hedgehog @ hedgehog @ttrpg.network

Posts

1

Comments

869

Joined

2 yr. ago

There are multiple takes on this, ranging from “tea bagging is fine” to “tea bagging is sexual assault” - see https://gamerant.com/teabagging-sexual-assault-controversy-explained/ for a rundown. I fail to see how allowing people to opt out of it would destroy any form of culture.

TBH I think seeing it as not at all rude makes you the exception. It’s clearly intended to be rude, to put your opponent on tilt, and most gamers get that.

Terrible article. Even worse advice.

On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.

I suspect the same is true on Android.

Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.

With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.

If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.

Honestly that’s a great analogy.

I worked briefly as a CSR and during training they made a point of telling us that people had been fired because of doing exactly that when the mute button failed. That was over a decade ago, but I wouldn’t expect increased reliability today.

More recently, a friend who is a CSR told me that their software mute buttons only prevent the audio from going to the customer, but it’s still recorded and can be grounds for termination if the call was audited. I introduced her to a microphone with a physical mute button but made sure she knew that it could also fail (or most likely, that she might be using a different connected mic, in case the hardware mute would do nothing).

Office conferencing software also has a really bad record with their software mutes. I’ve had experiences with Teams, Zoom, and Webex where I’ve clicked mute, but wasn’t muted.

The mute button should be thought of as a feature for the person on the other line / the other people on the call - you’re reducing the noise so the focus can be on the conversation - not as a feature for your privacy. You can treat Private Games similarly - it’s so you don’t subject your friends to the thought of you playing sexually themed games, not so you’re guaranteed to be saved the embarrassment of people knowing that you’re playing them.

This is a very surface level overview of the frameworks it covers. The title is a bit of a reach, as it wouldn’t give anyone enough information to make a more educated decision about which framework to use.

Are you the author? I think it could be improved by including:

• metrics - number of apps that use each, number of job offerings, github stars
• who backs each project, and how much can we trust them to continue developing it in a way that’s friendly to developers
• for React specifically, a bit more info on the prominent frameworks - Next.js, Vite, Gatsby, CRA/CRACO, or ejected CRA - since the difference between them is substantial
• a high level description of the use case that the framework is designed for, as well as use cases where it isn’t well suited or has drawbacks.
• how does the development experience differ? Is there a lengthy build step? Does it offer hot reloading? Does it come with a built-in linter or integrate easily with one?
• Does it have a bundled testing framework, and how does that compare to other offerings? For example, CRA comes with jest and it can be a pain to configure jest to properly handle all of your dependencies - it doesn’t use the same build pipeline as your app and will fail if you’re using newer dependencies that use import statements instead of module.exports and you don’t individually configure each one. Vitest, by contrast, uses the same build pipeline as Vite.
• Ease of writing unit tests, component tests, and e2e tests (even if that means pulling in another library)
• ease of use with or without typescript
• some more substantial example apps per framework, like a to-do list that uses a simple API (preferably the same API in all cases). Currently the examples don’t even show what the code looks like with basic styling

If you are the author, I saw your article on Typescript and would also like to say that you can configure your linter to not warn about using any. There’s even a no-implicit-any rule that you can use if you only want explicit any types but don’t want, for example, responses from API calls to have that type by default.

That is a problem, but this post is not an example of that problem.

I’m not addressing anything Gitea has specifically done here (I’m not informed enough on the topic to have an educated opinion yet), but just this specific part of your comment:

And they also demand a CLA from contributors now, which is directly against the idea of FOSS.

Proprietary software is antithetical to FOSS, but CLAs themselves are not, and were endorsed by RMS as far back as 2002:

In contrast, I think it is acceptable to … release under the GPL, but sell alternative licenses permitting proprietary extensions to their code. My understanding is that all the code they release is available as free software, which means they do not develop any proprietary softwre; that's why their practice is acceptable. The FSF will never do that--we believe our terms should be the same for everyone, and we want to use the GPL to give others an incentive to develop additional free software. But what they do is much better than developing proprietary software.

If contributors allow an entity to relicense their contributions, that enables the entity to write proprietary software that includes those contributions. One way to ensure they have that freedom is to require contributors to sign a CLA that allows relicensing, so clearly CLAs can enable behavior antithetical to FOSS… but they can also enable FOSS development by generating another revenue stream. And many CLAs don’t allow relicensing (e.g., Apache’s).

Many FOSS companies require contributors to sign CLAs. For example, the FSF has required them since 2005 at least, and its CLA allows relicensing. They explain why, but that explanation doesn’t touch on why license reassignment is necessary.

Even if a repo requires contributors sign a CLA, nobody’s four freedoms are violated, and nobody who modifies such software is forced to sign a CLA when they share their changes with the community - they can share their changes on their own repo, or submit them to a fork that doesn’t require a CLA, or only share the code with users who purchase the software from them. All they have to do is adhere to the license that the project was under.

The big issue with CLAs is that they’re asymmetrical (as opposed to DCOs, which serve a similar purpose). That’s understandably controversial, but it’s not inherently a FOSS issue.

Some of the same arguments against the SSPL (which is not considered FOSS because it is so copyleft that it’s impractical) being considered FOSS could be similarly made in favor of CLAs. Not in favor of signing them as a developer, mind you, but in favor of considering projects that use them to be aligned FOSS principles.

Is there some sort of block chain base registrars out there?

There are handshake domains, which are distributed on a blockchain, but sites that use them won’t resolve in browsers by default

From https://docs.syncthing.net/users/faq.html#what-is-syncthing (bolding mine)

We believe your data is your data alone and you deserve to choose where it is stored. Therefore Syncthing does not upload your data to the cloud but exchanges your data across your machines as soon as they are online at the same time.

There used to be a word for it in the Diagnostic Service Manuals before they removed it: Psychopathy.

I don’t believe this is true. The first version of the DSM had a section on sociopathic personality “disturbances,” with notes that these were sometimes referred to as psychopathy or sociopathy, but neither it nor the ICD “has ever included a disorder officially titled as such” (per the Wikipedia article on Psychopathy in the Diagnosis section).

Psychopathy was a catch-all for several different things, including homosexuality, so it makes sense for its use to have been retired in a clinical setting.

Antisocial personality disorder is the modern clinical term for sociopathy. ASPD is a Cluster B personality disorder and it has similarities to other Cluster B personality disorders: borderline personality disorder, histrionic personality disorder, and narcissistic personality disorder.

You can buy a USB-C splitter or replace your current dongle with one that gives you the exact ports you want.

For example, the Belkin Rockstar is USB-C to USB-C+3.5mm jack. It’s $40 but there are a ton of cheaper options - JSAUX has a few for $15 or so on Amazon, and there are other no-name branded versions out there for around $10ish.

I’ve not been able to listen to high bitrate SBC myself, but that tracks with my understanding, too. I read this article - https://habr.com/en/articles/456182/ - recently, when trying to confirm my understanding of why there’s such a huge difference in sound quality from codec to codec.

What setup do you have where you’re able to listen to 552 kbps SBC?

You don’t think the Bluetooth codec makes a difference when you’re using Bluetooth headphones? When else would it make a difference?

I feel like you’re just confusing the codec used for compressing audio for storage and wireless transmission with the codec used for transmission via Bluetooth. That or you’ve just never experienced a setting where a better codec was being used.

SBC can sound okay, but see here for a breakdown of why it almost never actually does. Basically, it’s capped at only using a fraction of the available bandwidth, even though it could use more if not for arbitrarily imposed limitations.

I don’t believe that we perceive luminance in a linear fashion, but the systems of measurement aren’t straightforward coming at it as a layperson.

With sound, a 10 dB increase is 10 times more intense, but it doesn’t sound 10 times louder to the human ear - it sounds (roughly) twice as loud. So if something was 6 dB quieter (1/4th as energetic), it would sound maybe 2/3rds as loud.

The next things to ask are:

• does an obstruction of 80% of the sun result in reducing the light we receive to 20% of what we’d otherwise receive?
• how does a change in light energy affect our perception of brightness?

Turning your nose up at SBC isn’t being a codec snob; it’s having functioning ears.

And if you’re on Android, AAC is not well implemented compared to on iOS / MacOS. Maybe this has changed in the past couple years but it was immediately noticeable to me when I upgraded from the WH-1000XM3s to the XM4s, I could immediately tell that the audio was worse if they weren’t using LDAC. And these don’t have LDAC.

Unlike with competent compression codecs (mp3 vs AAC vs FLAC), where most people genuinely cannot tell the difference between a well-compressed song vs a lossless one, many people can immediately tell the difference between AptX and AAC or SBC on Android.

There are plenty of true wireless headphones out there that support LDAC or AptX for less than $100. It’s not surprising to me that people in their target audience would think $150 for something that sounds terrible to them isn’t reasonable.

For me the problem is that it just feels like a poor imitation of the way it’s done in Dark Souls / Bloodborne / Elden Ring.

I’m Hedgehog, the poor senior dev who was assigned to review Hal’s code.

Panel 1: ✅ (PR Approved) LGTM but you’re missing the styling from the mock-ups, should be easy to add.

Panel 2: ❌ (Changes requested)

Nit: Hal, your PR failed in CI. You should have used const instead of let. Did you forget to run the linter before pushing?

Also, the useState hook isn’t doing anything. If it doesn’t need to, just leave it as an uncontrolled component. I didn’t look at the surrounding code but this is part of a form, right? If not then it should be receiving the setter/value as props.

Panel 3: ✅ LGTM, ship it.

❌ Actually wait, you still have that do-nothing state code in there. Either get rid of it or do something with it.

Panel 4: ❌ Hal, I don’t like where this is going.

Panel 5: (during stand-up) I reviewed Hal's PR and just had a couple pieces of feedback. Shouldn’t take long, right, Hal?

Panel 6: ❌ WTF, Hal. <InputField /> is literally just passing through props to input, so you don’t need it.

Also, Hal, I recommend you look into the Styled Components library. It might better fit your needs here. You could rewrite the LoginComponent as a styled input. Of course, if you do that you should refactor the existing places where you’re using style sheets to use styled components and themes instead.

You also still have the do-nothing useState hook for some reason. Seriously, Hal, get rid of it.

This is how I’d write this without bringing in Styled Components, but if you use it make sure to test it first:

    
import React from ‘react’;
export const LoginForm = (props: React.ComponentPropsWithoutRef<‘input’>) => (
  <input
    {...props}
    className={`border rounded-md p-2 focus:outline-none focus:border-blue-500 ${props.className || ‘‘}`}
  />
);

  

I was able to read it by clicking the stop button mid-refresh, but it took me a few tries.

No, because 91% of school shootings were performed with a handgun.

The only shootings where mental illness plays a major factor are suicides. When it comes to gun violence, only 4-5% of perpetrators have a severe mental illness. When it comes to school mass shootings specifically [ source ]:

• 67% are white
• 100% are male (95% according to a different source)
• “Severe mental illness (e.g., psychosis) was absent in the majority of perpetrators; when present, psychotic symptoms are more associated with mass murders in academic settings involving means other than firearms”

And with regard to school shootings generally:

• 77% of the time, someone knew about their plans for the shooting ahead of time
• more than half of K-12 shooters have a history of psychological problems, but the bigger issue is that nearly three quarters of the time, they had been being bullied or harassed in school
• depending on the source, nearly half or more than half got the gun from home or a relative, often by stealing an unsecured or under-secured firearm
• 91% of shootings were with a handgun

If we could reduce bullying and do a better job at making students feel like they have value and matter, that would go a lot further toward reducing school shootings than anything involving mental illness (aside from, perhaps, efforts to reduce the stigma associated with it).

Substance abuse - drugs, particularly those that are illegal, and alcohol - as well as poverty and inequality is much more strongly linked to gun violence.

I’m not saying that we shouldn’t continue improving our available mental health resources (the majority of deaths from guns are by suicide, after all), but we shouldn’t use mental illness as a scapegoat.

Would it change your assessment if they have dynamic price tags that you can only see with the aid of some network-connected augmented reality solution or an online catalog (that you access with a QR code you scan, geotagged software, or something along those lines)?