Skip Navigation
Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web
  • Every now and then, I try to browser without an ad blocker.

    That generally lasts until I encounter something that's bad enough that I don't really have a choice, and then I turn it back on.

    The page needs to actually function. It needs to be possible to click on something and actually be clicking on the thing that you're intending to.

    And it can not have stuff that blinks in a manner that causes a segment of the population (which includes me at times, but not 100% of the time) significant neurological problems.

    That last one has been the driving force behind stuff getting reenabled a fair bit.

    Oh, and if it's ads on video content, they need to be at least vaguely reasonable in regards to interruptions and length. Youtube is way past that at this point.

  • A new trend in tipping emerges
  • To be real clear, the only thing this does is screw over the hourly employees trying to survive on tips.

    It does absolutely nothing to the business, they don't care, at all. It doesn't impact them in the slightest.

    Yes, by law, if someone makes so little in tips that they would be getting paid below minimum wage the business is supposed to make up the difference.

    Assuming that happens for the entire shift.

    In practice, by all accounts... That pretty much never happens.

  • A 46,000-year-old worm found in Siberian permafrost was brought back to life, and started having babies
  • That is very species dependent.

    Some cold adapted species use various mechanisms to ensure that they can survive being frozen without that occurring.

    One common answer is a form of natural antifreeze, preventing the crystallization from occurring where it would cause that kind of damage.

  • Russia's Medvedev: We'd have to use a nuclear weapon if Ukrainian offensive was a success
  • On the contrary, Russia using nuclear weapons would do a great deal.

    It would ensure that every sane nation on the planet start working to remove the very real threat of Russia using nuclear weapons in other settings.

    Depending on exactly how it was taken, that could pretty easily mean almost anything from a long range, decade long effort by most of the world to slowly strangle Russia with sanctions, without any exceptions, to an immediate set of strikes on every single known Russian location with nuclear weapons.

    And make no mistake, 'known location' is going to include a lot of places that are only 'known' at whatever the equivalent is for various countries of top secret, code word classified material, known only to a very small select few.

    It would definitely include every single Russian nuclear submarine that any country on earth has a lock on.

    It's pretty much impossible to say how likely that immediate strike would be under those conditions, in large part because the world at large has no idea how much of Russia's nuclear arsenal has been located with enough precision to carry out such an attack, let alone how much is believed to be known with such precision.

    I really, really hope that we don't go there, because that would be the kickoff for World War 3, without any question.

    The only question would be how many Russian nuclear weapons would get launched before their launch platforms were eliminated.

    Practically speaking, I sure as hell wouldn't bet on the number being 0. But others very well might.

    I definitely wouldn't bet on it being anywhere close to the number of weapons that Russia claims to have ready to launch. Intelligence and strike capabilities are far better than that. Even assuming that every single launch platform actually works the way it's supposed to.

    But Russia doing something that even had the potential to lead to a world wide nuclear exchange would most definitely result in actions far greater than anything we have seen so far.

  • [News] Trump rally interviewer backpedals after man calls to "kill them all"
  • Make no mistake, this is not an accident. It's the goal.

    Take a hard look at the rhetoric they are using to try and justify there extremist actions against LGBTQ+ people in their states.

    Then, go look at the language that was used by Nazi Germany about groups that they then went on to try and wipe out by systematic genocide.

    Again, this is not some weird coincidence, or an accident, or a mistake.

    It is nothing short of a political party that has decided that the nazis had the right idea, and is very deliberately copying them and their rise to power.

    Expect things to get far, far worse.

  • What is Worldcoin and what does it mean for our privacy? | Context
  • Alright, now, who wants to come up with a 'good enough' generative AI tool to generate fake irises on a smartphone screen, and what do you think would be necessary (if anything) to convince the orb-shaped device that it's a real iris?

    That is the goal of this project, right?

  • South Korea has given up on talking to the North
  • I would argue that we are, as a planetary civilization, almost past the point where a war of that sort is even possible.

    On the other hand, if China were to ever shun NK, I would bet that their government would likely collapse in less than a decade.

    Sadly, China has a ton of reasons to want to prevent that, one of the bigger ones being the border with NK where many, many refugees would try to cross into China.

    I could however see, someday, China agreeing to a massive backroom deal on a scale that would be unprecedented:

    China abruptly works to ensure a complete collapse of the NK government, without any NK nuclear weapons either coming into play or any NK nuclear weapons going missing (except to China itself, if it wants them).

    And SK along with a good chunk of the Western world agrees to immediately conduct one of the largest humanitarian missions in history, to ensure that nobody is fleeing NK into China unless they have tons of assets and they want to avoid repercussions for their actions.

    There are, sadly, a lot of reasons why China wouldn't want the western powers capable of pulling that off to have control of territory that close to China though.

    SK would be their safest bet, but SK doesn't have the resources to pull of that kind of a humanitarian effort.

    And the chances that someone like the US wouldn't take the chance to plop a military base in what is currently NK seems awfully slim.

  • Controversial Physicist Faces Mounting Accusations of Scientific Misconduct
  • Yep.

    The only big complication with doing stuff that way is that if you get enough attention, abruptly people start looking at your stuff a lot harder.

    And then you get shredded, and lose all credibility for the rest of your career.

    Claiming to have discovered something absolutely ground breaking, that everyone in the field would want to replicate almost immediately, is exactly the kind of thing that would sink someone doing this.

    But then again, people are idiots sometimes.

  • Does anyone remember a logo that looked like this? None of us can place it but we all think we remember.
  • From the comments, I think that the general answer is: We all recognize it, because a lot of different places used a logo sorta like this in the 90s.

    And we can't pin it down exactly, because a lot of different places used a logo sorta like this in the 90s.

    And being the 90s, a lot of that was never on the internet in the first place.

    It rings very strong bells for me, and I don't think the reason is one that (at the time of this comment) has already been posted... But I can't for the life of me remember what it was for.

  • Reddit is committing LITERAL FRAUD
  • Because they are unilaterally removing benefits that people have already paid for, and are explicitly stating that they will provide no refunds.

    If you paid for a year of premium, a good chunk of the benefit has been the coins to buy awards.

    After they get rid of both coins and awards, well, you have still paid for premium in advance, but it is now worth a fair bit less to some people.

    Also bad, but more arguably in regards to the law, they are choosing to remove all past awards on posts and comments.

    Which means that people who have bought coins (or premium to get coins) are having all of that undone, again, without any possibility of refund.

    Arguably, this is much more problematic for people who had purchased coins, but who had not used them all before the announcement. Because that's taking the money, and then simply choosing not to provide the service that was paid for, while simultaneously stating that there will be no refunds.

    You could try to argue that, well, they can use those coins up until they turn buying awards off... Except, well, one of the nice things about awards is that they last as long as the post or comment does.

    This is... Problematic.

    Extremely problematic.

  • Biden administration forgives $39 billion in student debt for more than 800,000 borrowers
  • And the Supreme Court is supposed to be a court of law.

    Sadly, as they have decided to move away from that, the least the executive can do is ensure that the law is being correctly applied in cases where it favors the people.

  • What real life person had a "redemption arc"?
  • As best as I've been able to tell, it was a mixture of:

    An increasingly narrow social circle of people willing and able to disagree with him.

    An increasingly large social circle of people willing to tell him what he wants to hear, and willing to try and shape his world view.

    And drugs.

    He has sadly reached the stage where he is unwilling to have anyone around him who will openly disagree with him. Doing so is a firing offense.

    He has absolutely reached the point wealth wise where it is impossible to make new friends who you can trust to not have a motive in every interaction with you.

    And he has, without question, become someone that decent people from his past likely wouldn't want to be around.

    I'm not sure that it's going to be possible for someone in his current position to reform without losing the vast majority of his fortune first. And even then, I'm not nearly as optimistic as I could be.

  • Stop Trying to Make Social Networks Succeed [Opinion]
  • The big cost to doing it yourself is maintenance.

    There is, for a lot of people, a fairly large amount of value in never having to worry about hardware dying. If it does, that's someone else's problem, and it will be fixed, as far as you are concerned, rapidly and without any interaction with you.

    How much any given person values that is going to vary wildly, but it means that you don't risk having stuff go down at a moment when you can't do anything about it. Maybe you're on vacation, and you don't have any hands that can do anything. Maybe you're sick, or just extremely busy that week.

    You're not wrong that this comes at a fairly substantial monetary cost, but it is wrong to say that this isn't, in many cases, a cost that people are more than willing to pay in exchange for the benefit.

  • Stop Trying to Make Social Networks Succeed [Opinion]
  • Mastodon absolutely does have a weakness of making it more difficult to find people that you want to follow based on what you have already engaged with.

    And from a purely user perspective, that is a weakness.

    But it's also a very distinct choice. Because having enough data to be able to meaningfully make such recommendations means having a central database of every user interaction by every user.

    And it also means making choices and value judgements which, almost by definition, can not be value neutral.

    If the creators of the algorithm are good, they will actually be aware of the choices and value judgements being made, if not, well... They will still be making them, just not in nearly as educated of a way.

    On the whole, I really hope that we eventually come up with answers to these problems that make it possible for a user to make those choices, and to have the amount of recommendations that they want, while somehow not having anyone have the huge database of user interactions. I'm not sure if that's even possible, most especially if you assume that there will be entities on the fediverse that are fudging their data to get recommended in ways that other users don't want.

    But it sure would be interesting to try.

  • YSK: Keeping your accounts/online identity safe in the age of the fediverse/federated networks
  • That's like saying that only using high security locks with various security pins in them to protect your house is a bad idea, and you should throw in some secured with padlocks too just to change things up.

    And if some of them are shitty masterlocks, well, you're changing things up.

    That's really not how security works.

    Yes, pass phrases can have large amounts of entropy attached. But unless you are picking your pass phrases truly randomly, with a large dictionary, and using unique pass phrases per site, and the sites are not silently truncating the password input (such as bcrypt which truncates to 72 bytes), you are not actually getting that large amount of entropy.

    Where as a 16 character password that randomly uses the ASCII printable range, excluding spaces, gives you 93^16 possible combinations. That's 31313180170800116587336013460801 passwords.

    Or, very roughly, 104.6 bits of entropy. (104.6265409777285022441578006899739 bits of entropy if you want to be downright absurd about it.)

    Knowing that you're doing that simply doesn't help the attacker in any meaningful way.

    Bumping that to 20 characters gives you over 130 bits of entropy, or 2342388736625917052139104541473924426001 possible combinations.

    This is quite simply not a viable attack surface.

    Where as saying 'use pass phrases for some things' means that it is quite likely that some of your pass phrases are going to be much less secure than this.

    But let's give the same numbers for properly generated random passphrases.

    The xkcdpass utility can help us here.

    Even picking entirely randomly, out of a large word list of 7227 words, a 6 word pass phrase only gives roughly 76 bits of entropy.

    Going up to 8 words gives us roughly 102 bits of entropy, that helps a ton... Except that some of those passphrases are going to be longer than 72 bytes. So you're almost certainly losing bits of entropy.

    That best case still gives you fewer bits of entropy than a 20 character randomly generated password. Unless you're trying to memorize your password, there are no benefits to alternating between randomly generated passwords with good generation settings and passphrases.

    And if you're trying to memorize your passwords, you are definitely doing it wrong.

  • Real Engineering: The Questionable Engineering of Oceangate - an in depth analysis of the Oceangate disaster by an expert in composite materials engineering
  • You're both right, but I'm pretty sure that you're having two separate but related discussions.

    Certification by itself does absolutely nothing. It's a piece of paper.

    However, it's a piece of paper that you can not get unless you've done a bunch of other stuff.

    Regulations would have prevented this, because they would have required the certifications, which would have required the other stuff.

    In this case, they didn't do the other stuff.

    They didn't test the hull to see if it could take the pressure.

    They explicitly decided not to bother testing the hull to see if it could actually take the pressure.

    They certainly didn't do any fatigue testing to see how repeated pressure cycles impacted the material. The material that is extremely complex, and which nobody has done this with.

    Because they didn't do that testing, they had no way to reliably know if other steps were required, like only using it X number of times, or establishing processes to do specific inspections to look for whatever kinds of damage might happen as a result of repeated stress.

    So yes, if they had actually followed the process, this wouldn't have happened. They explicitly arranged to use the vessel in locations where they could not be held to the process.

    But they didn't want to follow the process. Which means more than 'they didn't do the certification', it means that they also didn't do many of the other things that would have been required to get that certification.

    And the lack of regulation meant that nobody could shut them down for those decisions.

  • Spain's far-right party Vox would abolish law allowing abortion
  • I think that it matters a great deal.

    One side wants entire groups to not exist. We have seen that play out, time after time after time. We have seen that carried to the point of concentration camps, and the systematic extermination of entire groups of people.

    We know where that road ends, and it ends is more blood than anyone should have the slightest desire to ever see spilled in their lifetime.

    The other side might not be perfect, but it isn't out to exterminate people.

    That's not a small difference. It's not a subtle difference. It's the difference between one side thinking that the holocaust didn't go far enough, didn't succeed enough, and the other side seeing it as an absolutely horrific event, something so horrible that it should never be allowed to happen again.

    And make no mistake, when the far right is literally copying propaganda from the Nazis, and they are, they damn well know what they are doing.

  • This is the Reddit app. They are making it really easy to want to migrate
  • The really really sad thing is, Reddit could have done a half decent job and made a fair bit of money, but they decided on stupidity instead.

    Sure, it would have upset some people a bit, but... Not by anywhere close to the same degree.

    Alright, we're sorry, but use of the API is going to have to start costing money for some kinds of uses.

    First off, people that just want to scrape everything get the following access, and a much higher rate limit, but it's going to cost $x.

    Moderator tools will always be free, but the API will require that the tool be associated with a moderator, and it will only permit access to subs that the user is a moderator for.

    Community bots will generally be free, subject to the following restrictions.

    And 3rd party clients will be charged a minimal amount, calculated to be roughly equal to what we are making from similar users on the official clients, to make up for lost ad revenue. Alternate options involving profit sharing may be viable, contact X for details.

    By accepting the API agreement, you agree that use of the wrong class of API usage (for example, using the community bot or 3rd party client classes for data scraping) will be billed, retroactively, at $X * 10.

    There. That's really not that hard. And people would have been much less upset at that, at least as long as the fees were actually as described, and not based on, say, how much they would like to make per user.

    You'd probably want a free tier for 3rd party clients for users of specific account types. If the user is paying for Reddit Premium, maybe 3rd party clients don't get charged for API usage for that user account. Or if the user is a moderator for a given subreddit, API usage for that user on that subreddit is also free. With an API that the client can use to check the status of such things. If they were smart, they would also have a process for users with disabilities to have their accounts exempted from fees. That last one is hard, because you need a verification process, but it would get them a lot of good will.

    Again... This shouldn't be hard. And it would have turned into a viable revenue stream!

    Hell, flatly disclose that the 3rd party cost is 30% more than the average cost of using the standard client, to support the effort required to maintain the API. (Largely bullshit, but it makes those users more valuable than those that use the official client, while not being expensive enough to make it impossible for anyone to offer a 3rd party client at an even remotely sane cost.)

    Yes, this would have very sadly been the end of free 3rd party clients... But I for one would have been... Okay with paying a small amount per month/year through the app store for a client that didn't suck.

    Instead, Reddit decided that committing suicide was the better path forward.

  • YSK: Keeping your accounts/online identity safe in the age of the fediverse/federated networks
  • The advice to always use a unique password per site is an excellent one.

    The why is multifaceted, and some of them are moderately complex.

    First off, not every site is going to be storing your password in a good a secure manner.

    In an ideal world, every site on the planet would be hashing it with something like bcrypt with a fairly aggressive cost setting, and good salts.

    And they would have a way to automatically rehash your password on login in the event that the password hashing settings change. (Almost everyone misses this one.)

    In practice... It could be stored in plain text. It could be hashed with classic crypt(), or with md5 or sha1 with no salt. There are so many ways to get it wrong.

    On the rehashing one, they could have picked something that was best practices at the time, you setup your account, and then two years later, best practices have changed, it turns out that there was a way to attack the previous way, so they change how they do it... And that's great for everyone who changes their password or sets up a new account after that change, but everyone who did it before that change? Well, those passwords are just sitting there hashed by the old method indefinitely.

    Or someone could compromise the site, and grab every password everyone enters.

    Or you could fall prey to a phishing attack, and type your login to what looks exactly like the site in question, but is infact a common typo of the real domain.

    Again, there are a lot of ways for the password used on a site to get compromised. Many of those ways are entirely out of your control. It is standard practice for attackers to attempt to use that password and username / email on other services when this happens, just so that they can see what else they can get into.

    Don't let that work.

  • InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)SH
    ShadowPouncer @kbin.social
    Posts 0
    Comments 24