drspod

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

drspod,

Here is the actual link: humblebundle.com/…/everything-you-need-to-know-ab…

Hyprland is a toxic community (drewdevault.com)

Hyprland is an open source Wayland compositor based on wlroots, a project I started back in 2017 to make it easier to build good Wayland compositors. It’s a project which is loved by its users for its emphasis on customization and “eye candy” – beautiful graphics and animations, each configuration tailored to the unique...

drspod,

These are not Drew’s words, he is quoting something said by the project dev. The context that the previous commenter ommitted is:

Following my email conversation with Vaxry, he appeared on a podcast to discuss toxicity in the Hyprland community. This quote from the interview clearly illustrates the attitude of the leadership:

[A trans person] joined the Discord server and made a big deal out of their pronouns […] because they put their pronouns in their nickname and made a big deal out of them because people were referring to them as “he” [misgendering them], which, on the Internet, let’s be real, is the default. And so, one of the moderators changed the pronouns in their nickname to “who/cares”. […] Let’s be real, this isn’t like, calling someone the N-word or something.

drspod,

Is Hyprland violating someone’s copyright?

drspod,

So why do they need to remove it?

drspod,

What servers? It probably stores a few KB of data per player.

drspod,

Couldn’t they just release green version and yellow version when they reach the first threshold, ad infinitum?

drspod,

An open source project backed by a corporation that sells support. And… the open source community almost instantly turns on that and decides they are evil

Redhat was the golden child of the open source community, the paragon of open source success stories, until fairly recently.

Canonical was also very highly respected until they started putting Amazon ads into people’s menus.

It is not something that happens instantly for no reason, it’s because of the need for these companies to squeeze every last drop of revenue out of a product to appease shareholders. Open source companies can, and do, thrive without screwing their communities over. The problem is the mindset that creating value for shareholders is the only thing that matters.

Why fediverse clients reinvent the C2S APIs and don't use ActivityPub?

I’m reading the ActivityPub spec here and it seems pretty fit for client-to-server communications. Yeah, it might be somewhat bulkier than your typical rest api, but it’s more universal, which begs the question: why do mastodon and lemmy both decided to implement custom (and incompatible) APIs for their clients to talk to...

drspod,

Postel’s Law is relevant here. Conservative in what you send (simplify the schema of the data on the wire) and liberal in what you receive (put the complexity for interpreting that data in the client).

drspod,

KSMBD is also important in that placing such core server functionality right inside the kernel represents a significant potential attack surface for crackers. As one comment on Hacker News said “Unless this is formally proven or rewritten in a safer language, you’ll have to pay me in solid gold to use such a CVE factory waiting to happen.”

Words to live by.

drspod,

What this guy found in Austria is actually illegal under EU consumer protection law.

Misleading price reduction claims

Price reduction claims such as “was € 50, now € 25” can be misleading if the initial selling price (known as “anchor price”) has been inflated. In all EU countries traders are obliged, when offering a discount, to indicate the lowest price applied to the item at least 30 days before the announcement of the price reduction. This information allows you as a consumer to assess whether the discount is genuine or not.

europa.eu/youreurope/citizens/…/index_en.htm#shor…

drspod,

DF also made a video about the latest patch on consoles: Star Wars Jedi Survivor’s New 60FPS Mode - A Massive Improvement? PS5/ Xbox Series X/S Tested!

drspod,

will that cause me problems on a headless server if I get a power outage and need to reboot? I think yes

Maybe I’m missing something obvious, but what is the problem that you anticipate with LVM after a power failure?

drspod,

Ah, you’re talking about LUKS. LVM is just the volume manager.

The standard way is to add an sshd (such as dropbear) to your initramfs so that you can ssh in and run commands (such as entering the root partition password) during system boot.

See:

unix.stackexchange.com/…/ssh-to-decrypt-encrypted…

drspod,

It only takes one paying customer to take the published FOSS code from the commercial software and re-distribute it for everyone to benefit from the commercial modifications made to it. That’s the point, a commercial use of the software can not make the source proprietary.

This is what Redhat recently found out when they tried to hide their RHEL source behind a paywall. Attempting to tie the hands of their customers with an additional license agreement forbidding distribution of the source is a violation of the GPL.

drspod,

Lemmy collapses cross-posts in your timeline so that you only see one of the posts.

drspod,

It says under the post:

cross-posted to: worldnews [email protected] feminism [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

drspod,

Just the dekstop website. It says it’s running version 0.18.4.

drspod,

The Kaspersky analysis noted that the malware contained comments in the shell scripts written in Ukrainian and Russian, and used malware components detected in previous malware campaigns since 2013 that presumably have been attributed to a specific group.

FTA:

Meanwhile, the postinst script contains comments in Russian and Ukrainian, including information about improvements made to the malware, as well as activist statements. They mention the dates 20200126 (January 26, 2020) and 20200127 (January 27, 2020).

Having established how the infected Free Download Manager package was distributed, we decided to check whether the implants discovered over the course of our research have code overlaps with other malware samples. It turned out that the crond backdoor represents a modified version of a backdoor called Bew. Kaspersky security solutions for Linux have been detecting its variants since 2013.

The Bew backdoor has been analyzed multiple times, and one of its first descriptions was published in 2014. Additionally, in 2017, CERN posted information about the BusyWinman campaign that involved usage of Bew. According to CERN, Bew infections were carried out through drive-by downloads.

As for the stealer, its early version was described by Yoroi in 2019. It was used after exploitation of a vulnerability in the Exim mail server.

drspod,

part of the plan from day one of the web 2.0

Ah yes, XMLHTTPRequest, the ultimate bait-and-switch.

Malicious Google Search Ads can now fake the displayed URL to push malware downloads (www.bleepingcomputer.com)

Most people know at this point that when searching for a popular software package to download, you should be very careful to avoid clicking on any of the search ads that appear, as this has become an extremely common vector for distributing malware to unsuspecting users....

drspod,

AFAIK even legitimate ad clicks will first direct to an analytics platform before redirecting to the destination site, so that they can track click through rates and where the referral came from. So it is unlikely that ad links will actually go to the website you expect them to even in normal scenarios. It is actually this mechanism that the malicious ads described in the article are using to fake the display URL.

Windows pc calling home (even while asleep) (lemmy.dbzer0.com)

I have a network-wide pi hole and I noticed that it requested activity.windows.com, a url blocked by my pi hole, even while my pc is suspended. I pinged 10.0.0.217 and it is currently unreachable. So, somehow, windows pc’s turn on networking, phones home, and turns off even while suspended....

drspod,

the folder Music>Pictures (the regular Pictures folder… for some reason that’s where it is) is open in explorer.

This sounds like the kind of thing that might happen if you have some kind of automatic sync set up, like when you plug your phone in and it automatically copies photos, or perhaps a cloud service that’s syncing photos?

drspod,

I started the video thinking “huh, that’s neat I guess” and then I was more and more impressed as the video went on. This would be pretty revolutionary in how it could change your workflow. It’s the kind of feature that would get me to switch from Gnome to KDE if it was only supported fully in the latter.

drspod,

7-zip supports just about every archive type (including rar files) and it’s Free Open Source Software.

drspod,

I can’t go back to a phone where I can’t re-lock my bootloader after installing a custom ROM

Is this something that only certain models of phone are capable of doing? Or is it a new Android/hardware feature that only new phones have?

drspod,

If you assume the average employee makes $100,000, … then their labor costs in salary alone are around $770,000,000

How in the name of fuck does Unity have 7700 employees?!

drspod,

*Godot

drspod,

This reminds me of simpler times.

drspod,

The article mentions how to check for infection:

If you have installed the Linux version of the Free Download Manager between 2020 and 2022, you should check and see if the malicious version was installed.

To do this, look for the following files dropped by the malware, and if found, delete them:


<span style="color:#323232;">/etc/cron.d/collect
</span><span style="color:#323232;">/var/tmp/crond
</span><span style="color:#323232;">/var/tmp/bs
</span>
drspod,

Yeah I agree, sorry about that. I thought that the body-text field was mandatory to fill in, so I used the introductory paragraph from the article so as not to editorialize.

drspod,

and it could abusing the bandwitdh limitations of the source site by using multiple parallel connections that pulled on different file chunks

Also for files which had multiple different mirror sites you could download chunks from multiple mirrors concurrently which would allow you to max out your bandwidth even if individual mirrors were limiting download speeds.

drspod,

The key thing to know is that a client can do an HTTP https://en.wikipedia.org/wiki/HTTP#Request_methods request to get just the Content-Length of the file, and then perform GET requests with the https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Standard_request_fields request header to fetch a specific chunk of a file.

This mechanism was introduced in HTTP 1.1 (byte-serving).

drspod,

TLDW: 8 minutes of vacuous navel-gazing which could have been distilled to the following 4 sentences:

But who involves themselves that much with games? Critics, journalists and enthusiasts. But what percentage of the whole do these people make? If you’re watching this video right now I imagine you’d be considered an outlying statistic a few steps away from the average demographic the industry continues to target.

drspod,

… based on Debian, yes.

Undervolt stable on Windows but crashes on Linux

I undervolted my CPU about a year ago and haven’t had any issues with it till now. I’ve been dual booting Linux recently and noticed whenever I was in Linux it would crash/reboot after a couple of hours or less of using it. I noticed the behavior was similar to when I set the voltages too low when initially setting up the...

drspod,

What kernel version are you running? I’m no expert but I’m pretty sure that Windows and Linux handle Ryzen power states differently, as there have been some changes to the kernel recently to improve power state handling on AMD. I don’t know whether the latest kernel would fix the issue but might be worth a try to rule that out.

drspod,

The ads are legitimate and paid for but disguise themselves as the website or software the user is searching for.

That is not what “legitimate” means.

drspod,

Don’t blame the victim.

drspod,

Same. What a disappointment that was. Mobile-style time-gating and microtransactions in a PC game.

drspod,

I was thinking about this recently too. I’d like to have a “session” per window that I can open and close and resume at any time. Instead of having to load all or nothing at browser startup.

drspod,

Tencent Games strategic advisor Shawn Layden …

Non-endemic companies such as Google and Amazon are among the biggest threats to the games industry.

That’s according to former PlayStation boss Shawn Layden, who shared his thoughts on the future of games during the keynote at last week’s GamesIndustry.biz Investment Summit in Seattle.

The irony is palpable throughout this entire article.

drspod,

Yeah. RISC is good.

drspod,

A Starfield player has credited the sci-fi game with saving their life after they stayed up late to play it and was awake when their apartment complex caught fire.

u/Tidyckilla took to Starfield’s subreddit over the weekend to report their amazing escape, saying that if they hadn’t been awake “bingeing” the game when the fire broke out, the player and their wife would likely have “died to smoke inhalation”.

Saved you a click. Website is trash anyway.

drspod,

Hopefully they’ll at least reopen Antonio’s Nut House.

voxel, (edited ) to privacy
@voxel@infosec.exchange avatar

deleted_by_author

    •
    drspod,

    Is it too long to post the article text on Lemmy? There’s some irony in posting a privacy article and putting it behind a URL-shortener.

    drspod,

    The translation feature is based on the Bergamot project to provide users with a privacy-aware translation engine where the translation is done locally using machine learning, it’s never sent to a third party, and it’s optimized for consumer hardware.

    Neat!

    drspod,

    Debian is upstream from Ubuntu, so Canonical shenanigans will not affect Debian users.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •