Threads for caioalonso
-
caioalonso
2 years ago
|
link
| on:
What is this Gemini thing anyway, and why am I excited about it?
I implemented my little website (gemini://caioalonso.com) this weekend after reading Drew’s article, as an attempt to understand Gemini a bit more.
The Web is overly complex and has endless scope–and it can be said that this is because society is endlessly complex–but we don’t seem to agree on the scope of this new, small Web. Everyone has a different subset of the old Web in their minds as what is the Ideal. If we use the subterfuge of saying ‘well anyone can deliver any MIME type they want’ then we’re just moving the complexity to having many different parsers or a single parser (like the traditional Web browser) that can display (and compute) anything and we’re back to the same problem. If we don’t define and accept scope then the final scope will be Turing completeness because that is the underlying feature set of computers.
How can we objectively say that we’ve got enough functionality? Will it ever be enough?
-
-
This is a sad day. It’s quite a shame, uMatrix is always the first addon I install. It’s 100% essential for me.
I know it’s still usable, but now the addon is unmaintained and unsupported.
At least I now have a reason to learn JS.
-
-
I have been using uMatrix daily for a few years now. I’ll make sure to contribute to any fork that gets more attention.
-
-
I would financially support a fork of Firefox with all the garbage removed. The home page bullshit, Pocket, all the automatic requests made without user action, and more that I probably don’t know of.
-
At least Firefox does allow us to disable anything we don’t want/need.
-
Not everything. Try running Wireshark before you open Firefox and see if you can configure it to produce zero requests on startup. I tried that last week and there was a request to firefox.settings.services.mozilla.com that I think there’s no about:config setting to disable.
Also, there is the fact that when opening a fresh install of Firefox for the first time you’ll make requests to a bunch of random companies, like Facebook, Google etc. The only way to protect yourself from that is to know it beforehand and disable it via user.js before opening the browser. I don’t think that’s right and I wish I could prevent my browser from telling these companies about me. These things should be opt-in in my view.
-
If you disable your internet connection before launching Firefox for the first time, would that give you an opportunity to turn everything off without making extra requests first? I agree that it’s crappy that this is even necessary, but maybe this is a simpler workaround than tweaking user.js?
-
Good idea!
-
-
-
-
https://www.userchrome.org/megabar-styling-firefox-address-bar.html#mbarstyler
This is not an acceptable solution, by the way: like many organizations, Mozilla needs to get better at incorporating feedback and reverting bad changes. But you did claim it was impossible to undo the megabar, when it’s actually perfectly doable. I also figure that a lot of people would be interested in knowing this.
-
-
-
This isn’t correct. Look at what’s happening with forced updates, for example. Right now I keep installs performed as Administrator (and run as regular user) so the user can’t update, which results in Firefox throwing up dialogs complaining that it can’t update itself. I think I need to go back to building from source just to remove this garbage, but even building from source is more convoluted than it used to be due to sprawling dependencies.
-
You made me realize that this is why Mozilla has zero interest in making an Electron equivalent with Servo.
A Firefox-like browser without the Firefox corporation would be a huge hit and thus unmonetizable.
-
-
-
Me too, very much so. Mozilla jumped the shark years back and their attitude does not seem to be improving. Its flagship really deserves a long trip through a detox and weight loss boot camp. It would be a significant effort, though; here are some interesting case studies from Cliqz (RIP) and ungoogled-chromium.
-
-
Why RIP? Cliqz seems to still be active.
-
-
Holy hell wtf.
Damn.
-
-
-
-
There is IceCat [ https://www.gnu.org/software/gnuzilla/ ], though it’s based on ESR releases.
-
-
Its funny that this email is formatted to 71 columns.
-
-
What’s with the weird subdomains https://https.www.google.com.tedunangst.com ?
-
-
More info on the void subreddit https://www.reddit.com/r/voidlinux/comments/an14qn/juan_rp_is_back/
-
Can we please stop using the “Make X Y Again” schema for advertising things? I know there is no ill intent behind this but some of us are directly affected by the policies and rhetoric that comes out of the very much sincere desire to roll back progressivism by decades.
-
Your comment is off-topic.
You reasonably observe that the name of the project is derivative, acknowledge that the author bears you no ill intent, but nevertheless suggest the project name is harming you and yours.
You don’t address the author, you don’t talk about Medium as a platform, you don’t talk about blogging or anything apparently connected to the article. Your comment is a generic complaint. (Applies to any submission matching your pattern.)
We’re a community of practitioners. We show (create, invest, fix), rather than tell (scold, beg, demand).
-
The title of this project is a riff on a political slogan that itself is a riff on various fascist slogans throughout history. Making a joke of it by using it as the name of a browser extension is, at the very least, in poor taste. The commenter you responded to made a polite request to the community to stop doing this thing that is in poor taste. There was no need for them to address the substance of the project because the comment was only concerned with the choice of title. In terms of scolding/begging/demanding, I see more of that in your comment than in the one you responded to.
-
Apologies for the off-topicness, but are Mel Brooks’ Hitler jokes/comedy in bad taste? Can something horrible be alleviated by ridiculing it?
This is a philosophical question that doesn’t wven account for the author’s intent with the naming.
And on the other side, would “Medium we can believe in” or “Medium we can” be more acceptable or less, and to whom?
A rose by any other name… It seems to be a somewhat useful browser addition regardless.
-
Can something horrible be alleviated by ridiculing it?
Yes, somewhat, and only if actually done well. (And even then, sometimes the supposed object of ridicule can miss the point entirely and embrace whatever the “joke” was about.)
I guess the point is, naming entirely unrelated things with the same pattern (“Make X Y again” here) is not comedy! It’s literally just spreading the slogan.
-
-
-
You can’t ignore politics when they are no longer ignoring you. However much you may think that Lobsters is a domain of pure, unadulterated reason and everything unreasonable is offtopic, the linked software decided to make a political slogan ontopic.
You’re grandstanding here about how neutral Lobsters is, but there’s no neutrality on this moving train, and telling people to shut up about the politics that affects them isn’t nice.
-
-
Yeah, wouldn’t that be something…
:-/
-
-
-
Fine, let’s discuss ethics.
Calling a playful riff on the MAGA slogan”putting googly eyes on a swastika” is bullshit. It’s the same authoritarian communist rhetorical technique that the East German government used when they called the Berlin Wall the “anti fascist defense wall”. I’m not a huge fan of Trump myself, but I’m even less of a fan of the anti-Trumpist faction in American politics characterizing Trump’s policies as literally Nazi-like so they can feel justified in weaponizing the social norm that “Nazis=bad” in western society against their poltiical enemies.
Nothing the Trump administration is doing is in any meaningful way close to the bad things that the Nazis did - frankly most of what he’s been doing are the same things that every post-WWII American presidential administration has done, just with less high class verbiage to describe it. The people who claim otherwise are doing so in order to make themselves feel like they’re morally-righteous crusaders instead of people having ordinary political disagreements in the American political system.
Lobsters isn’t a political discussion forum, but if people are going to say that nonpolitical articles that happen to reference the current US President’s campaign slogan should be considered forbidden, you’re already bringing politics into the space, and you shouldn’t expect that your particular poltics must go unchallenged. There’s nothing wrong with the title of the article, and people claiming otherwise are making a backhanded political argument that Trump is Bad on a technical forum.
-
-
And yet despite being in good company, it is the only one flagged to death, because it comes from the perspective of the wrong tribe.
You see why I object to politics and “ethics” discussions? This is sort of the reason why–people don’t get a fair shake.
-
This is a tough problem to solve, for sure.
I am among those who have flagged it as off-topic, as per @alynpost ’s comment here
https://lobste.rs/s/f4t0y2/make_medium_readable_again#c_ty2pp6
(based on my understanding, posted here: https://lobste.rs/s/f4t0y2/make_medium_readable_again#c_szkkme)
As both this downvote and the one I made on the other post were made in affect, I have removed them both.
-
-
-
-
-
-
-
How does one show, create, invest or fix in response to a negative pattern like the “Make X Y Again” headline?
-
Indeed. I suppose one could suggest an alternate name for the project, in which case I will propose “Readable Medium” as a straightforward name for a browser extension that would entirely avoid any political connotations that only serve to distract from the substance of the project.
-
-
If the title of the project bothers you, open an issue and try to convince the author of your point. If not possible, fork it.
-
-
I downvoted this comment as “incorrect” but I have since reconsidered and removed my downvote.
I initially read the comment to mean “never discuss anything political, (as defined by us the community*) on this site”.
I know hope it reads “please feel free to discuss things political, but the focus should be on the technical contents of the submitted post”.
In this spirit, I will submit a comment that both reflects my opinion on the linked content, and will serve as a template for an acceptable comment that also addresses the political/ethical implications.
[start comment]
This project strikes me as useful for now, but ultimately reactive. It’s easy for Medium to redesign their site to defeat the circumvention, and the developer and users will engage in a game of whack-a-mole to keep up.
It’s a similar situation with ad blockers, with the significant difference that the market for ad-free browsing is much larger than the market for reading Medium without a bunch of banners.
This segues nicely into the problems with Medium’s business plan. Ultimately, it’s just Wordpress.com with a nicer editor and draconian rules about CSS. There’s really no reason to pay for Medium apart from the content, and the content, for me personally, seems mostly to be cryptocurrency boosters nowadays. Essentially it’s content as a commodity… there has to be a critical mass of writers who are only available on Medium for it to be worth paying for.
If Medium promised a cleaner reading experience as part of a paid tier, that would maybe help?
As to the name of the linked project - it’s unfortunately hard to detect irony on the web, and considering the “alt-right” has had some success in shifting the conversation by “pretending” to be racist, saying it’s for the “lulz”, I am prepared to automatically assume that someone who seems to do the same is either on the same side as this political faction, or insensitive to how they appear by choosing this name.
Personally I would add the name choice as a negative in evaluating this project.
[end comment]
If anyone upvotes or downvotes this comment, please let me know if it was because of the content, or the presentation, or the meta-narrative on how to handle political/ethical/sensitive submissions to the site.
* who represents this community is another question that deserves discussion but that’s for another time.
-
Good comment, upvoted. You address the content of the article first, make good points and analysis, and close with minor but reasonable speculation and an opinion–and you don’t go on a screed.
-
-
@gerikson, @jamesmacaulay, @JordiGH, @varjag I’ll reply to all of you at once in the interest of my time.
I have had folk observe that I’m prone to understatement. I may have done that here describing the project name as derivative, when I could have said political slogan (h/t jamesmacaulay) or dog whistle (h/t gerikson). Both would have been more accurate.
The de minimis statement I made supporting my off-topic claim was “Your comment is a generic complaint.” I then provided a test so the claim can be falsified: “[Your comment] applies to any submission matching your pattern.” This same test holds without regard to the sentiment of the comment. A similarly context-free comment supporting, rather than detracting, this political slogan, dog whistle, or derivative name would also be off-topic.
We know that naming things is hard. The problem is featured in a widely known joke. (“There are two hard problems in computer science…”) We also know that names can be chosen because they’re provocative. (“There’s no such thing as bad publicity.”) Discussing names gets the benefit of the doubt regarding topicality. The comment in question is off topic qua a kind of behavior.
Thank you all for your replies.
-
-
-
Can’t speak for others, but to me the original intent was clear given the context. But it’s hard to divorce the connotations of opression and hate from it. As @JordiGH said so eloquently, at this point it’s impossible to ignore politics as they won’t ignore you. Using this language will hurt people. I assume this wasn’t anyone’s intention by choosing this name, so I’m just trying to point this out hoping that when the next time comes around people can make a more informed decision.
-
-
-
What can Medium do to prevent stuff like this? Because I bet they’re going to go after people using these things if too many people start using them.
-
-
They could start focusing on readability again, which is probably the reason why things like this happen in the first place.
-
-
They can employ the same methods other sites have been using to prevent adblocking: changing the markup frequently to escape whatever filter is popular.
-
-
-
I don’t think they can do much to prevent it other than adding more and more changes that regularly break the extension, but this will always be a cat-and-mouse game.
-
-
I can’t look at this teardown without hearing AvE in my head.
-
I’ve just sent him the link. Let’s hope he decides to do a review of this magnificent example of overengineering.
-
-
-
-
Same here! I can’t help but feel AvE would do a much better teardown, not only looking at what’s there right now, but considering what’s blatantly missing from this article; what can be improved in the future! If those are machined gears then there’s no reason they can’t cut cost by sintering. The article says it’s so expensive to apply “thousands of pounds of pressure” completely ignoring that any home-gamer clamp can do the same.
It’s still an over engineered and expensive clamp, but I feel like the article is dishonest about where it is and where it can go.
-
A lot of these “unnecessarily machined” parts look to me like they were designed for casting but the tooling wasn’t ready for the scheduled first run (typical). They would be a lot cheaper in mass production.
The gears are OEM, they are not that expensive when you buy them by the thousand. You’d need to sell a lot of juicers to break even on sintering tooling for them (and machined gears are stronger), doesn’t make sense for a commodity part.
Overall I refuse to believe that the engineers who had enough skill and experience to design this and get it working are so blissfully unaware of production process costs. Simply doesn’t happen IRL.
-
-
-
pobrien
6 years ago
|
link
| on:
New attack steals SSNs, e-mail addresses, and more from HTTPS pages
I’m curious if a locked down CSP Header would help prevent sites from being exploited, although I guess it would depend on where the JS got loaded from. If the attacker was able to get malicious JS served from the site or an approved origin then this would still be exploitable.
-
It would certainly reduce the attack surface. I think using something like uMatrix is also a good idea.
-
-
When someone makes a typo there are 2 possible outcomes. Outcome 1: they are informed of their error and they can correct it or make an alias in their shell. Outcome 2: npm grows a new help option for every reported typo and eventually begins calculating the Levenshtein distance between the nearest valid option (an actual suggestion in the issue). Eventually typos make it into source code and scripts. Good luck grepping your codebase for usages of
npm install.Introducing this “affordance” to the user results in a cascade of increased complexity. Furthermore it’s not “just” complexity in the toolset, but an increased cognitive load on the programmer. What’s next? I can only imagine how frightening using node would be if
npm install packageinstalled some other random package off the internet.Please keep “did you mean” functionality limited to search UIs.
-
I guess if the user has such a problem with accidentally typing “npm isntall”, “npm unisntall” or “npm verison”, they should just create aliases in their own shell config instead of bloating the software.
-
-
-
-
This is a good complaint, but I think we need some suggestions on how we can convince programmers to be less stupid, because telling them to be less stupid just isn’t working.
-
Use tools with less features and more interoperability. Fork complicated projects and rip out useless features and call it “Lite/Secure”.
-
-
In what way? I thought do one thing well was all about delegating out tasks to programs which have devoted the time and energy into being secure. Could you please elaborate?
-
The “delegation” is itself a potential vulnerability. That’s not to say it has to be, but once tools can interoperate, people expect them to interoperate, and that causes trouble. Consider the venerable less program, which can execute dozens of not entirely secure helpers. They are each individually vulnerable, but less, through the powers of delegation and interoperability, has found a way to become the sum of their vulnerabilities.
-
-
-
-
Well, the funny thing is that while we can create tools to enforce security with an application (that is, to make sure an application is doing what it wants to do correctly, without introducing security holes), it is harder to restrict ourselves as programmers to stop our tools from growing options outside of their original scope (that is, to make sure our applications do only what they should do, from a philosophical perspective).
Both of these are security problems, and it’s something people try to get at with the term “attack surface.” When you add options, or add semi-out-of-scope convenience features to applications, you also increase the complexity of verifying the application is free of security flaws, and you increase the likelihood that some interaction between the application’s components or between the application and other applications will introduce security flaws.
All of this is to say that I don’t know if there is a way to do this that’s any better than teaching people, through hard-learned examples from history, that there are right and wrong ways to do this. If we start to view security flaws like failures in civil engineering, covering them in education with case studies and discussions of what went wrong, and with real care for pre and post deployment review of correctness and failures, then we might start to see things improve. In this light, something like Heartbleed becomes the Tacoma Narrows Bridge collapse. Something we teach new developers about, not just for the specific lessons of the failure, but the learned wisdom of how to avoid the same mistakes in a systemic fashion.
-
Thinking of a list of non goals (e.g. https://github.com/martanne/vis#non-goals) at the beginning of a project sure helps.
-
-
caioalonso
edited
7 years ago
|
link
| on:
WhatsApp, Used by 100 Million Brazilians, Was Shut Down Nationwide Today by a Single Judge
I’m brazilian.
The first case I remember of this happening was in 2007, when a brazilian actress was filmed having sex in a beach in Europe and that video was posted to YouTube many times. She sued (in Brazil) and some judge took YouTube down for one or two days.
At the time (if I remember correctly) it was implemented as some sort of DNS change, and those of us that used custom DNS servers could visit the site. I was able to help a few of my friends.
This time the WhatsApp servers seem to have been blacklisted. I’m not sure about port blocking or packet inspection. It was most likely a small change just to block the majority of the population that doesn’t know how to circumvent.
It is also interesting to remember a few facts:
1) The cellphone service providers in Brazil (Oi, Vivo, Tim, Claro) are also the largest fixed internet providers for the country;
2) These companies have seen a lot of profits vanish due to the overwhelming use of WhatsApp by the users (titles were translated by me):
Why brazilian providers are in war with WhatsApp http://epocanegocios.globo.com/Informacao/Dilemas/noticia/2015/12/por-que-operadoras-brasileiras-entraram-em-guerra-contra-o-whatsapp.html
Brazil loses 10 million cell lines due to ‘WhatsApp Effect’ http://link.estadao.com.br/noticias/empresas,brasil-perde-10-milhoes-de-linhas-de-celular-por-culpa-do-efeito-whatsapp,10000028765
To stop WhatsApp, providers ask for conservative regulation http://www.tribunadabahia.com.br/2016/01/02/para-frear-whatsapp-operadoras-pedem-regulamentacao-conservadora
Providers have lost US$ 13.9 billion due to WhatsApp, Facebook Messenger and similar apps https://tecnoblog.net/91908/operadoras-whatsapp-facebook/
3) These same companies own the majority of market share for cable TV and were recently pushing HARD for data caps to prevent YouTube and Netflix from stealing more profits from them;
I wouldn’t be surprised if this judge turned out to be friends with some of those companies.
I’m not too familiar with the US market, but I think this corporativist agreement between large companies and the State is a problem we all we’ll have to deal with if we want the Internet to stay (relatively) free.
-
Great time to announce, right after their recent twitter rampage. Inspires lots of confidence.
-
Careful or you might get blocked.
-
-
caioalonso
edited
7 years ago
|
link
| on:
Linux infosec outfit does a Torvalds, rageblocks innocent vuln spotter
Guess I won’t be using grsec anymore.
# pacman -Rs linux-grsec linux-grsec-common linux-grsec-headers -
-
Which E are we on now?
-
Eldritch.
-
-
I’m going through CIS 194: Introduction to Haskell. Loving it so far.
From one of the sources linked in the article (https://www.iea.org/reports/data-centres-and-data-transmission-networks):
“Rapid improvements in energy efficiency have, however, helped limit energy demand growth from data centres and data transmission networks, which each account for ~1% of global electricity use.”
I was pretty surprised to see that the usage for data transmission was as high as that for datacenters. Reading further, that turns out to be mostly because mobile networks/cell towers.
I did some research of my own and found this: (https://www.telecompetitor.com/study-5g-has-90-better-energy-efficiency-than-4g/):
“5G networks are up to 90% more energy efficient per traffic unit than 4G networks, according to a new 5G energy efficiency study from Nokia and Telefonica.”
I’m not sure how accurate/unbiased that is, but unless it’s a straight up lie it seems that 5G is a huge improvement to energy efficiency compared to 4G. In the article, the author actually lists the change from 4G to 5G as an example of “maximalism” in technology and.
One other thing I noticed was that they spent a few paragraphs discussing the end of Moore’s law and listing it as a reason that we can’t just count on hardware to keep energy usage flat like it has in the past. However, as a programmer with a big interest in efficiency, I would point out that there are huge improvements in software as well that are and will continue to help as well:
The author includes this sentence near the end of the page:
“A radical, large-scale change is urgently needed.”
I think that this really isn’t true for one, and also that there already is tons of work going on from developers and companies big and small to work towards greater efficiency and environmental friendliness in software and hardware. Of course, I think that making decisions with the environment and sustainability in mind is the obvious choice. However, I feel that when it comes to the growth and expansion of technology (especially software), the result is usually positive in that regard. Happily, using less power and computing resources almost always means less cost, so that will always be a driving force towards less - especially if Moore’s law does break down and slow hardware’s incremental advances.
I will personally be embracing the growth and expansion of the web and technology in general. I’m sure there is some point in the near or distant future where we will hit a wall - either cultural, social, technological, or otherwise - that halts our progress forward, but I see no signs of it currently. While there is beauty and goodness to be found in the small, local, tangible, and manageable, the possibilities of a free, open, growing, and unlimited shared virtual world are impossible to match, in my opinion.
I think that what underlies their article is that Jevons paradox has held true thus far and there’s no reason to think that it won’t continue to. Efficiency gains are leading to greater consumption, not less. And the extra consumption is rarely essential or important – if it was then our limited resources would have already been put to use doing it.
Individual 5G base stations really do consume less electricity, but we’ll need many more of them compared to 4G. Not sure if it will turn out to still consume less energy.
https://spectrum.ieee.org/will-increased-energy-consumption-be-the-achilles-heel-of-5g-networks