varsock

joined 1 year ago
sorted by: new top controversial old
Search Risk – How Google Almost Killed Proton Mail in c/technology@lemmy.world
[–] varsock@programming.dev 44 points 1 week ago

Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.

There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.

I don't think they have skin the in shipping game but their algorithms are over optimized that they don't even show what your searching for, but trying to infer why you're searching for it. That or whoever pays them more. Certainly a search risk

Fourth Amendment Is Not For Sale Act, preventing data broker sales to government agencies, moves forward in c/privacy@lemmy.ml
[–] varsock@programming.dev 1 points 3 months ago

wow 10 months flew by since this was posted and since then the United States had a surprise privacy bill that is bipartisan that sort of addresses the issues you and I mentioned. https://www.washingtonpost.com/technology/2024/04/07/congress-privacy-deal-cantwell-rodgers/

This bill was proposed around the same time the TikTok ban was announced. I speculate that law makers had a difficult time framing the arguments against TikTok when "the data of citizens have no protections so there was no easy legal grounds to forbit the likes of TikTok to harvest it"

From what I've heard, this bill is pretty good. I need to educate myself more on it, however.

20 years of Gmail in c/technology@lemmy.world
[–] varsock@programming.dev 2 points 5 months ago

was it ever? I participate in interview rounds at my company (several tech screens a month) and I must say a candidate's email was not something that drew attention

Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices in c/technology@lemmy.world
[–] varsock@programming.dev 2 points 5 months ago

you're able to unsubscribe from all those protomtions . . . that is in settings. Personally, a once-a-month newsletter of everything that is new is helpful bc I don't need to put in the effort tlinto keeping up

My take on selfhosted photo management in c/selfhosted@lemmy.world
[–] varsock@programming.dev 2 points 6 months ago (1 children)

For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

I also have a policy to sync specified folders (and subfolder) with my family's devices. No more " hey can you send me all the pics from the XYZ trip"

We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.

Linux distro for selfhosting server in c/selfhosted@lemmy.world
[–] varsock@programming.dev 12 points 6 months ago

Debian has the advantage of not using snapd like Ubuntu does. You have to not only remove snaps but also instruct the package manager not you pull in snaps as dependencies and not to favor snap packages.

I have fond memories of Ubuntu being my first distro many years ago but pushing snaps onto users to compete with flatpak is a nuisance.

Secure by Design: Google’s Perspective on Memory Safety in c/rust@programming.dev
[–] varsock@programming.dev 5 points 6 months ago* (last edited 6 months ago) (3 children)

I don't think I am well positioned to answer that question given my experience. Ill give it my best.

I believe the advantage of more abstraction of gRPC was desireable because we can point it at a socket (Unix domain or internet sockets) and communicate across different domains. I think we are shooting for a "microserves" architecture but running it on one machine. FFI (IIRC) is more low level and more about language interoperability. gRPC would allow us to prototype stuff faster in other languages (like Python or go) and optimize to rust if it became a bottleneck.

Short answer is, we are able to deliver more value, quicker, to customers (I guess). But I don't know much about FFI. Perhaps you can offer some reasons and use cases for it?

Secure by Design: Google’s Perspective on Memory Safety in c/rust@programming.dev
[–] varsock@programming.dev 17 points 6 months ago (6 children)

At work, we started the c++ migration to rust doing the following:

  1. Identify "subsystems" in the c++ code base
  2. Identify the ingress/egress data flows into this subsystem
  3. Replace those ingress/engress interfaces with grpc for data/event sharing (we have yet to profile the performance impact of passing an object over grpc, do work on it, then pass it back)
  4. Start a rewrite of the subsystem. from c++ to rust
  5. Swap out the two subsystems and reattach at the grpc interfaces
  6. Profit in that now our code is memory safe AND decoupled

The challenge here is identifying the subsystems. If the codebase didn't have distinct boundaries for subsystems, rewrite becomes much more difficult

72
Unveiling the Surveillance Potential of Targeted Advertising Data (www.wired.com)
 

The article discusses the use of targeted advertising data by government agencies, particularly focusing on how a technology consultant demonstrated the security risks posed by Grindr's data to national security agencies. It highlights the widespread availability and potential surveillance applications of advertising data, as well as the government's interest in obtaining and utilizing such data for intelligence purposes.

Why is this worth the read? It goes into detail how these data exchanges work and the mechanisms of obtaining such data. We often hear about the result of these actions, but how these actions are performed are described within.

(clear your cookies to read the paywalled article)

Pulsar, the best code editor in c/programming@programming.dev
[–] varsock@programming.dev 4 points 7 months ago

hahaha good point.

That colleague, keep in mind is a bit older, also has Vim navigation burned into his head. I think where he was coming from, all these new technologies and syntax for them, he much rather prefers right clicking in the IDE and it'll show him options instead of doing it all from command line. For example docker container management, Go's devle debugger syntax, GDB. He has a hybrid workflow tho.

After having spent countless hours on my Vim config only to restart everything using Lua with nvim, I can relate to time sink that is vim.

Pulsar, the best code editor in c/programming@programming.dev
[–] varsock@programming.dev 29 points 7 months ago (4 children)

Had a distinguished collegue (from the Bell Lab days) say to me recently:

"IDEs take up a lot of RAM on my machine. Vim takes up a lot of squishy RAM in my head. I need squishy RAM to hold info relevant to problem solving, not options available in my tool chain."

Pulsar, the best code editor in c/programming@programming.dev
[–] varsock@programming.dev 5 points 7 months ago (1 children)

As a former Vim user myself, I have to say I really dislike screensharing with coworkers who use Vim. They are walking me through code and shit pops up left and right and I don't know where it comes from or what it is I'm looking at. Code reviews are painful when they walk me through a large-ish PR.

These days, I tend to bring my vim navigation/key bindings to my IDE instead of IDE funcs to Vim. Hard to beat JetBrains IDEs, especially when you pay them to maintain the IDE functionality.

Pulsar, the best code editor in c/programming@programming.dev
[–] varsock@programming.dev 13 points 7 months ago (1 children)

code is just text, so code editors are text editors.

What sets IDEs apart are their features, like debugger integrations, refactoring assists, etc.

I love command line ± Vim and used solely it for a large portion of my career but that was back when you had a few big enterprise languages (C/C++, Java).

With micro services being language agnostic, I find I use a larger variety of languages. And configuring and remembering an environment for rust, go, c, python etc. is just too much mental overhead. Hard to beat JetBrain's IDEs; now-a-days I bring my Vim navigation key bindings to my IDE instead of my IDE features to Vim. And I pay a company to work out the IDE features.

for the record, I am in the boat of, use whatever brings you the greatest joy/productivity.

102
Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing (arstechnica.com)
submitted 10 months ago* (last edited 10 months ago) by varsock@programming.dev to c/privacy@lemmy.ml
10 comments fedilink
 

Below is a disturbing amount of information data brokers have ammased from buying your data from trackers in ads and apps.

"a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

... can access this data to trace individuals' movements—including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters"—over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

... target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava’s database," the FTC alleged, or "parents with different ages of children."

102
US lawmakers introduce surveillance reforms intended to curb FBI spying (www.reuters.com)
 

For all you USA peeps:

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

99
US lawmakers introduce surveillance reforms intended to curb FBI spying (www.reuters.com)
 

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

65
The First Stable Release of a Memory Safe sudo Implementation (www.memorysafety.org)
submitted 10 months ago* (last edited 10 months ago) by varsock@programming.dev to c/rust@programming.dev
1 comments fedilink
 

The sudo-rs project improves on the security of the original sudo by:

  • Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
  • Leaving out less commonly used features so as to reduce attack surface
  • Developing an extensive test suite which even managed to find bugs in the original sudo
15
Any benefits in buying and setting up a cellphone while traveling to a country with strong(er) privacy and RF emission laws? (programming.dev)
 

I have a device that reached end-of-life support and I'm burned out loading ROMs to extend it's support. Upon from my return from the trip I plan on purchasing a new device anyway, so buying one while traveling is also an option.

I'm traveling to a European Market that has stronger privacy rules GDPR and their devices must have lower SAR (regarding phone RF emissions).

Regarding RF and SAR

My carrier frequency bands in my home country are supported by European phones I'm looking at (Android and Apple). But do the phones dynamically manage the RF emission based on locale or are the limited at hardware or software?

Would purchasing the device abroad have an effect I think it does when I bring it home?

Regarding Privacy

This one is tricky, typically the account (gmail or Apple ID) is associated with the locale. If I were to create a new account and set up my device while abroad, will this have lasting effects? I have a friend who have immigrated and set their devices up abroad and their locale is still their OG country. One of them changed locales (for android) because spotify (app) wasnt available in their home country locale. So I speculate this is a solid approach if I were to do so.

I know I might have issues with availability of content (downloading from app stores). But as far as accounts go, my Spotify (and netflix if i stil had it) account is associated with my home country so I will still be able to watch shows in my locale. Being able to download the app is the limiting factor but there are ways to get around that with side loading.

So yeah, if anyone has experience with this and could call out some things I didn't consider or validate my expectations, would be appretiated.

2
FYI: Lemmy.world and other instances were hacked. Beehaw.org took itself down to mitigate risks (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/meta@programming.dev
5 comments fedilink
 

Drawing attention on this instance so Admins are aware and can address the propagating exploit.

EDIT: Found more info about the patch.

A more thorough recap of the issue.

GitHub PR fixing the bug: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

If your instance has custom emojis defined, this is exploitable everywhere Markdown is available. It is NOT restricted to admins, but can be used to steal an admin's JWT, which then lets the attacker get into that admin's account which can then spread the exploit further by putting it somewhere where it's rendered on every single page and then deface the site.

If your instance doesn't have any custom emojis, you are safe, the exploit requires custom emojis to trigger the bad code branch.

2
Twitter traffic appears to be declining since the beginning of the 2023 calendar year (programming.dev)
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/programming@programming.dev
0 comments fedilink
 

https://radar.cloudflare.com/domains

Source of this is from Matthew Prince, Co-founder & CEO of Cloudflare posted at 11:34 Jul 9,2023. It was posted to his twitter (@eastdakota). Not linking to twitter bc don't want a deadlink next time twitter makes API changes. And not to drive traffic to twitter :D

Edit: July 11th update, arstechnica published a detailed explanation

https://arstechnica.com/tech-policy/2023/07/twitter-is-tanking-amid-threads-surging-popularity-analysts-say/

view more: next ›