cultural reviewer and dabbler in stylistic premonitions

  • 206 Posts
  • 432 Comments
Joined 4 years ago
Cake day: January 17th, 2022
  • Arthur Besse@lemmy.mltoPrivacy@lemmy.ml"Trusted" eMail Providers?English
    4·
    19 hours ago

    Mailbox.org lets you keep your own private key.

    Every email provider lets you keep your own private key if you do encryption using the interoperable OpenPGP standard using software running on your own computer. Many email providers will recommend that you do exactly that, and will helpfully instruct you about how to do so (eg, the more reputable options in this thread such as migadu.com, mailbox.org, posteo.de, and even fastmail.com all have instructions for how to use some implementation of pgp to encrypt your email).

    Meanwhile any company selling non-standard “email encryption” (eg, proton and tuta) which is not compatible with pgp (or, in the corporate world, s/mime, which is also a standard…) is firmly in the snake oil business and should be distrusted and boycotted regardless of which shitty youtubers they’re sponsoring this week.

  • Arthur Besse@lemmy.mltoPrivacy@lemmy.mlCompanies now block older browser versions from accessing their websites!English
    1·
    3 days ago

    Companies now block older browser versions

    Now? This has been happening since the dawn of the web. At least the screenshot you pasted represents all of the big three rendering engines - it used to be common to see “Internet Explorer version XYZ required”, sometimes with javascript to prevent you from using the site with any other browser (even if in some cases it would actually work fine if you simply spoofed your user agent string).

    I have used kinda retro devices to surf the web at times

    Most websites became HTTPS-only sometime after the snowden disclosures in 2013.

    Over time old versions of TLS have been deprecated and eventually support for them is dropped from browsers and web servers alike. So, a browser from even 15 years ago literally cannot connect to most webservers today.

    Planned obsolescence is terrible but it’s a minor factor here: it’s actually dangerous to use even (especially?) a slightly-out-of-date web browser because every new release fixes vulnerabilities which can be exploited to run malicious code on your computer. The planned obsolescence which prevents people from being able to have an up-to-date browser comes mostly from proprietary operating system vendors; to have up-to-date software while continuing to use somewhat older computers you need to use free/libre software.

  • Arthur Besse@lemmy.mltoOpen Source@lemmy.mlWhy are there no hard forks of Firefox, Chromium, WebKit, or other browsers?English
    31·
    6 days ago

    As others have said it is a huge amount of work to maintain a fork of such a complicated piece of software.

    Especially around security: web browsers constantly process potentially-malicious data, which gives them a large attack surface. Every browser regularly has new vulnerabilities discovered which must be fixed. Hard forking a browser means that, even ignoring any bugs in the new code the fork has added, every time a bug is discovered and fixed in the code they forked from someone needs to analyze the upstream’s fix and port it to the fork. The more they diverge, the more work this is. Failing to do this work lets any malicious website exploit the bugs and install malware on users’ computers.

  • Arthur Besse@lemmy.mltoProgramming@programming.devRsync author responds to online outrage about his usage of LLMsEnglish
    8·
    9 days ago

    One shot rewriting the whole test suite

    tridge’s blog post makes it clear that this was not “one-shotted” at all.

    You should read the whole thread

    I regret reading it; I’ll assume in good faith that it wasn’t LLM generated but it is ironically as confidently wrong as if it were.

    It almost (and should have) lost me when it started by quote-agreeing with someone else saying “rsync was basically done until the maintainer discovered vibecoding” - no, pay attention, it was not “basically done”, there were/are a mountain of CVEs!

    But then this got my interest:

    This does not “translate tests into pytest” or a unit testing framework, it writes its own testing framework where tests are whole python scripts that redefine basic test functions in every script. Surely there would be a single way to “run rsync and get the results” - nope, well, there is, but then every test file will randomly redefine its own _run_and_capture function.

    tridge says he has used pytest on other projects and had good reasons not to use it here; I’m inclined to believe him.

    But the notion of every test defining its own way to invoke rsync sounded like a valid criticism, and an easy one to verify, so I checked: It turns out that there is in fact a common run_rsync function which is used by the majority of the tests. One test defines its own _run_and_capture function (which differs in that it writes the output to a file, for reasons I didn’t investigate), and it looks like a few others invoke rsync other ways, but the majority of them use the common function.

    So, that rambling thread’s sole concrete criticism of rsync’s new python tests turns out to be false.

  • Arthur Besse@lemmy.mltoPrivacy@lemmy.mlHandy flock camera license plate reader mapEnglish
    5·
    11 days ago

    The 2021 paper OSRM-CCTV: Open-source CCTV-aware routing and navigation system for privacy, anonymity and safety says they published source code at https://github.com/Fuziih but I don’t see it there now (though there is a related project called cctv-exposure).

    The final published version of the paper seems to be paywalled; it’s probably on scihub but there is also a preprint of it here on arxiv.

    https://github.com/FNBIP/ghost-route (just 3 commits, from February this year) says it is inspired by the paper and “extended to a production-grade multi-mode threat routing system”. It’s a node app you run locally (there doesn’t appear to be a public instance currently) which would be nice if it could work offline but unfortunately “Offline mode with pre-downloaded OSM tiles” is still on the roadmap and it currently lists “A Mapbox GL JS token (free tier works)” as a requirement (which is probably why there isn’t a public instance - someone would need to pay mapbox if they wanted to run it for other people).

    I have not tried it; if anyone reading this has or does please post here about how it works!

  • Arthur Besse@lemmy.mltoTechnology@lemmy.ml[Video] Jeff Bezos Blue Origin rocket test launch results in massive explosion
    2·
    15 days ago

    A Rocket To Nowhere is an entertaining blog post which covers the design compromises you’re talking about:

    spoiler

    [735 of the 4.1k words of the above-linked blog post]

    By the time Shuttle development began, it was clear that the original vision of a Shuttle as part of a larger space transportation system was far too costly and ambitious to receive Congressional support. So NASA concentrated on building only the first component of its vision, a reusable manned spacecraft that could reach low earth orbit. Since NASA assumed it would be able to fly Shuttle missions with a turnaround time as low as two weeks, this left the vexing question of what to do with all that spare launch capacity. The tiny commercial launch market was in no shape to supply such a wealth of satellites, so NASA turned to the one agency that had an abundance of things requiring shooting into space - the Air Force - and asked it to abandon its unmanned rocket programs, instead committing all future satellite launches to the Shuttle.

    The Air Force was only too happy to agree, but at a crippling price. What the Air Force wanted to launch was spy satellites - lots of them, bulky telescopes with heavy mirrors, the bigger the better - and it wanted to launch them in an orbit over the Earth’s poles, so they could snoop over the maximum amount of Red territory. This meant NASA had to go back to the drawing board, since polar orbits would require a heavier orbiter than the Shuttle design had anticipated, which in turn meant using a bigger rocket at launch, and dissipating more heat during re-entry.

    Moreover, there was no way to launch a polar mission safely from Kennedy Space Center — it would mean overflying either heavily populated areas in the Carolinas or risking capture of a fuel tank by the wily Cubans. So the Air Force also demanded, and got, billions in funding to build a new Shuttle launch facility at Vandenberg Air Force base in California. And because some of the Air Force’s military missions involved capturing a Soviet satellite on the sly and landing after one orbit, the Air Force demanded that the Shuttle be capable of gliding over a thousand miles cross-range during re-entry, so that it could catch up with the rapidly eastbound Air Force base underneath it. This meant bigger wings, which in turn meant more weight, an even more powerful rocket, and again a more complicated heat shield.

    Most of the really wrong design decisions in the Shuttle system — the side-mounted orbiter, solid rocket boosters, lack of air-breathing engines, no escape system, fragile heat protection — were the direct fallout of this design phase, when tight budgets and onerous Air Force requirements forced engineers to improvise solutions to problems that had as much to do to do with the mechanics of Congressional funding as the mechanics of flight. In a pattern that would recur repeatedly in the years to come, NASA managers decided that they were better off making spending cuts on initial design even if they resulted in much higher operating costs over the lifetime of the program.

    To further cut costs, and keep the weight from growing prohibitive, the Shuttle became the first manned spacecraft to fly without any kind of crew escape system, relying on certain components (solid rockets, wing tiles, landing gear) to function with complete reliability. NASA also decided not to make the Shuttle capable of unmanned flight, so that the first test flight of the vehicle would have astronauts on board. This was a major departure for the traditionally conservative agency, which had relied on redundant systems wherever possible, and always tested unmanned prototypes of any new rocket. It showed how confident NASA had grown in its ability to correctly predict, simulate, and design for high reliability.

    The final Shuttle design, incorporating all of the budgetary and Air Force design constraints, was impressive but not particularly useful. Very soon after the start of the program, it became clear that Shuttle launches would not be routine events, that it would cost a great deal of money to repair each orbiter after its trip to space, and that estimates of launch cost and frequency had been wildly optimistic. At the same time, the Air Force proved unable to get the Vandenberg base ready for use, negating much of the reason for the extensive Shuttle redesign. After the Challenger explosion, the Vandenberg base was quietly mothballed. Not once did the Shuttle fly a mission to polar orbit.

Moderates