They added telemetry. 100% of responses had internet access.

I'm not an expert on modern alarm systems but it seems that it is very common and fairly inexpensive to have cellular data backup. Not every system has it, but many do. In that case cutting the main connection will likely result in someone appearing on site fairly quickly.

Many cameras also have some form of local buffering. So even if you are gone before someone does show up you still may find yourself recorded.

But at the end of the day just put a bag over your head and you can be gone by the time anyone shows up without leaving a meaningful trace. Other than the very top-end system security systems just keep the honest people honest.

Tips for being secure online:

1. Use your browser's password manager to generate random passwords.
2. In the rare case you need to manually enter your password into a site or app be very suspicious and very careful.
3. Never give personal information to someone who calls or emails you. If necessary look up the contact info of who called you yourself and call them back before divulging and details. Keep in mind that Caller ID and the From address of emails can be faked.
4. Update software regularly. Security problems are regularly fixed.

That's really all you need. You don't even need 2FA, it is nice extra security but if you use random passwords and don't enter your passwords into phishing sites it is largely unnecessary.

The reason I say browser password manager is two main reasons:

1. It is absolutely critical that it checks the domain to prevent phishing.
2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

I don't think that is quite accurate.

We discovered many more Pluto-or-larger sized things that were closer to the sun than Pluto. It became increasingly obvious that there was nothing special about Pluto and we either needed to add hundreds of planets or "demote" Pluto.

You probably mean TOTP. OTP is a generic term for any one-time-password which includes SMS-based 2FA. The other main standard is HOTP which will use a counter or challenge instead of the time as the input but this is rarely used.

There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don't really tract domain metadata in a concrete way to do this linking.

Some examples would be Pass which doesn't have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn't come with a browser extension by default.

This is why DisplayPort is the better connector. Because they don't have their thumbs up their asses.

It always saddens me how much user pain has been caused and money wasted in implementing DRM which as far as I can tell hasn't succeeded in preventing a single movie or TV show from being available on torrent sites.

Death to HDMI. DisplayPort is the superior port.

People are getting all upset at Facebook/Meta here but they were served a valid warrant. I don't think there is much to get mad about them here. The takeaway I get is this:

Avoid giving data to others. No matter how trustworthy they are (not that Meta is) they can be legally compelled to release it. Trust only in cryptography.

There is of course the other question of if abortion being illegal is a policy that most people agree with...but that is a whole different kettle of fish that I won't get into here.

Back in the day X was a great protocol that reflected the needs of the time.

1. Applications asked it to draw some lines and text.
2. It sent input events to applications.

People also wanted to customize how their windows were laid out more flexibly. So the window manager appeared. This would move all of your windows around for you and provide some global shortcuts for things.

Then graphics got more complicated. All of a sudden the simple drawing primitives of X weren't sufficient. Other than lines, text and rectangles applications wanted gradients, rounded corners and to display rich graphics. So now instead of using all of these fancy drawing APIs they were just uploading big bitmaps to the X server. At this point 1/3 of what the X server was previously doing became obsolete.

Next people wanted fancy effects and transparency (like drop shadows). So window managers started compositing the display. This is great but now they need more control than just moving windows around on the display in case they are warped, rendered somewhere slightly differently or on a different workspace. So now all input events go first from X to the window manager, then back to X, then to the application. Also output needs to be processed by the window manager, so it is sent from the client to X, then to the window manager, then the composited output is sent to X. So another 1/3 of what X was doing became obsolete.

So now what is the X server doing:

1. Outputting the composited image to the display.
2. Receiving input from input devices.
3. Shuffling messages and graphics between the window manager and applications.

It turns out that 1 and 2 have got vastly simpler over the years, and can now basically be solved by a few libraries. 3 is just overhead (especially if you are trying to use X over a network because input and output need to make multiple round-trips each).

So 1 and 2 turned into libraries and 3 was just removed. Basically this made the X server disappear. Now the window manager just directly read input and displayed output usually using some common libraries.

Now removing the X server is a breaking change, so it was a great time to rethink a lot of decisions. Some of the highlights are:

1. Accessing other applications information (output and input capture) requires explicit permission. This is a key piece to sandboxing applications.
2. Organize the system around frames to avoid tearing except for when desired (X doesn't really have the concept of a frame).
3. Remove lots of basically unused APIs like fonts, drawing and many others.

So the future is great. Simpler, faster, more secure and more extensible. However getting there takes time.

This was also slowed down by some people trying to resist some features that X had (such as applications being able to position themselves). And with a few examples like that it can be impossible to make a nice port of an application to Wayland. However over time these features are being added and these days most applications have good Wayland support.

Because people don't understand how copyright works.

In most countries any copyrightable work that you produce is automatically covered by copyright. You don't need to do anything additional to gain that protection.

Most Lemmy instances don't have any sort of licensing grant in their terms of service. So that means that the original author maintains all ownership of their work.

So technically what these people are doing is granting a license to their comment that allows it to be used for more than would otherwise be allowed by the default copyright protections.

What they are probably trying to accomplish is to revoke the ability for commercial enterprises to use their comments. However that is already the default state so it is pretty irrelevant. Basically any company that cares about copyright and thinks that what they are doing isn't allowed as fair use already wouldn't be able to use their comments without the license note. So by adding the license note all they are doing is allowing non-commercial AI to scrape it (which is probably not what was intended). Of course most AI scraping companies don't care about copyright or think that their use is not protected under copyright. So it is again irrelevant.

IDE is one thing, Go refuses to compile. Like calm down, I'm going to use it in a second. Just let me test the basics of my new method before I start using this variable.

Or every time you add or remove a printf it refuses to compile until you remove that unused import. Please just fuck off.

if staying outside EU

I'm pretty sure this is explicitly not allowed because most of the EU laws apply to EU citizens and residents. So if an EU citizen stays outside the EU they aren't allowed to stop following the EU rules.

This proposal absolutely infuriates me. This is making it so that you won't be able to browse the web unless you are using "approved" hardware on an "approved" OS with an "approved" browser. You will have no freedom to control your computing. Even if your browser is open source it will barely matter because you won't be able to patch it, you will need to run the approved binaries.

Fuck off and let me use the software I want.

This is SafetyNet from Android. You won't be able to access your bank, your movies, your anything unless you are using hardware and software that is controlled by billion dollar corporations.

I am a touch screen enjoyer. At least in theory. I like having time to browse, look at pictures, easy access to customization options and most importantly no feeling of pressure. I am not spending a cashier's time and potentially blocking someone behind me (at least there is usually less of a line for the self-ordering).

However there are negatives for sure. My biggest annoyance is that these devices are often annoyingly slow and unresponsive. They just display a tiny bit of text and images, they should switch between screens at 60fps, not 2s per click. Also if I know what I want it is often faster to tell the cashier and let them enter the order (on their more expert-optimized and less laggy keypad).

This is https://www.hyrumslaw.com/.

Basically there are two types of breaking changes:

1. The change may break something.
2. The change breaks a contract of the code.

What you are experiencing with debugRepr() is that you have triggered 1. You have made a chance that may break a user. But you have not triggered 2 because the new output is still within the previous contract. What level of stability you want to uphold is up to you.

Yeah, people are getting really upset at Google/Mozilla here but SafeBrowsing is actually a very good service. I legitimately believe that it frequently prevents malware infections and phishing on a regular basis. It is also architected with a privacy-first approach that reveals very little data to Google. And the SafeBrowsing privacy policy is actually one of Google's very tight ones.

I think Mozilla made the right choice to enable it by default. They also make it fairly easy to disable this for advanced users under the "Deceptive Content and Dangerous Software Protection" setting. (No need to crack open about:config, disabling it is fully supported.)

I understand that this may be a controversial opinion.

A lot of people don't understand that there is nothing magical about a written contract with a signature. If you agree to something you have a contract. It doesn't matter if it is written, spoken, gestured or anything else. Written contracts with signatures are often preferred because it is very clear that there was an agreement and what was agreed to. But just about any method of agreeing is just as binding.

Because some people want to filter it out. So it gets a label.

Not only that but the EU doesn't want to make it seem like people can come and go as they please. So they will make serious demands for rejoining.

Gabe Newell really nailed it there. I buy tons of games on Steam. I also used to subscribe to Netflix and rent movies from Google. But now Netflix has junk and I need to subscribe to 10 services and they occasionally deleted my partner's downloaded shows while traveling because they couldn't validate the license. I can't even play HD videos from any legal retailer on any of my devices other than a Chromecast as they aren't under the media lobby's control.

But say I was to download a movie from a torrent site. It would probably be a higher quality than streaming services would give me, I can play it offline with no concerns about license expiry and it will still be 4k on every device I choose to watch on. I could also take a screenshot and share to my friend (which may cause them to purchase that content!). It's basically all upsides. Maybe slightly more difficult to find the content than something like Google Play rentals, but really not much and the tradeoff is the greater choice of content available.

It is reductive to say that piracy is just a service problem. There are lots of people who will try to save the money. But a lot of those people wouldn't spend much if any money either way. They would just skip most content, or watch with friends or similar. There is a huge group of people (myself included) that would happily pay a significant amount for content if they provided a good experience. But they are too busy failing to stop piracy to bother giving a good experience.

This is pretty clever. As I understand it.

1. Because LLMs are slow most of them stream the response to the user.
2. The response is streamed as text, but generated in tokens.
3. This means that each "chunk" leaks the length of the text corresponding to the token.
4. You can then use heuristics to guess the text of the response based on the token lengths.

This is a good reminder any time you are sending content in small chunks over an encrypted channel, many encrypted channels don't provide protection against size leaks by default.

It seems there are a few easy solutions to this:

1. Send the token IDs (as fixed-size integers) over the network rather than the text.
2. Pad the text representations of the tokens to a fixed length.
3. Batch the tokens more (and maybe add padding) to produce bigger chunks and obscure individual token size.

These still all leak the approximate length of the response, but that is probably acceptable.

No negative sign on the keyboard. But you can enter 2147483647

IIUC when they separated they basically ended up with a snapshot of EU regulations. So most of GDPR applies. But IDK if the DMA will apply as it was created after they split.

I feel that a lot of people here are missing the point. Docker is popular for selfhosted services for a few main reasons:

1. It is one package that can be used on any distribution (or even OS with a Linux VM).
2. The package contains all dependencies required to run the software so it is pretty reliable.
3. It provides some basic sandboxing against non-malicious services. Basically the service can't scribble all over your filesystem. It can only write to specific directories that you have given it access to (via volumes) other than by exploiting security vulnerabilities.
4. The volume system also makes it very obvious what data is important and needs to be backed up or similar, you have a short list.

Docker also has lots of downsides. I would generally say that if your distribution packages software I would prefer the distribution's package over the docker image. A good distribution package will also solve all of these problems. The main issue you will see with distribution packages is a longer delay before new versions are made available.

What Docker completely dominates was previous cross-distribution packaging options which typically took one of the previous strategies.

1. Self-contained compiled tarball. Run the program inside as your user. It probably puts its data in the extracted directory, maybe. How do you upgrade? Extract and copy a data directory? Self-update? Code is mutable and mixed with data, gross.
2. Install script. Probably runs as root. Makes who-knows what changes to your system. Where is the data, is the service running? Will it auto-start on boot. Hope that install script supports your distro.
3. Source tarball. Figure out the dependencies. Hope they don't conflict with the versions your distro has. Set up users and setup scripts yourself. Hope the build doesn't take too long.

This article references another article: https://www.theguardian.com/world/2023/jul/06/canada-judge-thumbs-up-emoji-sign-contract

Apparently the message was an image of the contract and "please confirm flax contract". Seems like the most likely interpretation of the 👍 is agreeing to the contract, not confirming receipt.

I don't see anything you said that it isn't quite right.

Porn is a distributed form of entertainment.

Porn allows you to get your rocks off. You take views, so to speak and do your thing.

Distributed, in this context, means multiple enjoyers can watch porn on each of their entertainment computers and share the videos, usually to a centralized porn server.

PornHub runs a web-based porn server at pornhub.com so viewers can store their porn in a central location on the internet.

I think we as a society need to be a bit less sensitive about gifts. I think it is fine to not like a gift. What matters is that they thought of you to get something. Sometimes it won't land. It is better to admit that (if necessary) than hide it forever. It isn't my responsibility to love and care for a give that you give me.

I get you something I don't want it wasting space in your house just because you are afraid I will be offended. That is like the worst outcome of a gift, I don't want to be giving you a burden.

So if the kid is no longer interested in the toy I think it is fine to give it away or otherwise get rid of it. If the person is offended they should chill the fuck out.

The idea is that only one will succeed. Look, it is a comic not a production-ready solution.

Is this worse? It sounds pretty similar.

There are lots of reasons. Some off of the top of my head:

1. People are more likely to shop there because they get "deals".
2. People feel better about shopping there because they get "deals".
3. More and better data for the business. (Associated with individuals over time rather than "anonymous" purchases, the also get extra info like a phone number that they can cross-reference)
4. If you carry the card or app you will see it frequently and think about the store (free advertising).
5. Often times you agree to some sort of marketing communication when you sign up.
6. You usually get "points" which you need to come back again to use.

I don't think you can pick out any one reason. XMPP is very old and has extensions for a huge variety of features. Many people have experience with older versions which had many major missing features (such as strong multi-device with offline support and server-side history) and a lot of the "hype" has died out long ago.

Matrix is new and made a lot of decisions that really helped its popularity.

1. Having a HTTP-based client-to-server protocol makes web clients very easy to make.
2. It is based on sync and merging rather than messages which moves some difficult problems (like multidevice and server-side history) into the core protocol meaning that it works well out of the box.
3. Having HTTP based protocols make hosting it familiar for many people.
4. The "default" Element clients have lots of features out of the box, features that for a long time were not always present on XMPP servers or clients. This gives a more consistent experience.

We will see what the history holds. Matrix is still very new and maybe the hype will die out and we end up moving back to XMPP. Or maybe something new. Overall I don't think there are major fundamental differences. I think Matrix making graph sync the core primitive to build off of was a good idea, but in practice I don't think it matters much.

You say that XMPP is much lighter. But I think that is mostly due to Synapse not being very efficient. Other implementations are fairly light. Even then my Synapse is using fairly small amounts of resources. You should also check that you are making an apples-to-apples comparison with large rooms, media and message history like you would typically see in a common Matrix server.

I don't think we need to set a global minimum date, but the manufacturer should have to put a date on the box. If they don't support the device up to that date (including security updates and maintaining any required cloud services) then the consumer gets a full refund with possibly additional damages.

I think of it like the digital version of a nutrition facts table.

If law enforcement knocks on my door with a valid warrant I'm going to comply. It would be nice to have some legal assistance to help validate the warrant but at the end of the day in this case it was almost certainly valid.

If this was about a murder rather than abortion people would be applauding Meta for helping catch the murderer. I think what people are actually mad about is the law, and they are using Meta as a scapegoat.

But at the end of the day E2EE is the best solution here. Don't give private data to others, they can't be trusted because they can be compelled by the law.

They are just complying with the law here. As much as I don't think Meta are great people I'd rather that they follow the law than make their own decisions. Of course we should also consider fixing these laws, but that isn't really Meta's responsibility.

They'll brick your device if a part can't be verified so that isn't much different they destroying. Maybe they don't require repair shops to hand over personal info, but they do require device identifiers so I wouldn't be surprised if that is basically identical.

Noise is a public nusince. I definitely wouldn't want my neighbours constantly slamming their doors at night. I doubt you are going to get fined if you are slamming your door occasionally or in the middle of the woods.

Laws exist to ensure that we can all live peacefully together. I think most people agree that excessive noise is more of a negative than a positive. Most places have similar curfew laws where excessive noise at night is not allowed.

First of all. If you don't have the resources to contribute don't. If you need to spend your time on your financial situation or family or whatever, take care of yourself first.

But assuming you do have time then there are various ways that you can contribute.

1. Use the software.
2. Share the software. If you have friends, family or coworkers who could benefit from a particular piece of open source software let them know about it. If you have writing or video making skills you can also help by publishing guides and tutorials.
3. Support other users. Whether they are people you know IRL or people on the forms or issue tracker it is always good to help others.
4. Directly contribute to the project. This depends on the project, if they don't have documentation about how to contribute consider reaching out and asking. Let them know what skills you have and how much time you can offer. Frequently projects are looking for people to provide support to users, write documentation, triage bugs or other tasks. Reaching out also helps make sure that the work you are doing is useful and follows the project's conventions.
5. Specialized contributions. If you have specialized skills like programming, graphic design, UX expertise, speak multiple languages or anything else then the project can often find a use for you. Again, I recommend reaching out first to make sure that the work you do is desired and in the direction that the project wants to go. If you don't have these skills right now it is never too late to learn either. There are many online courses (many free) that can help you learn to program or do design.

For software to run on a computer it needs to speak the computer's "language". This is typically called "machine language" but differs across different hardware. For example most modern Intel and AMD processors speak x86_64. This language has ways to express different operations such as "add these two numbers" or "put this CPU core into a low power mode". This is the fundamental way that software works, but running in this language.

There are languages that are completely different, such as ARM which is very common on mobile devices and is the language used by Apple's new M chips. These have basically nothing in common with x86_64.

These languages also evolve over time. For example x86_64 is a significant extension to the older x86 language. For the most part this is fine, it is like the CPU now knows more words, if you use those new words the new CPU will understand them, but older CPUs won't.

RISC-V is a new machine language. What makes it interesting is that it is a free and open specification. This means that anyone can create a new RISC-V CPU, unlike x86_64 where you need to buy a license from Intel or ARM where you need to buy a license from the ARM corporation. Most people think that this openness has major benefits, for example now anyone can create a new processor which may be better, rather than having innovation being stifled by licensing costs (if you can even get a license) or needing to create their own machine language and require huge amounts of effort to migrate software to it.

Note: It is important not to confuse "machine language" with "programming language". When people write software they very rarely write code in machine language directly. Usually they use a programming language which is then converted into the machine language of the CPU it will run on.