Natanael
@Natanael@slrpnk.net
- Comment on Jack Dorsey claims Bluesky is 'repeating all the mistakes' he made at Twitter 11 hours ago:
Yes, there’s already some 3rd party reimplementations of both clients and PDS servers and feed generators (but haven’t heard of custom appviews yet). I don’t know anybody running an open PDS yet though, it’s mostly individuals running them
- Comment on Jack Dorsey claims Bluesky is 'repeating all the mistakes' he made at Twitter 11 hours ago:
Bluesky is open source and have a site for documentation
- Comment on Jack Dorsey claims Bluesky is 'repeating all the mistakes' he made at Twitter 15 hours ago:
I think short form video specifically is pretty bad (in high volume)
- Comment on Jack Dorsey claims Bluesky is 'repeating all the mistakes' he made at Twitter 15 hours ago:
The biggest individual difference is that bluesky makes identity independent of the hosting server (via cryptographic keys) and makes content location independent of the hosting server (via content addressing).
And these features together also enable more efficient caching and propagation in the network as well as enabling features like custom feeds and 3rd party moderation tooling which works the same independently of which server you’re on. So Bluesky can give you a better global view of the network and more efficient communication between users on many different servers in the same thread.
- Comment on Jack Dorsey claims Bluesky is 'repeating all the mistakes' he made at Twitter 15 hours ago:
You can also spin up your own Bluesky PDS (the account server) since federation is live now, or your own appview (basically the feed display server that has most of the smarts) and point your app to it, or set up your own relay (CDN like server) and point your appview and even point feed generators to it (3rd party custom feeds are supported in Bluesky)
So if you don’t like the decision made by anybody else you can just replace them. And yeah, just like on Mastodon nobody’s going to use unmoderated appviews, subscribe to scrappy feeds, or federate with a PDS hosting only shitty people.
- Comment on Google employees question execs over 'decline in morale' after blowout earnings 1 day ago:
It’s all for the profit margin that quarter
- Comment on FCC explicitly prohibits fast lanes, closing possible net neutrality loophole 2 days ago:
Keep in mind that because few residential users max out capacity simultaneously the ISPs “overbook” capacity, and usually this works out because they have solid stats on average use and usually few people need the max capacity simultaneously.
Of course some ISPs are greedier than others and do it to the extreme where the uplink/downlink is regularly maxed out without giving anything near the promised bandwidth to a significant fraction of customers. The latter part should be disincentivized.
Force the ISPs to keep stats on peak load and how frequently their customers are unable to get advertised bandwidth, and if it’s above some threshold it should be considered comparable to excess downtime and force them to pay back the affected customers. The only way they can avoid losing money is by either changing their plans to make a realistic offer or by building out capacity.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 3 days ago:
I’m tech support, sooo many intranet sites on internal servers don’t have HTTPS. Anything important with automatic login could be spoofed if the attacker knows the address and protocol.
Chrome has a setting which I bet many orgs have a policy for;
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 3 days ago:
These types of attacks would likely be implemented via DHCP spoofing / poisoning, unless you’re on a malicious network
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 4 days ago:
Plaintext connections inside corporate networks can still be MITM’ed if the adversary knows what they’re targeting, while they can’t connect to the corporate network they can still steal credentials
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 4 days ago:
Hilariously enough, Windows users can use WSL to run a Linux VPN (but only applications running in WSL are safe if I understand the attack right)
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 4 days ago:
Yeah, it’s like a fake traffic cop basically, sending your (network) traffic down the wrong route
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 4 days ago:
Pushing a route also means that the network traffic will be sent over the same interface as the DHCP server instead of the virtual network interface. This is intended functionality that isn’t clearly stated in the RFC. Therefore, for the routes we push, it is never encrypted by the VPN’s virtual interface but instead transmitted by the network interface that is talking to the DHCP server. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.
Ok, so double encrypted and authenticated traffic (TLS inside the VPN) would still be safe, and some stuff requiring an internal network origin via the VPN is safe (because the attacker can’t break into the VPN connection and your client won’t get the right response), but a ton of other traffic is exposed (especially unencrypted internal traffic on corporate networks, especially if it’s also reachable without a VPN or if anything sends credentials in plaintext)
- Comment on Republicans are pulling out all the stops to reverse EV adoption 4 days ago:
When the oil industry doesn’t have to pay to clean up their externalities we already don’t have a free market. You break it you pay. Fixing the externalities by incentivizing better technology is at minimum a correction to the market.
- Comment on [Serious] Why do so many people seem to hate veganism? 5 days ago:
“do-gooder derogation”
- Comment on It's a trap! 1 week ago:
Chemical bonds can affect decay rates IIRC, but it’s not usually a huge difference. The nucleus is still going to be unstable. It definitely changes the molecule (and might break it)
- Comment on Imagine denying other living and breathing lifeforms agency to thrive amd change lol lol lol 1 week ago:
With all the crap we put in ourselves it’s a good thing we slow down that process, like the casing of a slow action pill
- Comment on Imagine denying other living and breathing lifeforms agency to thrive amd change lol lol lol 1 week ago:
It’s called environmental protection groups, animal rights groups, etc. Plenty don’t want to listen, though
- Comment on Nintendo DMCA Notice Wipes Out 8,535 Yuzu Repos, Mig Switch Also Targeted. 1 week ago:
Something something legal precedence. This hasn’t gone through court yet, has it?
- Comment on Nintendo DMCA Notice Wipes Out 8,535 Yuzu Repos, Mig Switch Also Targeted. 1 week ago:
It doesn’t matter if there’s patches to make it work specifically, if they don’t contain Nintendo’s code. At most they could accuse whoever contributed the patch with piracy / breach of NDA or similar for having downloaded the ROM prior to release (couldn’t have purchased it) but that doesn’t impact the emulator itself
- Comment on Nintendo DMCA Notice Wipes Out 8,535 Yuzu Repos, Mig Switch Also Targeted. 1 week ago:
That’s not code and Texas Instruments already lost on that one
- Comment on Nintendo DMCA Notice Wipes Out 8,535 Yuzu Repos, Mig Switch Also Targeted. 1 week ago:
With DMCA get uploader is supposed to get notified and get a chance to file a counter claim
- Comment on Rabbit R1 AI box revealed to just be an Android app 1 week ago:
Yes, but it’s also unauthenticated (it doesn’t verify it comes from the real device, or even run an account belonging to a device owner)
You just need the app
- Comment on Elon Musk Laid Off Supercharger Team After Taking $17 Million in Federal Charging Grants 1 week ago:
Boring is a different Musk company
- Comment on Google layoffs: Sundar Pichai-led company fires entire Python team for ‘cheaper labour’ 1 week ago:
Because the market is bigger than Pixels and they could license much of it (I’d like to see more of it as open source, but it’s easier for a corporation to justify licensing the cutting edge stuff). I think a lot of OEMs would like access to Night Sight
- Comment on xkcd #2925: Earth Formation Site 1 week ago:
Then you need more signs
- Comment on ‘Meta is out of options’: EU regulators reject its privacy fee for Facebook and Instagram 3 weeks ago:
Yeah that’s often the problem. They hire people who care and are good at the stuff so they can point to them and say “we really do care as a company” and then they aren’t given the leverage they need inside the company to implement real changes
- Comment on ‘Meta is out of options’: EU regulators reject its privacy fee for Facebook and Instagram 3 weeks ago:
In context it means all user content submitted in the games is effectively fully owned by Blizzard, a copyright assignment clause (this differs from the typical “we get a perpetual license to what you submit to us”)
- Comment on Google fires 28 employees after protest over Israel cloud contract 3 weeks ago:
Not everything is legal to prohibit
- Comment on Blanket physics is harder to understand than Calabi-Yau Manifolds 3 weeks ago:
[insert stop doing $topic meme]