• 4 Posts
  • 313 Comments
Joined 6M ago
Cake day: May 31, 2020

#

I don’t, but I do think that humanity has produced a lot of terrible programming languages and Rust is not one of them.

So, it may not be the ideal tool for every job, but it gets a lot of stuff very right and really not a lot wrong.


Yeah, the federation system of PeerTube is really confusing to me. Like, honestly, I’ve had a simpler time just following, liking and commenting on videos by using a Mastodon account. Its federation with PeerTube seems more accessible than the federation between PeerTube instances.

I guess, this has to do with the main content being videos. Those have a lot more legislation behind them, so you want to be whitelisting rather than blacklisting other instances. But yeah, I don’t know, would be nice, if we could find some balance that allows for more comfort.


The dev of the game can’t do much about that, at least not directly. All the apps in F-Droid get compiled by the F-Droid team, so that you only have to trust them. And yeah, if they don’t have enough team members available for fixing their build scripts or not enough infrastructure to run builds, then an app may not get updated in a while.

The only thing the dev of the game can do, is to document their build process well and to answer questions that the F-Droid team might have.


You can download the APK from Itch.


Well, I did specifically pick out fonts, because those very rarely get updates. Many of them have been created years ago and are just sort of “finished”. And if they do get an update, it’s rarely security-relevant.

When I asked a webdev colleague about it, he told me that it takes 1 minute to add the link and 5 minutes to bundle the font file, and none of his customers complained so far.
Privacy and security are just not a concern here, because they’re not a concern for his customers.


It can be helpful, but I’m expecting it to be bought by Microsoft, Google, Facebook or Amazon any day now, so I would very much like to see the alternatives grow.

There do seem to be a whole host of webpages which just mirror the content, so maybe that is good enough, but I’d rather not rely on those continuing to exist…


Well, you reminded me of this, so you all have to suffer with me:


I mean, they do show a little overlay which sort of hints at that:

the sharing system used for this video implies that some technical information about your system (such as a public IP address) can be sent to other peers. More information

It does look like a Cookie banner, so you might’ve overlooked it…


Just to add that it is also possible to have it check out the source code from a Git repository: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#specifying-dependencies-from-git-repositories

So, you don’t even necessarily need to run a package registry (which might not be worth it for smaller companies)


Also, yes, I hate modal dialogs with a passion, so them being replaced by something less obtrusive is very welcome.


I’ve always wondered, if the window modal was not a security concern (especially for password entry), since theoretically any webpage could display a window that looks similar.

The new tab-modal overlaps the browser UI, so a regular webpage could not render it perfectly (although admittedly, you could probably still fool a lot of people).

Then again, I guess, you’d need an XSS attack or something of the sort to be able to phish on a foreign webpage like that…


Well, you can blow up individual layers, but yeah, you definitely won’t be digging deep underground.


To be honest, it kind of caught me offguard for how much that is true in gamedev in general. When you’re playing a game, it’s so easy to say that something should be changed or to just wonder in general why games innovate so little.

But when you’re having to actually change something, when you are trying to innovate, you have to, you know, actually write the code so that it does the thing.
And sometimes the tiniest game mechanics change can require major changes in your game code. And when you’ve finished, you realize that the change isn’t actually “fun”, or whatever other bullshit metrics games get measured with.


I mean, the goal of these alternatives is to give Google as little of your data as possible, so interacting with YouTube as little as possible is a step you’ll really have to take before that already.

Also, maybe a bit blunt, but I don’t necessarily want to encourage people who are using YouTube.


Maybe also an explanation of HSTS: A webpage can enable HSTS, which means that if your browser successfully connects over HTTPS once, then your browser will remember for a time specified by the webpage, e.g. two years, that it can connect to this webpage via HTTPS and will not allow connecting to it via HTTP. Usually, you will couple that with the HTTP webpage redirecting to HTTPS.

The problem that this solves, is that someone could hook into that initial HTTP connection (before it redirects to HTTPS) to redirect you to a faked version of that page, to steal your credentials (a.k.a. phishing).
When the connection is immediately established via HTTPS, such a man-in-the-middle attack is not anymore possible.

Now, there is still that very first time, when your browser has never connected to a given webpage to find out about the HSTS information. To prevent that from being attackable, there is a HSTS preload list that gets shipped with browsers, which webpage owners can apply for.

All in all, solid stuff. We’re doing actual security now.
But yeah, it is rather invasive. When the certificate is invalid, you simply cannot connect to a given webpage anymore without jumping through extra annoying hoops (because the assumption is that then someone is running a MitM attack).


Yeah, reading through these comments, it really becomes apparent that the open-source community invests more time into fixing YouTube than into its own platforms.

I get that a lot of content is on YouTube, and even with the most amazing PeerTube code/instance/tool, you’d still want that content accessible, but it’s also clear that this is not sustainable.


NewPipe being broken is due to the fixed version not yet having been packaged for the official F-Droid repo.

You can add the repo from the NewPipe devs to get these updates quicker: https://newpipe.schabi.org/blog/announcement/f-droid/pinned/f-droid-repo/
You’ll have to export your current NewPipe data, uninstall NewPipe, then reinstall it (check that it’s a newer version) and then re-import data.

Having said that, this NewPipe problem was actually my breaking point. Fuck YouTube. I’m finding my entertainment elsewhere.


Flare has a story to it. Also nothing where you’re going to be holding onto the edge of your seat, but enough so that you know where you’re going and why.


This channel has been uploading Creative Commons science videos from other creators: https://tilvids.com/accounts/opensciencevids/about

And for example this video was produced by an educational institution: https://tilvids.com/videos/watch/08bceb92-bb06-4187-a122-a843e1d45670


Scooched my personal webpage from an F to a C. 👍

I could go higher, but it’s pretty much a static webpage with really benign content, so things like enforcing HTTPS seems really unnecessary.



You can switch tabs on the new Android Firefox by swiping over the URL bar

In the new Android Firefox (Fenix), you can cycle between tabs by swiping horizontally over the URL bar. So, it behaves similar to Ctrl+Tab and Ctrl+Shift+Tab on the desktop. …