Ferk

Ferk, 7 months ago (edited 7 months ago)

That’s out of context. That snippet of code existing is not sufficient to understand when does that part of the code gets actually executed, right?

For all we know, that might have been taken from a piece of logic like this that adds the delay only for specific cases:

<span style="color:#323232;">if ( complex_obfuscated_logic_to_discriminate_users ) {
</span><span style="color:#323232;">
</span><span style="color:#323232;">    setTimeout(function() {
</span><span style="color:#323232;">        c();
</span><span style="color:#323232;">        a.resolve(1)
</span><span style="color:#323232;">    }, 5E3);
</span><span style="color:#323232;">
</span><span style="color:#323232;">} else {
</span><span style="color:#323232;">
</span><span style="color:#323232;">    c();
</span><span style="color:#323232;">    a.resolve(1)
</span><span style="color:#323232;">
</span><span style="color:#323232;">}
</span>

It’s possible that complex_obfuscated_logic_to_discriminate_users has some logic that changes based on user agent.

And I expect it’s likely more complex than just one if-else. I haven’t had the time to check it myself, but there’s probably a mess of extremely hard to read obfuscated code as result of some compilation steps purposefully designed to make it very hard to properly understand when are some paths actually being executed, as a way to make tampering more difficult.

Ferk, 7 months ago (edited 7 months ago)

It doesn’t really matter whether it was “targeted” at Firefox specifically or not, what matters is whether the website has logic that discriminates against Firefox users. Those are 2 different things. “End” vs “means”.

I wouldn’t be surprised if the logic was written by some AI, without specifically targeting any browser, and from the training data the AI concluded that there’s a high enough chance of adblocking to deserve handicapping the UX when the browser happens to be Firefox’s. Given that all it’s doing is slowing the website down (instead of straight out blocking them) it might be that this is just a lower level of protection they added for cases where there’s some indicators even if there’s not a 100% confidence an adblock is used.

Ferk, 7 months ago (edited 7 months ago)

It can be formatted “nicely” with no issue. But that doesn’t necessarily make it easy to understand.

What that person posted was in a function named smb() that only gets called by rmb() under certain conditions, and rmb() gets called by AdB() under other conditions after being called from eeB() used in BaP()… it’s a long list of hard to read minified functions and variables in a mess of chained calls, declared in an order that doesn’t necessarily match up with what you’d expect would be the flow.

In the same file you can also easily find references to the user agent being read at multiple points, sometimes storing it in variables with equally esoteric short names that might sneak past the reader if they aren’t pedantic enough.

Like, for example, there’s this function:

<span style="color:#323232;">function vc() {
</span><span style="color:#323232;">    var a = za.navigator;
</span><span style="color:#323232;">    return a &amp;&amp; (a = a.userAgent) ? a : ""
</span><span style="color:#323232;">}
</span>

Searching for vc() gives you 56 instances in that file, often compared to some strings to check what browser the user is using. And that’s just one of the methods where the userAgent is obtained, there’s also a yc=Yba?Yba.userAgentData||null:null; later on too… and several direct uses of both userAgent and userAgentData.

And I’m not saying that the particular instance that was pointed out was the cause of the problem… it’s entirely possible that the issue is somewhere else… but my point is that you cannot point to a snippet of “nicely formated” messed up transpiler output without really understanding fully when does it get called and expect to draw accurate conclusions from it.

Ferk, 7 months ago (edited 7 months ago)

I expect it would be technically possible to have lemmy-like or peertube-like services built on top of the AT protocol Bluesky uses, like with ActivityPub. And I expect if/when that happens the communication across services would probably work too.

In fact, accounts being “portable” in the AT protocol can potentially make the integration more seamless across different services, not only might the posts be seen from different services, but you might be able to directly access those different services with the same account. Imagine if you could login in lemmy with a mastodon account or vice-versa.

Bluesky is just one of the possible services. But as long as the invites are private and you can’t host your own instance, I wouldn’t even consider it an alternative. I think it’s a bit early to judge, both its positives and its negatives.

Ferk, 7 months ago (edited 7 months ago)

It’s changing by having a library like wlroots do most of the work.

When you consider the overall picture, “wlroots + compositor” is actually less complex than “X11 + window manager” because you no longer need to consider the insanely high requirements of having to have a team maintaining the spaghetti mess of X11 code.

Wayland-based dwl has roughly the same line count as X11-based dwm (about 2.2k), without having to depend on a whole separate service as big as X11.

But of course, it being a completely different approach, it’s likely that for most smaller projects (ie. not Gnome or KDE) it’s easier to start a new project than creating a layer to maintain two different parallel implementations.

If you want something that’s more or less compatible with openbox, there seems to be this project, labwc, which claims to be inspired by openbox and compatible with its config/themes… though I haven’t personally tried it.

Also keep in mind that openbox (and I expect labwc too) doesn’t include any “panels” / “taskbars” or anything like that… and it’s likely your X11 panels might not work well if they do not explicitly support Wayland (but I believe that, for example, xfce-panel now supports both).

Ferk, 8 months ago

espeak default voice backend is synthesized without using actually real voice samples. So it doesn’t require downloading a huge package for each language, which is convenient in some cases, but the outcome is extremely robotic.

You can use MBROLA as backend for espeak so that it uses some voice samples and the result should be less jarring (it’d still be easy to tell it’s not natural voice, but at least you’d be able to understand it better). There’s a tutorial on this here: github.com/espeak-ng/espeak-ng/blob/…/mbrola.md

Or you can try piper (github.com/rhasspy/piper) it’s one of the most natural-sounding TTS (here are some samples).

Ferk, 8 months ago

In fact, it’s not unlikely that the behavioural data of people who pay to opt out of being spammed with ads will be more valuable to data brokers.

True. This is why the AdNauseam extension doesn’t simply “hide” ads, but it goes out of its way to actually simulate clicks for ALL ads, causing algorithms to be unable to more accurately profile you and making the pay-per-click model fall on its face. If everyone did that, advertisers would have to pay for completely meaningless clicks making it no longer worth it to advertise this way.

Though it’s still not a solution to privacy, since it still gives some insight on your tastes by allowing them to know what websites do you frequently visit.

Ferk, 8 months ago (edited 8 months ago)

I think part of the reason why the long extension is often preferred is because it’s much clearer and it’s guaranteed to be supported and decompressed by the respective tools. Even when they don’t suppot tar archives, they’ll just give you the uncompressed tar in that case.

It’s also very common to do that with other extensions (not just .tar) when compressing big files. For example, when archiving logs they’ll often be stored as .log.gz, which makes it automatically clear that it’s a log file directly compressed with gzip and meant to be examined with tools like zcat and zless to view it.

And in cases like that you really need it to be clear on what data does the gzip stores, since it does not keep metadata about the file so you might not be able to get back the original name/extension of the file if you rename the gz file.

Ferk, 9 months ago (edited 9 months ago)

Sad. I did not know that.

Although, to be honest, I was sort of expecting it would happen sooner or later. It did not look like the product was ready for mainstream users yet, and the devices at that price must have been tough to sell.

For anyone curious, this message from the CEO has more details: web.archive.org/…/update-from-the-ceo-part-1/

Ferk, 9 months ago

If they were complaining about cronjobs being created (like the post says), then they must have known what cron is.

Ferk, 1 year ago

You can grow potatoes for political reasons too. Everything a human being does might be politically motivated, but that doesn’t mean potatoes are political.

Anyone can take that same software, that was created as a particular political statement, and use it for the completelly opposite political reasons to make a completelly different political statement. Just the same way as many have used songs in contexts that are completelly politically opposite to what the original author of the song intended.

In the end, the only thing that’s political is the goal/purpose/motivation of an action, not the result of the action. No piece of software/hardware/thing is political when you dettach the artist from the art and just see it for what it is, regardless of what the author might have wanted you to see it as.