• 0 Posts
Joined 2Y ago
Cake day: Jun 29, 2021


This is like saying someone uploaded malware to Github, therefore Open Source Software is insecure.

It would be like that if someone had put made-up information on a talk page or their user page. Information in the main namespace is supposed to be patrolled and checked for references, which is the point of the article. Your analogy is dishonest.

[edit: double-posted somehow, sorry]

I think it would benefit from specific communities or content creators adopting it. As long as it’s only general topics (technology, Linux, …) it has basically the same info as Reddit/Hackernews/… but less up to date and less commented. It is useless if you already use those other platforms and probably can’t get ahead this way.

I could see Godot/Blender/… adopt it though. Blender already uses PeerTube. That would help kickstart this place.

The software is great but the people aren’t there.

An alias only runs a single command

A lot of places reform their constitution peacefully, such as France which is currently on number 5. A few candidates to this year’s French election were openly proposing to start number 6 (the previous president Macron wasn’t one of them and was just reelected).

Being a group of 1 demographic doesn’t imply right-wing? I don’t think your logic is sound here.

Link to where “WebDev working standards” say URLs should be short? SEO benefits from more info in URL, and so does web browser history/bookmark search. Many platforms such as Reddit and Medium put the title (or part of it) in the URL.

Presenting your opinions as fact and quoting “standards and teaching” when asked does not advance the debate.

Should be the default why? Is recommended by who?

A system of groups that have their own rules is not anarchy, no. If it was, the world itself (system of countries) would be anarchy by your own definition.

You can open it, delete it, then finish reading it. The file will disappear from its folder but of course the data won’t actually be deleted until you close it.

Like this, with bash job control:

$ cat file.txt & rm file txt; fg

Or this, with shell file descriptors:

$ exec 3< file.txt; rm file.txt; cat <&3; exec 3<&-

Those libraries “inside the app package” would still be versions picked by the distro, and would still “inevitably take longer to get security fixes than upstream” as you put it. In addition it would take more disk space by having multiple copies.

Is there a single benefit to this?

I don’t understand your recommendation. How could the distro package apps if they don’t package the libraries they depend on?

Does Apple refund your device if they pull the apps you were using from their store? I have nothing against vendors changing their mind, so long as I get what I paid for.

Does it have any instructions on deployment? Or is only their hosted version released in beta?

I think it’s safe to say that GitHub went above and beyond what is required. They prevented people from getting their own data before blocking them permanently from the site, which they did without warning, and apparently even targeted people who weren’t in those countries at all but merely had connected from one in the past. They could definitely do better.

What a friendly community you run. Thanks for taking the time to say this.

That’s only one instance, lemmy.ml. As per the post, this is not what they are trying to promote.

@remramtoLemmyPromoting Lemmy

Running JavaScript when using Tor is a big risk, independently of the software client you use to browse websites you access through Tor.

The problem is not merely that Tor Browser disables it by default, there are reasons inherent to Tor and JavaScript that it is that way.

@remramtoLemmyPromoting Lemmy

What are the use cases for federating with Mastodon or Pleroma? I suppose you would not want to see any thread from there in Lemmy, but I am not sure about the other way either. Browsing communities and even threads from Mastodon/Pleroma seems difficult, and ordering by votes (or even showing votes) won’t work, leading to problems.

Is the only use case replying in Lemmy threads from Mastodon/Pleroma, to skip creating an account? (and maybe having favorites/boosts count as upvotes?) This would require copying the link to a specific reply to your client to reply there, which doesn’t seem to me like something people would want to do regularly…

Only because the above is not well known.

4.2% of the users who don’t disable telemetry…

How do they correct for the large number of Firefox users that have uBlock and Privacy Badger, both recommended by Mozilla, that interfere with StatCounter?

If you are not concerned about the secrecy of votes (you don’t seem to be), why not simply vote over email? Send a template to fill out and have them reply?

TLDR it’s a $135 Chinese phone (UMIDIGI A9 Pro) with LineageOS on it, resold for $500.

I’m just a bit puzzled because most software and technical docs are written in English anyway, so techies are immersed in it, and those articles in French are just going to paraphrase and/or link to English documents. I have nothing against native French projects and articles being in French, but this seems a bit weird to me.

What’s the advantage of reading a French website if you are comfortable reading the original material in English?

So-called “bridged networking” is not the default for VirtualBox but it is recommended for Qemu, yes. In that case only the routing rules on the bridge apply, not the filtering rules on your host’s interface.

As I said this is surprising if you don’t know how containers work. This is similar from how e.g. virtual machine networking would trip you. As long as you know how to set things up properly, which is documented at length, Docker is not “insecure”.

It is not whataboutism since SystemD is what you’ll use to run services if you don’t use Docker… If I say that mass transit is a terrible idea because it pollutes, and you point out that cars pollute even more, I can’t claim “whataboutism” to dismiss your argument.

Here’s the corresponding page for SystemD: https://www.cvedetails.com/product/38088/Freedesktop-Systemd.html?vendor_id=7971 as you can see there are even more vulnerabilities, which makes sense as the attack surface is even larger.

How is this different from say, SystemD? It runs as root and has a larger attack surface.

The link you pointed out has every CVE for every application packaged as Docker image. Would you make the same point that APT or AppImage is insecure because there are insecure applications packaged that way?

You “removed” the opt-in telemetry?

This is not insecure. It is surprising if you don’t know how containers work, but in a real deployment you’d only bind to localhost and use a reverse proxy and that is perfectly safe.

I don’t want to install an app to get the same experience as the website but without tabs.

Docker is not bad for security, unless you do insecure things like exposing your Docker socket or running random workloads as root, however those are just as insecure under systemd.

The user experience on javascript-enabled browsers is also really great. Going for a nojs-first approach would hurt UX a lot, especially on mobile.

Lots of example of Copilot regurgitating code verbatim: Quake’s fast inverse sqrt (GPL), copyright headers or the entire GPL license, someone’s “about me” page… This should be enough to convince anyone that, even when they get it to stop proposing “obviously stolen” code (e.g. rename variables a bit, propose code without names in it), it is still all stolen code.

You’re not live 24/7, it’s on rerun right now.