_s10e
@_s10e@feddit.de
- Comment on World’s first off-road solar car ‘Stella Terra’ succeeds in cruising from Morocco to the Sahara 10 months ago:
It’s also a way for people who regularly travel less than 20 miles (if this number is correct).
Most device consume more power than you can realiable get from solar on the device. You can’t power a cellphone from a back-mounted solar cell nor run a car from a solar roof alone.
But don’t make the mistake to assume that everyone has (cheap) power at home or that everyone has a (suburban) home. Photovoltaic is cheap and reliable. And you need space, so it makes sense to put solar everywhere.
- Comment on Firefox for Android now supports over 450 add-ons 10 months ago:
I heared people love worldwide-radio. What’s so cool about it? And why as a browser plugin? This could be a stand-alone app or website.
- Comment on Four years after Apple, Google will finally kill third-party cookies in 2024 10 months ago:
So what exactly are 3rd party cookies?
I’m on a.com, that is what’s shown in the address bar.
The page includes a resource a.com/image.png. A request the server will include cookies from a.com. That’s a 1st party cookie. Correct?
The page includes a resource b.com/image.png. The request will not include cookies from a.com; this was always the case. b.com can however set their own cookies. Since we are on a.com, cookies from b.com are ‘third party’. Correct?
It gets interesting when we navigate to c.com and c.com includes b.com/image.png, a tracking pixel we have seen before on a.com.
Without 3rd party cookie protection, b.com sees the cookie they set previously while on a.com. This will now be blocked. Correct?
Now explain this in a Javascript world.
- Comment on How many of you actually use the headphone jack on your phone? 10 months ago:
I don’t use wired headphones with my phone anymore since it doesn’t have a 3.5mm jack, but I miss that i cannot plug my headphone quickly in a laptop’s 3.5mm jack quickly.
I like that binary nature of cables. When physically connected they work. No fiddling with Bluetooth menus.
- Comment on Apple Offers iPhone NFC Chip Access to Apple Pay Rivals in EU 10 months ago:
I agree, but at least it is now possible to compete with Apple Pay. The position of Apple and Google Pay is too strong if competition is unthinkable.
Apple was smart to partner with the banks and acting as a proxy initially. The next step could bypass Visa, MasterCard, banks, payment processors, …
- Comment on HP TV ads claim its printers are 'made to be less hated' 11 months ago:
Those printers are definitely gold for heavy users. Cheap ink. If you don’t use it a lot, would the ink dry and damage the printer? Or evaporate and vanish?
Honest question because imk cartridges dry out all the time.
- Comment on Does archive.today break when using private DNS (quad9)? 11 months ago:
Who’s blocking what?
Last time, IIRC someone blamed Cloudflare and they said they did not do anything, just relaying from upstream.
- Comment on 24/7 solar towers could double energy output 11 months ago:
I missed the part where they pump water up to generate power from the downdraft (of cooled air). I don’t want to shit on cool ideas. Maaaaybe there’s are range of parameters where this works, but I’m holding my breath.
- Comment on 24/7 solar towers could double energy output 11 months ago:
Also PV does neither require heat nor dryness.
- Comment on Yes, you can have too many CPU cores - Ampere's 192-core chips break ARM64 Linux kernel in two-socket systems, company requests higher core count support 11 months ago:
The alternative to multiple cores is a single core that runs faster. We tried this and hit a limit. So, it’s many cores, now.
- Comment on Some Microsoft employees fume over the company's open offer to hire hundreds of OpenAI staff 11 months ago:
The OpenAI people built ChatGPT, the Microsoft folks worked on Clippy.
- Comment on Some Microsoft employees fume over the company's open offer to hire hundreds of OpenAI staff 11 months ago:
This. Job hopping works for some time even when you are young, when you learn fast and when everyone is hiring.
I took me one year to get out of my managerial job and I took a paycut, went to work a smaller company with lesser job title. My previous job was too good on paper. In reality it was a total shitshow. I was open to take the first reasonable offer, but recruiters were hesitant to even talk to me.
And it’s not just job titles. Skills fade if you are in position where you don’t continue learning.
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 11 months ago:
Ignore my ignorance. Are you saying the aircrafts track where they are going by calculating their position from gyroscope data? And this is more precise than GPS?
That’s like using the accelaration sensors in your phone to navigate. Or sailing with compass and nautical maps.
Possible. Tech isn’t even that novel. But still impressive.
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 11 months ago:
I can’t understand what is to be gained by deliberately trying to knock civilian airliners off course.
You don’t deal with terrorists, do you?
- Comment on Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do 11 months ago:
GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.
Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.
- Comment on Microsoft’s Windows Hello fingerprint authentication has been bypassed 11 months ago:
You are not wrong, but you we should understand what class of attacks we are protecting against. Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.
Now, you may say, an FBI raid is not what you worry about on a daily basis. Agree.
If you are trying to keep the photos on your device safe from snooping, your good. Attacker needs the device and your fingerprint.
When we talk online accounts, I’d count device+fingerprint as one factor. Sure, the maid from the example above can’t login into your gmail without your fingerprint, but most attacks are online. Your device sends a token to gmail, a cookie, a String; that’s like a password. One factor.
Technically, it’s slightly better than a password, because this token can be short-lived (although often it’s not), could be cryptographic signature to be used exactly once (although…), you cannot brute-force guess the token… But IF the token leaks, the attacker has full access (or enough to cause damage).
That’s why I would suggest an independent second factor, such as password. Yes, a password. Not for your daily routine (biometrics+device is much better), but maybe for high-risk operations.
- Comment on Microsoft’s Windows Hello fingerprint authentication has been bypassed 11 months ago:
Well
The biometrics only unlock the device
Yes
and give access to the security key
This is the goal, sure, but what does this actually mean on device that’s mostly governed by software?
There’s a chip (like a yubikey) in the device that can hold cryptographic keys.
That’s good because the key cannot (easily) be extracted from the device.
That’s good as long as no one has physical access to your device.
With physical access, you hope that the device’s unlock mechanism is reasonably secure. That’s biometrics OR password/pin.
The ‘or’ is the problem. For practical reasons you don’t want exactly one method hard-wired. You have a fingerprint scanner (good enough), the secure element (good enough) and lots of hard- and software in between (tricky).
I’m not against biometrics (to unlock a device) because it’s convinient and much better than not locking the device at all. I’m also not against device trust (which you need if you want to store crypto keys sonewhere without separate hardware), but the convience of a single-device solution (laptop or phone) comes with a risk.
If an attacker can bypass the unlock method or trick you into unlocking or compromise the device, your secrets are at risk. Having the key stored in the secure enclave (and not in a regular file on the hard disk) prevents copying the key material, but it does not prevent using the key when the attacker has some control over the (unlocked) device.
A yubikey is more secure because it’s tiny and you can carry it on your keychain. The same chip inside your laptop is more likely to fall into the hands of an attacker.
- Comment on YouTube warns it might make your viewing experience worse if you don't turn off your ad-blocker 11 months ago:
No.
Im pretty sure they are fine with free riders when they are not too many.
- Comment on Kenya suspends Sam Altman’s eyeball-scanning crypto project (Aug 2023) 11 months ago:
That was less than 24hours ago. Let’s just wait what happens.
Either Microsoft buys Kenya or Sam Altman is promoted to King of Narnia.
- Comment on Hikers rescued after following non-existent trail on Google Maps 11 months ago:
I’m also a happy osmand+ user, but once i got lost in the middle of a field / bush. I’m sure there was a tail once, but not safe to follow. Said bush was not very dense, so we though multiple times: Ok, this could be the way. Or that path?
- Comment on DoH blocker for IOS: Mullvad or Aha DNS Blitz 11 months ago:
Nextdns Next DNS is nice when you want customizability.
- Comment on 8GB RAM on M3 MacBook Pro 'Analogous to 16GB' on PCs, Claims Apple 11 months ago:
“our systems come with 16gb as standard, which feels like 32gb on windows.”
while performing a task that can be done with 8gb easily
- Comment on Why Not Store Encrypted Emails in Plaintext Locally? 1 year ago:
Honestly, I can’t think of a good reason. This is just how email has always worked. What Thunderbird stores locally is identical to message on the server. It’s not decrypted because no conversion happens when syncing mail.
I agree, it would make sense to keep plaintext emails locally or on a trusted server for practical reasons.
- Comment on Why Not Store Encrypted Emails in Plaintext Locally? 1 year ago:
This does not answer the question. OP wants to Thunderbird to decrypt PGP mails. Yes, it makes sense to use an encrypting fs, but we are still missing this thunderbird feature.
- Comment on Facebook and Instagram launch an ad-free subscription model in GDPR countries 1 year ago:
Actual answer over circle-jerk speculation: To be legal in EU, they must offer one option without required (=forced) consent to tracking. When you pay, you can actually opt-out from any measure that require consent under GDPR.
All European publishers do this. They don’t want your money and probably don’t care much about the tiny minority that actually pays for freedom from tracking. This option exist to create the illusion of choice.
- Comment on Samsung and Other Manufacturers Disable Phones Bought on Gray Markets: A Consumer Nightmare 1 year ago:
Some manufacturers require a 5 min phone call in the market where you bought the phone… Easy to meet for someone in the target market, but makes it hard to import a brand new phone from elsewhere. You could still buy used, but this is less attractive.
- Comment on Samsung and Other Manufacturers Disable Phones Bought on Gray Markets: A Consumer Nightmare 1 year ago:
Just guessing. The phone is ear-marked for a target market, e.g. Africa. If it connects to an American network without roaming and without ever having been to Africa, it’s clear that the phone was not sold through ‘official’ distribution channels.
- Comment on Google Chrome to soon get a new ‘IP protection’ feature: Here’s what it does 1 year ago:
I tend to agree with the trust argument. Google wants people to rely on Web technology and Google products and allowing MITM - or failing to prevent - goes against Google’s interest.
I don’t buy the technical argument at all. Google could terminate the TLS connection at the proxy and communicate with the browser on a proprietary encrypted channel. Chrome could easily show a green padlock item and certificate details as seen by the proxy. The whole thing could be open source and transparent. A minority of users will disable the feature; many will accept it. Corporates can be bought by allowing to opt out for ‘sensitive’ servers.
- Comment on Google Chrome to soon get a new ‘IP protection’ feature: Here’s what it does 1 year ago:
You can’t MITM HTTPS with a VPN unless the browser accepts an insecure certificate.
Yes, but the browser is Chrome and this is a feature built into Chrome.
- Comment on Men Overran a Job Fair for Women in Tech 1 year ago:
Ignoring gender, are job fairs overrun by job seekers now? Is it that bad?