Passionate about FOSS and donuts

  • 23 Posts
Joined 9M ago
Cake day: Apr 08, 2021


Miniflux - Minimalist and Opinionated Feed Reader

Miniflux - a self-hosted feed reader for the web! I found it while looking for a good desktop feed reader that could sync across devices. After setting it up I can access it on all platforms with a web browser, and there are even several Android clients if needed. …

The analysis was possible because Bluetooth devices generally default to broadcasting their unique identities. Yet it appeared that of all the headphones picked up by Hegnes, none of them implemented address randomisation. …

At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other …

While the language is still evolving, the proposal would seek to expand the definition of “broker” under section 6045©(1) of the Internal Revenue Code of 1986 to include anyone who is “responsible for and regularly providing any service effectuating transfers of digital assets” on behalf of anot…

Large rightsholders—the major studios and record labels—and their lobbyists have done a very good job of divorcing copyright from debates about speech. The debate over the merits of the Digital Millennium Copyright Act (DMCA) is cast as “artists versus Big Tech.” But we must not forget that, at it…

The IT security experts received the GEA-1 and GEA-2 algorithms from a source who wishes to remain anonymous and verified their authenticity in the first step. The ciphers had been used to encrypt data traffic over the 2G network, for example when sending emails or visiting websites. The researchers analysed how exactly the algorithms work. They showed that GEA-1 generates encryption keys that are subdivided into three parts, two of which are almost identical. Due to their architecture, these keys are relatively easy to guess.

. . .

The encryptions that GEA-1 and GEA-2 produce are so weak that they could be used to decrypt and read live encrypted data sent over 2G. Today, most data traffic is sent over the 4G network, also called LTE. Moreover, the data is now protected with additional transport encryption. Therefore, the researchers assume that the old vulnerabilities that still exist no longer pose a serious threat to users.

It’s important that the public sees documents like this…. The way companies try to silence victims is shocking.

  • Bryant Greening, LegalRideshare…

Forensic Methodology Report: How to catch NSO Group’s Pegasus

NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus Project, a collaborative investigatio…

Just one thing. I’m pretty sure it isn’t possible yet to “fold” or collapse comment threads on the web client, correct me if I’m wrong. That would be a really nice improvement now that there are longer conversations on some posts.

I’m not familiar with GitHub Copilot’s internal workings, copyright law, or the author of the article. However, some ideas:

GitHub Copilot’s underlying technology probably cannot be considered artificial intelligence. At best, it can only be considered a context-aware copy-paste program. However, it probably does what it does due to the programming habits of human developers, and how we structure our code. There are established design patterns - ways to do things - that most developers follow; certain names we give to certain variables, certain design patterns that we use in a specific scenario. If you think of programming as a science, you could say that the optimum code for common scenarios for a language have probably already been written.

Human devs’ frequent use of 1) tutorial/example/sample code of frameworks, libraries, whatnot and 2) StackOverflow code strengthens this hypothesis. Copilot is so useful (allegedly) - and blatantly copying, for example, GPL code (allegedly) - simply because a program trained on a dataset of crowdsourced, optimal solutions to problems devs face will more often than not simply take that optimal solution and suggest that solution in its entirety. There’s no better solution, right? For all I’ve heard, GitHub Copilot is built on an “AI” specializing in languages and language autocompletion. It may very well be that the “AI” simply goes, when the dev types this code, what usually comes up after? Oh, that? Let’s just suggest that then.

There’s no real getting around this issue, as developers probably do this when they write their code too. Just use the best solution, right? However, for many algorithms, developers know how they work and implement them based on that knowledge; not because in most code the algorithm looks like this algorithm in FOSS project XYZ. They probably won’t use the same variable names too. Of course, it could be argued that the end product is the same, but the process isn’t. This is where the ethical dilemma comes up. How can we ensure that the original solvers of the problem, or task, are credited or gain some sort of material benefit? Copilot probably cannot just include the license of the code it has taken and its author when suggesting code snippets, because of how the dataset may be structured. How could it credit code snippets it uses? Is what it does ethical?

I do agree with the article that Copilot does not currently violate copyright law of code protected by the GPL or other licenses, simply due to exceptions in the application of copyright licenses, or the fine print. I don’t know what could be a possible solution.

Thank you for sharing. The circumstances of Near’s death are very troubling. I had never heard of “Kiwi Farms” before and thought the name was pretty innocent, until I checked it out. What a sick group of people.

Here’s a direct link to the Google doc with the story from OP’s linked Twitter post: link

This is a gem that I’ve never thought of mentioning here. Kudos for bringing it up!

Well, honestly a lot of FOSS software has been lacking in usability in general, not even accessibility. It’s to be expected, as lots of software has basically been born from hobby projects and there is no unifying entity creating everything or defining human interface guidelines, besides perhaps GNOME and KDE.

The thing is that there is a big emphasis in FOSS software to “implement yourself” the features needed because most work is volunteer driven. So unless someone or some organization were to fund a developer or two to implement accessibility features, they don’t magically come into being.

Thanks for that article providing a bit more context.

Wenruo’s theory is that Zhen Lei submitted this inconsequential patch for Key Performance Indicator (KPI) credit – to do something that gets recognized by an employee performance measurement system as meaningful work.

In an email to The Register, Wenruo said, “Some Chinese tech companies are really pushing too hard by assigning almost impossible KPI goals, I think that’s the root cause.”

“This pushes their employees to do things without using their common sense. And obviously toxic company culture like 996 (9am to 9pm, 6 days a week) and destructive competition.”

That’s very informative, thanks!

For others curious:

In other words, within your browser, it enables a new connection to a hosted virtual machine (VM) that emulates a physical computer’s processor. This process enables the virtual machine to run a variety of guest operating systems using your Web browser as the display monitor.

The VM display is provided by a direct virtual network computing (VNC) connection. VNC is a graphical desktop-sharing system using the remote frame buffer protocol (RFB) to allow remote control of another computer. Multiple users may connect to the VNC server at the same time.

A button sits in the center of the left window edge of the running distro. Click it to slide out a menu with several options for controlling the VNC display window.

For me the systems I tested ran pretty slow, which I expected. Any ideas on how it works? Its FAQ simply states that they provide VMs of most operating systems, but how are they accessed? I did not expect seeing an actual GUI, only a CLI :D. Very cool.

Yes, I guess you could view “Local” if you wanted to only see posts from this instance. Alternatively you could subscribe to the communities you want to see posts from; that is the default view when you load up Lemmy for me so that is a plus.

"The End of Ownership - On rent-seeking as a Service" -

Great article that really breaks things down when it comes to the trend of renting/subscriptions vs. buying and owning things. Give it a read! …

My personal view: I don’t think they get in the way too much because you only need to choose the setting once. Maybe some people use the sketch theme, or i386? And that’s enough, right?

Haven’t heard of this before, but am getting Reassembly vibes already from the trailer. Thanks for sharing!

Instead of trying to convince someone they have something to hide, explain how they have plenty to lose.

Convincing anyone of anything is difficult. Explaining how just extending their idea of protecting their bank info and SSN to other stuff they care about too is much easier.

Debian 11 ships with the shiny new Linux 5.10 LTS kernel, which happened to arrive just in time to fit into this release cycle. The 5.10 kernel, which will also be part of the next version of Android, will be supported until 2026…

Opposition parties to Israel prime minister Benjamin Netanyahu, led by Yesh Atid’s Yair Lapid informed president Reuven Rivlin of the formation of an eight-party coalition just ahead of Wednesday’s midnight deadline, preventing what could have been the country’s fifth election in two years. …

That’s true, it is one of the heavier apps. Honestly sometimes I find that just text files, one for each task in a directory is good enough, but I switched to Planner for the tagging.

A nice-looking todo app. Personally, I’m using Planner right now but this also looks like a good option.

In a bizarre hearing at the Ohio Statehouse, osteopath and anti-vaxxer Sherri Tenpenny, who has built a career around peddling disinformation about vaccines, testified in support of a bill that would prevent businesses or the government from requiring vaccinations. …

“Apple has been opposing Right to Repair bills by claiming that their service network is the only safe repair option for consumers,” Kyle Wiens, CEO of iFixit, told Motherboard. “But the only person that is totally guaranteed to be trustworthy to fix your iPhone is you. Any time you hand your data to another entity, you risk something like this. By withholding access to service tools and forcing customers to use their third party contractor, Apple is willfully compromising the security of their customers.”

Codidact seems like a good alternative. Some good things:

  • Similar site organization of communities
  • Same system of upvotes/downvotes
  • Cleaner site design than Stack Overflow imho that stays consistent even without Javascript
  • Core components licensed under AGPL-3.0, rest (scripts, styles, etc.) under MIT:
  • Posts by users of the site are explicitly licensed under a license.
  • Is active, although of course not as big as

The ruling was welcomed by the Electronic Frontier Foundation, which has argued for years that the vaguely worded statute needs to be clarified. …

The problem is that the ATF has become such a political hot potato that the Senate has confirmed only one nominee in the past 15 years. (The NRA successfully lobbied to make the ATF director position subject to Senate approval.) …

Brazil-based JBS SA said on Monday that it was the target of an organized cyberattack that had affected servers supporting North American and Australian IT operations. A White House spokeswoman later said the meat producer had been hit by a ransomware attack “from a criminal organization likely ba…