Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

sugar_in_your_tea

@sugar_in_your_tea@sh.itjust.works

Mama told me not to come.

She said, that ain’t the way to have fun.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

sugar_in_your_tea ,

Yup, as much as I like Grayjay, I'm not going to help development much because it's "source available" instead of open source. There was an annoying bug I wanted fixed, and I was willing to go set up my dev environment and track it down, but they don't seem interested in contributions, so I won't make the effort.

Likewise for WinAmp. The main benefit to it being "source available" is that I can recompile it and researchers can look for bugs. That's it. They're not going to get developers interested.

sugar_in_your_tea ,

And it's not a particularly interesting application anyway. I'd only want to hack on it for nostalgia, and if there are any barriers to doing that, I'll just use a different app.

sugar_in_your_tea ,

It might wipe it though.

sugar_in_your_tea ,

Nope.........................................

An Important Hypothetical - What Android Apps Do You Install?? (sh.itjust.works)

You're twelve years old on Thanksgiving at six thirty in the morning. You'll be leaving for Grandma's in about a half hour, and she's lives a three hour drive away, going in one direction. You have nothing to prepare yourself on this journey, other than a tablet running Android Eleven. Beware, the speaker is broken and there is...

sugar_in_your_tea ,

Libby works great in my area. Connect it to your library card and grab some ebooks.

sugar_in_your_tea ,

Easy: worse results with more ads means more searches and thus more ad impressions, therefore profit.

That'll only work for so long, but that seems to be what they're doing.

sugar_in_your_tea ,

I don't think Stallman would be proud of anything Android, and certainly not something that the user can't update outside of the manufacturer updates. Pretty much everything has a locked down BIOS, and you can't really modify the OS yourself.

I'm using a Pixel (bad) with GrapheneOS (good), so I think Stallman would be a little happier, but he'd probably still prefer something like a Pinephone, which I think has a project to open up the modem.

sugar_in_your_tea ,

I just got a Pixel 8 and I'm annoyed there's no headphone jack. I have BT headphones as well, but my nice, non-BT headphones won't work.

You can get a dongle though, so that's an option.

sugar_in_your_tea ,

Yeah, the selection kinda sucks.

I went with Pixel 8 because:

  • can be flashed with another Android OS - I went with GrapheneOS
  • 6.5 years of Android updates (no word on security updates)
  • fancy new memory tagging feature for security - maybe I'll feel confident using it after it gets updates
  • great screen
  • probably more repairable? A quick search found a battery replacement for an okay price ($50?)

But none of that is on your list. I don't care about the camera (though it does have arguably the best camera on the market), and pretty much any software can do ical/IMAP/smtptls. I don't know what "photosphere" is (again, don't care about the camera), but I'm guessing Pixel does it or something similar. It even has fun AI crap to play with (I use GrapheneOS, so I'm not getting any of that).

The only thing missing here is the 3.5mm jack, and requiring that is going to limit your options significantly. If you can budge on that (e.g. get a dongle or BT headphones), Pixel could work for you. There might even be a case that provides one, IDK.

sugar_in_your_tea ,

I have a couple in my garage because the previous owner liked carpentry, and I'll use it when I get an EV.

That's not that uncommon.

sugar_in_your_tea ,

How was the recovery process? I keep meaning to do it (we're done having kids), but we keep having trips or whatever, so excuses pile up.

How soon could I be back doing active things? I have young kids, so "active" to me means roughhousing with the kids and whatnot.

sugar_in_your_tea ,

Good advice. I've never had surgery outside of wisdom teeth removal, and other than then, I've never used anything stronger than ibuprofen. I've taken some pretty rough spills, so I think I have a high pain tolerance, but I don't know for sure.

sugar_in_your_tea ,

I think the @google or whatever shortcut would be more likely to work.

And yeah, rewriting URLs would probably be easier if you don't want to lose the ergonomics of !g.

sugar_in_your_tea ,

Old enough/yes please/anywhere you'd like

sugar_in_your_tea ,

Well, Flint, Michigan had a high profile water issue, so it might be guessing location based on the question.

sugar_in_your_tea ,

This is why I love Duckduckgo, I can turn off AI and ads.

sugar_in_your_tea ,

Yup, if you have to repeat your search 3 times, you're seeing 3x the ads. If you control most of the market, where are your customers going to go? Most will just deal with it and search more.

sugar_in_your_tea ,

Idk, toxic glue might do a better job, and you can make it safe by adding in some detox suppliments.

sugar_in_your_tea ,

Yup, delete your account. They can still use your past submissions, but going forward you're convered.

Linus Tech Tips (LTT) release investigation results on former accusations (x.com)

There were a series of accusations about our company last August from a former employee. Immediately following these accusations, LMG hired Roper Greyell - a large Vancouver-based law firm specializing in labor and employment law, to conduct a third-party investigation. Their website describes them as “one of the largest...

sugar_in_your_tea ,

The only issue I see is the implication that if they leave a negative review, they won't get free stuff anymore. So if the reviewer is honest and willing to buy the products they review, I don't see an issue with accepting random free stuff in exchange for taking the effort to review it.

That said, GN's policy is great too, they buy the stuff they review so there are no conflicts of interest.

sugar_in_your_tea ,

1password did not get hacked.

The LastPass hack was caused by a Sr. DevOPs not practicing secure OPs at home (was running a very old version of Plex). It didn't attack the technology stack itself, it attacked one of the employees. User passwords were encrypted, so attackers would need to break that encryption to access stored passwords.

You missed the Okta breach, which impacted support customers, but also didn't expose stored passwords.

Bitwarden hasn't been hacked, and the closest I've heard of is this security research, but that's using a feature that's disabled by default, requires using a keyboard shortcut, and doesn't work on all sites anyway. Yet they patched very quickly anyway.

I personally trust Bitwarden. They have acted professionally at every turn, and I can self-host if I choose. I don't trust LastPass or Okta (though I need to use Okta for work), and I don't particularly trust 1password despite them not being breached because their product is not FOSS. Chrome is a big product with lots of breaches every day, so I'd really prefer to not have my passwords stored by the same software stack as a massive hacking target. Bitwarden has separate desktop apps, so I can completely separate my data if I so choose.

sugar_in_your_tea ,

Here are fewer words: 1password didn't get hacked (you claimed they did), LastPass didn't expose user passwords.

sugar_in_your_tea ,

I'm the same way, I use Bitwarden myself.

sugar_in_your_tea ,

Lastpass exposed encrypted passwords in 2022

Yes, that's bad, but attackers would still need to break the encryption. Nobody does that, except maybe state level actors, and if you're worried about that, you wouldn't use commodity password managers.

1Password app had a bug where it didn't clear master password after logof

I think you're talking about this study:

On the negative side, the master password remains in memory when unlocked (albeit in obfuscated form) and the software fails to scrub the obfuscated password memory region sufficiently when transitioning from the unlocked to the locked state. We also found a bug where, under certain user actions, the master password can be left in memory in cleartext even while locked.

To exploit this, the attacker would need access to the memory of the device and know how to find the password in memory. It's certainly not ideal, but it's also not very exploitable.

The newer version is worse in this regard, but it still requires that relatively advanced exploit.

In the conclusion:

However, each password manager fails in implementing proper secrets sanitization for various reasons.

This isn't unique to 1Password, it's probably common across password managers. Unfortunately BitWarden wasn't part of this research because I'm interested to know how it fairs here.

That said, I don't use or recommend either LastPass or 1Password because they're not FOSS, I just don't like FUD. I use and recommend Bitwarden because it's audited, FOSS, and competitively priced.

sugar_in_your_tea ,

I honestly don't like passkeys, at least how they currently work. It seems the intent is to replace MFA with just one factor. I prefer 2FA with TOTP separate from my password manager, which means an attacker would need to exploit both to access my accounts.

That said, it's a sticking point for many people, so I hope Bitwarden gets it soon. I just probably won't use it.

sugar_in_your_tea ,

Idk, S. Korea's chaebols actively reduce competition. So be careful who you want to provide that competition...

sugar_in_your_tea ,

Requirements exist. It's just that device manufacturers don't seem to care.

I think it's more reasonable to look at Linux phones than GrapheneOS supporting anything beyond Pixels. I was hoping to get a Linux phone this time around, but they just don't support the basic features well enough. Hopefully my next phone will be a Linux phone, but we'll see.

Giving into Google hardware to escape Google software is a step I don’t want to take

Yeah, it's annoying. However, it's important to note that Google is generally really good about security, so it's not a surprise that their phones have a lot of cool security features.

I also didn't want to give Google money, so I bought a used Pixel and saved a ton of money. I got a Pixel 8 in like-new condition for <$400 on eBay after a big discount from an eBay sale, and I can expect 6+ years of updates (not just security updates, but OS updates). I'm really enjoying GrapheneOS so far. I guess I tangentially helped them, but at least my dollars_ didn't go to Google.

That said, CalyxOS and DivestOS are also fine projects, and I seriously considered using them instead.

sugar_in_your_tea ,

Yup, I've been on the fence about buying one since the launch of the OG Pinephone. But I kept waiting until the software support for the things I need arrived (MMS and decent battery life), and that still seems to be unresolved.

I will hopefully have time to hack on it sometime in the next year or two, so I'll probably get one eventually. Then again, maybe I'll just ignore the problem until they release an update or something (would be awesome to get a new SOC with better power saving features).

sugar_in_your_tea ,

The benefit is that I could block apps installed to one profile from using my data (i.e. wifi only), while allow apps on the other to use it. I could install something like NetGuard, but I also use a VPN, and it's one or the other with that IIRC (at least on my old phone, I can only use one VPN at a time).

sugar_in_your_tea ,

Maybe I'll try to hack one in, how hard could it be? 😅

sugar_in_your_tea ,

Thanks, I'll check it out!

I'm with Tello, which has no international calls or data, and my wife is with Mint, which has a prepaid (really expensive) option for small amounts of credit. We're planning to go to Canada for a day or two, and I was planning on (ab)using the 7-day trial.

I plan to do other international trips, and getting Fi for a month or so each time was the plan. But if they suck, maybe I'll try something else for this trip.

Airalo looks decent ($6 for 1GB in Canada is reasonable). Thanks for the tip!

sugar_in_your_tea ,

possible to have different profiles

That's possible on most recent-ish Android phones, at least it was on my Moto G from 2020 running Android 11. To activate, you need to go to Settings > System > Multiple Users (may need to enable developer access first, not sure).

That allows you to have multiple logins on your phone, and you can switch between them.

What GrapheneOS adds is that you can have Google Play services sandboxed (no privileged access, it works like any other app) per profile. So my main profile has no Google Play services, and my "work" profile has Google Play services with only the handful of apps I need for work (MFA, work chat, etc). When you're in one profile, you have no access to anything from the other profile, though you have access to system stuff like wifi networks and SIM cards (e.g. you can make/receive calls from all profiles).

It's that sandboxing that I am most interested in. I rarely use apps from Google Play, but I do need them occasionally, so i separate them by concern. I'm probably going to end up with a "personal" profile for all of the Google Play apps that I need periodically.

sugar_in_your_tea ,

I want to route the data we use during our 1-2 day trip through Google servers, yes. It'll be on a fresh number, and then cancelled promptly after our trip, and it'll be a hotspot just for the trip so my wife can communicate w/ her friends. It'll also be used for any incidental calls we may need while there. I usually don't bother and just use wifi calling as needed, but I saw the free 7-day trial and was interested.

That said, someone else mentioned some inexpensive alternatives ranging from $3-6 (airelo, I also found these), so I'll probably just go that route instead. Most no-contract services I've found require buying international credit, so that would be $20+ just for the trip, and that seems a bit ridiculous. I'm willing to pay about $5 for data for the trip, I'm not willing to pay $20+.

sugar_in_your_tea ,

I meant it more tongue-in-cheek :)

My threat model isn't such that I need it, it's just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It's a bit tedious, but I can do the following:

  1. disable network on sensitive apps
  2. disable NetGuard and enable other VPN
  3. finish what I was doing
  4. undo step 2
  5. undo step 1

I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.

sugar_in_your_tea ,

Right, but the point is that this is about de-Googling, and the video wast posted to a Google-owned site by someone who makes their livelihood from Google.

Piped and similar services are cool, it's just a weird conflict of interest.

sugar_in_your_tea ,

If all this engagement slop went out of business tomorrow, my life wouldn’t change lol

Your life would probably improve.

sugar_in_your_tea ,

Or just... install an ad-blocker. With Container Tabs on Firefox, YouTube doesn't associate those links with me (at least not through my Google Account), and I don't see ads with my ad-blocker.

No need for using random websites that may just be stealing my data a different way. I'm happy to watch on YouTube, I'm just won't watch the ads or opt-in to tracking.

sugar_in_your_tea ,

But YouTube links auto-open, which is why I post YouTube links. I suppose I could figure out how to associate all these random sites (Piped, Freetube, probably others) with YouTube, but surely URL redirectors work better when using the original source URLs instead of a laundry list of different URLs.

On Lemmy, we have the Piped bot, so the inconvenience for those who don't have those URL redirects configured is to go to the comments and click a link.

sugar_in_your_tea ,

Thanks, I'll check it out. :) That should do nicely.

sugar_in_your_tea ,

Ah, okay, thanks for the clarification. I've never used it, just seen it mentioned here.

Regardless, I think it would be easier to use YouTube links instead of Piped links for redirecting links to it. Then again, I don't have experience with it, only with Android YouTube alternatives like NewPipe and Grayjay.

sugar_in_your_tea ,

Is it though? How likely is someone who watches that video to actually degoogle? He uses windows almost exclusively (Microsoft tracks you), shows benchmarks from games with DRM, recommends products that track you (e.g. Meta headsets), etc.

I'm not saying it's bad that he's doing it, I'm just saying it's ineffective. How many of these products does he actually use? Why should I trust his recommendations if he's not actually living a degoogled life?

I see it as lipservice for views, that's it. If he was really serious about it, I think he'd make his videos available on other services (and not just floatplane, that's a money grab).

I trust Louis Rossmann far more, because he:

  • uses the products he recommends
  • fights for real, legal change related to privacy
  • makes his videos available on Odyssee

That last one is a little self-serving because he's pushing his app Grayjay, but paying for the app is optional and no features are locked behind paying.

So I'm not gong ri applaud LTT for making this video. The intent is to drive clicks and ad revenue. I don't think that's bad, I just don't think it's worthy of commendation. If you want a better mainstream channel for this, check out Naomi Brockwell. She's quite pleasant to listen to and covers far more than LTT or Louis Rossmann ever would.

sugar_in_your_tea ,

My new phone doesn't seem to have the rotate issue, so the biggest annoyance for me now is the lack of channel playlists (i.e. go to a YouTube channel and see their curated playlists). I don't need that to pay though, so I'll probably go pay soon.

And yeah, it's a great app. I still need NewPipe though.

sugar_in_your_tea ,

I showed the other two since they're popular, and what others would be comparing against. Firefox (on my machines) is more compact than them. So it's not like Firefox is especially wasteful here. One has worse floating tabs, and the other has worse non-floating tabs. So it could be way worse.

Removing all the space would make it super cramped, and I don't think it's worth it for 10-20px. On a typical 1080p screen, that's like 1-2% of the vertical resolution.

That said, it should be configurable. You can probably get what you want with the userChrome.css or whatever it's called.

sugar_in_your_tea ,

They have other things to consider as well, such as accessibility. You can't just eliminate all whitespace without consequences.

I do agree it should be easily configurable, but my point is that they're better than pretty much every competitor, so I'm satisfied.

sugar_in_your_tea ,

If they go back to non-floating tabs, you'd save like 2-3px per my screenshots. You seem to want more than that, and that's where the accessibility issues come up.

sugar_in_your_tea ,

Yup, and I'm guessing LLMs use Markov chains, which are also a really old concept (the idea is >100 years old, and it's used in compression algorithms like LZMA).

sugar_in_your_tea ,

Blackboard, but I guess it's just a dry-erase with black background instead of white.

I mistook it for this other thing or this thing my wife got before with these liquid chalk markers. The dry-erase blackboard is on our fridge, and this one is on our wall near our fridge.

sugar_in_your_tea ,

I don't think people who uploaded pictures on Facebook consider that making it available for personal use.

Then they shouldn't have uploaded it to Facebook and made it publicly accessible.

Just because something is made illegal doesn't make it actively pursued, it just makes it so if someone gets caught doing it or gets reported doing it they can be stopped.

It's the next logical step for the pearl clutchers and amounts to "thought crime."

These people aren't doing anything to my children, they're making their own images from images they have a right to use. It's super creepy and I'd probably pick a fight with them if I found out, but I don't think it should be illegal if there's no victim.

The geek squad worker could still report these people, and it would be the prosecution's job to prove that they were acquired or created in an illegal way.

Do you think it's okay for someone to have real csam?

No, because that increases demand for child abuse. Those pictures are created by abuse of children, and having getting access to them encourages for child abuse to produce more content.

Possession itself isn't the problem, the problem is how they're produced.

I feel similarly about recreational drugs. Buying from dealers is bad because it encourages snuggling and everything related to it. I have no problem with weed or whatever, I have problems with the cartels. At least with drugs there's a simple solution: legalize it. I likewise want a legal avenue for these people who would otherwise participate in child abuse to not abuse children. Them looking at creepy AI content generated from pictures of my child doesn't hurt my child, just don't share those images or otherwise let me know about it.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •