• 13 Posts
  • 235 Comments
Joined 2Y ago
cake
Cake day: Jan 21, 2021

help-circle
rss

Yes, you need to download all transitive dependencies.

But this isn’t dependency hell, it is just tedious. Dependency Hell is when your dependency tree requires two (or more) version of a single package so that not all of the dependencies can be satisfied.


I don’t remember that working but I haven’t used Debian in years so it could be.


apt is the tool for downloading packages. So if you don’t have internet access apt won’t be very useful.

The command to install packages on debian is dpkg. So if you download a Debian package (usually named *.deb) you can install it with dpkg -i $pkg as long as you have the dependencies installed. Of course you can also install the dependencies this way, so just make sure that you bring the package and all packages that it depends on to the target machine.


Really cool. I just played the demo and it is clearly Fez-inspired but has some cool mechanics. I find the fact that walking down a corner isn’t symmetrical but I’m sure I’ll get used to that soon.


Unfortunately it seems that this isn’t enabling the browser.gesture.swipe.* preferences which allow you to customize what swiping does. I really miss my swipe up to close gesture but this seems only to work on macOS.

…or maybe GNOME is just stealing my 3-finger gestures.


I have a handful:

  • PlayerOne is a quick tool for picking a first player or splitting into groups. Open source, double-tap for extra options.
  • Ricochet Robots Solver is a solver for the Ricochet Robots board game. Written in Rust compiled to wasm for web, open source.
  • Gridfinder can help you find the grid on battlemaps for use on virtual tabletops (or other image editing). It can do it automatically in many cases or just click a few times. Open source.
  • FeedMail is a paid RSS-to-Email service. Mostly created because I wanted a better RSS-to-Email service but has found other users.
  • my blog

And I’m sure a few others that I have forgotten.


That just seems to be about granting an app access to all keys, which is not quite the same as per-app keys.

I know that macOS has this for sandboxed apps from the app store, maybe they have it for “sideloaded” apps as well but at least most OSes don’t have that. At least for Windows and Linux there isn’t a good way to identify an “app” to separate it from any other. My macOS knowledge is rusty but IIRC you install apps in a system-owned directory and apps only have permission to update themselves so maybe you could use the application path as a key, but the other listed affected OSes don’t have that.


Do you have links to “set up properly”. The problem is that for most systems other than maybe some of the “app store” type setups the OS has not concept of “application”. The credentials are just the user and that is the same for all unsandboxed apps.


How does the keychain know what “application” is calling it?


But the malicious npm package can just read whatever key the app reads then decrypt the values. They are running with the same permission.

The only thing that really improves this is per-app sandboxing but if you are sandboxing the app then it shouldn’t be able to read any arbitrary files out of your home directly anyways.

Keychains are an improvement but not much. 99% of users will just unlock the keychain upon login so it doesn’t really provide much benefit. Unsandboxed apps are indistinguishable to the keyring daemon so they can just request one anothers’ keys. (Maybe windows or mac has some codesigning magic so that the keyring daemon knows the identity of the app at a finer grain than the user level? but at this point we are really just back to sandboxed apps).

Basically there is nearly no point to most apps to doing anything special to store sensitive files. If your app is secure enough that the user will be happy to unlock the keychain on every app launch sure. But that is a nearly non-existent use case. In general the OS should just provide secure storage as the default. For sandboxed apps they won’t have access to each others storage unless explicitly granted, for non-sandboxed apps there isn’t much you can do besides obscurity.


Is this an official channel or just a mirror of their YouTube channel?


I don’t get it. Of course the app stores these in cleartext, the app needs to access them to login. Sure it could encrypt it but that is just obscurity, the key would have to be stored to somewhere the app has access to for it to use the tokens.

The article doesn’t seem to say that these were world-readable or otherwise visible to other users. So this seems like mostly a non-story. Use full disk encryption and you’ll be fine.


The source of this appears to be that 0.0000001.toString() == "1e-7". Presumably parseInt first converts its argument to a String (which kinda makes sense).

Of course the more important question is why are you passing a number to parseInt?


This doesn’t seem very reliable.

I’m thinking this isn’t a real operator but maybe it gets treated like “feed sitename”?


The problem looks pretty clear to me.

Facebook and Instagram both got popular as social media. Interacting with your friends.

However ads stick out like a sore thumb among updates from your friends and your friends don’t create enough interesting content to keep you doom-scrolling all day to view more ads. So both transitioned to public entertainment (still called social media for legacy reasons, there is little social about this side of the platforms, it is just media consumption). However this doesn’t seem to be as popular (young people want to talk to each other and show off to their friends) and other platforms that don’t mascarade as a platform for friends are doing better TikTok and YouTube.

It seems like Zuck needs to either

  1. Figure out how to monetize actual friend-to-friend interaction.
  2. Build a platform that is designed for public entertainment, not pretending to be for friends.

Cool release. I really liked Diesel but am using async in my app. I started off wrapping everything in a block_on which worked fine but the ergonomics sucked when you need to interleave async and block_on sections. I ended up switching to sqlx and it is pretty good, at least I still get the compile-time validation. However if Diesel found a way to provide an async API I would probably switch back.


I’d be surprised if the devs were against it. Probably just that no one has done it yet.


Communities have RSS feeds of posts. You should just be able to paste the channel URL (such as https://lemmy.ml/c/asklemmy) into your reader. (If your reader doesn’t support auto-discovery there is a feed icon on the channel page).

There are also user feeds. There don’t appear to be feeds for comments on a post or searches but maybe we can see those some day.


It’s amazing how much harm cars cause to our society. It is clear that they also provide value but we really need to do a better job keeping them in check.

I remember how every day there would be a swarm of cars around schools as parents drop-off and pick-up kids. This is acutely dangerous with kids running around but also environmentally taxing and health harming. It is also not convenient as this huge swarm of cars are too much for smaller streets where you want to have schools. We need to find much better ways of getting around, especially for getting younger kids to and from school.


I’m surprised. I thought it was much higher. Although this is up 38% (from last year I assume?) which is sad and not surprising.

2.3MiB is an incredible amount of data and what a waste to download for the average webpage.

Small nit in the page: the chart says KB but the underlying expression reveals that it is actually KiB as most people would expect.




No longer getting email notifications on lemmy.ml?
It seems that I haven't got an email notification for comment replies in a long time (for this account). I have "Send notifications to Email" checked in my settings. I have got notifications in the past but the last one was 2022-01-18 despite me getting replies since then. I did change my mail server at roughly that time but IDK why that would be a problem since I am getting other messages. (unless it is rejecting lemmy.ml for some reason?)



I started an RSS to Email Service
I know the Email isn't everyone's favourite RSS reader but it works really well for me. I wasn't happy with any of the existing services so I started my own. https://feedmail.org is a low-cost RSS-to-Email service with nice clean templates. I'm happy to answer any questions.

Easy RSS-to-Email Service - FeedMail
This is a service I created to consume RSS feeds via email. This has been my preferred way to consume RSS for a while but I never found a service that I was really happy with and no self-hosted tool easy enough to manage. So I created FeedMail mostly for myself but decided to share with others. I would appreciate feedback and any questions you have.