bamboo

@[email protected]

This profile is from a federated server and may be incomplete. View on remote instance

bamboo ,

This argument implies there's an easy way for you to perform the reproducible builds on iOS, but it's quite involved and requires a jailbroken iPhone. Overall this is more a limitation of apple and not signal.

Even if you were able to perform a reproducible build of Signal on a jailbroken iPhone, there's no way to confirm that the stock iOS Signal app will match, or has a backdoor that got added in a supply chain attack that only is delivered to non jailbroken phones. You could use a jailbroken iOS device, but then it could be lagging behind updates and be even more vulnerable from zero days.

The real pressure here should be on Apple to provide a way to verify a build of an open source app matches what is being installed via the app store, but for some reason this is being framed as a Signal issue, which is disingenuous.

bamboo ,

I thought $0.50 was low for this math to work out, but turns out 30 million copies of Stardew Valley have been sold, so that's $15 million, which over 60 years is $250k/year.

Still though I have no clue if $0.50 is normal take home per copy sold for a self published game (it seems low), but I'm very happy he's doing well for himself and hopes he makes more per copy sold. I've bought the game 4 times, so I'm doing my part!

bamboo ,

Alien / Aliens

Unbreakable / Split (but not Glass!)

bamboo ,

what a roller coaster ride of a video

bamboo ,

Ever since he was divorced of his luggage that one time, he's devoted his whole life to never letting that happen again.

Public personal dev accounts: opinions?

I feel like there are many devs out there who expose a lot of personal details and opinions all over the web. Maybe it's just me, but when starting out with the internet I tried my best to separate my personal details (name, age, sex, country, ethnicity, family ties, relationship status,...) from usernames in public....

bamboo ,

It feels like this needs to be managed on an instance by instance level and not post to post.

Anti-Anti-Anti Commercial-Anti-AI license

bamboo , (edited )

Why use JustWatch.com when you can follow this guide to know where to watch King Kong vs. Godzilla (1962)

bamboo ,

I thought the same thing, at most as old as the 1700s, but then realized I was thinking of emus, the flightless bird.

bamboo ,

Exactly, with Nintendo's existing IP and old gamers dying, they need a way to get younger generation exposed to what kids in the 80s and 90s grew up with and make sure that it's plastered on all the streaming websites to get maximum exposure.

bamboo ,

But setting no alarms would maximize time in bed.

bamboo ,

What is the 5th flag?

bamboo ,

I too just listened to this episode of Decoder Ring

bamboo ,

It's a device to make phone calls, but that's not important right now.

bamboo ,

Not having reproducible builds is definitely weird though. Does anybody have more information on that?

They boast this as a feature, but on the instructions for how to do this for iOS, even Telegram admits "As things stand now, you'll need a jailbroken device, at least 1,5 hours and approximately 90GB of free space to properly set up a virtual machine for the verification process". Browsing the steps, it's extremely complex, and doesn't seem like something that is very user friendly and that you'd do weekly or monthly when a new version is released.

On the GitHub issue linked to in the body, it's disingenuous to claim they refused to implement this, and that the technical hurdles Apple has in place make this extremely difficult which halted progress. In the community forums where the conversation was moved to, someone pointed out that even if you were to reproduce it on a jailbroken iPhone, that there's no way to confirm that non-jailbroken iPhones aren't receiving a version with a backdoor.

And even if you are using a jailbroken device exclusively and can confirm the reproducibility of the iOS app, then the risk becomes the latest available jailbroken iOS could be outdated from the real versions, and you'd have other issues with not receiving timely security updates. This same issue applies to Telegram also.

bamboo ,

https://youtu.be/JANcVXHqNTI

Watch Airplane!

bamboo ,

What was the scam if he was reimbursing her? Was it to generate Amazon reviews?

bamboo ,

I have the worst f***ing attorneys

bamboo ,

What's wrong with Authy?

bamboo ,

I've been on flights where they have announced to the cabin about someone with a severe nut allergy, and based on anecdotal evidence of a sample size of 3 or 4, nothing bad happened on the flight.

bamboo ,

Seriously, now that this is more widely known, it'll for sure be taken advantage of a lot, to the point AWS will begrudgingly protect their customers once the damage is done.

bamboo ,

Say what you will about Apple, they are masters of spinning their shortcomings as groundbreaking achievements. When they refused to unlock the iPhone of the san bernardino terrorist attack, it was framed as an act of preserving user privacy, but brushed over how willing they were to hand over the iCloud backups if the police would have brought the iPhone to a known WiFi network for the backup to be uploaded.

bamboo ,

I've been pretty happy with how Automattic has handled PocketCasts and the premium features feel like what you'd expect, while the main product is perfectly usable for 90% of people and use cases. I hope with their acquisition of Beeper, they continue this mindset and add premium features (extra themes, premium stickers, etc) without compromising the main app.

bamboo ,

No need to guess, it's all outlined in the bill:

  1. ByteDance has 270 days (+90 days at president discretion) to divest of TikTok and sell to an entity not affiliated with an "adversary country" (China, Iran, Russia, N. Korea).
  2. If they don't sell, hosting providers of TikTok application (servers, storage, app store, etc) will be fined up to $500 times the number of users in the US if they continue to host the application

So basically, the law will impose a fine of US hosting providers of the app. If the app moves all services overseas to foreign entities, then the app presumably will continue to work even if banned if already installed (plus the website if hosted overseas).

ISPs and search engines are explicitly exempt from the bill so there is no mechanism to ban connections to TilTok servers or links to TikTok.

bamboo ,

It's my understanding that FreeIPA can federate with Active Directory, but personally I haven't tried that myself. As for Authentik, it looks interesting but it's the first I've heard of it. I also rely on FreeIPA's certmonger implementation, so I wonder if Authentik could replace that?

Just to understand your use case, you have users in Active Directory where you want to manage SSH keys and be able to login via SSH to linux machines?

bamboo ,

This is what I've read about where users in AD can be federated to FreeIPA: https://www.freeipa.org/page/V4/One-way_trust. Not sure if this covers your use case

bamboo ,

No need to guess, it's all outlined in the bill:

  1. ByteDance has 270 days (+90 days at president discretion) to divest of TikTok and sell to an entity not affiliated with an "adversary country" (China, Iran, Russia, N. Korea).
  2. If they don't sell, hosting providers of TikTok application (servers, storage, app store, etc) will be fined up to $500 times the number of users in the US if they continue to host the application
  3. ISPs are explicitly excluded from the bill, and not considered data brokers, which is what the restrictions apply to.

So basically, the law will not require ISPs to block access to TikTok domains and IP addresses. Google search results are also explicitly excluded from the term data broker, and exempt from the restrictions. The only requirement is for app stores to stop hosting the application, so existing installations of the app (after January 2025 assuming ByteDance doesn't sell) will presumably persist and can be used, even if TikTok is banned.

bamboo ,

Does is specify ISP blocking directly in the bill?? It was my understanding that it would just prevent US based app stores (Apple, Google) from distributing the app in their stores.

I'm not even sure how ISP blocking would work, unless it was to just blackhole DNS queries to tiktok.com. Having attempted to block DNS lookups for TikTok on my own home router via PiHole, I can say that the app either hard codes IP addresses, or resolves DNS over HTTPS independently of the system DNS settings, so I doubt a DNS based ISP block would be feasible.

bamboo ,

Right they define internet hosting service as:

(5) INTERNET HOSTING SERVICE.—The term “internet hosting service” means a service through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of 1 or more websites or online services, and which may include file hosting, domain name server hosting, cloud hosting, and virtual private server hosting.

So this would prevent a US organization like AWS, Oracle, etc from hosting the TikTok user data as long as TikTok is owned or a subsidiary of ByteDance or another "foreign adversary".

Elsewhere in the text, they exclude "service providers" from restrictions, so it seems like ISPs are not going to block requests to TikTok.

bamboo ,

What happened on July 10th, 2023?

Obligatory XKCD

bamboo ,

If ByteDance doesn’t divest of TikTok 9 months, then it will be blocked from being distributed from App Stores. Nothing will be blocked before the election, so it’s not really something which will affect the typical voter who isn’t following the news, causing them to change their vote.

bamboo ,

Not who you were replying to, and not an interview, but here’s an NPR article that explains that the content-recommendation algorithms would be difficult to sell

Chinese officials have placed content-recommendation algorithms on what is known as an export-control list, meaning the government has additional say over how the technology is ever sold.

bamboo ,

Seriously, going through these comments, it’s clear most people didn’t read the article or didn’t learn how calendars work in school (or are part of the Russian Internet Research Agency and trying to sow doubt in Biden).

Based on the timeline, it’s clear the intention wasn’t to protect against the 2024 election, since the potential ban would go in place after the election happens.

bamboo ,

Wouldn’t this mean that beer would need to be 8% more dense than water for this to work out? Quickly searching online, it seems like beer is more like 1% more dense than water, depending on the type of beer, so not sure this is possible.

Would you teach your kids how to pirate?

My gf and I have had discussions about teaching morals to kids. In that vein, I asked myself, would I teach piracy to my kids? Yes, it’s technically illegal and carries inherent risks. But so does teenage sex carry the risks of teenage pregnancy, and so we have an obligation to children to teach them how to practice safe sex....

bamboo ,

Windows is banned in my household, so l’m not worried about malware.

This is a false sense of security and just because you’re not running Windows doesn’t mean you’re immune to everything and can let your defenses down. For example, KDE recently had to announce that downloading themes will execute arbitrary code and cited someone who had personal information deleted because of downloading a theme.

bamboo ,

Exactly, like how an ocean liner is a step up above a sailboat. That doesn’t mean you’re unsinkable and don’t need to worry about icebergs.

bamboo ,

how do you feel about rise of the machines after seeing judgement day?

bamboo ,

I do the same thing, and one morning, I woke before my alarm and left my phone in the bedroom to take a shower. Learned that day that my wife doesn’t know PEMDAS.

bamboo ,

Clearly yes, as this post outlines, these candidates weren’t smart enough to use ChatGPT

bamboo ,

The hostages are believed to be Santa men of military reserve age

Quick video demonstrating that lemmy.world sends every activity out twice ( i.imgur.com )

I realise this is a known issue and that lemmy.world isn’t the only instance that does this. Also, I’m aware that there are other things affecting federation. But I’m seeing some things not federate, and can’t help thinking that things would be going smoother if all the output from the biggest lemmy instance wasn’t 50%...

bamboo ,

Are you able to include the HTTP Method being called and the amount of data transferred per request? It’s possible that the first request is an OPTION request and then the second request is a POST.

If you can see the amount of data transferred, then you can have some more indication that double the requests are being sent and quantity the bandwidth impact at least.

bamboo ,

Jesus, that is horrible.

State legislators from the area passed a law allowing Schlitterbahn to self-inspect its attractions without state oversight as it did in Texas, unlike all other amusement parks in Kansas, which were subject to state inspection.

Verrückt permanently closed in 2016 following a fatal incident involving the decapitation of Caleb Schwab, the 10-year-old son of Kansas state legislator Scott Schwab.

bamboo ,

If your services are not stateless, work to make them such so you can learn about scaling in the cloud, which can even be done w/ VM-based services. how much more agility using cloud vs a DC gives you

This can’t be understated. Embracing elastic idology to remove single points of failure and decoupling stateful aspects of applications has been the biggest takeaway of being part of several migrations of services to AWS. Implementing these into your practices as you grow is a huge benefit that may is worth the cost.

Over time, if the scale you’re operating at grows, using experience/knowledge from AWS and applying it to running services in a datacenter could be beneficial. In my experience, if you have a large, consistent, asynchronous workload which you’ve maxed out on reserved instances or savings plans, it is likely cheaper to operate on your own hardware than in the cloud (or get credits from GCP or Azure to migrate services to reduce costs). This is where avoiding vendor lock-in is key.

have y’all factored in all the time/money spent on maintaining the server hardware, power, DC cooling, etc. too?

For sure, this isn’t 2007 where you need to purchase servers and network equipment to start a website. For most startups and small businesses, operating in the cloud will be less expensive upfront and likely over the first 3 years. This isn’t a one size fits all approach though, and it’d be prudent to evaluate the cloud spend periodically and compare with what’d it’d cost to manage it entirely. Obviously you’d need a team competent enough to manage this, without it going to shit.

bamboo ,

This 100%. I hate getting added to a PR for review with testing commits in the history, and I’m expected to clean those up before merging into main.

bamboo ,

If you wrap the TV in tinfoil, it’ll be a faraday cage and block all WiFi

bamboo ,

Still this requires different directories for the hardlinks to be in the filesystem, and there’s not an easy way given a file to list all “labels” that file has, without checking other directories for files with the same inode.

bamboo ,

Email me if you want a pizza roll

bamboo ,

Just when I thought Facebook couldn’t go any lower.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • tech
  • kbinEarth
  • testing
  • interstellar
  • wanderlust
  • All magazines
    •