jasondj

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

jasondj,

IME the more focussed/narrow/niche the subject is, the longer the channel will remain quality.

More importantly I think is if the channel owner is someone who truly enjoys their content, or someone who’s just enjoying celebrity and found a way to do it.

This is like Green brothers vs Fein Brothers.

8 bit guy, Nostalgia Nerd, Modern Vintage Gamers…great channels by people who are passionate about their content, still giving out great videos year after year.

AVGN? Ass. Shit. Ass covered in diarrhea shit. He made his fame off being an edgelord and that only works so long. Still check in every now and then but when he had guest appearances by Gilbert Gottfried and Macaulay Cullen he really jumped the shark.

jasondj,

Based on the order in which bits of his brother were removed from him, I’d assume not.

jasondj,

It’s not that simple. The user has to hold the key. And with cloud you want it to all be accessible from all of a users devices. And with a public service you can’t count on the user to be savvy enough to use their certificates.

Of course the fix to that is that the key is stored in the account.

But then Google has the key and can decrypt it.

So then the key itself has to be encrypted. And with what? The users weak ass-password?

All encryption has to begin with something that’s known, and the weaker that initial secret, the weaker the entire system below it.

jasondj,

Just let me pay for PBS kids without going through Amazon please. I’m a goddamn sustainer ffs. I want my kids binge watching Reading Rainbow. For my kids. Just them. Not because Levar Burton is dreamy. No. Just for the kids. Trust me. If I needed a Levar Burton fix I’d just listen to Levar Burton Reads podcast. His voice is enough for me.

jasondj,

Hopefully these kids at least have good benefits. Poor little guys gotta start out putting their tooth fairy money in an IRA if they hope to be able to retire by the time they’re 85.

jasondj,

Did you pay by the SLOC?

jasondj,

Well, you do. You just don’t know it or like it.

jasondj,

You can’t really go anywhere on the internet without using Google in some capacity. Cookies and trackers in all the things. Ads aplenty, and blocking them is perpetually an arms race.

jasondj,

Guidance for preschools around me is for them to brush kids teeth after every meal that’s served at school.

That was recently reinstated after being suspended for a couple years and the teachers are practically (as much as they legally can) begging the parents to sign the waivers to opt their kids out of it. I don’t blame them. It seems excessive and it’d take a ton of time for two teachers to scrub a dozen or so sets of toddler teeth, while also controlling said toddlers while they wait for everyone to finish.

jasondj,

There’s other factors than just brushing your teeth but brushing is probably the easiest factor that most people can reasonably take control of.

Genetics, obviously you can’t do much about. But you can avoid sweets and decide not to get pregnant (hormonal changes during pregnancy can cause mouths to get more acidic and make plaque harder to remove, and can also soften the gums and bones that hold teeth in, or even weaken the teeth directly). Also, if you want nice teeth, it’s especially important to abstain from smoking crystal meth. And that’s even more important during pregnancy.

But telling everybody “brush twice a day for two minutes” is a small ask with huge returns.

jasondj,

That’s not true. They understand money. Even a little Latin. Like “Quid pro quo” and “caveat emptor” and “tangunt liberos inepte”.

jasondj,

Never saw this guy before but I like his style. Subscribed.

jasondj,

Weasley House IRL.

jasondj,

They don’t just have windows. They have LOAD-BEARING windows.

jasondj,

eBay really has one of the best search engines around, IMO.

Once you know how to use parenthesis, quotes, and minus, you can build very precise queries.

jasondj,

At a certain scale that becomes impractical and you have to use CDNs and cloud compute, or you’re big enough to build your own.

jasondj,

For real I had a 2003 Hyundai Tiburon a while back. Went to a tool consignment store. Saw a full sized tablesaw with stand. Owner told me he’d give me $25 off if I could fit the whole thing in my Tiburon…and I did. And it wasn’t even hard.

jasondj,

Would’ve been better if you hinted that the mother was German too. Like, have him refer to her as “Oma” or something.

Like, idk about where, but in American English, if you’ve got a 1st-gen grandparent, a lot of English-only kids refer to them by the terms in their grandparents language. Especially Greeks, Germans, and Latin-Americans.

jasondj,

I think most Americans know who Oma, Abuela, and Ya-Ya are, just from cultural immersion. Can’t speak for the rest of the world.

jasondj,

How much is a Magimix? An entry-level Vitamix is “only” $300, but when I compare that to the amount I spent on my Ninja and various other sub-$100 blenders that I’ve burnt through or broken down in the amount of time I’ve owned my base-model vitamix, $300 is a fucking bargain.

jasondj,

Really?

I’ve heard some really mixed reviews on it.

jasondj,

🙄

jasondj,

This is why I think that the lines should be owned by the municipalities (or a multi-community partnership) and access to them resold. Not even just for fiber, do all of them. The town already handles the water and the sewer, why can’t they lay the pipe for the gas?

They don’t need to be the ISP, or the cable company, or electric company, or whatever (though they can be). Just own and maintain the infra. Obtain right of way. Lease access.

What can we do about major sites blocking VPN providers?

I use ProtonVPN for everything, and I’ve started noticing more and more sites simply blocking me if I try to connect to them through ProtonVPN. As much as it sucks, I’ve more or less become acclimated to having to deal with an increased number of captchas while using a VPN; but I’m pretty angry about being blocked...

jasondj,

At least they got that far.

There’s a good reason as a web server to block anonymizing VPNs. Turns out the bad guys use them too. Who knew.

jasondj, (edited )

Yeah, except you aren’t supposed to TOFU.

Literally everybody does SSH wrong. The point of host keys is to exchange them out-of-band so you know you have the right host on the first connection.

And guess what certificates are.

Also keep in mind that although MS and Apple both publish trusted root lists, Mozilla is also one of, if not the, biggest player. They maintain the list of what ultimately gets distributed as ca-certificates in pretty much every Linux distro. It’s also the source of the Python certifi trusted root bundle, that required by requests, and probably makes its way into every API script/bot/tool using Python (which is probably most of them).

And there’s literally nothing stopping you from curating your own bundle or asking people to install your cert. And that takes care of the issue of TOFU. The idea being that somebody that accepts your certificate trusts you to verify that any entity using a certificate you attach your name to was properly vetted by you or your agents.

You are also welcome to submit your CA to Mozilla for consideration on including it on their master list. They are very transparent about the process.

Hell, there’s also nothing stopping you from rolling a CA and using certificates for host and client verification on SSH. Thats actually preferable at-scale.

A lot of major companies also use their own internal CA and bundle their own trusted root into their app or hardware (Sony does this with PlayStation, Amazon does this a lot of AWS Apps like workspaces, etc)

In fact, what you are essentially suggesting is functionally the exact same thibg as self-signed certificates. And there’s absolutely (technically) nothing wrong with them. They are perfectly fine, and probably preferable for certain applications (like machine-to-machine communication or a closed environment) because they expire much longer than the 1yr max you can get from most public CAs. But you still aren’t supposed to TOFU them. That smacks right in the face of a zero-trust philosophy.

The whole point of certificates is to make up for the issue of TOFU by you instead agreeing that you trust whoever maintains your root store, which is ultimately going to be either your OS or App developer. If you trust them to maintain your OS or essential app, then you should also trust them to maintain a list of companies they trust to properly vet their clientele.

And that whole process is probably the number one most perfect example of properly working, applied, capitalism. The top-level CAs are literally selling honesty. Fucking that up has huge business ramifications.

Not to mention, if you don’t trust Bob’s House of Certificate’s, there’s no reason you can’t entrust it from your system. And if you trust Jimbo’s Certificate Authority, you are welcome to tell your system to accept certificates they issue.

jasondj, (edited )

But you only really need one to say it’s authentic. There are levels of validation that require different levels of effort. Domain Validation (DV) is the most simple and requires that you prove you own the domain, which means making a special domain record for them to validate (usually a long string that they provide over their HTTPS site), or by sending an email to the registered domain owner from their WHOIS record. Organization Validation (OV) and extended verification (EV) are the higher tiers, and usually require proof of business ownership and an in-person interview, respectively.

Now, if you want to know if the site was compromised or malicious, that’s a different problem entirely. Certificates do not and cannot serve that function, and it’s wrong to place that role on CAs. That is a security and threat mitigation problem and is better solved by client-based applications, web filtering services, and next-gen firewalls, that use their own reputation databases for that.

A CA is not expected to prevent me from hosting rootkits. Doesn’t matter if my domain is rootkits-are.us or totallylegitandsafe.net. It’s their job to make sure I own those domains. Nothing more. For a DV cert at least.

Public key cryptography, and certificates in particular, are an amazing system. They don’t need to be scrapped because there’s a ton of misunderstanding as to its role and responsibilities.

jasondj,

You are missing half the purpose of PKI. Identity is equally, if not more, as important as encryption.

Who gives a shit if your password is encrypted if somebody intercepts DNS and sends yourbank.com and makes it go to their own server that’s hosting a carbon-copy of the homepage to collect passwords?

And DNS isn’t the only attack vector for this. It can be done at the IP level by attacks that spoof BGP. It can be done by sticking a single-board computer in a trashcan at a subway stop. Have it broadcast a ton of well-known SSIDs and a ton of phones in the area will auto connect to it and can intercept traffic. Hell, if not for trusted CAs, it’d be very easy to just MITM all the HTTPS traffic anyway.

In reality, you would tofu the first website you went to and not know if it got intercepted or if they just rotated keys (which is also a common security practice and is handled by renewing certificates and part of the reason why publicly-issued CAs are trending down the life of certificates and it’s not a big deal for admins because of easy automation technology. HSTS and cert pinning is more of a PITA but really barely any effort when you consider the benefits of those).

Now, what certificates don’t protect, nor claim to protect, is typosquatting. If you instead go to yorbank.com, that’s on you, and protecting you from a malicious site that happened to buy it is the job for host-based security, web filters, and NGFWs.

jasondj, (edited )

9% of 3 is easier to estimate because you know it’s “almost 10% of 3”. Or, since 10-1==9, you could think of it as (10% of 3)-(1% of 3) and get the right answer using some other shortcuts. Humans being generally pretty good at base10, this is easy to figure out in your head as (0.3 - 0.03) and get 0.27.

Or, you could do what another commenter suggested and “3% of 9” can broken down as (3/100)•(9/1), becomes, (3•9) / (100•1), becomes 27/100, becomes 0.27. And that can be simplified as xy/100.

Different tools for different jobs. Base10 tricks are good for stuff like figuring out, say, a 15% or 20% tip, because you can easily figure out a 10% tip just by moving the decimal one space to the left, and add half of that (for 15) or double it (for 20). Or half and half again for (almost) 18%. xy/100 is a good trick for figuring out small percentages like sales tax (unless you’re in a place like Mass where it’s 6.25 and you gotta change it now to 625y/10000. At that point I’d just estimate at 6 in my head, or if I had to solve it mentally do (6y100) + ((1y100)/4).

jasondj,

Idk if it’s the weed, the adderall, or the ADHD, but this thread is everything I need in my life.

jasondj, (edited )

Honestly I recently switched to vyvanse and I don’t actually smoke to get high (at least not until the kids are in bed). I just microdose a bit throughout the day and it balances out the vyvanse. Like, the stimulants alone are just a little bit too much for me. The combo, though, I can dial in just right.

But weed alone always made me fixate on arithmetics. And then stims turn that up to 11.

jasondj,

Seriously, these cases seem like giant nothingburgers.

Did you expect that your car wouldn’t have your text message when it’s displaying it on the screen or reading it out loud?

Now, is there malicious intent? Can they be retrieved by technicians at the dealership if your phone isn’t plugged in? Is it forwarding them back to Honda Corporate or Zuck himself? If so, that’s a significant problem that would probably belong to Android Auto and Apple CarPlay…they should be storing them encrypted and only be able to decrypt them when the phone is connected. But I don’t see any mention of that in the article.

jasondj,

But tons of stuff would have to get sync’s every time you connect your phone. Better to have them cached, encrypted at rest, decrypted by key stored in the phone, and just do a diff-sync.

This should be very easily possible with CarPlay and Android Auto. I have no idea if it does or not. But as Apple and Android both control both their respective app and the OS of the attached phone, there’s no reason it can’t (and even pre-compile diff packages for known cars, or expire and purge both sides after X days without a connection)

That may not be true for regular old Bluetooth though…which likely has more to gain in performance from caching the resources due to BTs limited throughput, but also has to conform to standards.

jasondj,

Their citation for that is their own article, which doesn’t mention anything about selling data from phones, but does talk about cars generating upwards of 25GB per hour of raw telemetry data. Again, mostly uncited.

The point of that line is to drive intra-site clicks and mislead you into getting more upset and drive the ever important “engagement”. Unfortunately a common theme in modern media.

jasondj,

How close is this stuff to HP’s Cyan?

jasondj,

Dude has so many rants on it too. He just released another one yesterday I think (reverse alarms).

jasondj,

Oh, yes, little B😉bby ┬──┬s, we call him.

jasondj,

This. Jeans are also far more comfortable on the 2nd+ wear.

jasondj,

Know what I like the most?

Cake farts.

jasondj,

Went to go see Book of Mormon yesterday w/ my wife.

She hadn’t seen it before. I went a few years ago, but she had the flu so I ended taking her brother at the last minute then.

I told her it’s from one of the creators of Southpark, and South Park is a lot tamer now than it was in the 90s. And that it’s on Broadway so it’s high-art. Which might work for a lot of the first act save for the occasional toilet or shock humor. Totally thrown out the window by the end though.

jasondj,

What is flirting but a good conversation with some complimenting and occasional teasing?

I really wish when I was younger people hadn’t put the title of “flirting” on having a fun conversation with people of the opposite sex, and put it on the checklist of getting a date. If people had just said “be yourself and try to have fun”, around all intersections (and not just as cheesy dating advice when talking about the opposite sex) I probably would’ve been a lot more successful in forming relationships in my teenage years.

jasondj,

When was it economically viable to replace hand-sewn lumber with lumber mills?

Then they went and made portable electric saws. What a world!

And then electric drills! And laser levels!

Remember paper ledgers and abacuses? Ever hear of Microsoft Excel?

We keep making tools that always increase productivity and reduce time and cost. It’s Constant incremental progress, and on a large scale it’s great because it frees up (human) resources to focus on new industry and technology, which furthers the CIP. On the micro scale, there may be a small number of temporarily displaced workers as jobs shuffle around and workers re-skill.

But at this particular intersection of technology, we are at a pretty bad spot. We are on the verge of massive progress in multiple industries, and wealth has concentrated in the elite classes. “Temporarily displaced workers” won’t have the capital to re-skill or invest their own resources into new industry. This is bad.

jasondj,

I’m sorry, I’m only a novice Python guy. Know enough to get two RESTful APIs to talk to each other and do some network automation or rudimentary Ansible plugins.

What’s wrong with if isinstance(x, str):?

jasondj,

Revoke their citizenship. Drop them down to documented aliens. Let them earn their citizenship back the same way immigrants do, after a probationary period, of course. And in addition to prison time.

Can imprisoned persons legally naturalize anyway? Normally they would just get deported.

jasondj,

Don’t say doing your wife…
Don’t say doing your wife…
Don’t say doing your wife…
…doing your…son?

jasondj,

A good stepping stone product, but netbooks weren’t destined to last long. Beyond the rosie tint of nostalgia, it was a pretty impractical device. Good enough display for DVD video, but no dvd drive or enough onboard storage to handle a selection of movies (at an acceptable encoding for the time, at least). Big enough to require a flat surface or a lap to type on but not powerful enough to justify it, and a very cramped typing surface at that.

Eventually they got replaced by tablets/convertibles, large phones, and ultrabooks. And all much better platforms in all ways, IMO.

jasondj,

You don’t have to buy one with a window.

Hell I saw fridges with Android screens and I’m like hell naw. I did get a smart one so I can get notifications if the kid leaves the door open and so I can track power consumption over time without sticking a kill-a-watt in a really tough spot. But the Android systems they put in fridges feel obsolete on the showroom floor. Absolutely embarrassing, and probably completely useless after about 4 or 5 years when Android stops supporting the SoC and when you stop getting root certificate updates and start getting SSL errors on every page and app.

jasondj,

Like the Gwyneth Paltrow stuff?

Or the 90s mechanic soap? Does that still exist? I don’t know.

jasondj,

I’m a big fan of retired systems for every day use. A 14 year old server has more function as a space heater and whitenoise generator than a desktop, though.

7th-8th gen Intel retired corporate desktops and laptops from Dell/Lenovo/HP are a dime a dozen on eBay man. Lenovos tend to run Linux very well out of the box. And Linus himself sent his daughter to college with a Dell XPS.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •