lmmarsano
@lmmarsano@lemmynsfw.com
- Comment on A place for conservatives 13 hours ago:
why are American conservatives called conservatives?
For a full depth, non-lemmy-grade answer, a wikipedia article on US political ideologies explains the history & meanings.
- Comment on FFmpeg to Google: Fund Us or Stop Sending Bugs 21 hours ago:
Then Google would have to put out of the fire of that vulnerability in their dependent software.
Not disclosing a vulnerability doesn’t stop attackers from exploiting it. A report simply indicates someone who noticed bothered to report it.
The problem is the vulnerability. False urgency is nothing more: the maintainers don’t need to “meet the window”. Companies will be left with their pants on fire if they don’t act, too: it’s everybody’s problem. Maintainers can just ignore the window to shift the burden back on moneyed interests as I explained before.
- Comment on FFmpeg to Google: Fund Us or Stop Sending Bugs 21 hours ago:
They’re bug reports: no one needs to fix them. This problem is solved easily enough by letting the chips fall.
If companies want them fixed badly enough, they can send bug fixes, which is much cheaper than the alternative (paying more engineers to develop a non-open alternative). Those companies have at least as much interest as anyone to keep that software maintained & secure.
The position of the FFmpeg X account is that somehow disclosing vulnerabilities is a bad thing.
The truth is never a bad thing. They don’t need to care. A bug is a bug: better to know than not.
- Comment on I will never not be angry they we are made to believe these types of comments are genuine discourse. Why is it defeatism is always the top comment even when your talking about a pedophile president? 1 day ago:
Needs text alternative.
Question asked & answered. Dislikes answer.
Reddit, gross.
- Comment on Passkeys Explained: The End of Passwords 1 day ago:
If they can intercept my password despite TLS, they can probably also steal my session.
Security is all about layers & reducing risk/surface area of attack. Anyhow, that’s not necessarily true: it could leak due to flaw or defect that doesn’t affect the session token. By getting your secret, they can leak it. Leaking a secret they don’t have, however, is impossible.
I’m going to disagree that passkeys really have multifactor authentication built in.
Then you’re disagreeing with standards & definitions. Passkeys are encrypted in an authenticator that needs a biometric or secret (ie, something you are or know) to unlock the key (something you have).
Authenticator is a multi-factor cryptographic authenticator that uses public-key cryptography to sign an authentication assertion targeted at the WebAuthn Relying Party. Assuming the authenticator uses either a facial recognition, fingerprint or PIN for user verification, the authenticator itself is something you have while the facial recognition and fingerprint (biometric) are something you are and the PIN is something you know.
my one attempt to use it
While it’s fine to share, “I tried something once, it sucked” is not a great argument to draw a generalization that technology sucks or isn’t better than your limited impression. Maybe piefed sucks: if piefed implemented password authentication wrong, would you blame password authentication?
- Comment on Passkeys Explained: The End of Passwords 1 day ago:
I am not reliant on an individual device continuing to work. In fact I could get all new devices tomorrow, with no access to any previous device, and log into all my accounts within minutes.
Exactly the same with a password manager which stores passkeys. Are you reading before responding?
- Comment on Are physical mail generally not under surveillance? If everyone suddently ditched electronic communications and start writing letters, would governments be able to practically surveil everyone? 2 days ago:
If USPS can take an image (which sometimes show contents) of every envelope, then it’s not a prohibitive leap for governments to take that a step further & x-ray them, process that image through character recognition, etc.
Cryptography is a better solution.
- Comment on Passkeys Explained: The End of Passwords 2 days ago:
All my passwords look like
@A#vVukh9c$3Kw4Cs8NP9xgazEuJ3JWEand are unique.You’re still transmitting the actual secret to the destination, so interception is a risk. Passkeys use asymmetric cryptography: no secret is ever transmitted, only time-sensitive challenges that prove possession of the private key. Servers only store public keys, which aren’t secret by design.
Passkeys have multifactor authentication built-in whereas passwords do not.
I find passkeys more convenient than passwords. My password manager has my passkeys. At login, my password manager raises a passkey prompt that I simply confirm.
- Comment on Passkeys Explained: The End of Passwords 2 days ago:
That hasn’t been true since password managers stored passkeys, which I’ve been doing for years. Into the trash. 🗑️
- Comment on Passkeys Explained: The End of Passwords 2 days ago:
There are quite a few uninformed takes here. 😞
- Comment on Passkeys Explained: The End of Passwords 2 days ago:
Isn’t that the same thing? All my credentials & passkeys are in the cross-platform password manager available from all my devices & any web browser. Passkeys even have a cross-device flow, so we can just scan a QR code & use a phone to sign into anything.
Manually keying in a password just feels so boomer.
- Comment on PLEASE BE CONSIDERATE 2 days ago:
Though still not normalizing text alternatives for drivers who need accessibility. 🤔
- Comment on do no harm 3 days ago:
- Comment on Encountering those who go through life clueless 5 days ago:
Nah, the rule
Treat people as they want to be treated.
doesn’t logically imply anything you wrote. It lacks constraints for justification.
In contrast, treating others as you would want to be treated (if you were them) implies or suggests considering & supporting their justifiable needs. You wouldn’t want to give yourself unjust obligations. If someone wanted a treatment from you that is unjust, and you were them, then you would create an unjust obligation on yourself, so you wouldn’t do it. If they wanted a just treatment, and you were them, then you would want it, so you’d treat them accordingly.
- Comment on I love fucking pasta 1 week ago:
Post needs a link with NSFW tag (for accessibility).
- Comment on Reddit’s CEO Debuts As A Billionaire 20 Years After Cofounding The Company 1 week ago:
expressing an opinion we disapprove of isn’t an exception to free speech: for that we can express our condemnation
the harm principle requires more than mere offensiveness such as true threat or incitement of imminent, lawless action
- Comment on Reddit’s CEO Debuts As A Billionaire 20 Years After Cofounding The Company 1 week ago:
proved reddit’s free speech stance wrong
free speech is never wrong
- Comment on [deleted] 1 week ago:
Images of text are evil & this lacks text alternative (ie, breaks accessibility and a host web features). Please post text as text.
- Comment on ProtonMail Logged IP Address of French Activist; Should You Be Worried About Your Privacy? 1 week ago:
That’s just such an easy link to memorise, isn’t it?
You memorize your links & type them out like a boomer?
- Comment on For those who have all the right answers for the rest of us 1 week ago:
Needs text alternative.
- Comment on A hypothesis 1 week ago:
That ain’t a dictionary.
- Comment on A hypothesis 1 week ago:
- (now nonstandard)
- Comment on Israel has been caught disguising bombs as toys to kill Palestinian children 1 week ago:
That concept is highly unsettled in their religion.
- Comment on With how shitty some Christians are, you really have to wonder if Lucifer or Satan is truly "evil" 1 week ago:
Early christians had an interesting take on this.
Before the religion organized into a hierarchical orthodoxy, communities distant from the emerging establishment (not particularly attached to jewish traditions) in places like Alexandria were left to their own devices to figure out christianity: they formed loose households & study circles to interpret texts in the context of their local traditions & culture and settled on a number of competing interpretations. Among them emerged a popular, influential interpretation.
- Reading the older jewish scriptures & newer texts quite literally, they concluded there were 2 deities. 1 of whom, the unhidden Demiurge (Yahweh of the old testament) who had created the material universe, was a vengeful and ignorant deity inimical to human welfare. Consequently, material existence is flawed & evil, and they must escape that realm by seeking personal knowledge of the other, hidden deity: the transcendent spiritual entity, the Silent Depth (or the Monad), who briefly inhabited Jesus with that revelatory wisdom or logos found in the newer texts. In other words, there’s cool god (Jesus’s god) & evil genocidal god (Yahweh).
- Moreover, they concluded that church authority isn’t needed: Jesus had awoken a spark of divinity in matter that would find its way back to its transcendent source with little need of episcopal authority or sacramental practice.
This interpretation became known as gnosticism.
Sticklers with the evil trash god of older jewish scriptures didn’t like this idea, became early church authorities, denounced it as heresy, & purged all the texts they could of it.
So, yes, even some early christians believed the entity modern christians refer to as god is kinda shit.
- Comment on Sunday update from the Prime Radiant 1 week ago:
Are tankies all the same person?
- Comment on Got Banned for Fixing Roku — The Paul Blart Mod Chronicles 1 week ago:
Needs text alternative.
So, the original post was removed by AutoMod for no apparent rule violation, that instigated a repost that got you banned, and the moderators claim it’s not
relevant to your ban
?
I wish we could nuke reddit from high orbit. Their unaccountable moderators need bitchslaps to eternity.
- Comment on [deleted] 1 week ago:
That might explain why so many comments in this post on edible packaging didn’t reject the idea as defeating the purpose of packaging & were even suggesting wrapping the packaging in packaging to keep it contaminant-free.
- Comment on She is making a GREAT point 1 week ago:
Needs alternative text.
Did someone call women females? Where’s the angry mob ready to crucify this heretic?
- Comment on After police used Flock cameras to accuse a Denver woman of theft, she had to prove her own innocence 2 weeks ago:
Absolutely disgusting erosion of liberty and privacy, though it’s not the least bit surprising.
Legally, it’s not an erosion. Public spaces aren’t private, and it was a charge that hadn’t yet reached (probably costly) trial. It’s the same level of erosion as before when they lacked this level of public surveillance.
this cop is fully convinced (or acting as if he were) about the validity of this minimal-effort investigation they apparently were ready to arrest someone over.
That’s standard procedure for police in the US: overconfidence & pressure of any kind (eg, lies) to extract a confession no matter if false or the evidence doesn’t support it. Their approach seeks conviction (no matter what) rather than truth. They’re twats.
No accountability on their end
Their unaccountability is standard. Welcome to US law enforcement.
:::spoiler Apparently, policing can be better. UK policing was similar to the US until legal reforms (due to high profile cases of coerced confessions) led them to develop investigative interviewing, which seeks to gather evidence (free from biases & contamination) rather than confessions.
Much of the scientific base of investigative interviewing stems from social psychology and cognitive psychology, including studies of human memory. The method aims at mitigating the effects of inherent human fallacies and cognitive biases such as suggestibility, confirmation bias, priming and false memories. In order to conduct a successful interview the interviewer needs to be able to (1) create good rapport with the interviewee, (2) describe the purpose of the interview, (3) ask open-ended questions, and (4) be willing to explore alternative hypotheses. Before any probing questions are asked, the interviewees are encouraged to give their free, uninterrupted account.
When mandatory recordings revealed officers were unskilled interviewers (eg, assumed guilt of interviewee) missing & ignoring evidence due to their biases, and therefore needed training
they devised a program called PEACE with the help of psychologists. The week-long course, which also covered interviewing witnesses, was undertaken by every operational officer in the country. In the UK, unlike the USA, there is a high degree of cooperation and standardization between all forces. The training was a massive commitment, but it has helped avoid miscarriages, and it delivers better justice. Research studies and practical evaluations have also consistently shown higher skill levels and more objective approaches by officers. It is now accepted that not all officers will make good interviewers. PEACE has developed into several tiers of training linked to an officer’s field of work and identified potential.
Moreover, they refrain from lying.
The law does not allow lying to suspects, under any circumstances. Officers are trained to concentrate on probing a suspect’s account, seeking to confirm or negate by comparison with other known information. When the suspect knows that I can’t lie—my job is on the line if I do—I get more information. :::
- Comment on Male Fantasies (by Nhim) 2 weeks ago:
I hadn’t the slightest inclination to dig until I needed to plant a tree & bought my first shovel: unexpectedly satisfying.
Dogs make more sense now.