wolo

@wolo@lemmy.blahaj.zone
12 Post – 59 Comments
Joined 1 years ago

my website's backend is made with bash, it calls make for every request and it probably has hundreds of remote arbitrary code execution bugs that will get me pwned someday, it's great

edit: to clarify, it uses a rust program i made to expose the bash scripts as http endpoints, i'm not crazy enough to implement http in bash

it behaves like a static file server, but if a file has the others-execute permission bit set it executes the file instead of reading it

it's surprisingly nice for prototyping since you can just write a cli program and it's automatically available over http too

17 more...

"We successfully competed against piracy and drove it to near-extinction, but now that we're enshittified we can't compete with piracy while continuing to make the obscene amounts of money that we want to make"

1 more...

Good, if someone is selling their labor they should be protected as an employee.

breaking news: if you spend thousands of hours building a house of cards on top of a rug controlled by a company whose best interests do not align with yours, don't be surprised when they hold your work for ransom and threaten to pull it out from under you

if they sold DVDs of Netflix's shows that would actually be pretty nice, but I doubt they would be OK with allowing anyone to actually own their media.

I think you missed a letter...

2 more...

How is this better than a normal messaging protocol like Matrix? What does blockchain add to the solution?

Why did you photoshop the image to make his face bigger?

1 more...

I can't be cis, I like Gex!

i thought it was neat how php lets you write your website's logic with the same directory tree pattern that clients consume it from, but i didn't want to learn php so i made my own, worse version

Sometimes when I get a call from an unfamiliar number with my area code (I don't live there anymore so it's always a scam spoofing a nearby number) I roleplay as a 911 operator and don't drop the act until they hang up, threaten them with penalties for wasting public resources and such. It's probably not strictly legal but they're calling me illegally too so i think it pretty much evens out :)

There's a concept I call "rule zero of cybersecurity": "the user can and will exploit trust you place in them or anything they can touch."

You can make it more difficult to exploit the trust you put in the user by hiding it behind obfuscation, but ultimately the user can desolder your secure enclave, reverse engineer your anti-tampering measures, and falsify any check your program wants to do, if it happens on their computer.

Client-side anticheat on Windows doesn't "work" in the pure sense either, it's just enough of a pain to bypass that most people don't because you can't recompile the kernel to change how it behaves. On Linux, it's easier to take advantage of the fact that perfect client-side anticheat is fundamentally impossible.

Same with device attestation, DRM, and other client-side verification measures: they're doomed to be in an endless back-and-forth because what they're trying to do is fundamentally incompatible with reality.

The correct choice for anti-cheat is to detect cheaters like humans do: watch a player's actions as they are received by the server, and use your knowledge of typical player patterns to detect if the player is cheating. Your server's knowledge of the network messages coming from the user's computer is the only thing you can trust (because it exists on hardware you control), so you should make your decision by analyzing that.

3 more...

Godot's 3D is perfectly usable in my experience, it's been a while since I've used Unity though so I can't tell you how they compare.

If you put zoom in a flatpak and tighten its permissions, it won't be able to touch the rest of your system

5 more...

Would be an excellent change if they replaced it with a chronological timeline, but we all know they won't do that even though their backend already generates RSS feeds and it would barely take any effort to integrate with the frontend

Every sale to every individual buyer requires separate handwritten notice, each individually attached to a copy of the privacy policy and the data sold, notarized and sent by certified mail in triplicate, with postage paid by the sender. Make it cost so much that the entire industry becomes obsolete.

Vattenhaj

the only good part of the last one was the mac-'n-cheese-induced divorce flashback, somehow that doesn't give me hope for the future of the series

Windows doesn't like to acknowledge that other operating systems exist, so (at least from my experience) it will overwrite your Linux bootloader whenever it updates, or sometimes it'll just do it because it feels like it...

3 more...

Personally I would rather they had to make phones a little thicker again to include a properly sealed battery compartment, the new ones look very nice but it's too hard to get a decent grip without accidentally bumping the edge of the screen.

Maybe the whole back side of the phone is the battery, and the two sides are independently watertight? The charger port and usb controller could be on the battery too, that way you can replace it if it breaks or you want to be compatible with a new fast charging specification, and you could charge it independently if you have more than one.

Maybe I'll finally move it into a VM so I can send a link to it here without tempting people :P

#!/bin/bash doesn't work on NixOS since bash is in the nix store somewhere, #!/usr/bin/env bash resolves the correct location regardless of where bash is

5 more...

the PineTime can run for over a week in my experience, but it runs at 64 MHz and has 64kb of RAM, so telling time is pretty much its limit

1 more...

I still haven't gotten any popups at all on Firefox with uBlock, not sure what's different about my setup

Got rid of all of my centralized social media accounts apart from YouTube, moved from Proton to Migadu on my own domain (unlimited aliases! when signing up for a service I can just make up a new username and it gets organized into a folder in my inbox!), and moved my homelab and laptop to NixOS

Waluigi

I've taken some precautions, it's running in a container as an unprivileged user and the only writable mount is the directory where make writes rendered pages, but i probably should move it into a vm if i want to be completely safe lol

1 more...

They could make it difficult to open up the camera and extract its signing key, but only one person has to do it successfully for the entire system to be unusable.

In theory you could have a central authority that keeps track of cameras that have had their keys used for known-fake images, but then you're trusting that authority not to invalidate someone's keys for doing something they disagree with, and it still wouldn't prevent someone from buying a camera, extracting its key themselves, and making fraudulent images with a fresh, trusted key.

Flatpak and AppImage are trying to make that easier, since they both work the same on pretty much any distro, but not everything is packaged that way yet.

Flatpak is closer to the typical package manager model, where you install things from a graphical store or the command line, while AppImages are self-contained binaries that you download from the developer and run as-is without installing.

Snaps also exist, but they don't work well outside of Ubuntu and its descendants...

1 more...

That's not how you should mix tabs and spaces for alignment. You use the same number of tabs as the previous line, and then fill the remaining width with spaces. That way, when you change tab width, the alignment spaces will always start in the same column as the line they're aligning to, regardless of the tab width.

1 more...

Building code violations (Minecraft)

My big killer feature for Linux phones is running Wayland/X11 apps mostly unmodified, if AOSP added support for that I wouldn't be too disappointed about sticking with it. I've tried to make android apps before, but doing things the Android Way™ basically requires you to use java and their bespoke UI primitives, and it always makes me wish I could just use the tools I'm already used to.

Being able to have intricate control over my phone is nice, but I'd rather do it with a KDE-like settings maze than a terminal because of how tiny the screen is, and if I'm doing something serious that would require a terminal I would rather do it at my desk.

I definitely think the Android ecosystem has some serious problems, but I already run a custom ROM without Google Play Services installed so I'm fairly well-insulated from that. I do plan on installing a mobile Linux system on my old phone to experiment, but I doubt it will become my system of choice.

Animal Crossing City Folk bricked my Wii U, it was probably unrelated but I like to think Resetti just had enough of my shit

For 2:

  • Yes, and it doesn't cheat by bundling some huge scripting runtime like some other languages do. It produces real, native code which will run almost as fast as an equivalent program in C (sometimes a little faster!)
  • It gets as crazy as you make it, but the design of the language tries to help you keep things manageable.
  • When you run cargo new or cargo init it should initialize a local git repo for you, just add a remote and push. If you're setting it up on your own, add the target directory to .gitignore.

Also, for point 1.2: As long as you don't delete your settings or change them in another program, they should stay where they are even if the DE using them is gone. However, if you aren't short on disk space, there's no need to get rid of a DE you aren't using, since you can pick from all of the installed desktops in your display manager (the screen where you log in for the first time after booting).

You don't need to abandon your distro's package manager to use Nix, so you can adopt it as much or as little as you like.

the last game I played was Duskers, so I'm probably either immediately dying in the vacuum of space or trapped in a derelict space station without any power.

Every good result they serve you could have been an ad, so they're incentivised to replace as many with ads as possible.

Most currencies have a special pattern that printers are programmed to detect and refuse to print. Since illegal gun part designs can't be forced to include a marker declaring that they're gun parts, a 3d printer would have to 1) know what a gun is, 2) know how a gun works, 3) be able to tell whether any particular shape could be used as part of a gun, and 4) be able to tell whether any particular shape could be cut and reassembled into a shape that could be used as part of a gun

Maybe browsers could be configured to automatically accept the first certificate they see for a given .internal domain, and then raise a warning if it ever changes, probably with a special banner to teach the user what an .internal name means the first time they see one

I know that Calckey and its descendants support it since I verified my account on a Calckey instance, and Akkoma mentions it in this blog post.