fubo
@fubo@lemmy.world
No relation to the sports channel.
- Comment on DropBox says hackers stole customer data, auth secrets from eSignature service 2 weeks ago:
sign.dropbox.com/…/a-recent-security-incident-inv…
Here’s the actual security advisory, which contains much more information than the fluff article about it.
- Comment on No one has predicted the end of the world in a while. 2 weeks ago:
Clearly this means it’s already ended. An you sure you’re not in an afterlife right now?
- Comment on Your body is completely dark except for the 1 molecule outside layer that light hits. 2 weeks ago:
Everything is glowing all the time. At human body temperature, you’re glowing mostly in the infrared.
- Comment on Does Instagram or YouTube Shorts get you? 3 weeks ago:
They should take down their shorts.
- Comment on If people from the US love the imperial system so much, why are their musicians using metronomes instead of footonomes? 3 weeks ago:
They learned from the poets about metrical feet!
- Comment on Microsoft wants to hide the 'Sign out' button in Windows 11 behind a Microsoft 365 ad 4 weeks ago:
People pay for this?
- Comment on Tesla recalls all 3,878 Cybertrucks over faulty accelerator pedal - The Verge 4 weeks ago:
Cutting someone’s brake lines has been a means of assassination for a while. What’s new here is that it could potentially be done remotely, e.g. an attacker in Bucharest targeting a victim in Seattle on behalf of a payer in Moscow.
- Comment on [deleted] 4 weeks ago:
On the other hand, they could be yelling, “Yes! Keep going! You’re the best!” and you’re thinking of just quitting?
- Comment on Tesla recalls all 3,878 Cybertrucks over faulty accelerator pedal - The Verge 4 weeks ago:
Other way around. Unsupervised OTA updates are dangerous.
First: A car is a piece of safety-critical equipment. It has a skilled operator who has familiarized themselves with its operation. Any change to its operation, without the operator being aware that a change was made, puts the operator and other people at risk. If the operator takes the car into the shop for a documented recall, they know that something is being changed. An unsupervised OTA update can (and will) alter the behavior of safety-critical equipment without the operator’s knowledge.
Second: Any facility for OTA updates is an attack vector. If a car can receive OTA updates from the manufacturer, then it can receive harmful OTA updates from an attacker who has compromised the car’s update mechanism or the manufacturer. Because the car is safety-critical equipment — unlike your phone, it can kill people — it is unreasonable to expose it to these attacks.
- Comment on The increasing distrust many Americans have in modern medical advances is probably mostly due to our failing Healthcare system. 4 weeks ago:
Personally, I blame the people telling the lies; e.g. the antivax campaigners, the tobacco companies, etc.
- Comment on Is there a standard/preferred list order for non-alphanumeric characters? 4 weeks ago:
If your input is limited to ASCII, sure.
But ASCII is only a 7-bit standard, and only supports those characters needed by American English computer users in the 1960s. Lots of characters you might see in “plain text” are not part of ASCII; including all accented characters, all non-Latin alphabets, and many common symbols and punctuation marks including these: £€¢©™°
(Yes, you could get accented characters in the pre-Unicode days using 8-bit “extended ASCII”, e.g. IBM/Windows code pages. However, those are not really ASCII and they will break if the text is interpreted as the wrong code page.)
Unicode collation is the Right Thing today.
- Comment on [deleted] 4 weeks ago:
This has been going on for over 25 years now.
The kind of people who go into business building censorship software turn out to quite often be the kind of people who think feminism is a hate group, atheism is a cult, birth control is a dangerous drug, evolutionary biology is a criminal gang, and therapists are child-molesters. As such, it is unsurprising that this software’s behavior has quite often reflected those views.
- Comment on Cheaters are just wannabe singles. 2 months ago:
First step to polyamory is consent.
- Comment on Pulsar, the best code editor 2 months ago:
The best code editor is the one that works well with your other tools, including both your compiler and your keyboard.
Corollary: If you use an unusual compiler or an unusual keyboard, this may change what the best editor for you is.
- Comment on What if all the motion sensors in restrooms are secretly cameras? 2 months ago:
Then being naked on camera is not nearly as big a deal as you think it is, because it’s been happening for a long time with no negative consequences.
- Comment on Cheaters are just wannabe singles. 2 months ago:
I was thinking more in the sense of “doing something that will lead to breaking-up / divorce” and “acting as if you’re already single when you’re not”.
- Comment on How to be a -10x Engineer 2 months ago:
Some other ways:
Cultivate bitterness.
Find the pessimists in your organization, and disappoint them.
Make mean cynicism a part of your workplace culture. Do this by example: Promote mean cynics and put them in charge of things. But do it also by conversion: Behave in a way that makes mean cynics’ view of the world correct.
Reward bad personal habits to create internal conflicts between work and health.
If someone skips sleep to finish a project, give them a bonus. This gives them an internal conflict between approval and health, and teaches them that they can sacrifice their health to receive a reward.
Encourage a hard-drinking culture in teams that have stressful roles that demand team cohesion, like SRE or Ops teams with on-call requirements. This gives them an internal conflict between their support network and health.
If someone is sick, injured, bereaved, or otherwise suffering: Make it clear how much their condition is inconvenient to their coworkers. Assure them that all will be well if they just ignore their personal problems and commit to the team.
- Submitted 2 months ago to showerthoughts@lemmy.world | 17 comments
- Comment on How do conspiracy theorists get all of their coveted secret government information if it's meant to be hidden and the government would never hand it over? 2 months ago:
There’s good money in “based on a true story”. Conspiracy theories sell books, get eyeballs on web ads, make fame, and boost political campaigns. When a person is rewarded for turning their speculations or outright lies into “nonfiction” form, they’re likely to persist in doing it.
- Comment on Is HTTPS a scam? 2 months ago:
You should probably be more concerned about DNS than HTTPS. DNS is a point where government censors actually do go after web sites they don’t like.
- Comment on Everyone makes incest jokes about Adam and Eve and their children but they never mention that there was another woman named Lilith (Adam's first wife) who would have added variance to the gene pool. 3 months ago:
The Bible, and even the Torah, are compilations from stories that existed before these particular books were written down. However, the character of Lilith as “first wife of Adam” is probably not something left out of the Torah, but a much later invention.
- Comment on Strings do too many things 3 months ago:
If DNS is transiently down, the most common mail domains are still in local resolver cache. And if you’re parsing live user requests, that means the IP network itself is not in transient failure at the moment. So it takes a pretty narrow kind of failure to trigger a problem… And the outcome is the app tells the user to recheck their email address, they do, and they retry and it works.
If DNS is having a worse problem, it’s probably down for your mail server too, which means an email would at least sit in the outbound mail spool for a bit until DNS comes back. Meanwhile the user is wondering where their confirmation email is, because people expect email delivery in seconds these days.
So yeah … yay, tradeoffs!
(Confirmation emails are still important for closed-loop opt-in, to make sure the user isn’t signing someone else up for your marketing department’s spam, though.)
- Comment on Strings do too many things 3 months ago:
The only way to correctly validate an email address is to send a message to it, and verify that it arrived.
If you’re accepting email addresses as user input (e.g. from a web form), it might be nice to check that what’s to the right of the rightmost
@
sign is a domain name with an MX or A record. That way, if a user enters a typo’d address, you have some chance of telling them that instead of handing an email touser#example.net
to your MTA.But the validity of the local-part (left of the rightmost
@
) is up to the receiving server. - Comment on Strings do too many things 3 months ago:
Any time you’re turning a string of input into something else, what you are doing is parsing.
Even if the word “parser” never appears in your code, the act of interpreting a string as structured data is parsing, and the code that does parsing is a parser.
Programmers write parsers quite a lot, and many of the parsers they write are ad-hoc, ill-specified, bug-ridden, and can’t tell you why your input didn’t parse right.
Writing a parser without realizing you’re writing a parser, usually leads to writing a bad parser. Bad parsers do things like accepting malformed input that causes security holes. When bad parsers do reject malformed input, they rarely emit useful error messages about why it’s malformed. Bad parsers are often written using regex and duct tape.
Try not to write bad parsers. If you need to parse something, consider writing a grammar and using a parser library. (If you’re very ambitious, try a parser combinator library.) But at least try to recall something about parsers you learned once way back in a CS class, before throwing regex at the problem and calling it a day.
(And now the word “parser” no longer makes sense, because of semantic satiation.)
- Comment on A pizza flavored Hot Pocket is just a calzone... 3 months ago:
“Hot Pockets are the American empanada.” — Wendy Watson
- Comment on Star Citizen Introducing a $48,000 Ship Bundle, but Only for Players Who Have Already Spent $10,000 4 months ago:
I have to wonder if this is a video game problem, or if it’s a sort of financial self-destructiveness expressed through a video game rather than through some other means.
Like, for every person who spends money they don’t have on video games, how many people spend money they don’t have on fancy cars, or shoes, or expensive pets, other luxury possessions? How many people spend the rent money on sneakers, or the kids’ college fund on fancy vacations?
- Comment on ...So I Finally Quit Spotify 4 months ago:
It’s not just “won’t ban”.
They collect money from subscriptions to Nazi authors, and pay those authors.
They are a Nazi publisher.
- Comment on "Trust and Safety" departments exist to protect the company, not users. 4 months ago:
No, it’s more like “policy enforcement”.
Ostensibly it means “if our policy forbids Nazis, then you can trust us that there won’t be Nazis engaging with your content on our site.”
But really, the policy doesn’t forbid Nazis.
- Comment on "Trust and Safety" departments exist to protect the company, not users. 4 months ago:
A “user” is anyone who walks through the public park and picks up a gadget that someone else left there.
They poke at it for a while, not knowing who built it or who dropped it in the park. It does some cool stuff.
Sometimes they can wiggle it and it makes colors that their friends enjoy. Maybe someone built this thing just to be a fun toy to play with?
They put it in their pants pocket and walk on.
Once in a while, the thing they picked up in the park just spontaneously catches fire and burns their pants off, leaving them naked in the middle of the town square and really embarrassed.
But usually, a “user” can mess around with technology crap and not get burned.
Until, y’know, they do.
And then it’s supposed to be their fault.
- Comment on [deleted] 4 months ago:
In other words, they will continue to pay Nazis to write Nazi articles.