chameleon @ chameleon @kbin.social

i'm lizard 🦎

---

Read more

Posts

1

Comments

106

Joined

2 yr. ago

I suppose that's true for some types of financing, but looking more into this particular plan, it all comes down to how much you value the bundled services... and they don't seem stellar to me. The math I'm seeing from the time of announcement suggests you'd pay $1080 for a $599 smartphone or $1320 for a $899 smartphone. Even if you were planning on paying for YouTube Premium at full price, inflation still has a tough time beating that.

Upgrading would have involved signing a new 2 year deal. It's just a fancy-sounding financing program; the 2 years were to pay for the device they've had for 2 years. I'll never understand the appeal of buying a high-end/expensive phone on such a program because you'll be stuck paying for something outdated by the end of it, but shrug, that's not unique to Google.

If such a process existed, the entity in question would almost certainly end up being shut down by that process, unless they find a funny technical loophole around it, in which case that would be a failure of the law that should not be rejoiced by anyone.

But as it stands, that law and process does not exist; ISPs already can and will shut you down for things like downloading copyrighted content (with or without complaints from the copyright holder), tethering without approval, being a technical nuisance in the form of mass port scanning, hosting insecure services and other such stuff. "Hosting a platform solely dedicated to harassment and stalking and ignoring abuse complaints about it" absolutely deserves to be on that list.

"If we don't let the oppressors roam freely, they might try to oppress you" is not something I expected to read from the EFF today. But well, here we are.

It has been standard internet behavior that if a platform does not have the proper response to abuse complaints, you move up a layer higher until you find someone that is receptive to it. This has been standard operating procedure for more or less for the entirety of the current millennium, and this article has done absolutely zero work to provide a good reason it should be anything otherwise, other than bringing up generic "free speech" stuff.

You should not get a path out of that process because one layer immediately above the problematic entity is actively choosing to disregard abuse complaints. You simply move up to the next step. And this process simply must keep existing, as doing anything otherwise is to allow people to pull off all kinds of bad things; scams, spam, illegal activity and far more.

And if you abolish the non-legal form of that process? Well, there's still a legal process - and as soon as someone that wants to censor minorities gets control over the legal process, they will simply change the rules in their favor, as has happened countless times in the past.

I can't really blame the manufacturers because the USB-IF's suggested schemes would just confuse people even more. If people see 10Gbps on the box they're gonna assume it can do 10Gbps, but tons of stuff ends up capped well below the USB link speed (most everything based on SATAlt;-USB converters internally is 6Gbps max).

It's choosing between a bad naming scheme or something a lot of consumers would interpret as a straight up lie.

All of this stuff is A/B tested, region/locale divided, edition divided, hardware divided, based on what other stuff you've agreed to and more. You don't have to do anything to encounter this stuff.

I find it strange Nebula is both the cheapest streaming sub I have as well as the one I get the most use out of. I will say I'm slowly getting tired of it though, it's getting to the point it needs a block creator button. Getting rid of clickbait was a selling point but it's starting to creep in hard, there are stupid red arrows pointing at random things and obviously poor titles all over the recent videos page. It wasn't like this a year ago.

That's a somewhat unknown subject given the way personality rights are written across the globe (they are not consistent and some are built on an invasion of privacy scenario only). Deepfake porn lives in extremely muddy largely-untouched ground. But if it is illegal, it would simply never happen under copyright law, and this ruling does not affect it.

Let me put it this way: If I break into your house and film you doing whatever then post it on YouTube, it'll end up getting me penalized for breaking and entering, property damage, violation of privacy and who knows what else; probably a huge laundry list that'll land me locked up for a good chunk of time and you'd win on all those counts. But one you're extremely unlikely to win is copyright, unless I happen to film something like some piece of art you've made yourself in the process.

Personality rights are not copyright. At all. It's just that simple. Entirely different branch of law, enforced at an entirely different level in the US (state-specific instead of federal). Something can be totally free of copyright while also still being illegal to distribute for entirely different reasons.

You don't own a photo someone else made of you IRL either. Personality rights are closer to trademark.

As pointed out, the DNS issue was fixed, and the other point made about Python wheels has also been addressed; quite a good chunk of packages on PyPi have had a musl wheel added in the past 6 months or so, including numpy & scipy. I'm also not certain if the Go part is true; probably somewhere around half of the Go apps I'm running as a container are running or were built on an Alpine base.

I can't speak for Apple but Google does. It falls under their user-generated content policy which requires you to "Provides an in-app system for blocking UGC and users". Google is generally the more lenient of the two when it comes to policies, so I'd be highly surprised if Apple didn't have it...

You can easily end up with A gifting B a million and then B sending A the NFT for free, potentially with a trusted escrow service in between to make sure both of these actually happen. The NFT marketplaces are essentially already acting as escrow, so this isn't weird.

Only thing you could probably enforce is that moving something from one key to another requires a fee to be paid to the original artist, but that'd also trigger if A wants to move their assets to a different key (eg in or out of some hardware wallet, online wallet or marketplace). And if A and B trust each other strongly they can simply share the key.

The argument does exist. This article by PEN America is one of the most widely spread ones and largely misrepresents the situation. It's based on a PopSci article with a similar headline, though the contents of the article tell a rather different story.

Nothing really says out loud what's going on: Republicans enacted an extremely vague and unrealistically short deadline book ban as part of a bill (that does some other stuff like removing AIDS education), forcing schools to either throw out every book that might be vaguely suspect or resort to funny measures like this. This school's use of ChatGPT was purely to save books that were on a human-assembled list of challenged books, to reduce the negative effect of the book ban, while being potentially defensible in court (remains to be seen how that'll work out, but they made an "objective" process and stuck to it - that's what matters to them).

No, I most definitively hate Jira (and also my manager). Jira is the only software I've had to use where 10+ second page load times are a regular everyday occurrence. On their cloud hosting, so it's not like we could do anything to fix it other than filing tickets... which we were told to simultaneously keep doing so they can track it but also stop doing because it's working as intended and we were wasting their time and abusing support.

JQL is absolute garbage, and it doesn't even take hindsight; they took SQL but in an attempt to simplify it, they broke everything about it. Whether any particular functionality is a field or a function to run on some other field is a mystery. And if you're using Jira Service Management, it gets infinitely worse; everything is bolted on in a terrible way.

Every interaction between their "Kanban board" and "ticket" system is confusing. They pull from the same database, except not quite, except they do. It's a representation of data, but not the same representation the data is in. If you have any kind of custom workflow setup at all - which the blog both criticizes as bad and uses as a reason to explain why Jira is the only good option (????) - it will simply never do the right thing unless they map 1 to 1.

There are all kinds of perpetually missing features. Multiple assignees are a big one, there is simply no correct way to represent "John and Bob will spend some time together brainstorming about a new architecture" or simple things like pair programming, despite that being a fairly significant task that should somehow be accounted for in planning. You can half-ass it with custom fields or sub-tasks, but then the entire ecosystem of tooling built on the assignee field crumbles.

Likewise, you can't assign issues to a "virtual" position of any kind, all you can do is leave them unassigned or make (and pay license costs for) a fake user. It's not possible to represent concepts like "the first available person from the Ops team" or "whoever is currently managing the security team" unless you make it into a status and leave it unassigned, which causes a massive amount of issues when multiple teams led by different managers are working on one project or someone is temporarily or permanently unavailable for whatever reason (vacation/sick/etc). Planning software that cannot deal with people being unavailable is worthless.

Permissions are a complete mess. There's all kinds of funny interactions between admin and project permissions, and some things are in what could have obviously never been the correct spot. How it ended up with project releases being an administrative permission speaks volumes about how poorly everything is designed. Happy tenth anniversary to the cloud ticket, the original server one has another decade on it. Twenty YEARS of the most basic feature imaginable not existing when the initial implementation was patently incorrect to begin with.

Okay, the thing that really matters to me:

“Frankly, we have more important things to do than spend a lot of time trying to figure out how to protect kids from books,” Exman tells PopSci via email. “At the same time, we do have a legal and ethical obligation to comply with the law. Our goal here really is a defensible process.”

According to Exman, she and fellow administrators first compiled a master list of commonly challenged books, then removed all those challenged for reasons other than sexual content. For those titles within Mason City’s library collections, administrators asked ChatGPT the specific language of Iowa’s new law, “Does [book] contain a description or depiction of a sex act?”

It really only got rid of things that would've otherwise had to go to begin with, while saving a few others.

It feels a bit closer to malicious compliance more than truly letting the AI decide the fate of things, and doing full proper compliance within the 3 months they were given would've been nigh impossible. I'm suspecting that the lawmakers were hoping that by giving them such a small timeframe, schools would throw everything vaguely suspect out. This ultimately leaves more books accessible, which I consider to be a good end result, even if the process to get there is a little weird.

I do and I can confirm there are no requests (except for robots.txt and the odd /favicon.ico). Google sorta respects robots.txt. They do have a weird gotcha though: they still put the URLs in search, they just appear with an useless description. Their suggestion to avoid that can be summarized as: don't block us, let us crawl and just tell us not to use the result, just trust us! when they could very easily change that behavior to make more sense. Not a single damn person with Google blocked in robots.txt wants to be indexed, and their logic on password protecting kind of makes sense but my concern isn't security, it's that I don't like them (or Bing or Yandex).

Another gotcha I've seen linked is that their ad targeting bot for Google AdSense (different crawler) doesn't respect a * exclusion, but that kind of makes sense since it will only ever visit your site if you place AdSense ads on it.

And I suppose they'll train Bard on all data they scraped because of course. Probably no way to opt out of that without opting out of Google Search as well.

I guess a CEO opened the YouTube frontpage while logged out and went "what is this shit".

But seriously, this seems like it's a good thing overall. The "default"/empty history algorithm recommendations are truly, truly horrifying more often than not. It's almost entirely low-quality clickbait and I can't imagine many people actually appreciate it like that.

They were 10% off in the winter & summer sales. These refurbs at full price are 20% off compared to the regular ones. I wouldn't expect to see them discounted further unless Valve has difficulty selling them.

The attester here is really mostly Google's Android/Play Services/(ChromeOS) team, not Google's Chrome team. Chrome is really just responsible for passing it along and potentially adding some more information like what kind of extensions are in use, but the real validator is above Chrome entirely.

There will not really be a worthwhile key inside Chrome (there might be one that does nothing by itself); it'll be backed by the existing per-device-unique key living inside your phone's secure enclave. Extracting one key would just cause Google to ban it. That attestation covers the software in the secure enclave, your device's running OS, bootloader unlock state and a couple of other things along those lines; the OS, guaranteed to be unmodified by the hardware attestation layer, then adds extra stuff on top like the .apk hash of the browser. The browser, guaranteed to be unmodified by the OS layer, can add things like extension info if it wants to.

SafetyNet/Play Integrity have both software and hardware modes, but all Android+Google Services phones released in the previous 6? or so years have been required to have hardware backed attestation support, which has no known bypass. The existing "Universal SafetyNet Fix" pretends to be a phone without hardware support which Google begrudgingly accepts... for now. But the day where Google will just screw over older phones is getting increasingly closer, and they already have the power to force hardware backed attestation for device-specific features like NFC payments and DRM support.

On Apple devices, Apple has parallels via their secure enclaves in the form of App Attest/DeviceCheck. On Windows desktops, there could be a shoddy implementation with TPMs (fortunately they're not quite powerful enough to do this kind of attestation in a tamper-proof way; Microsoft's Pluton chips might have some secret sauce we haven't yet seen, though). On Linux desktops... nope, ain't no support for this coming anytime ever.