umami_wasabi @ umami_wasbi @lemmy.ml

pending anonymous user

---

Read more

Posts

41

Comments

748

Joined

2 yr. ago

How about the Google Play as system app? I would like to see that gone too. Just make every app stores normal apps. No special privileges.

I'm more intetested how much per kW it produces cost, and the maintenance cost over its life span. It has to answer the question is it economical to build and maintain.

My jaw dropped after the first paragraph. What the fuck is this?

Now I'm worrying that some terms of service I aggreed maybe 10 years ago and that might still apply to me. Also, worry that will I be forced into arbitration because I visit a website and the term of servicr have a forced arbitration clause. This would be a nightmare scenario. Imagine Disney claims that because I visited their website (or the cookie prompt), I have agreed to forced arbitration.

In 2024, there is less appetite to break up the behemoths, but some to impose interoperability,

I still thinks Google shall be broken up into at least 4 companies: ads with services, android, and browser.

As long as it fits into the slot, it should work.

That "ethical" is problematic. What considered to be ethical is very subjective to the culture context.

Edit: better wording

There are still windows, assume they are in classroom. There are RF blocking windows but those are quite expensive, and lose function as soon as you open it for airflow.

The paywall free link is instead captcha walled.

At least teach the concept of "don't do it ever" won't hurt, and won't get outdated anytime soon.

However, this approach will hurt security in the long term as this brings to burden to the lib dev to maintain a foolproof design, which they can burnout, quit, and leave a big vulnerbility in the future as most dev won't touch the code again if it's still "working."

Cybersecurity is very important in today's digital landscape, and cryptography is one of the pillers. I believe it's essential for devs to learn of core principles of cryptograhy.

Again, audits are nice, and you can use it in various points, but it's not silver bullet. It is just a tool, and can't replace proper education. People are often ignorant. Audits can generate any number of warnings it can, but it's the people needs to take corrective actions, which they can ignore or pressured to ignore. Unless it's part of a compliances certification process that can cause them to get out of business. Otherwise, most managers are "What would I care? That cost more."

At least have few lessons let them remember not to roll their own crypto, and respect those scary warnings. These needs to be engraved into their mind.

I agree security audit would catch this, but that's something after the fact. There is a need for a more preventative solution.

Because cryptography is a specialized knowledge. Most curriculums doesn't even include cryptography as core topic in their Computer Science degree. You can have a look of the MIT's computer science curriculum. Cryptography is instead embedded in the elective class of Fundementals of Computer Security (6.1600). That's also why DevSecOps instead of the previous DevOps. It's just simply boils down teaching and learning cryptography is hard. It's still too early to expect a typical dev to understand how to implement cryptograhy, even with good library. Most doesn't know compression and encryption doesn't mix well. Nor they understand the importance of randomness and never use the same nounce twice. They doesn't even know they can't use built-in string comparison (==) for verifying password hashes which can lead to timing attacks. Crypto lib devs who understands crypto add big scary warnings yet someone will mess something up.

Still, I will strongly support academics adding basic cryptography knowledge to their curriculum, like common algoritms, key lengths, future threats, and how fast the security landscape is moving, just for the sake of the future of cyber security.

I believe you can with openssl, but it will take lots of time both generating and using the key. Think you sign something with that key, and the other party is using a low end device. He might take few mintues to verify the signature. The drawbacks just outweight the benefits. Security is a balancing act between complexity and usability.

I think OP is quite clear that he wants something resembles to Telegram's UI, but works with XMPP instead. The title is just part of the context. You still have to read the body, which uses terms "interface" and "UI". This means he never intend something server side.

I won't say your comment is inaccurate, but taken out of context and misinterpret what the OP means.

They can hijack the DNS answer to the DoH server, which have to happen if the system doesn't know where to look for, and create a DoS. However, that's how far they can go AFAIK. They can't pretend they are the real server, nor downgrade the connection. And, it can be sidesteped by using a direct IP connection.

We use DNS just because lemmy.ml is easier to remember than 54.36.178.108 or 2001:41d0:303:486c::1. DoH can still works by direct IP connection.

OP, I understand what you look for, but that's not easy task. From my limited knowledge of apps development, achieving what you requested would likely be:

1. Identify and remove all relevent code to the backend. Easier if it's modular, very hard if they're litrered everywhere.
2. Chose a XMPP client library that have relavent extension support that can translate Telegram features that XMPP understands.
3. Write an adaptor (if modular) to match the methods signature and translates calls to the client library. Or reimplement all the code you removed (if littered everywhere) with the client library.

This is akin to swaping to a new engine for a car, with incompatible mounts. Diffcult to execute, and (I believe) low interest. You can try if you got the skills. I don't and even I have, I will just use SimpleX which fits my needs.

OP already clearly stated he want to use XMPP. What OP is asking is some client features the functionality of Telegram client. Or a fork of Telegram client, gutted out every signle line of code interact with the backend, replace them with a XMPP client library.

No, I'm not. Read my previous response.

Can you manually uncheck all then save it?

Is that 5-10 KM range based on frequencies available in the US, or worldwide?

That "tipping point" is totally subjective. Different people have different level of tolerance. You might find it useful and others might find it annoying. My response is a neutral response that observed from the comment OP replying to.

Sure one doesn't have to look at this but I would also recognize their right to voice being annoyed. I believe this community is civilize, right?