• 55 Posts
  • 118 Comments
Joined 1 year ago
cake
Cake day: August 10th, 2023

help-circle

  • The 1st ½ of your comment sounds accurate. But…

    And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,

    Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.


  • That all sounds accurate enough to me… but thought I should comment on this:

    However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.

    It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).

    Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)



  • Linux won’t be viable for blind people unless major distros have full time accessibility folks, and refuse to accept inaccessible packages and patches.

    Sure, but you need to read what I quoted. I purely addressed the flawed claim that better code comes from those paid to write it. The opposite is true. It’s unclear to what extent that bias has influenced @noahcarver@rblind.com’s thesis. Though I have no notable issues with anything else @noahcarver@rblind.com wrote (much of which is beyond my expertise w.r.t accessibility).

    And to be clear, “better code” strictly refers to quality, not accessibility. Accessibility is a design factor.

    But that code you write at home is probably not accessible.

    That’s right. But then neither is the commercial code I worked on. That would be outside of my domain. I do backends for the most part. The rare UI work I did was for a tiny user base of internal developers within the org and accessibility was not part of the requirements. I worked on a UI for external users briefly but again no requirements for accessibility (which would be very unlikely for that particular product).

    In any case, this sidetrack is irrelevant to what you replied to. It’s important to correct bogus claims that being paid to write code is conducive to quality. Some right-wingers I know never miss the opportunity to use the phrase “good enough for government work” because they want to push the mentality that capitalism promotes superior quality. It’s a widespread misconception that needs correction whenever it manifests.

    Paying someone to write accessible code should theoretically work on both free software and non-free software. AFAICT the reason non-free software would accommodate blind users is that the market share is large enough to justify the profit-driven bottom line and those users are forced to pay for it (as all users are). In the FOSS domain, payments (“bounties”) are optional. Has this been tried? If not, then you’re relying on blind FOSS developers to suit their own needs in a way that benefits all blind users.


  • and that someone who is paid to write accessible software is generally going to produce and maintain better code.

    In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.

    Commercial software development

    When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is very short-sighted. I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as the economic sweet spot. I was also caught once fixing bugs as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bug goes through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already compensated by the customer anyway - but they can get more money if there’s a bigger paper trail involving more staff. So when you say you get what you pay for, that’s what you pay for – busy work (aka working hard not smart). They also want “consistent quality”. So if one module is higher quality than another, there is pressure to lower the quality of the better module because improving the style or design pattern of the lower quality piece is “gold plating”. When I make full use of the language constructs (as intended by the language designers), I am often forced by an employer to use more basic constructs. Employers are worried that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array.

    Non-commercial software development

    Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet some deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline. #FOSS devs are free to gold plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.

    Commercial software from a user PoV

    Whenever I encounter a bug in commercial software, there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the bug I found, which is unlikely when there are complex circumstances.

    Non-commercial software from a user PoV

    Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.









  • Nobody is disagreeing with you or saying your wrong

    At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.

    However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.

    You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.

    You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to gmail-smtp-in.l.google.com, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.


  • Ways that are beyond either the capabilities or desires of the average user.

    You vastly underestimate the average user w.r.t to “capabilities”. You can scrap capability from your statement because the avg user can just as well use protonmail/tuta, or disroot.org, for example.

    That leaves “desires”. Two people agree on how to correspond. The desire of someone to use one of the most unethical controversial corporations possible and in an insecure manner that exposes the data to a profitable extent in a privacy-lacking part of the world, and the other party has a higher privacy bar (and/or high moral bar), the party who must adapt is the one with the lower standards. It’s unreasonable to expect someone to lower their privacy standards or to lower their moral standards. If someone’s desire to support Google or MS trumps their desire to stay in touch, then the conversation isn’t worth it to them.

    There is a rule of least privilege principle that seems to have escaped you. In the information security discipline, we do not need to justify security measures by default. It’s lack of security that calls for justification. If there were truly a capability problem, that would be reasonable rationale for reduced security. But it’s a phantom excuse. And “desire” is not an acceptable rationale for reduced security.

    Your doubling down on the tinfoil claim was a failure simply because the security matter is least important of everything I’ve already said on this. But even if security were purely my sole rationale (as it is for some people), you are still calling the practice of basic well-established infosec principles tinfoil hattery. Pushing this culture of branding sound security practices as paranoia is a socially harmful move that you are partaking in.


  • That’s not the trade-off. Google has no opportunity to show me ads anyway. If alice@privacyrequired.com emails bob@gmail.com about a Taylor Swift concert, Google profits from information about both people. Even if Alice does not use Google services, Google’s file on bob shows he knows Alice and Alice is a TS fan. Then when bob searches for gifts, Google shows him TS t-shirts and profits from that. Conversations are two-ways, so when Bob responds to Alice Google learns directly about Bob, such as whether he’s a Swift fan. Alice’s msg therefore generated profitable data about Bob for Google, which potentially works against Alice’s boycott against Google.

    That’s just the tip of the iceberg—

    human rights

    Human rights are important. Embodied therein (among other principles) the Charter of Fundamental Rights of the EU, Article 8 states:

    1. Everyone has the right to the protection of personal data concerning him or her.
    2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
    3. Compliance with these rules shall be subject to control by an independent authority.

    As you can see from reading this thread, most people irrationally believe these human rights constitute paranoia and tinfoil hattery. My opposition to mass surveillance is not borne out of fear that my data will be used against me personally, but rather an objection to arbitrary systemic collection that comes at the detriment of some people (e.g. abortion seekers) and ultimately disempowers people.

    privacy is about control

    To have privacy is to have control over information about you. Security from harmful disclosure is only a small component of the utility of privacy. There is a tendency for normies to fixate on that and think that is the sum total purpose of privacy. Having control is also about choosing who gets to profit from your data. It’s about having a right to boycott harmful entities.

    digital exclusion and diminished open standards

    Google and Microsoft sabotaged the email infrastructure by imposing rules outside of RFC 5321. Up until the 2000s you could send an email to anyone so long as you comply with the open standards expressed in RFCs. The monopolistic tech giants saw an opportunity to take more market share and reduce their costs by introducing restrictions on email that exclude people who are self-serving. They leveraged spam fatigue to coerce people to conform to non-RFC proprietary reqs in addition to already already having a dominant market share (corp greed has no limits).

    I reject Google and Microsoft dictating terms that breaks the purpose of open standards (interoperability). Every time you send an email to or from Google or MS servers, you give your support for corporate dictatorship.


    So when you say this is about “the ability to show you ads that are more relevant to your interests”, you and at least 5 others have wholly misunderstood the problem.



  • This. Life is too short to deny myself human contact.

    This is scrapping a long list of old contacts who might at most every 5—20 years briefly exchange life updates from another part of the world. It’s not denying human contact. When I meet someone new, they either need to reach me a way that’s agreeable to both of us or they need to proxy msgs through a mutual friend.

    You’ve both demonstrated to easily back the gatekeepers as you’ve both needlessly chosen to create fedi accounts that are centralized on Cloudflare (lemmy world and shit just works both). You can’t speak with any credibility on the privacy front under those circumstances because you compromise digital freedom even when it yields no meaningful gain.


  • Sometimes you have to stay connected to have any chance of saving the others.

    This is not that. In this particular situation remaining connected to the surveillance advertisers only reinforces through codependency the idea that people can centralize themselves on those platforms to count on being reachable by everyone. That’s not the right msg.

    Being the one hold out is a strong position. There was an academic group of people on FB that I had to corresponded with. When I refused to appear on that platform, everyone was forced to step outside of FB to reach me thus making them consciously aware of the problem. I wouldn’t have it any other way. Taking the pushover stance only proves to them that it works to choose the side of the monopolistic oppressor.

    Indeed it makes sense for a privacy advocacy org to have a Facebook acct to reach those people. But most of them get it wrong and needlessly advertise FB on their public website. Which means they’re not just using it for outreach.








  • Then you’ve misunderstood. It’s not a security move. It’s a boycott. I will not financially support fossil fuel partners with profitable data.

    Google is partnered with Total Energy and uses AI to help them find where to drill. Likewise, Microsoft is partnered with Chevron and Exxon, again using AI to help them drill for oil. Microsoft also has many other matters of ethical wrongdoing. Not a good company to support. Not to mention the lack of ethics of targeted advertising in general.

    So it’s privacy for the sake of ethics, not privacy for the sake of security. These are the top reasons not to feed Google or MS, though it’d be poor judgement to also suggest there is no security problem with personal disclosure to such a centralized corporate PRISM venues outside of a GDPR region in a country with no notable privacy safeguards.

    It’s also notable that Chevron is an #ALEC member, thus supports US republicans. #ExxonMobil is also an abhorrent company to support (#ExxonKnew).