the cop and the brown-children-bomber. Although maybe austerity cuts will make that one job as well.
Whenever I need to provide an estimate, I ask everyone on the team for their gut feeling, take the second-largest estimate and multiply by 1.5. Seems to work pretty well. (if you can't tell I don't know what I'm doing with management)
Not in the field, but I think it depends. It's for sure more dangerous on average if we consider the entire world, but I feel like that's mostly because of certain areas (US w/ toothless FAA and ATC shortage, Russia with the war&part shortages etc, ...) and new Boeing aircraft.
Flying is still the safest mode of travel per km, and if you're flying Airbus/Embraer/COMAC/pre-2010 Boeing it's likely as safe as it was a decade ago. However it kinda sucks due to all the greenhouse gas emissions.
Are you sure you understand how PGP works?
Are you sure you understand how PGP works?
If you're talking about git config --global gpg.format ssh && git config --global user.signingKey ~/.ssh/your_key
and then signing your commit with git commit --sign
then yeah, in modern times it's very similar to PGP signing. There are a couple minor differences which make PGP a bit better:
- PGP has keyservers which, in theory, allow you to upload your PGP key there, and your friends could sign it, so that others (who trust your friends through a chain of trust) know you're you. This is highly unlikely to work in practice because PGP keyservers are kinda dead and the trust network is weak (i.e. you and the person wanting to confirm it's your key are highly unlikely to have a chain of trust between you). Uploading your key to multiple keyservers at least distributes the trust a bit, compared to just uploading your ssh key to GitHub, as people can check multiple servers.
- PGP signing allows you to store the key on a hardware key, reducing the attack surface. I don't think ssh signing allows that but I'm not 100% sure.
If you're talking about using ssh for authentication to the git server, than it's a different story. First of all, most git servers will actually accept it if you push commits committed by someone else (e.g. see this: https://github.com/jayphelps/git-blame-someone-else). (there's a tangent about Author:
vs Committer:
that can be had, but in any case e.g. GitHub does not do any checks on either of those fields when you push commits there). And so, someone can just "pretend to be you" and push commits somewhere as though they have been created by you. There are of course some other mechanisms around that (e.g. access control to repositories) but it's still a problem. PGP/SSH signing (as opposed to ssh authentication) is the most effective solution to that. If some commit has been signed by you, and everyone knows your public key, they can verify for themselves that you are the committer. GitHub has a way to (semi)-enforce that: if you add your GPG/SSH key as a signing key and enable "Vigilant mode" (" Flag unsigned commits as unverified "), all commits that have you as Committer
which aren't signed by your signing key will get marked as "Unverified" in their web interface and raise suspicion almost immediately.
Of course this mechanism relies on GitHub (i.e. Microsoft) as the keyserver - they could in theory covertly replace your key with something else and most people would be none the wiser. Even if someone wanted to check themselves, for a project hosted on GitHub the most obvious way to find the persons PGP/SSH key is to request it from there (You can actually do that by going to https://github.com/<username>.gpg
and https://github.com/<username>.ssh
- e.g. here's my PGP public key: https://github.com/balsoft.gpg), so you have to trust them not to replace it. It's better than nothing but not great. If you're serious about key signing, publish your key on your own website, with as much of it controlled by you as possible (ideally on your own hardware), and advertise it widely. E.g. my key is available at https://balsoft.ru/key.
Thanks! Do come, it's even better in person.
You know who should be charged over this? It's not the parents. It's not even the driver. And it's not even necessarily the city board responsible for the shitty car-centric design. It's the fucking psychopaths in charge of car & oil companies who lobbied this and forced car-centrism on an entire continent. They need to be on the dock for every preventable pedestrian & cyclist death in city limits. All of them are mass murderers.
the third is only a problem if you’re already looking for a problem.
"Is vacation 28 days" should not be a question, it should be the minimum mandated by law. "Will you work weekends" should rarely be a question, it should be heavily regulated and only allowed for positions where it's truly required (and never to compensate for management fuckups).
Feels like they are both made up scenarios for rage-bait.
Actually for both of them, the conclusion is correct. "The second they'll get a better offer they'll vanish" - no shit, this is how it works under capitalism. Want to keep them? Make a better offer. "The second they find someone to do the same for less pay, they'll fire you" - no shit, this is how it works under capitalism. Want to make that harder to do? Join or organize a union, and otherwise fight for your labor rights.
I'm doing Nix consulting-type jobs - it can mean anything from simply packaging some stuff for Nix and making a devShell to refactoring existing Nix-based infra (which can be hundreds of thousands of SLOC) to building entirely new developer UX, CI/CD and even production deployments on Nix/NixOS. I've also been paid to implement some cool features into Nix itself, fix bugs, etc. I'm really quite happy with the job, even though it could probably pay more :)
Eh, probably if Guix becomes significantly better I'll switch to it (from NixOS). I really like how seriously they take user freedom, bootstrapping (only 357 bytes of binary to bootstrap everything else from source!) and consistent user interfaces (scheme everywhere). But unfortunately the package repo is just not big and mature enough yet, and declarative configuration options are not as good as they are with NixOS. My job is also Nix-related, and that's another major reason I'm staying for now.
Not an exact alternative (it's missing reviews and photos are relatively rare), but I use OsmAnd for this. Most "official" trails (e.g. those maintained by the park administration, etc) are mapped on OpenStreetMap already. There's also support for "Travel Routes" (I think they come from WikiTravel? Not sure); this covers the most popular "unofficial" routes. Once I ran out of those, I started just looking at mountains without trees but with a path to the summit marked on the map. This way, I've been able to find hikes for almost every weekend for three years now (definitely over 100 at this point) in a tiny country (Georgia); I've obviously had some misses (paths being overgrown, trails being meh, etc) but overall I've found it really nice.
Not least because there’s no such thing as a “compiled” or “interpreted” language.
I'd say there is (but the line is a bit blurry). IMHO the main distinction is the presence (and prevalence) of eval
semantics in the language; if it is present, then any "compiler" would have to embed itself into the generated code, thus de-facto turning it into a bundled interpreter.
That said, the argument that interpreted languages are somehow not programming languages is stupid.
Truth be told, I've very rarely specifically audit code of projects I use. Sometimes when something is broken or is missing a feature, I will go in and try to remedy that. On a couple of occasions I've noticed other bugs that I then fix too.
The only exception to that are when I'm using some random script I've found on the internet - I will read through it to see what it does. This is somewhere between "software I download" and "copy-paste development", as I will often also tweak the script to suit my needs better.
I don't think it's humanly possible for a single person to audit everything they are using. There are millions (perhaps even hundreds of millions?) SLOC in any desktop Linux installation, it would take decades of effort to even skim all that for obvious faults, let alone properly audit it. If you are crazy enough to use something like Dusk OS, then I could see it, but how many people are?
a mobile OS that basically eschews backwards compatibility
I have an app built for Android 4 running on my Android 15 device. It looks ugly but it works. Of course other apps will not be so lucky, but some backwards compat is absolutely there.
a desktop OS that can still run 30 year old applications
Not really, Microsoft is steadily breaking old stuff. For example lot of 10-15 year old software that was doing something hardware-related would be broken now due to driver signing changes/restrictions (e.g. WinRing0 things).
the most popular OS
It's barely the second most popular OS, after Android. iOS is pretty close behind it. And yet the amount of complaints Windows gets seems to be far higher than that of Android.
How? Do the e-waste centers keep track of the shit you take from there? Not where I live, they can sometimes give you stuff for free. Or you can just pick it up on ebay/craigslist/garage sale, that works too. Good luck tracking that.
I strongly doubt that because on my two last phones (OnePlus 5 & POCO M5) I didn't have to log in to a Google account with the default ROM, there was an obvious "Skip" button in the lower left corner when prompted to log in. Can you point me towards that ToS or a screenshot of an unskippable "Sign in to Google" screen on a consumer smartphone?