Zak

@Zak@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨UnifiedAttestation: European, open source Google Play Integrity alternative on the horizon, could impact banking & government apps.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
You’re not wrong, and an open option might be an improvement over the current situation. On the other hand, it might encourage broader use of remote attestation.

I’m mostly disappointed that there’s no meaningful organized opposition. When Microsoft first proposed adding remote attestation to Windows, the New York Times called it out as oppressive. Now it seems like only hardcore open source nerds care, and I think the tech community should be doing better.
⁨Comment⁩ on ⁨UnifiedAttestation: European, open source Google Play Integrity alternative on the horizon, could impact banking & government apps.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I don’t like it. Remote attestation is a violation of the user’s right to control over their own devices. We should be pushing to eliminate it, not expand its use.
⁨Comment⁩ on ⁨From F-Droid to emulators, here's who's hit hardest by Android's new verification rules⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:

Anyone who was publishing to FDroid already is not going to be annoyed about the 24 hour scare screen for users.

Bullshit.

It’s hard enough to get people to step outside the Play Store ecosystem. Any additional friction will greatly reduce the number who do, and the combination of a reboot and a long waiting period is a lot of friction for the average person.
⁨Comment⁩ on ⁨Did we win?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

A lot of network, banking, and telephony protocols historically rely on trusting that there are no bad actors in the chain. Technology has added more links to the chain increasing the opportunities for bad actors to tap into it.

Their wish to break the first rule of network security (you can’t trust the client) shouldn’t be everyone else’s problem.
⁨Comment⁩ on ⁨New computer chip material inspired by the human brain could slash AI energy use⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:

could dramatically cut the energy consumed by artificial intelligence hardware

Decreasing the cost of using a resource almost always results in more use of that resource.

Laboratory tests showed the devices could reliably endure tens of thousands of switching cycles

That’s not very many when GPUs perform trillions of operations per second.
⁨Comment⁩ on ⁨Google gives Android users a way to install unverified apps if they prove they really, really want to⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I’ve tried it, and only ran into a couple apps that wouldn’t work with MicroG. I won’t pretend it’s painless, but it’s workable for someone with sufficient motivation.
⁨Comment⁩ on ⁨Google gives Android users a way to install unverified apps if they prove they really, really want to⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
/e/os is Android without Google proprietary stuff. It runs most Android apps.
⁨Comment⁩ on ⁨Why does this website feel like the end of FOSS?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I don’t know if that service can, but LLM-based workflows can do that. Here’s an LLM-based decompiler project which could serve as the first step in such a pipeline.
⁨Comment⁩ on ⁨Asus Co-CEO: MacBook Neo Is a 'Shock' to the PC Industry⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
How much cheaper do you think it should be for not including a 20W power supply? I’d be surprised if Apple’s cost for that part is more than 5€.
⁨Comment⁩ on ⁨Asus Co-CEO: MacBook Neo Is a 'Shock' to the PC Industry⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

because they “care about environment 😉” the €99 charger (which is almost mandatory for a new user) is sold separately.

It’s because they’re required by law to offer it without a power supply. See Article 3a, section 10.

Apple’s first-party power supply isn’t “almost mandatory”, and doesn’t cost 99€. The 20W model shipped with the Macbook Neo in other markets costs 25€ on Apple’s German store, and a generic 8€ power supply from Amazon will work. The power supply most people already have for their phone will usually also work.
⁨Comment⁩ on ⁨One in four CEOs say AI is a bubble but will continue investing⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
It’s changing rapidly, but handing automation tools to people who don’t understand the underlying concepts just gets you a bigger mess. There are no well-established best practices for how to use it safely and effectively because it’s too new and changing too fast.

It will settle down eventually, but a lot of people will do a lot of dumb things first.
⁨Comment⁩ on ⁨One in four CEOs say AI is a bubble but will continue investing⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
LLM-based coding agents have become useful to the point that people are building large software projects without humans writing or reviewing code directly. The naive approach to that will result in disaster if used in a production environment, but practices to improve reliability are evolving.

Popular opinion seems to be that Claude Opus 4.5 was the tipping point for this.
⁨Comment⁩ on ⁨After outages, Amazon to make senior engineers sign off on AI-assisted changes⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
AWS is not a simple web page.
⁨Comment⁩ on ⁨I built a self-hosted period tracker because I couldn't find one worth using⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Why?

It makes sense to try to give users an idea of how robust a project is, but the exact details of the tools involved in its creation rarely add much to that. It gets a little weird with LLMs because they allow someone with no programming skill to create software that appears to work, which ought to be disclosed; “I don’t know what I’m doing and I asked a robot to make this” does indicate unreliable code. A skilled developer having an LLM fill in some extra test cases, on the other hand can only make the project more robust.
⁨Comment⁩ on ⁨Are users data protected on the fediverse?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Well-behaved server software honors delete requests, but there are a bunch of ways for that to fail without anyone doing anything malicious:
- If your instance shuts down, there is no way for you to generate delete requests
- If a server admin has to restore a backup from before your request, the deleted data will be restored
- Immature or experimental software may not work as designed; Lemmy itself has a version number starting with 0
- Archiving services may keep snapshots of pages from fediverse servers; here’s your user page on lemmy.world on archive.org
- Fediverse servers often make content available by RSS, and RSS clients may store that content; there’s no way for them to receive a signal that it should be deleted
And then there’s malicious activity. It wouldn’t be hard to run a server that speaks ActivityPub, subscribes to a bunch of stuff, pretends to honor delete requests, and actually keeps everything.

Deletion will always be unreliable on the fediverse as long as it runs on technology that looks anything like current implementations.
⁨Comment⁩ on ⁨UK fines Reddit $19 million for using children’s data unlawfully⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I must also point out that he did not work at Reddit between 2009 and 2015.

I’m not going to try to talk you out of hating spez, but maybe try hating him for something he actually did.
⁨Comment⁩ on ⁨UK fines Reddit $19 million for using children’s data unlawfully⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
It was created by Violentacrez, not spez.

Prior to late 2012, it was possible to make someone a moderator of a subreddit without their consent, which was sometimes done as a joke or harassment. That’s why spez was briefly a moderator of r/jailbait.
⁨Comment⁩ on ⁨Android will become a locked-down platform in 194 day⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

I haven’t found anything I want to install on my iPhone that I can’t. At one point it was emulators

So you have found something you wanted to install on your iPhone that you couldn’t, but Apple has decided to allow it for now. I think it’s pretty obvious how this is a problem.

Of course you’re not going to find apps that exist that you can’t install because Apple says so. People won’t bother making them if they can only be distributed to the tiny handful of users with jailbroken devices. Of course it comes up on occasion when Apple withdraws permission, with ICEBlock being the recent socially important case.
⁨Comment⁩ on ⁨Android will become a locked-down platform in 194 day⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

Way I see it, my iPhone is a pocket version of my Mac.

The thing is, you can install software from whatever source you like on your Mac. That’s not true of your iPhone - even in the EU and Japan where they’ve been forced to open up a little, apps can only be installed with Apple’s permission.

Macs were completely open in that regard until recently. You could install apps from wherever you want. Now, Mac apps have to be notarized by Apple or installing them requires use of the command line. That’s obnoxious, but the user still has the final say, unlike the iPhone.
⁨Comment⁩ on ⁨Android will become a locked-down platform in 194 day⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

(“Linux” here as in “GNU/Linux”, as opposed to “the Linux kernel”, which Android phones also use.)

I feel compelled to point out that PostmarketOS, one of the popular Linux phone options is not, in fact GNU. It’s based on musl and BusyBox, not glibc and GNU utils.
⁨Comment⁩ on ⁨Android will become a locked-down platform in 194 day⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
- Google has announced that a workflow for advanced users to install whatever they want will remain, but hasn’t published details. Many people don’t entirely trust them about this.
- Third-party Android builds like LineageOS won’t be affected. These need a device with an unlockable bootloader. They can run any Android app that doesn’t intentionally sabotage them (some banking apps do this).
- Linux distributions for phones exist, and can run Android apps via Waydroid. This provides the most freedom for the user, but the highest effort. This is mainly suited for Linux hobbyists right now.
⁨Comment⁩ on ⁨How does a person get on the No Gun List without commiting a crime? My brother was diagnosed with BIpolar and others he doesn't even want the option ten year down the road.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Medical cannabis cards are not prescriptions, and cannabis remains illegal for medical use under federal law in the USA.

There have been attempts to interpret this as meaning that someone with a medical cannabis card may not legally own a firearm, but when the question has gone to court recently, judges have usually disagreed,
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

What is wrong with people.

Several studies have found that women prefer men their own age or slightly older, and men prefer women in their early 20s regardless of their own age. It’s not hard to explain that with evolutionary biology, as that’s when women are most likely to successfully bear children.

Of course evolutionary biology can explain behaviors like rape and dueling, which are serious crimes in modern societies.

Your “very young” might mean younger than early 20s though, and we do have a crime for that most places if the number gets low enough.
⁨Comment⁩ on ⁨Federated blog platforms? (ideally lightweight)⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Wafrn might be worth a look. I’ve been meaning to try it myself.
⁨Comment⁩ on ⁨Federated blog platforms? (ideally lightweight)⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Mastodon’s character limit is pretty easy to change when self-hosting, but it has other limitations like a lack of even basic formatting and images inline in posts. I think that’s true of several of the others as well.
⁨Comment⁩ on ⁨Lawsuit Alleges That WhatsApp Has No End-to-End Encryption⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
There is a risk Google could tamper with the app for specific users if they’re installing it from Google Play. I think it’s likely security researchers would discover that if it was widespread, but there’s a chance Google could do it undetected if they targeted it selectively enough.

People who are concerned about this can download the APK directly from Signal and check its signature before installation.
⁨Comment⁩ on ⁨Lawsuit Alleges That WhatsApp Has No End-to-End Encryption⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Signal uses reproducible builds for its Android client, and I think for desktop as well. That means it’s possible to verify that a particular Signal package is built from the open source Signal codebase. I don’t have to trust Signal because I can check.

If I don’t have extreme security needs, I don’t even have to check. Signal has a high enough profile that I can be confident other people have checked, likely many other people who are more skilled at auditing cryptographic code than I am.

Trusting the server isn’t necessary because the encryption is applied by the sender’s client and removed by the recipient’s client.
⁨Comment⁩ on ⁨OnePlus update blocks downgrades and custom ROMs by blowing a fuse⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
- Reasonable: prevent downgrades when the bootloader is locked
- Sketchy: prevent downgrades when the bootloader is unlocked
- Unhinged: hard-brick the device when a downgrade is attempted
⁨Comment⁩ on ⁨If you have one, how much do you pay for a domain name? Any cheap registrar recommendations?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:

I have a .com for like $19.99 but pay to have my info redacted from whois stuff, an email address, all cones to like $42.99

Porkbun charges $11.08 for a .com with whois privacy. $30/year for email hosting might be worth it if you’re getting very good service, but I think you’re overpaying.
⁨Comment⁩ on ⁨If you have one, how much do you pay for a domain name? Any cheap registrar recommendations?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
$11.08 for a .com. Source: just renewed.