Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

bamboo

@bamboo@lemmy.blahaj.zone

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bamboo ,

Are you saying that your LGBT group has different pronoun badges? I feel like you have to post your group's for a pronoun badge off contest.

bamboo ,

I’m definitely never logging in to a Google service while using Firefox.

Could you elaborate on this? Why not use Firefox for logging into Gmail, Youtube, etc

bamboo ,

Unless it's literally no effort to maintain extensions that use both, a large portion of maintainers will develop what has the largest market share. Sure for uBlock Origin, there's enough momentum to maintain a v2 version for Firefox, but for a new extension with one developer, it's unlikely that they'd make two versions.

Either this backfires, and Firefox ends up having the better extensions using v2 manifest, or new extensions will be developed with the limitations of v3 and Firefox users will have an unnecessarily neutered experience as Chrome users.

bamboo ,

A4 is 17.6mm longer than an 8.5x11" sheet of paper.

And when do you ever need the feature to fold an A4 sheet into A5?

https://www.youtube.com/watch?v=pUF5esTscZI

bamboo ,

This is why they added non removable batteries in the Gameboy Advance SP and ever since.

bamboo ,

oh lawdosis he comin

As a side note, I’m sorry for your pain

bamboo ,

This argument implies there's an easy way for you to perform the reproducible builds on iOS, but it's quite involved and requires a jailbroken iPhone. Overall this is more a limitation of apple and not signal.

Even if you were able to perform a reproducible build of Signal on a jailbroken iPhone, there's no way to confirm that the stock iOS Signal app will match, or has a backdoor that got added in a supply chain attack that only is delivered to non jailbroken phones. You could use a jailbroken iOS device, but then it could be lagging behind updates and be even more vulnerable from zero days.

The real pressure here should be on Apple to provide a way to verify a build of an open source app matches what is being installed via the app store, but for some reason this is being framed as a Signal issue, which is disingenuous.

bamboo , (edited )

Why use JustWatch.com when you can follow this guide to know where to watch King Kong vs. Godzilla (1962)

bamboo ,

Exactly, with Nintendo's existing IP and old gamers dying, they need a way to get younger generation exposed to what kids in the 80s and 90s grew up with and make sure that it's plastered on all the streaming websites to get maximum exposure.

bamboo ,

What is the 5th flag?

bamboo ,

I too just listened to this episode of Decoder Ring

bamboo ,

Not having reproducible builds is definitely weird though. Does anybody have more information on that?

They boast this as a feature, but on the instructions for how to do this for iOS, even Telegram admits "As things stand now, you'll need a jailbroken device, at least 1,5 hours and approximately 90GB of free space to properly set up a virtual machine for the verification process". Browsing the steps, it's extremely complex, and doesn't seem like something that is very user friendly and that you'd do weekly or monthly when a new version is released.

On the GitHub issue linked to in the body, it's disingenuous to claim they refused to implement this, and that the technical hurdles Apple has in place make this extremely difficult which halted progress. In the community forums where the conversation was moved to, someone pointed out that even if you were to reproduce it on a jailbroken iPhone, that there's no way to confirm that non-jailbroken iPhones aren't receiving a version with a backdoor.

And even if you are using a jailbroken device exclusively and can confirm the reproducibility of the iOS app, then the risk becomes the latest available jailbroken iOS could be outdated from the real versions, and you'd have other issues with not receiving timely security updates. This same issue applies to Telegram also.

bamboo ,

What's wrong with Authy?

bamboo ,

Say what you will about Apple, they are masters of spinning their shortcomings as groundbreaking achievements. When they refused to unlock the iPhone of the san bernardino terrorist attack, it was framed as an act of preserving user privacy, but brushed over how willing they were to hand over the iCloud backups if the police would have brought the iPhone to a known WiFi network for the backup to be uploaded.

bamboo ,

No need to guess, it's all outlined in the bill:

  1. ByteDance has 270 days (+90 days at president discretion) to divest of TikTok and sell to an entity not affiliated with an "adversary country" (China, Iran, Russia, N. Korea).
  2. If they don't sell, hosting providers of TikTok application (servers, storage, app store, etc) will be fined up to $500 times the number of users in the US if they continue to host the application

So basically, the law will impose a fine of US hosting providers of the app. If the app moves all services overseas to foreign entities, then the app presumably will continue to work even if banned if already installed (plus the website if hosted overseas).

ISPs and search engines are explicitly exempt from the bill so there is no mechanism to ban connections to TilTok servers or links to TikTok.

bamboo ,

Does is specify ISP blocking directly in the bill?? It was my understanding that it would just prevent US based app stores (Apple, Google) from distributing the app in their stores.

I'm not even sure how ISP blocking would work, unless it was to just blackhole DNS queries to tiktok.com. Having attempted to block DNS lookups for TikTok on my own home router via PiHole, I can say that the app either hard codes IP addresses, or resolves DNS over HTTPS independently of the system DNS settings, so I doubt a DNS based ISP block would be feasible.

bamboo ,

Right they define internet hosting service as:

(5) INTERNET HOSTING SERVICE.—The term “internet hosting service” means a service through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of 1 or more websites or online services, and which may include file hosting, domain name server hosting, cloud hosting, and virtual private server hosting.

So this would prevent a US organization like AWS, Oracle, etc from hosting the TikTok user data as long as TikTok is owned or a subsidiary of ByteDance or another "foreign adversary".

Elsewhere in the text, they exclude "service providers" from restrictions, so it seems like ISPs are not going to block requests to TikTok.

bamboo ,

What happened on July 10th, 2023?

Obligatory XKCD

bamboo ,

If ByteDance doesn't divest of TikTok 9 months, then it will be blocked from being distributed from App Stores. Nothing will be blocked before the election, so it's not really something which will affect the typical voter who isn't following the news, causing them to change their vote.

bamboo ,

Not who you were replying to, and not an interview, but here's an NPR article that explains that the content-recommendation algorithms would be difficult to sell

Chinese officials have placed content-recommendation algorithms on what is known as an export-control list, meaning the government has additional say over how the technology is ever sold.

bamboo ,

Seriously, going through these comments, it's clear most people didn't read the article or didn't learn how calendars work in school (or are part of the Russian Internet Research Agency and trying to sow doubt in Biden).

Based on the timeline, it's clear the intention wasn't to protect against the 2024 election, since the potential ban would go in place after the election happens.

bamboo ,

Clearly yes, as this post outlines, these candidates weren't smart enough to use ChatGPT

bamboo ,

Jesus, that is horrible.

State legislators from the area passed a law allowing Schlitterbahn to self-inspect its attractions without state oversight as it did in Texas, unlike all other amusement parks in Kansas, which were subject to state inspection.

Verrückt permanently closed in 2016 following a fatal incident involving the decapitation of Caleb Schwab, the 10-year-old son of Kansas state legislator Scott Schwab.

bamboo ,

If you wrap the TV in tinfoil, it'll be a faraday cage and block all WiFi

bamboo ,

"Ok Bob, we're going to build a runway, it needs to be 3,962,000 mm long"

bamboo ,

Still this requires different directories for the hardlinks to be in the filesystem, and there's not an easy way given a file to list all "labels" that file has, without checking other directories for files with the same inode.

bamboo ,

Spiderman 2: https://youtu.be/R0sTSUitYsQ?t=142

bamboo ,

Just when I thought Facebook couldn't go any lower.

bamboo ,

De Blasio: ‘Well, Well, Well, Not So Easy To Find A Mayor That Doesn’t Suck Shit, Huh?’

bamboo ,

Buy high, sell low

bamboo ,

Oh, so buy, buy lower, buy higher? That's the strategy? I guess someone's gotta be on the bottom of the pyramid.

bamboo ,

I've never encountered a site which had an allow list of domain names. The hardest thing about self hosting an email server is most home ISPs will block SMTP as it's a source of spam. Usually this requires business level ISP or an SMTP relay, both which aren't usually free from what you're already paying for home internet.

bamboo ,

That's not an allowlist though, SimpleLogin was on a denylist, possible because of high rates of spam. An allow list would be if they only allowed @gmail.com for example. If you have your own domain and set it up to use Proton Mail, you shouldn't have any problems.

bamboo ,

She's in between Kate Lefton and Kate Righton

bamboo ,

This is so much better. Who would have guessed there'd be multiple famous Kate <direction>ton names

bamboo ,

Apple always does that. After iAds failed, they pivoted into advertising a privacy focused ad campaign to counter Google. Had iAds succeeded, they'd be perfectly fine into getting into that business.

YouTube Music team laid off by Google while workers testified to Austin City Council about working conditions (www.businessinsider.com)

YouTube Music team laid off by Google while workers testified to Austin City Council about working conditions::Some workers learned of the YouTube Music layoffs while testifying to the Austin city council about Google's refusal to negotiate with the union.

bamboo ,

Having moved onto a team in my company with Cognizant contractors, I can kinda understand Google not renewing the contract. In my experience, half of the PRs needed to be redone because of poor quality.

bamboo ,

If the Empire State Building had to adhear to parking regulations, the surrounding 15 blocks would have to be allocated for parking: https://www.cnu.org/publicsquare/2023/05/19/what-if-empire-state-building-met-typical-parking-requirements

bamboo ,

c/unexpectedbillwurtz

[Thread, post or comment was deleted by the author]

    •
    bamboo ,

    You may have just corrected a misconception my High School physics teacher told us that I haven't thought about since, but had been carrying in my head. Thanks!

    bamboo ,

    NO, this is Monopoly, not Life

    bamboo ,

    It better be the same because WhatsApp uses the Signal encryption protocol!

    bamboo ,

    If you get a new phone and don't import anything from your existing phone, then messages you receive will be unable to be decrypted. Since WhatsApp uses the Signal encryption protocol, it's fairly detailed how receiving a message which can't be decrypted can start an initialization to the sender to retry sending the messages: https://signal.org/docs/specifications/sesame/#retry-requests-and-delivery-receipts

    The signal app will prompt you when a contact's public key is updated, but IIRC, by default Whatsapp will not do this, and it will automatically happen under the hood, which is why it appears like magic.

    bamboo ,

    Sounds like you used Whatsapp pre Signal which happened in 2016: https://signal.org/blog/whatsapp-complete/

    With regard to private key, for backups, this relies on the HSM in Apple and Android devices, so the private key is engineered to never be accessible by Facebook. Here's how they say they use the HSM to encrypt the backups: https://engineering.fb.com/2021/09/10/security/whatsapp-e2ee-backups/

    There's no way to be 100% certain, but if Whatsapp were found to have access to the private keys, it would be huge damaging news, so why would they risk it? Security researchers can watch the traffic going to/from the app and the OS APIs being called, and can see the HSM being invoked. Despite it being closed source, that doesn't mean it's less secure and there's no one verifying the security claims.

    bamboo ,

    Out of curiosity, what's the benefit of Google Pay for you over Venmo or Zelle?

    bamboo ,

    the symmetric ratchet, protects older messages in a conversation to achieve forward secrecy. For every message, we derive a per-message encryption key from the current session key. The current session key itself is then further derived into a new session key, ratcheting the state forward. Each message key is deleted as soon as a corresponding message is decrypted, which prevents older harvested ciphertexts from being decrypted by an adversary who is able to compromise the device at a later time, and provides protection against replayed messages. This process uses 256-bit keys and intermediate values, and HKDF-SHA384 as a derivation function, which provides protection against both classical and quantum computers.

    https://security.apple.com/blog/imessage-pq3/

    [Thread, post or comment was deleted by the author]

    •
    bamboo ,

    If I weren't so lazy, I'd repost this but update with 2024 ages.

    bamboo ,

    Less $3.5k and more 3.5mm headphone jack Apple

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •