Context: This is for a 2019 data breach on a system that was created in 2012. The GDPR was instated in 2018 (has it really been that long? Wow feels like yesterday) and Meta failed to disclose the 2019 data breach properly under GDPR, hence the fine.
Readit NewsDexesTTP commented on Meta fined $102M for storing passwords in plain text engadget.com/big-tech/met... · Posted by u/redbell
Entertaining and informative read. Main takeaways for me from an end user POV:
- Be inherently less trustworthy of more unique TLDs where this kind of takeover seems more likely due to less care being taken during any switchover.
- Don't use any "TLS/SSL Certificate Authorities/resellers that support WHOIS-based ownership verification."
None of these are true for the MitM threat model that caused this whole investigation:
- If someone manages to MitM the communication between e.g. Digicert and the .com WHOIS server, then they can get a signed certificate from Digicert for the domain they want
- Whether you yourself used LE, Digicert or another provider doesn't have an impact, the attacker can still create such a certificate.
This is pretty worrying since as an end user you control none of these things.
DexesTTP commented on China Wants to Start a National Internet ID System nytimes.com/2024/07/31/bu... · Posted by u/LittleCat38
The requirement to ID yourself online was already a thing in China, and using government-provided unique IDs for that isn't the worst way to go about it. The main issue would be mandatory reporting (i.e. if the companies have to constantly send data about what every given ID is doing on their website), but that's a different issue - and I don't feel like it's harder to do this using the phone numbers they already use compared to using a government GUID.
The main issue is that this would make obtaining access to Chinese websites even more difficult for people outside of China. It was kind of possible to go around the phone number restriction by obtaining a phone number, but going around the government ID is going to be significantly more difficult.
DexesTTP commented on Node.js adds experimental support for TypeScript github.com/nodejs/node/pu... · Posted by u/magnio
What bad coding practices does TS allow, and why are they bad?
TS allows you to pass a read-only object to a method taking a read-write value:
type A = { value: number; }
function test(a: A) { a.value = 3; }
function main() {
const a: Readonly<A> = { value: 1 };
// a.value = 2; <= this errors out
test(a); // this doesn't error out
console.log(a); // shows 3
}DexesTTP commented on Things I know about Git commits jvt.me/posts/2024/07/12/t... · Posted by u/sea-gold
Git is an abysmal tool for many (most?) uses of it, but that unfortunately has become "standard". The sheer awfulness of git is witnessed by the amount of posts about it and little consensus on "best practices" (e.g., rebase vs merge).
So, I don't judge, but sympathize with people who just "delete the repo and start from scratch". Unintuitive, user-hostile tools call for heavy-handed solutions.
IME, most people are willing to learn something when they're shown the value for invested effort. That "delete the repo" is standard answer for fixing f*up, tells more about the tool than the people using it. (I.e. it requires disproportionately big investment of time for little value.)
I really don't agree with that. Git is a powerful tool with very few actual downsides, and the unwillingness of some developers to spend an hour learning how it works hurts them in the long-term.
It's like sticking to the text editing feature of your IDE because you can't be bothered to learn how it works. Sure, you _technically_ can do that, but you're losing on everything that makes an IDE useful and probably losing actual days or weeks worth of work because of that.
It was just 101 years ago that galaxies outside the Milky Way were discovered and that the universe we can observe grew from being 100k light years to 93 billion light years in diameter. The existence of black holes was first observed in the 1970s. It is a good bet other astonishing objects are yet to be discovered.
Not quite that, we've known about galaxies outside our own (like the Magellanic clouds or the Andromeda galaxy) for a few millenia, and the main reason black holes haven't been discovered for a while because they're black and we needed a theory to know where to look. The current theory of cosmology has overall been pretty stable for a while.
What's interesting there isn't that much the object themselves which are bog-standard as far as celestial objects go, but how red-shifted (and therefore how far away/long ago) they are, which is something the model doesn't quite exclude but does warrant some tweakings of the "initial parameters" of the universe to make it work this way compared to what we expect.
DexesTTP commented on Not everything is behavioral science behavioralscientist.org/i... · Posted by u/the-mitr
Weird choice to talk about the placebo effect in this context. The placebo effect is definitely used in combination with chemical and biological effects when administering drugs (or, more accurately, it always automatically happens). It's just when trying to test the efficacy of drugs that you need to control for the placebo effect, otherwise the noise of the results would drown the signal of the biological/chemical impact.
DexesTTP commented on What happened to Captura? OSS maintainer burnout (2023) mathewsachin.github.io/bl... · Posted by u/olvy0
Captura is a great piece of software - I've used it for years, and I still use the latest release today.
It is a complete, all-in-one tool - very straightforward UI, lots of formats supported (especially through ffmpeg integration) and very easy to use in terms of window or screen area selection for recording - and more importantly for my use-cases, it's portable (no install, no admin rights needed). Really a great example of what's possible in that space.
I didn't participate in the project, but I've checked out the PRs and issues list every now and then and it's been frustrating seeing the author struggle against the store republishing issues for literal years. The issue tracking that (#405[1]) is not a happy read for sure.
The fact that Captura's MIT licensing gave effectively a "license to steal" to people and that it's so easy to publish something and sell it on the Microsoft store didn't mesh well.
I've however been really disappointed by Microsoft's non-response through all of that republishing debacle. Republishing free software is a difficult topic to get right for edge-cases, sure, but the Captura case was obvious to rule on and Microsoft did nothing for years - it was clear that there was no process for this kind of scenario, and that the solution was to do nothing. It took the author taking down the project for them to react, and even then I'm convinced that's only because whoever handled that case assumed that the republisher was the one taking it down, not the project author.
I feel those LLM augmented bots will usher the return of small community run forums. Because those let you require people to be humans, for example by being invite only.
I don't think it's likely. The real migration has been and will continue to be towards Discord servers and similar "smallish" live chat-based communities on centralized services.
The age of small self-hosted forums is unfortunately behind us, and I don't see them reviving any time soon.
I do agree with you on the compilation, and this is the reason I'm still writing the occasional .js or .mjs file. However, the js I write starts with enabling ts-check and has all of its type information encoded as comment. This way, I'm getting the benefits of typescript while writing the code without needing the whole compilation step.