lastweakness

@lastweakness@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Steam games will now need to fully disclose kernel-level anti-cheat on store pages⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I mean, anybody could verify it by spending a few hours each on the respective games… But yes, any empirical data would be nice. For example, a study on the amount of blatant hackers found on lobbies joined in comparable ranks. Anyway, this isn’t exactly misinformation to anybody who has played both games at any decent rank. It’s unproved but immediately discernible information. Take that how you will, i don’t really intend to argue about this here. This kind of pointless argument is the worst thing about Lemmy.
⁨Comment⁩ on ⁨Steam games will now need to fully disclose kernel-level anti-cheat on store pages⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I sure wish there was some empirical study regarding the same too. I’m very much going by anecdotal evidence from myself and others right now
⁨Comment⁩ on ⁨Steam games will now need to fully disclose kernel-level anti-cheat on store pages⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

you don’t actually need kernel level to do anti cheat well.

I’m sure you’re right, but VAC is one of the worst examples for that… I think whatever Blizzard does with Overwatch 2 is a better example.
⁨Comment⁩ on ⁨YSK: You don't own your Kindle e-books.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Technically, we’re one update away from Kobo taking our device away too. I do love my KOReader on my Clara 2E though
⁨Comment⁩ on ⁨Streamyfin, a simple and user-friendly Jellyfin client for iOS and Android⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Ooh, that’s promising. I guess I’ll try it once it matures a bit more then. Thanks for going through the trouble of reviewing it!
⁨Comment⁩ on ⁨Streamyfin, a simple and user-friendly Jellyfin client for iOS and Android⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
If you test it, can you let me know how it compares to Findroid?
⁨Comment⁩ on ⁨Someday soon (if it hasn't already happened) a book will be published that was written and edited entirely on a phone/table with a touch keyboard.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Yes, that and sometimes to just write while laying down.
⁨Comment⁩ on ⁨Someday soon (if it hasn't already happened) a book will be published that was written and edited entirely on a phone/table with a touch keyboard.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
There are LN writers who switch between their phone and their laptops.
⁨Comment⁩ on ⁨WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
You’d have enough control over the software that you can ensure nothing like this happens
⁨Comment⁩ on ⁨Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
In general, I agree with you. I would very much prefer if they did more open sourcing too. Just want to address some additional stuff.

especially if it’s a scripted client, since it would deliver code uncompiled.

Unfortunately, this isn’t really true anymore because of the necessity of minification. It introduces obscurity but is necessary for performance. But yes, the rest is correct, which is why I specified “web clients”. You can verify the native clients, which is why native clients are so important imo. The concern of a hacked server serving a keylogging web client is unfortunately very real. Kind of makes it impossible to fully trust any SaaS at all.

if you trust audits for logging practices presumably you can trust them for checking that the code base is the same

The thing is, they already do public third party audits already. You can view their audit reports on their site. This is unlike companies like Google and Microsoft who conduct audits and keep the reports private. If you end up having to trust third party audits anyway, it doesn’t help their model of trust since they do already do that in a transparent manner.

But yeah… stuff like the monopoly is kind of intentional. The exports are a mitigation, a huge one at that. Proton Mail exports are supported by services like FastMail, Proton Pass exports are supported by Bitwarden, etc. But in the end, the best case scenario would be some level of open sourcing. It’s just that this “monopoly” is by design. For better or for worse, the fact that there is only one Proton is also good for Proton’s model of trust tbh since the user doesn’t have to wonder if the “instance” they’re using is a good one for example. The fediverse model will not work for something that is so heavily based on trust. Proton wants to appeal to the general user, more than us folks… for better or for worse…

I hope they succeed too. I don’t trust many companies. Proton has been one of the exceptions and I hope it stays that way…
⁨Comment⁩ on ⁨Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

would be good, actually.

Good for us. Bad for business. I explained this in another comment too but Proton’s idea of “open source” is simply to build trust in the security and privacy offered by the service. At least, as much as you can trust any SaaS.

but then why not share the server side code?

And to answer this… Well, business and practicality… One more than the other ofc unfortunately… Why would they take on the additional burden of making it self-hostable, make the backend fully open source, etc just to make competition for themselves? And that maintenance burden is huge btw, especially when the backend was probably never intended for self-hosting in the first place.

If Proton, as a company or foundation, didn’t keep making the right decisions in terms of privacy and security, we might have had a reason to doubt their backend. But so far, there’s been nothing. And steps like turning to a foundation-based model just inspires more trust. By using client-side encryption, even within the browser, they’re trying to eliminate the need for trusting the closed source backend. Open sourcing the backend wouldn’t improve trust in the service itself anyway since you can’t verify that the code running in the backend is the same as the open sourced code. If you’re concerned about data, they also offer exports in open formats for every service they offer.

Why wouldn’t you trust them just because their backend is closed source? Ideologically, yeah I’d like them to open source absolutely everything. But as a service, whose income source is exclusively the service itself, how can it make sense for them to open source the backend when it cannot tangibly benefit their model of trust?

My other comment regarding proton and trust: lemmy.world/comment/11003650
⁨Comment⁩ on ⁨Proton launches privacy-focused Google Docs alternative: Docs in Proton Drive is an open-source, end-to-end encrypted collaborative document editor⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Nearly all of Proton’s stuff uses publicly verifiable client side encryption, so idk what all this is about
⁨Comment⁩ on ⁨Announcing the Ladybird Browser Initiative⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Why would Microsoft care?
⁨Comment⁩ on ⁨Even Apple finally admits that 8GB RAM isn't enough⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
… Okay?
⁨Comment⁩ on ⁨Even Apple finally admits that 8GB RAM isn't enough⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
CPU usage is famously terrible with Electron, which i also pointed out in the comment you’re replying to. But yes, having multiple chromium instances running for each “app” is terrible
⁨Comment⁩ on ⁨Even Apple finally admits that 8GB RAM isn't enough⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Yes, it really is that bad. 350 MBs of RAM for something that could otherwise have taken less than 100? That isn’t bad to you? And also, it’s not just RAM. It’s every resource, including CPU, which is especially bad with Electron.

I don’t really mind Electron myself because I have enough resources. But pretending the lack of optimization isn’t a real problem is just not right.
⁨Comment⁩ on ⁨Even Apple finally admits that 8GB RAM isn't enough⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
They didn’t just quadruple. They’re orders of magnitude higher these days. So content is a real thing.

But that’s not what’s actually being discussed here, memory usage these days is much more of a problem caused by bad practices rather than just content.
⁨Comment⁩ on ⁨Even Apple finally admits that 8GB RAM isn't enough⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
So we’re just going to ignore stuff like Electron, unoptimized assets, etc… Basically every other known problem… Yeah let’s just ignore all that
⁨Comment⁩ on ⁨non vegan pizza time⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:

What vegan is out there calling non-vegans rapists?

I’ve been told that before. Not being vegan implies you support terrible breeding practices which makes you a rapist… apparently…
⁨Comment⁩ on ⁨Elsevier⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
You could write a script to automatically watch for new files in a folder and strip metadata from every file i guess. I had done something like that for images way before.
⁨Comment⁩ on ⁨Google admits it's making YouTube worse for ad block users⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
I do have the issue when I’m logged out
⁨Comment⁩ on ⁨Google admits it's making YouTube worse for ad block users⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Not really true for video games. Plenty of popular games still with uncracked denuvo…
⁨Comment⁩ on ⁨Google admits it's making YouTube worse for ad block users⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:

They don’t seem to check if a user has adblock and pays.

They definitely seem to have checks in place for it. I have Family Premium and so far no issues at all.
⁨Comment⁩ on ⁨We No Longer Need a Big Carrier’s Wireless Plan. Discount Ones Are the Way.⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
T-Mobile is awaiting regulatory approval to acquire Mint and has otherwise reached an agreement to do so.
⁨Comment⁩ on ⁨Microsoft may replace the Start button with the Copilot AI in Windows 12⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Given Microsoft’s track record, it’s also not hard to believe, which makes it even worse
⁨Comment⁩ on ⁨Microsoft may replace the Start button with the Copilot AI in Windows 12⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Tumbleweed KDE is definitely sweet. Can also recommend Fedora.