steve_rambo (u/steve_rambo)

steve_rambo commented on Bossware is a big legal risk kolide.com/blog/your-comp... · Posted by u/nickwritesit

paxys · a year ago

Everyone replying with "what's the big deal?" is showing their tech privilege. You may not have to deal with intrusive monitoring, but warehouse workers are increasingly being made to wear ankle bracelets so every movement of theirs can be monitored and stack ranked. Workers in WFH "gig" jobs are made to install always-on keyloggers and other monitoring software on their personal computers and phones (which are required for the job). Companies take photos/videos of them in their homes every few minutes throughout the day. Plenty of jobs require you to hand your social media passwords to your employer. There is an entire class of companies that specialize in all of this.

Not everyone is able to say "no" to all this and still make rent next month. I'm happy the government is finally stepping in.

steve_rambo · a year ago

This is crazy to read. I live in what you consider a highly authoritarian and non-free society and can't imagine something like this happening here. Lower paid jobs are even more privileged in some ways: for example, in many companies you can just not show up for work for a couple of days if you feel like it, and the worst thing you can expect is a small pay cut at the end of the month.

steve_rambo commented on Protecting your email address via SVG instead of JavaScript rouninmedia.github.io/pro... · Posted by u/FrostKiwi

RaoulP · a year ago

Sounds good! I might go even further and just use a custom address for each service, i.e. paypal@example.com or something.

But self-hosting email is an adventure I'm nervous to embark on.

steve_rambo · a year ago

Don't, there are many smaller email providers that will take that load off your shoulders for a small fee. I've been using purelymail and have had good experience with it, and heard good things about migadu and fastmail. The latter two are more well known and better staffed, but also expensive.

I've been using similar aliases for years (paypal@domain.tld, ebay@domain.tld, etc), but make sure you have a contingency plan for when you're no more. I've received lots of account info from previous owners of the domain by setting up a catchall mailbox. We will obviously not care, but when someone takes over your account, they might use it to do harm to others (spam or fraud or whatever else).

steve_rambo commented on ChatGPT consumes 25 times more energy than Google brusselstimes.com/1042696... · Posted by u/cdme

steve_rambo · a year ago

> ChatGPT consumes 25 times more energy than Google

> ChatGPT consumes a lot of energy in the process, up to 25 times more than a Google search

steve_rambo commented on Apple and Google deliver support for unwanted tracking alerts in iOS and Android apple.com/ca/newsroom/202... · Posted by u/WalterSobchak

Rinzler89 · a year ago

>What are the odds that you'd ever know if you were hacked?

Would you know?

>I don't know how you could possibly be confident that your device isn't infected with something.

Easy, my bank account is still full.

How are you confident your phone isn't infected? Being up to date is no guarantee. Until you can poke around with root access to inspect everything it's still Schrodinger's cat in a black box you trust to not be dead inside.

Because how would malware ever make it into my phone? It doesn't just magic itself onto your device once it stops received updates. It needs an entry point off the attack surface. And what's my attack surface since all your examples don't apply to me?

I never download shady Apps from the likes of Huawei AppGallery lol or even off the PlayStore and I don't use Android 5. All apps I use are whatsapp and Google chrome, and I also don't browse shady websites on my phone.

steve_rambo · a year ago

I've also used phones which haven't received any updates for years without any obvious problems. Just maintaining basic digital hygiene like you do. In theory, one could use a zero-day in a web browser (like the recent libwebp vulnerability), then exploit one of the numerous CVEs in one of the system libraries or the kernel, and own the phone that way even without you doing anything worse than visiting a random website. For example, that's how one of the the first methods of jailbreaking PlayStation 4 operated.

Your average Joe six-pack like myself probably shouldn't really worry about it though, it seems more likely to be used against really high value targets.

You might want to try out another web browser that has aggressive ad blocking (Firefox, Brave, or Vivaldi should do it) since ads are one of the major methods of spreading malware.

steve_rambo commented on Using ARG in a Dockerfile – beware the gotcha qmacro.org/blog/posts/202... · Posted by u/todsacerdoti

sherburt3 · a year ago

What does NORWAY mean?

steve_rambo · a year ago

https://www.bram.us/2022/01/11/yaml-the-norway-problem/

steve_rambo commented on Using ARG in a Dockerfile – beware the gotcha qmacro.org/blog/posts/202... · Posted by u/todsacerdoti

gorgoiler · a year ago

POSIX sh has “set -u” to handle this category of errors — scripts that attempt to expand an unset parameter will exit with an error message.

Perl has “use warnings ‘uninitialized’” for the same reason.

It sounds like this feature would be worth considering for the Dockerfile spec.

steve_rambo · a year ago

I wish we would rather get rid of Dockerfile in favor of what something like buildah does:

https://github.com/containers/buildah/blob/main/examples/lig...

Since Dockerfile is a rather limited and (IMHO) poorly executed re-implementation of a shell script, why not use shell directly? Not even bash with coreutils is necessary: even posix sh with busybox can do much more than Dockerfile, and you can use something else (like Python) and take it very far indeed.

steve_rambo commented on Why use ECC? (2015) danluu.com/why-ecc/... · Posted by u/vsgherzi

jrockway · a year ago

Intel has been pretty intent on making ECC server-only. I used their HEDT platforms for years and never had ECC. AMD is much nicer about the thing; if you want to use ECC on their HEDT platform, you can if you want. It's not super supported, but it's also not a $5000 upgrade. (Though my understanding is that ECC is mandatory for the current generation of Threadripper? That's great!)

steve_rambo · a year ago

ECC is fully supported by consumer AMD processors (at least Ryzen 7000, and I think earlier ones too). You need to pick a matching motherboard, most boards from ASRock will do. And you need to find unbuffered ECC RAM, this is more difficult than the previous two and is why I had to give up on the whole idea.

steve_rambo commented on Why use ECC? (2015) danluu.com/why-ecc/... · Posted by u/vsgherzi

kevingadd · a year ago

We did this in Guild Wars, yeah. I'm sure lots of other games are doing it by now. There were a significant number of Problem Customer PCs that would just crash all the time because of stuff that was obviously a CPU or RAM defect, though I don't know if it was half our crash reports.

steve_rambo · a year ago

What was the difference between CPU and video card vendors (if you can talk about that at all)?

steve_rambo commented on The best way to have complex discussions? cq2.co/blog/the-best-way-... · Posted by u/anandbaburajan

Ringz · a year ago

I like mutt, but aerc [0] is imho much better. But no matter which solution you prefer, editing emails in the terminal is so much more efficient. If the majority would switch to pure text emails instead of HTML...

steve_rambo · a year ago

aerc sometimes breaks on non-compliant email because the author of the header parser refuses to introduce kludges to handle broken email. When it happens, the mail in question simply doesn't show up in the list. I fully understand that position, but it's not really ideal as a user who can't simply refuse to deal with broken crap. So after using it for a couple of months I reverted to neomutt.