Skip Navigation

kevincox

@ kevincox @lemmy.ml

Posts
17
Comments
836
Joined
5 yr. ago

  • Passkeys

    Jump

  • There are a few main benefits.

    1. For hardware-backed keys they can't be stolen aside from physically stealing the hardware. So unless your machine has malware there is no way for an attacker to authenticate using them.
    2. Even for software keys the site you authenticate to doesn't learn enough to impersonate you. For example if for some reason your bank leaked some logs with PW + MFA someone could use that to log in as you (although admittedly short timeouts on MFA validity makes that window very small).
    3. The browser ensures that you only authenticate to the correct domain. So it prevents phishing. (Although a password manager that only fills into the correct domain also accomplishes this.)

    So I think if you are using unique passwords with an automated password manager the effective benefit is quite small. However for the "average computer user" who likely has less than 5 passwords that they use for everything it forces a pretty high base level of security.

  • Best way to check the readibility of QR codes

    Jump

  • I doubt Gaussian blur is an accurate model of real-world situations.

    At the end of the day if you are worried about the codes being painted over print a few out and paint over them. Then scan with a variety of scanners.

    If I had to come up with some more digital tests I would guess that a few of these are more representative of real-world situations:

    1. Lower contrast. For example lighten or darken the whole code. This would simulate things like scanning in low light or with glare.
    2. Block out sections of the code. This will test error correction levels and simulate partial damage or pockets of extreme glare.
    3. Skew the code in various ways. This simulates the perspective shift of people scanning the code from an angle.

    Ideally combine them in a bunch of scenarios then try to scan with a variety of scanner implementations.

  • Google's next-gen reCAPTCHA system could spell trouble for de-Googled phones

    Jump

  • It also supports iOS.

  • Valve Lepton: It's been 5 months since we heard anything about Valve's Android compatibility layer for Linux.

    Jump

  • No, the DRM wouldn't work at higher levels so you would have the same requirements with regard to 4k.

  • Social Media was a mistake

    Jump

  • Let's take a little recess and circle back.

  • Self-hosted, booru-style gallery for a personal image collection written in Go

    Jump

  • Please be civil and polite. This type of aggressive comment insulting people because of the tools that they use isn't welcome here.

  • Please let me squash a merge commit

    Jump

  • You seem to be making this very complex. But it really isn't. Yes, git doesn't track renames. So you are working around it by splitting your operation into 2 commits.

    1. A pure rename.
    2. A file change.

    This way 1 is always considered a rename and 2 is just a regular file change with the same path. You may also consider tweaking the default rename detection threshold with flags like --find-renames or options like diff.renameLimit.

    Would it be nice if Git tracked renames? Probably. But that isn't how the data model works so it is unlikely to happen soon. But maybe they could add some metadata.

  • Please let me squash a merge commit

    Jump

  • I think it doesn't really make sense. Because you can't "squash" one commit. squash is taking multiple commits and making them one.

    When you do a "squash merge" you are really saying "squash all the commits that are on this branch and not the target" then merge.

    So you can't "squash a merge commit" you need at least one additional commit to squash in.

  • A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down

    Jump

  • I feel like this is getting at something interesting and revealing but I am not convinced by what it says.

    "There is no limit to the type of WhatsApp message that can be viewed by Meta," the agent wrote in the email. He added that "Meta can and does view and store all the text messages, photographs, audio and video recordings" in an unencrypted format.

    I highly doubt this is true. This is because there are third party clients such as https://github.com/mautrix/whatsapp that send E2EE encrypted messages on WhatsApp. If literally all messages where available in an unencrypted format it would mean one of the following things.

    • The E2EE protocol is broken and Meta knows the "crack".
    • That official client does a completely different protocol which uploads all messages in addition to doing the E2EE protocol.

    Security are also reverse-engineering the official client. So if it was regularly doing this I would assume someone has noticed.

    What I suspect is happening is that some features in the client (like Meta AI) are very easy to frequently activate and upload a large amount of messages when Facebook then archives. It would be quite likely that the average user is using these frequently. This could reasonably result in the vast majority of messages being available to Facebook.

    But I think if the reports are exaggerated it doesn't help sell the case.

  • Thank you for flying Spirit

    Jump

  • Of course, but because the law is so protective you won't need to 99.9% of the time. Canada also isn't a very litigious place and even if it does get raised it will probably get thrown out quickly. To most doctors it is also a huge stressors to watch someone that they can help die. So overall the balance is well worth trying to help out.

  • Flo period tracker sells user data to Meta and Google

    Jump

  • No, but you can still choose to choose software that doesn't steal and sell your data. You can also support laws that make doing this illegal.

  • Thank you for flying Spirit

    Jump

  • Of course it can only surely be decided in a court. But in this case it would be something like was not actively trying to cause harm.

  • Thank you for flying Spirit

    Jump

  • In Canada all provinces have some form of Good Samaritan law which means that you aren't responsible other than gross negligence. So any off-duty doctor would be very safe to help out unless they were doing something very stupid.

  • Flo period tracker sells user data to Meta and Google

    Jump

  • The idea that putting this on your phone is bonkers is bonkers to me. Why would you want to carry around a journal or paper when you have everything on your phone? It can also be more easily backed up and synced.

    It shouldn't be normal that this data is stolen and sold. That is 100% the problem, not the fact that people track things on computers.

  • Summoners

    Jump

  • You have obviously never tried dereferencing a null pointer.

  • We live in the future!

    Jump

  • They are legal if you follow the regulations. The problem with the "rideshare" companies is that they don't. We should just call them "unregulated taxis" rather than pretending that they are a different service. I think just about every taxi company these days is on some app or another (often the same that call unregulated cabs in countries that actually got their shit together and banned the unregulated ones).

  • We live in the future!

    Jump

  • Nah it's worse. Bitcoin actually has legitimate uses. (Yes, they are a minority of actual usage, but they exist.) NFTs are only useful for speculation, gambling and money laundering.

  • We live in the future!

    Jump

  • "Rideshare" is also the least accurate term used to dodge regulations. It is just a taxi/cab. You are paying someone to get you from one place to another. They aren't sharing their ride, they were never going where you are going before you told them to.

  • What's going to happen to gas stations as cars electrify?

    Jump

  • Yeah, downtown there are tons of gas-station brands that are just convenience stores. Surely many gas stations will offer electric charging but since most people will be charging at home the total number of gas stations will surely drop. Some will turn into convenience stores and some will just shut down.

  • Why are you like this?

    Jump

  • You forgot step 2. Throw sacrificial drive into trash.

  • Selfhosted @lemmy.world
    kevincox @lemmy.ml

    LDAP to UNIX user proxy

  • Rss Feeds Recs @lemmy.world
    kevincox @lemmy.ml

    Please recommend me some blogs about Linux or FOSS or similar that you follow through RSS.

    iusearchlinux.fyi /post/4926940
  • Programmer Humor @lemmy.ml
    kevincox @lemmy.ml

    Haunted House

    xkcd.com /2830/
  • Linux @lemmy.ml
    kevincox @lemmy.ml

    What is your favorite terminal emulator.

  • Lemmy @lemmy.ml
    kevincox @lemmy.ml

    Decentralized vs. Federated

    kevincox.ca /2023/07/20/decentralized-vs-federated/
  • Fediverse @lemmy.ml
    kevincox @lemmy.ml

    Facebook, Fosstodon & The Fediverse

    hub.fosstodon.org /facebook-fosstodon-fedi
  • General Programming Discussion @lemmy.ml
    kevincox @lemmy.ml

    Default to Less Than Quadratic

    kevincox.ca /2023/05/09/less-than-quadratic/
  • Linux @lemmy.ml
    kevincox @lemmy.ml

    Attempting to use bcachefs

    kevincox.ca /2023/06/10/bcachefs-attempt/
  • nixos @lemmy.ml
    kevincox @lemmy.ml

    Bisecting the Linux Kernel with NixOS

  • decentralized @lemmy.ml
    kevincox @lemmy.ml

    Decentralized Applications via the Web Push API

    kevincox.ca /2022/11/02/decentralized-via-webpush/
  • Security @lemmy.ml
    kevincox @lemmy.ml

    Maybe Passwords are the Future

    kevincox.ca /2022/04/07/passwords/
  • Android @lemmy.ml
    kevincox @lemmy.ml

    Android Swipe Navigation is Unpredictable UX

    kevincox.ca /2022/01/18/predictable-ux/
  • Intersting web projects @lemmy.ml
    kevincox @lemmy.ml

    Easy RSS-to-Email Service - FeedMail

    feedmail.org
  • IPFS @lemmy.ml
    kevincox @lemmy.ml

    Backups with IPFS

    kevincox.ca /2021/02/24/using-ipfs-for-backups/
  • IPFS @lemmy.ml
    kevincox @lemmy.ml

    State of IPFS Websites

    kevincox.ca /2020/10/30/state-of-ipfs-websites/
  • nixos @lemmy.ml
    kevincox @lemmy.ml

    Running a Valheim Dedicated Server on NixOS

    kevincox.ca /2021/02/16/valheim-dedicated-server-nixos/
  • Open Standards @lemmy.ml
    kevincox @lemmy.ml

    Thoughts on Coil.com Monetization

    kevincox.ca /2021/02/10/thoughts-on-coil/