Readit NewsWhat is more risky to you: Leaving known vulnerabilities such as spectre unpatched or the possibility of Intel adding a backdoor for some unknown purpose that wasn't present in the shipped hardware?
Vulnerabilities such as spectre are only relevant if you run untrusted non-free software. Also these vulnerabilities show that sandboxing is not effective on current CPUs, and specific mitigations does not solve the problem in general.
The thing is that the FSF's stance is already a pragmatic approach of sorts but the line is drawn in a strange place that doesn't really help advance the cause. The hard line approach of "all firmware must be free, too" would render basically every computer unusable, even RMS can see that's going too far to be practical. So, they make an abstraction boundary where "free" stops: If the kernel doesn't load the firmware then it's as if the chip is implemented completely in hardware. It's a practical decision because you have to stop somewhere otherwise you can't get anything done. I wish the FSF/GNU-aligned folks would just make a slightly different compromise that makes it a lot easier for people to start using free software distros. Not shipping CPU microcode updates is particularly harmful to users. 10 years ago it was not too hard to run a distro without firmware blobs on a laptop if you were cool with just getting a thinkpad, but modern intel hardware requires a blob for graphics so even that path is closed now. My 2022 thinkpad x1 needs blobs for graphics, wifi, bluetooth, and sound and I tried to find something modern that didn't need them and gave up eventually.
They can't distribute firmware blobs simply because FSF and GNU do not in principle participate in distribution of any non-free programs.
Also consider that if a manufacturer can distribute opaque firmware updates to your system, it practically has remote control over it, е.g. Intel can activate a backdoor in specific CPUs when needed by publishing a microcode update.
Fice commented on Orgzly Revived: a community-maintained version of Orgzly github.com/orgzly-revived... · Posted by u/vpt
The Russian war on Ukraine is the term you were looking for.
As a Russian I'd rather call it the Putin's war.
Fice commented on WebP is so great except it's not (2021) eng.aurelienpierre.com/20... · Posted by u/enz
From my own experience, JPEG quality and compression efficiency can differ a lot depending on the encoder implementation. It would make more sense to compare specific encoders rather than formats in general.
In 2014 (WebP was released in 2010) Mozilla claimed that the standard JPEG format is not used to it's full potential [1] and introduced mozjpeg project that is still being updated [2]. I wonder how it compares today with current WebP implementations.
[1] https://research.mozilla.org/2014/03/05/introducing-the-mozj... [2] https://github.com/mozilla/mozjpeg
Fice commented on Who makes the most reliable new cars? consumerreports.org/cars/... · Posted by u/deletionist
People always drive, not to within certain parameters of the law, but to within their risk tolerance. As cars become more safe, the risk factor reduces which allow people to increase risky behavior.
If you want people to drive better, don't put airbags in their steering wheel, put a 6" metal spike pointed at their chest.
Of course, no one will be making cars intentionally unsafe, but the law is also a risk factor, the risks of getting fined, jail time or licence revocation count too, and these risks can be made higher.
Fice commented on EU data regulator bans personalised advertising on Facebook and Instagram reuters.com/technology/fa... · Posted by u/pbrw
I might be in the minority here but I personally find personalized ads useful, and am far more annoyed by ads recommending products and services completely irrelevant to my interests and/or needs.
(The latter still account for the ads I see most of the time, unfortunately.)
Advertising does not simply suggest you something that you might need, it often tries to manipulate you into needing something, and with the amounts of personal data being collected and advancements in machine learning this manipulation becomes dangerously effective.
Fice commented on mCaptcha: Open-source proof-of-work captcha for websites mcaptcha.org/... · Posted by u/notpushkin
I don't understand the premise. The point of a CAPTCHA is to tell Computers and Humans Apart, that's what the CHA stands for. You cannot hope to do this test using a proof-of-work system where the work is computer work.
Call this a client rate-limiter, or whatever else, but it is obviously not a CAPTCHA and cannot function in this way.
Another obvious problem is that server hardware is vastly more powerful than the average user's device. If you set your challenge to an amount of work that doesn't meaningfully drive users away and/or drain their batteries, you are allowing a malicious server to pass your challenge tens of thousands of times an hour.
Telling computers and humans apart is a wrong goal. Every request comes from a computer that is commanded by some human. And why shouldn't users be allowed to use automated user agents when they don't do it for spamming or anything malicious?
CAPTCHA is essentially a proof-of-work variant where challenges are designed to be solved by humans rather than computers, and same as any PoW it works by means of consuming some limited resource (human time, processor time, energy).
What's missing in git is code issues, wikis, discussions, github pages and most importantly, a developer profile network.
We need a way to embed project metadata into .git itself, so source code commits don't mess up with wikis and issues. Perhaps some independent refs like git notes?
https://git-scm.com/docs/git-notes
Fossil (https://fossil-scm.org) embeds issues, wiki etc. into project repository.