groet
@groet@feddit.org
- Comment on Is it completely impossible to do age verification without compromising privacy? 5 hours ago:
The verifier does not have the information which sites you use. That’s the point of the setup. All communication goes through you, never the site to the verifier directly. You only pass cryptographic values between them that does not include identifiable information (neither about you to the website, nor about the website to the verifier). The verifier knows who you are, the website knows that you are old enough. Nothing else.
- Comment on Is it completely impossible to do age verification without compromising privacy? 7 hours ago:
There is no system in the world that can fully prevent an authorized user to grant access to an unauthorized user. Even with an all time on camera and screensharing I can still find ways to have someone else control my computer while I “authorize” the connection with my face in the camera
- Comment on Is it completely impossible to do age verification without compromising privacy? 7 hours ago:
Super easy. Technology has existed for quite some time and was already used in the encrpytion of web traffic.
Basically: you sign up with your “age verification institution” (ideally a service of your government because they have your ID anyway and no profit motive). This involves createing a private key (reaaaaaaaaaaly long password that is saved in a file on your device) and saving the public key with that institution. They also check your ID to ensure your identity and your age.
When you want to visit a 18+ website, the website sends you a nonce (loooooong random number). You take that nonce and send it to the verifier, along with a signature of your private key (and the age they want you verified against). The verifier verifies your signature using your public key. They then sign the nonce with their own private key, thereby verifying, that you, the owner of your private key (whos identity and age they have verified) are above the asked age theshould. You then send the signed nonce back to the 18+ website and they can verifiy the signature to confirm that a trusted age verifier has verified your age.
The site never has access to your identity and the verifier never knows which site you visited, only that you wanted to visit a website that wants to know if you are of a certain age.
(The corresponding technology was used for OCSP Stapling in TLS verification … and has been discontinued last year because nobody was using it …)
- Comment on Obama's got jokes 8 hours ago:
Honestly, the next Democratic president might actually deserve one if they stop the active fashist takeover of democracy. Even if they do nothing else and continue all current wars etc. Not being Trump could probably save thousands if not millions of lives.
- Comment on Elon Musk Had Grok Rewrite Wikipedia. It Calls Hitler “The Führer.” 22 hours ago:
You can read right?
Führer = Hitler
Something-Führer / Führer-Something = not Hitler - Comment on Elon Musk Had Grok Rewrite Wikipedia. It Calls Hitler “The Führer.” 1 day ago:
The word Führer is 99% used for Hitler. There are many variants that are OK to use though. Most notably Anführer (if Führer is leader, Anführer would be “the one who leads ahead”) which is the common word to use for leader. Others are composites like Bergführer (mountain guide).
The swastica also existed before the nazis but is now forever tainted.
- Comment on Amazing 3 days ago:
Thats because the US is used to MM DD YY thats why the US talks like MM DD YY thats why its intuitive to you to use DD MM YY thats why …
There is no inherent “intuitiveness” to it. Its intuitive if you grew up with it and you use it. It is unintuitive if you didn’t.
- Comment on Amazing 4 days ago:
Its intuitive to people used to MM DD YY people and unintuitive to everyone else.
Today is the 24th of November.
- Comment on Gaming Pet Peeves 4 days ago:
Skyrim has a collectible item that is found in a main story area that is only accessible once. Its a very early mission and in one of the last thief’s guild quests they will tell you to get that item. That might be 200h after you did that main quest …
Good thing modding exists
- Comment on Gaming Pet Peeves 4 days ago:
I think in cyberpunk its because cars use a separate control set that can/has to be separately rebound. Its so you can use a joystick for driving and a gamepad for walking
- Comment on challenge 1 week ago:
Every broken doorhinge can be bypassed in two ways. Fix it. Or break it more.
- Comment on It's all relative 1 week ago:
Meth is an excellent weight loss food.
- Comment on Cloudflare blames massive internet outage on 'latent bug' 1 week ago:
You don’t get hacking protection from bots
I disagree. I don’t know the details of cloudflares bot detecion, but there are many automated vulnerability scanners that this could protect against.
I said that instead of crashing the system they should have something that takes an intentional decision and informs properly about what’s happening.
I agree. Every crash is a failure by the designers. Instead it should be caught by the program and result in a useful error state. They probably have something like that but it didn’t work because the crash was to severe.
What’s the point of your complaint if you do agree?
I am not complaining. I am informing you that you are missing an angle in your consideration. You can never prevent every crash ever. So when designing your product you have to consider what should happen if every safeguard fails and you get an uncontrolled crash. In that case you have to design for “fail open” or “fail closed”. Cloudflare fucked up. The crash should not have happened and if it did it should have been caught. They didn’t. They fucked up. But, i agree with the result of the fuck up causing a fail closed state.
- Comment on Cloudflare blames massive internet outage on 'latent bug' 1 week ago:
it shouldn’t crash the whole thing: if the bot detection module crahses, control it, fire an alert but accept the request until fixed.
Fail open vs fail closed. Bot detection is a security feature. If the security feature fails, do you disable it and allow unchecked access to the client data? Or do you value Integrity over Availability
Imagine the opposite: they disable the feature and during that timeframe some customers get hacked. The hacks could have been prevented by the Bot detection (that the customer is paying for).
Yes, bot detection is not the most critical security feature and probably not the reason someone gets hacked but having “fail closed” as the default for all security features is absolutely a valid policy. Changing this policy should not be the lesson from this disasters.
- Comment on Cloudflare blames massive internet outage on 'latent bug' 1 week ago:
Yes but no. If you use a different service for the same purpose as you would use cloudflare you will be just as offline if they make a mistake. The difference is just that with a centralized player, everyone is offline at the same time. For the individual websites that does not matter.
- Comment on Game marketing company takes down blog post bragging about how good it is at astroturfing Reddit after Reddit finds the post 2 weeks ago:
Bots will simply join the biggest instances. The only solution would be to defederate the main instances and have everyone pretty much host their own server.
the user base will consolidate to fewer and fewer popular instances that are able to address the spam.
You spin me right round, baby, right round 🎶🎶
- Comment on Game marketing company takes down blog post bragging about how good it is at astroturfing Reddit after Reddit finds the post 2 weeks ago:
And if everybody hosts their own server, than so will the advertisers and everybody will have to defederate then individually making the problem of moderation even worse.
- Comment on owo 2 weeks ago:
Thats what discrete means (in an mathematical context)
- Comment on 2 weeks ago:
Not like the whole video goes from 1080p to 720p or something but single bits of the drive will fails over time. If that bit is part of your video file, one pixel of one frame will be the wrong color/black. If multiple bits close to each other fail you might get a video stutter. If even more fail your video player will not play the video at all (or just stop playing at the place of the errors).
- Comment on 2 weeks ago:
That is the smallest scale of self hosting. The server and the client are the same device. It is also the most insecure way as you probably don’t have any backups and very limited storage space.
Actually self hosting is the next step when you decide you want 5+ TB of data and have it automatically create backups. Digital storage media degrade pretty quickly and if you just have your movies on a hard drive in your computer, after 5-10 years you might start to lose quality or some files completely.
- Comment on The Big Short Guy Just Bet $1 Billion That the AI Bubble Pops 2 weeks ago:
sifting through data, finding patterns and acting based on patterns. Its potential applications in medical diagnostics or surveillance …
Those are the "expert systems’ they were talking about. ML systems and not genAI. They are not the AI people mean when they use the word AI.
- Comment on Data stored in Canada can be subject to foreign courts, government paper warns 3 weeks ago:
Sadly they dont. At least not nearly to the extend that they should be.
- Comment on Andrew Windsor could face private prosecution, Republic says 4 weeks ago:
But what is the crown estate? Is it money the royals produce by their work that wouldn’t exist without them? Or is it capital gains and land ownership that could also just belong to the country directly meaning the goverment would get 100% and not have to pay the sovereign Grant?
- Comment on #environmentalist 5 weeks ago:
Yes that is what I do. I treat them like any other dish I use for eating. The side that touches the food gets scrubbed (also the other side im not gross). And every time I bought metal straws they came with a brush.
I also just love the feeling of metal straws when drinking cold drinks because they also get cold. The drink just feels colder if the straw is also cold
- Comment on Landlords are parasites 5 weeks ago:
Yeah the price for rent should be the amortized cost of upkeep/renovation + some salary to the landlord that is reasonable for the actually work done (which is usually very little).
It should never be enough to pay back a loan the landlord took out to buy the property in the first place.
- Comment on Does anyone else notice an up tick in hostility on Lemmy lately? 1 month ago:
I also noticed how every post just has 5-10 random down votes. Like perfectly fine post in the correct community, not controversial, no rules broken, -10 down votes.
- Comment on Is there any way of trying Battlefield 6 without buying it or paying £17 for a 1 month EA Play Pro subscription? 1 month ago:
Every game with a billion Dollar budget like battlefield will have a turd like EA attached.
If you want to be morally superior and boycott them you will have to make some drawbacks in production quality. No game by an Indie or AA studio can be “almost exactly like battlefield”.
- Comment on Big Brother just got an upgrade. Starting December, Amazon’s Ring cameras will scan and recognize faces. Don’t want to be in their database? Too bad — walk past a Ring and your face can be stored... 1 month ago:
In the olden days, before electricity, I used to …
Are you like 200 years old?
- Comment on Chicken banana 2 months ago:
All big companies have walked over corpses. But not many have taken control of and enslaved countries like Chiquita.
They are advanced level evil dickheads.
- Comment on Dinner is ready! 2 months ago:
Seems i have to be the autist in this thread and complain about that map. How is that a fair split if D contains 50% of the human population while A has barely 200mil.
Why is it centered on Italy? Why so far north? Any slice going north just touches 2-4 countries while the ones going south can have 30?
I guest there isnt a place to put the center that would weight all sectors equally but cmon this is just lazy