irotsoma

irotsoma , 4 days ago

Edge and Chrome are basically very similar at this point. Firefox is my browser of choice these days. It's not perfect, but at least it isn't anti-adblocking and doesn't freak out when I block 8.8.8.8 like Chrome and the Google devices in my house. I'm moving away from Google as they move away from not being evil. Moving to self hosted stuff as much as I can for photos, email, file storage, and soon, home automation.

irotsoma , 6 days ago

Looks like you got phished. Doubt that was the real bank site. Suggest you change your passwords if you logged in to that site, too.

irotsoma , 5 days ago

Oh totally. But they don't sync that information "immediately". Nor would they ever want to because then the user would know that's where the information came from.

irotsoma , 7 days ago

In my opinion, the difference with Google is that Google is actively using your data and you're giving them a lot of it. For Cloudflare, what do they have exactly? Depends on what services you use, but really all they get from me is the list of servers that connect to my domains. Google does that too if you use 8.8.8.8, or if you have any of their hardware that overrides router DNS settings like Chromecast and Google TV.

irotsoma , 7 days ago

I'm slowly moving away to open source, self-hosted applications where possible. Changed search to a combination of Gibiru and Yep. Email to a mailcow server I host on a vps, and I'm moving photos to an Immich server I'm setting up. Home Automation is next, I have a Raspberry Pi 5 to act as the Home Assistant server. And a few other projects in the works to split from Google as much as I can and mostly it is all better.

irotsoma , 8 days ago

I mean it depends on the intensity of the surge, but basically you'd be making it so your PSU is unable to protect the devices from surges. The more sensitive the electronics, the more critical the ground is and CPUs are pretty darned sensitive among other things. And depending on the type of components in the PSU, "surges" also include things like inrush current. Basically, when you turn on a transformer or certain other devices, there is a surge of sometimes as much as 10 times the rated current to create the initial magnetic flux. Depending on the components, this excess energy may end up getting shunted to the ground to avoid pushing it through your electronics. So if it can't do that, you likely will blow fuses a lot when switching the power on (hopefully there are fuses), or if you're touching the case which is supposed to be grounded, you may end up getting that jolt.

Anyway, without grounded outlets, and especially if your electronics are cheaply made because many expect there to be grounding and don't build in extra components to deal with not having a ground, you are likely to significantly reduce the life of your electronics, your life, or start a fire without even considering major surges. If you have a high-end PSU, you may never have a problem until that surge happens. How stable is your power? Because even a normally small surge combined with a cheap PSU, and no ground, is pretty likely to end up in damage to electronics at the best case.

irotsoma , 10 days ago

Because computers have come even close to needing more than 16 exabytes of memory for anything. And how many applications need to do basic mathematical operations on numbers greater than 2^64. Most applications haven't even exceeded the need for 32 bit operations, so really the push to 64bit was primarily to appease more than 4GB of memory without slow workarounds.

irotsoma , 10 days ago

Automate as much as possible. I rsync to both an online and home NAS for all of my hosted stuff, both at home and in the cloud. Updates for the OS and low level libraries are automated. The other updates are generally manual, that allows me to set aside time for fixing problems that updates might cause while still getting most of the critical security updates. And my update schedules are generally during the day, so that if something doesn't restart properly, I can fix it.

Also, whenever possible I assume a fair amount of time for updates, far beyond what it should actually take. That way I won't be rushed to fix the problem and end up having to revert to a backup and find time later to redo it. Then most of the time I have extra time for analyzing stats to see if I can improve performance or save money with optimizations.

I've never had a remote provider just suddenly vanish though I use fairly well known hosts. And as for local hardware, I just have to do without until I can buy a replacement. Or if it's going to be some time, I do have old hardware that I could set up as a makeshift, temporary replacement like old desktop computers and some hardware that I use for experimenting like my Le Potato that isn't powerful enough for much, but ok for the short term.

And finally I've been moving to more container-based setups that are easier to get up and running again. I've been experimenting with Nomad, Docker Swarm, K3s, etc., along with Traefik and some other reverse proxies so o can keep the workers air-gapped for security.

irotsoma , 16 days ago

Yes, this is exactly what it's for, as well as Winnie the Pooh in China, LGBTQ+ materials in Florida, or any other ridiculous laws. As fascism is taking over many countries, including the US, UK, and other Western countries, they are pressuring content storing companies to add backdoors to allow hunting down dissidents.

Oh, and also this is a way to allow selling the content to train AI since it's less obvious that it is allowed with this kind of vague wording.

irotsoma , 19 days ago

Yeah, I've been having a lot of issues with Electron which is basically a browser emulator. It has gotten huge, so applications using it have gotten out of control in size. I get that it's a quick way to build a cross platform application, but there really needs to either be a better way to distribute it that is more modular, or people need to start building on better cross platform front-end systems.

irotsoma , 19 days ago

Yeah, I had to move away from Arch Linux because lots of apps you have to build and Electron was one of the biggest culprits for using tons of disk space and time because it builds Chromium in its entirety from source. Electron is a great way to shift the cost of cross platform development from you to your customers.

irotsoma , 21 days ago

"A New Stereophonic Sound Spectacular"

irotsoma , 1 month ago

Yeah, very limited, but it's very good for more than half of the population that don't have enough deductions to exceed the standard and don't own property (if you properly count houseless "households" that earn income as not owning property and not just renters like most statistics). It's dumb that they have to file a return anyway just to acres money that never should have been collected. Most just don't know how to properly file their W-4 to not have taxes withheld in the first place. Mostly because they follow the directions and/or are afraid of paying a fine plus interest.

Anyway, it's a step in the right direction. And if we can unbury all of the staff out of the pile of paper returns, we can devote some to go after the rich and their frivolous, often fraudulent deductions and have them pay the tax they owe.

irotsoma , 1 month ago

But it hasn't always been free to file electronically. The government made it required for them to offer free versions for simple returns, but that was recent.

Also, access to the Internet isn't universal. You'd be surprised how much of the US doesn't have affordable Internet and a fair number don't have Internet available at all, or limited to just dialup which is not very useful. And a lot of apps don't work right on phone browsers, especially older phones, so then you need a desktop or laptop which a lot of people don't have. Some have access in libraries, but a lot don't or traveling to a library is a burden. And lots of other reasons that internet isn't a given for a large portion of households. So paper is still not just necessary, but the easiest way.

irotsoma , 1 month ago

I self host a lot, but I host a lot on cheap VPS's, mostly, in addition to the few services on local hardware.

However, these also don't take into account the amount of time and money to maintain these networks and equipment. Residential electricity isn't cheap; internet access isn't cheap, especially if you have to get business class Internet to get upload speeds over 10 or 15 mbps or to avoid TOS breaches of running what they consider commercial services even if it's just for you, mostly because of of cable company monopolies; cooling the hardware, especially if you live in a hotter climate, isn't cheap; and maintaining the hardware and OS, upgrades, offsite backups for disaster recovery, and all of the other costs. For me, VPS's work, but for others maintaining the OS and software is too much time to put in. And just figuring out what software to host and then how to set it up and properly secure it takes a ton of time.

irotsoma , 1 month ago

It seems it's not so much they stole the domain, it's that they are using the same name with a different top-level domain. This is a common shady practice in malware. Most people can't afford to purchase every TLD or their domain and so just pick one or two. Problem is that search engines will find the bad TLDs and suggest them over the real TLD if the malware providers do proper SEO manipulation. A FOSS author is unlikely to be able to or afford the time and effort it takes to manipulate search results and most popular search engines are not doing much to fix the problem, and instead relying on "AI" to reduce the costs of maintaining their search results, which does a pretty bad job, IMHO.

irotsoma , 1 month ago

Ah, thanks for clarifying. I didn't see that mentioned anywhere and the git repo is showing .io

irotsoma , 1 month ago

Food and gasoline prices have skyrocketed. Infrastructure is a mess in most of the country so it takes longer and longer to get anywhere at peak times. Companies have cut costs in offices so they're just crowded and full of distraction and germs. So yeah, lots of time and money is saved by working from home.

irotsoma , 1 month ago

That electric bill, though. 🤣

irotsoma , 3 months ago

Not related to the article itself, but I'm curious why use of archive.is has become so popular around here considering that they refuse to provide DNS replies without edns personal information attached? I'm not familiar with the politics involved, but a lot of DNS providers are getting blocked by archive.is for not providing that info, including my own home DNS server and cloud flare 1.1.1.1 and many others, so I'm surprised to see it gaining popularity on Lemmy.

irotsoma , 3 months ago

Firefox won't for much longer. Or at least not without significant spyware installed. I'm hoping it gets forked before the new CEO can do too much damage. Sucks that it will split the community with such a small user base already. But I guess that's the point.

irotsoma , 3 months ago

Librewolf on desktop/laptop for now. Blocking Mozilla telemetry for now and sticking with Firefox for Android until a better option comes around.

irotsoma , 3 months ago

I don't like passkeys yet because they're implemented poorly on most platforms, IMHO, because they replace two factors with one. Some don't let you also turn on two factor auth at all which is dumb, but the ones that do then often only have options that use your device as a factor either through text or email. So if the passkey is your phone and you add text messages as the 2 factor option, that's still your phone. Or if your passkey is your laptop and you're logged into your email on the laptop, it's just one.

irotsoma , 3 months ago

Problem is that if the factor is not authenticated by the server, it doesn't count. Not saying it's not helpful, but it's not part of the consideration when designing the security of the system.

The device can be attacked for an indefinite time and the server knows nothing about that. Or the device can disable that additional security either knowingly or maliciously and the server has no knowledge of that breach. So it's still a single factor, "something you have" to the perspective of the server when considered security.

I've worked with healthcare data for decades and am currently a software architect, so while it's not my specialty directly, it is something I've had to deal with a lot.

irotsoma , 3 months ago

But authentication to access the passkey is on a remote device. So the server doesn't have any information about if or how authentication was performed for the person to access the key. If they use a 4 digit pin or, worse, the 4 point pattern unlock, it's easy enough to brute force on most devices.

This is also why using a password manager is not two factor authentication. It is one factor on your device and one factor on the server. But no one monitors the security logs on the device to detect brute force attacks and invalidate keys. Most don't even wipe the device if the pin is being brute forced.

irotsoma , 3 months ago

I'm not saying it doesn't count as authentication, it just doesn't count as authentication to the security of the server directly. That's the device's security and configured by the user, not the server. And user devices are very prone to exploits to the point that many law enforcement agencies don't even bother asking for a password anymore to access a device.

So, let's move to a physical model as an example. Let's say you have a door. It has a very simple door handle lock. You keep your key inside a hotel safe. Sure it might be difficult to get the key if they had to enter the hotel room, cut open the safe in place, and get the key while they're standing in front of the secure door, exposed. But that's dumb. They could just as easily grab the safe out of the room and open it later where there's room for proper equipment, use a known exploit for the particular safe, or use other exploits all out of view of the door/server and at any time until the user realizes you know how to open their safe, because the door/server will never find out. Once that safe is open, you have not just the key to the door, but the key to all locks the user uses since now we only have "something you have" factors and the user uses only one device. Just like when we only had "something you know" factors and the user uses the same password everywhere.

So what does the passkey help with? It makes the lock and thus the key itself more complex. This makes it so that brute force attacks against the server are more difficult. But it doesn't solve anything that existing TOTP over text messages didn't solve, other than some complexity, and it eliminated the password (something you know) factor at the server. Something a lot of companies are already doing and we already know from experience is a bad practice. It has changed the hacking target to the device rather than the person. But still just one target, you don't need both. Sure it's better than a really bad password that's reused everywhere. But it's not better than a really good password unique to a site that's only stored in a password manager on the user's device that requires a separate master password to access (outside of MitM attacks that TOTP mitigates).

Now, what if we have a door with two locks, one that requires a code, and one that requires you to have access to a device. Now in order to attack the door, you need two factors right at the time you're standing at the door. Also, there's probably a camera at the door and someone paid to check it periodically when someone tries too many times, which isn't the case in the user's safe/device. So even if you get the key from the user, you still need to brute force the second lock efficiently or you need to implement a second exploit to get the second factor ahead of time. This is the idea of two factors at the server and the current state of things before passkeys.

irotsoma , 3 months ago

Laptops have large screens and windows software isn't designed to be data efficient. Unlimited data doesn't mean at full speed infinitely. They sell way more than they can support otherwise it would be impossible to support more than a few users at one time on a cell tower.

irotsoma , 3 months ago

Problem is that shared infrastructure shouldn't be operated for profit. But American conservatives seem to think that's the way to go. If infrastructure is shared, then there's every incentive for a business to sell even if the infrastructure can't handle it.

That being said, it's a required thing. This is why we have society in the first place. If every customer had to have their own cell infrastructure, it would be a mess and a waste. I mean you are sold unlimited bandwidth at let's say 1Gbps on 5G. There are about 1 cell tower node for every 1000 people in the US across the country. If we build enough infrastructure for everyone to use it at full speed each tower node would then need to be able to handle 1,000Gbps. That's just not possible with current technology. So should we build one tower node per person plus all of the cabling and routers to handle that much traffic? Does everyone really need to be able to download a gigabit of data every second of every day? What would you do with that data?

What internet infrastructure is designed for is peaks of up to that speed for short bursts. Not sustained speeds. And then sharing that infrastructure. Just like if everyone were to turn on their water at the same time, no one would get more than a drip, but does that ever actually happen in real usage?

The difference is that water infrastructure is owned collectively, so it is more equitably developed to make it available to all as equally as possible, rather than just to those who pay more for it.

irotsoma , 3 months ago

It doesn't work, for point 1 very well though. The tech is fine, but the way it's presented to users is that it's way more accurate than it actually is. That's marketing rather than a technical problem. Second, the tech is not as good at recognizing non-white people. It's just a fact that there are more pictures of white people to train the tech on since white people have historically had more access to photography among other reasons. And the models used to create most of the tech was built to favor facial traits that are more likely to differ in white people.

So, the likelihood of high probability matches is much lower so the likelihood that the highest probability match that is made is actually much lower probability of it being an actual match means the bad matches bubble to the top and get accepted as real. And these kinds of uses are more interested in a "better safe than sorry" stance and they aren't sorry about killing the wrong person, only about not killing the right one. So they're perfectly as happy killing many people that are possible matches as they are one person that's the correct match.

irotsoma , 3 months ago

I think they were fine before, because they were offering the best experience for the people who want someone else to configure things for them and make decisions on privacy, security, etc., for them. Problem now is that they no longer offer much in the way of brand new user experiences that no one else offers, and additionally they don't prioritize the user's privacy and convenience and prioritize how much money they can make with the centralized user information they control and don't allow the user to make decisions on their own privacy and security.

irotsoma , 3 months ago

Which one? There are several. I personally like Cinnamon for a Windows-like experience since I have to switch back and forth to windows for work. And Plasma quite attractive if looks matter more.

irotsoma , 3 months ago

You don't need Windows to use a computer. There are tons of flavors of Linux among other options. There are plenty of manufacturers who sell Linux boxes and you can always build your own. Microsoft just pays a lot of manufacturers to bundle Windows in the cost, but not all.

irotsoma , 3 months ago

That will never work either. They'll just transfer it to a subsidiary towards the end and then shut down the company. Then there's no one to enforce the law on.

irotsoma , 3 months ago

It's common to block an IP if the majority of traffic from that IP is not the kind of traffic you want.

Why do you need a VPN to access it? If you're protecting privacy, VPNs don't block browser-based tracking, only obfuscate where you're connecting from or preventing man in the middle type attacks from your ISP, but usually that can be better avoided simply by using secure DNS technology. Only other thing is hiding what sites you're connecting to from your ISP. If you can't change ISPs, that can be worked around by setting up a trusted, cheap VPS or something as your VPN exit point so you have your own IP address.

irotsoma , 3 months ago

Hire a tiny spider? 🤣

irotsoma , 3 months ago

Nah, lots of places try to make interviews as unbearable as possible. It's "how they judge your ability to work under pressure". Like my previous employer would fly you in seemingly with as many layovers as possible so you're exhausted by that night. Put you up in a crappy hotel and make you come in super early. Put you in a tiny room and make you stay there for about 9-10 hours of intensive back-to-back interviews with a 30 min box lunch break. Pretty similar tactics as the military. And it's not uncommon in tech.

irotsoma , 3 months ago

Nice to see a reasonably sized fine. In the US it would be like 5 million and they'd spend 10 times that fighting it in court and still not affect their profits for the month.

irotsoma , 3 months ago

Every company has started doing that. Almost every EULA now has clauses forcing you to give up your right to class action lawsuits and jury trials and to use corporate-friendly mediation instead.

irotsoma , 3 months ago

No, it's been pretty common in the last decade or so. First they added mediation clauses mostly just to scare people into using mediation instead of suing. But once they realized that courts were enforcing the clauses even though most legal experts assumed that they weren't valid since most people couldn't reasonably expected to read EULAs much less understand them and they were being added to things that people didn't reasonably expect to have complex legal implications, they realized they could put other stuff in there and have it enforced. So now there's tons of shady stuff in some of them.

Same thing as those companies that would send you a check for like a dollar that looked like it came from a legit source, but really was a marketing campaign paying that legit source for their customer lists and to put their name on it, and in the signature line on the back they'd add a bunch of text saying you agreed to sign up for some expensive service or whatever. People would cash the check without realizing what it was and then the company would sign them up for something and it was allowed for a long time even though many legal experts said it shouldn't be legally binding.

irotsoma , 4 months ago

Use it if instructed to because many people don't understand what airplane mode is.

Use it if you have 2G service still enabled on your phone as there is a very low chance of 2G interfering with certain plane components due to the higher power involved, though that is extremely unlikely, there's no benefit to leaving it on. Also, you really shouldn't have 2G enabled on any phone since it's commonly hijacked to send unsolicited text messages or enable man in the middle attacks, etc., and few providers use it anymore outside of some low density areas and other limited uses.

Use it if you have 5G, for now, since there is still research being done on whether the telecom industry is correct that the new C-band frequencies they're using won't interfere with altimeters that use close frequencies. This can especially be worrisome for low budget wireless chips that don't regulate their frequencies to spec on mass produced models. And poorly maintained altimeters that might not be well calibrated with age. The gap is small enough that it's possible that there might be some interference in real world situations.

So, for the average person, it's still worth telling them to just use it. There's no benefit to having cell service turned on during a flight. The real issue is that airplane mode should really only affect cell signals now and leave WiFi alone since planes have WiFi now and a lot of applications share between devices with WiFi, and leave Bluetooth and NFC alone since they're short range and low power and unlikely to cause issues. Just my opinion as an IT professional with electronics and wireless communication experience, but not an airplane specialist.

irotsoma , 4 months ago

Google knows what you like and these days they will take any ad because they fired all the screening staff. My ads are usually pretty average since I opt out of everything I possibly can opt out of and I use Startpage for search, so they aren't as targeted. That's one positive thing about Google. They started as a relatively ethical company for an ad company, so there's a lot of code and best practices in place for opting out of things. That is fading, but it's way better than others. Like Facebook showing ads for things I searched for a few seconds ago on Amazon and stuff like that.

irotsoma , 4 months ago

If everything you're measuring is lower than expected, you should check the calibration of the scale. Weigh 2 or 3 things you know the weight of that are at different ranges of weights, light, heavy, medium, and see if any are off. Often a scale will be accurate at only within a certain range and get progressively less accurate as the weight increases or decreases from that range.

irotsoma , 5 months ago

Yeah, I mean it totally would improve my collaboration if I, a software architect, went into a small sales office near me even though no one in my department, not even the same division of my company will be there, so I'll still be using the same communication tools.

Plus the pay cut I'll be taking by having to pay for another car, gas, and downtown parking. None of which the company will cover. And the building is only open from 7:30 to 5 Pacific Time, but all my meetings are Eastern Time, so I'll be missing morning meetings while I commute and wait for the building to open, and I sure as heck won't be bringing my laptop home, so they get that many hours out of me and no weekends.

Yep everyone benefits.

irotsoma , 5 months ago

Because we'd lose our jobs long before voting on a union. No way they'd care about the very tiny risk of very tiny fines as opposed to the huge cuts in wages to IT workers that have been made over the last decade and continue to be made.

irotsoma , 5 months ago

This won't work for high-speed vehicles, though. Not yet anyway. So it might be good for bicycles and wheelchairs and such. But the tires of cars and trucks generate a ton of heat from friction at high speed. And that friction is necessary for obvious reasons (traction). The high temperatures disrupt the "memory" of theses. So either they need to be made of materials that can work at higher temperatures which usually means they need to be manufactured at high temperatures that the manufacturing machinery then needs to be designed to operate at by making it from materials that operate at higher temperatures which means manufacturing that at higher temperatures and so on, or the need to make highly efficient insulation and traction layers that are thin enough that they don't affect the ability of the tire to deform and reform its shape.

irotsoma , 5 months ago

I wish people would just abandon X. Nitter was just extending the inevitable. They don't want any of us, only fascists. Let them have their own place and leave the rest of us out of it. Better for law enforcement if all the wannabe terrorists are all in one place anyway.

irotsoma , 5 months ago

The problem is that these LLMs are built with the wrong driving motivator. They're driven to find one right way whereas the reality is that there is rarely a single right way and computers don't need to have a single right way like humans tend towards. The LLM shouldn't be driven to be "right" in its learning model. It should be trained on known good data only as a base, and then given the other data to serve context rather than allowing that data to modify the underlying system. This is more like how biological creatures work in teaching a child to be "good" or "evil" and to know the basic things needed to survive and serve their purpose, and then the stuff they learn in adulthood serves to help them apply those base concepts to the world.