I wonder if it could be something like adding a Link: </post/1234>; rel="activitypub" header or <link rel=activitypub href=/post/1234>. Then a browser (or browser extension) could detect this canonical ActivityPub URL and offer to open it in your configured instance or app. This is basically how RSS feeds work.
I wrote my own. I aimed for a different UX than most services. For my use case I have a few devices that I often share files between. So opening the tool on both devices was a bit annoying. Instead you select the file on the first device and you get a push notification on the other. Then the transfer is done over WebRTC (locally if possible). All communication is done end-to-end encrypted and over your browser's push service.
The problem with Yubikey is that it doesn't have a good enough management story for broad use. I do use it for a few core sites (like GitHub) but if I lose a key I need to get a replacement and register that replacement with every site I have set up U2F 2FA on. This is ok with a few core accounts but doesn't scale to the hundreds of sites that I have an account with. I am sure to miss a few and then either I can't log in with the new key or get completely locked out when I lose that key and get a second replacement.
Yeah, this is important to realize. Most good 2FA implementations offer TOTP which doesn't need a proprietary app. You can store all of your 2FA secrets in whatever app or password manager you like.
If they can download data via SQL injection having them log in probably doesn't matter that much.
If they can dump your password/hash they can likely also dump the TOTP secret.
A lot of website security expert attention is focused on raising the minimum security level. If you are using randomly generated passwords + auto-fill you are likely above their main target audience.
So yes, it is slightly better, but in practice that difference probably doesn't matter. If you use U2F then you may have a meaningful security increase but IMHO U2F is not practical to use on every site due to basically being impossible to manage credentials.
So yes, it is better. But for me using random passwords and a password manager it isn't worth the bother.
It is also worth noting that Firefox Sync is end-to-end encrypted. So the amount of data the server gets is quite minimal. (This is unlike the sync of a lot of other major browsers.) So unless you want to hide your IP and activity times from the host self-hosting isn't critical.
They'll brick your device if a part can't be verified so that isn't much different they destroying. Maybe they don't require repair shops to hand over personal info, but they do require device identifiers so I wouldn't be surprised if that is basically identical.
How exactly does Samsung police this? Surely the repair shop could just… not tattle?
Well there is a contract in place and there would be consequences for not upholding the agreement. Sure, they could probably get away with it for quite a while. But it likely isn't worth the risk, they would rather just out Samsung as being a piece of shit and go on their merry way.
It would be pretty easy to catch this as well. Samsung can just occasionally submit a phone with a known third party part for repair and see if the expected report comes in.
The answer is yes. The receiver can do whatever they want with the "localpart" of the email address.
However you will need to find a provider that supports it. For available services you are probably looking at one of two options:
Get your own domain, you can then probably just filter to the To address however you want.
Use a email relay/masking service. This will allow you to generate "aliases" that forward to your regular email address.
If you want full control you can run your own email server. For example that is what I do. I generate addresses in the form of {description}-{signature}@me.example. So if they try to remove stuff the signature will fail and the mail will get rejected (well actually just heavily weighted as spam). I do this using Rspamd with a custom rule written in Lua. Full details of this setup are here: https://kevincox.ca/2022/07/07/signed-email-addresses/
You can make contributes sign an CLA to allow the licenses you need for the console release. Some people may not want to but it seems like a reasonable compromise if you want to support consoles.
I think the main problem is that the companies selling vapes and related products are not really targeting users who are quitting smoking. Obviously there is less money in temporary users. They are targeting people who will keep smoking, usually because it is "cool" and especially teenagers who are a good target for "cool" and can be customers for a long time.
So yes, if you are using it temporarily ease off nicotine it is great and we should keep vapes available for these people as medical devices. However we should try to reduce the damage that vapes are doing to other people. How strongly we should do this is obviously controversial. Personally I would focus on education and personal choice, but there is a strong argument to be more forceful.
So then don't buy a folding phone until they make that better.
No one is saying that everyone should having a folding phone. But it seems obvious that the ability to have a large screen that fits in your pocket is a great feature that many people value. There are downsides, but for some people the upsides outweigh them. For other people (like you) they don't and you can continue to get a non-folding phone.
There are dozens of first-person shooters but people love porting Doom to every device. Winamp is memes and nostalgia, I would bet that people would port it just for fun.
kevincox @ kevincox @lemmy.ml Posts 6Comments 809Joined 5 yr. ago
Because proprietary JS is non-free software and they are against running non-free software.