ciferecaNinjo 13h ago • 100%
Worth noting that some banks are pushing this transition in a more subtle way. By gradually removing options from their web banking and making functions that are smartphone-only.
ciferecaNinjo 18h ago • 100%
Aion
The closed-source app is exclusively available in these places: * Google Playstore * Apple store * Huawei store The app will only run on quite recent phones. So anyone who does not keep their OS up to date (which implies periodically buying new hardware for the shitshow platforms people much choose between) are locked out of their account. Also: * No walk-in service * Over the counter service requires appointment and a fee for many staff-assisted operations * No paper statements. No phone → no statements. The app requires SMS 2fa, so non-phone or landphone users: don’t even think about trying to use an android emulator. If you want to close your account to escape this shitshow, you have 2 options: * In the app use the account closure feature, OR * Send a shit load of sensitive information (ID/passport, utility bill, bank account numbers to close, account numbers of your new external account to transfer the money to, etc) via Google (gmail) from an IP address that Google accepts. (edit) Worth mentioning an aspect of these cashless banks that should be embarrassing for them: when you close an account, they have no cash so they cannot pay you your balance. You can pull money from an ATM but obviously only in denominations of paper banknotes. So how do you get the rest out? They expect you to open an account elsewhere and transfer it. How silly is that? Maybe you don’t want another account, or maybe you’re moving to a completely different part of the world and the transfer cost will exceed what remains. You can hack around this various ways, like dining out and paying an exact amount by card and the rest by cash. But really, banks should be embarrassed they cannot give you cash. They shouldn’t need a vault just to secure €20 or so in change.
ciferecaNinjo 1w ago • 100%
Hoof.. behaw. They became tor hostile. I actually have an account there I can no longer reach.
ciferecaNinjo 1w ago • 100%
I don’t know when (if ever) I will be able to view that. Youtube has been blocking Tor and DoS attacking Invidious lately. It’s unclear when the open free world will get access to Youtube content again.
fedia.io
The linked “magazine” (community) is where Twitter & FB users can converge with non-Twitter & non-FB users to have their messages to their gov reps relayed. This is a hack to circumvent digital exclusion.
fedia.io
The linked “magazine” (community) is where Twitter & FB users can converge with non-Twitter & non-FB users to have their messages to their gov reps relayed. This is a hack to circumvent digital exclusion.
ciferecaNinjo 2w ago • 100%
I guess I don’t get the reference. I recall a Bullwinkle cartoon when I was a kid. Is it related?
There is an art competition for original CC-licensed art created using FOSS. Some of you might want to submit your work to try to win a prize (there are 3 prizes).
ciferecaNinjo 2w ago • 100%
I’m not sure how it works but it may still conform to standards (just not conventional norms). E.g. consider eduroam which is common in EU schools. You need a special app for eduroam but it’s possibly combining various authentication standards with wi-fi standards. Before using eduroam I skimmed through all 1000+ SLOC of the bash script before deciding to trust it. I was revolted that I had to inspect all that code just to safely connect to campus wi-fi with confidence.
That said, I have no idea how wifi4eu works. It could be similar to eduroam and perhaps a FOSS app will eventually emerge. But until then, all we get is an all-rights-reserved copyrighted black box and no specs (AFAIK). So yes, it’s a shit show of exclusivity and privacy surrender nonetheless.
fedia.io
The EU has implemented a free public wi-fi infrastructure and is pitching this service to various public buildings, including public libraries. This “Wifi4EU” project is limited to people with smartphones, and only those that are running iOS or Android OS. The app needed to connect to the network is closed-source and exclusively available in the walled gardens of Google and Apple. The network is inaccessible without the special app. AFAICT, these are the excluded demographics of people: * people with laptops * people who do not have or carry a smartphone * people with old non-updatable smartphones (all iOS & AOS devices are designed for obsolescence) * people with cheap Chinese phones that exclude Google Playstore (which requires licensing with Google that some vendors do not subscribe to) * people with deGoogled phones * people with no Google account (i.e. those without the mobile phone number needed to register with Google) * people who refuse to install and execute non-free closed-source software, and those on FOSS platforms that do not support such software My concern is that when a public library decides to deploy Wifi4EU, they will discontinue their current wi-fi service, which does not require a special app and which is generally open to more demographics of people. Note that it’s a bit of a shit-show already because some current library wi-fi services already exclude people who cannot overcome the shitty captive portal + SMS verification design. Wifi4EU is even more exclusive.
fedia.io
More political than artistic, and in fact has a bit of a ransom letter feel to it. But a college nonetheless. If someone wants to make a more artistic version, I can provide the raw material (an SVG file that was created with Inkscape).
fedia.io
What’s going to happen in the EU is public spaces like libraries which already have wi-fi service are going unplug their wi-fi service and take this free wifi4eu option. Then only people who can get the special Google/Apple-only app will have wi-fi access. So while the project falsely claims to favor digital inclusion, they will actually be making existing networks more exclusive.
ciferecaNinjo 3w ago • 100%
Yikes. I am disturbed to hear that. I was as well appalled with what I saw in a recent visit to a university. It’s baffling that someone could acquire those degrees without grasping the discipline. Obviously it ties in with the fall of software quality that began around the same time the DoD lifted the Ada mandate. But indeed, you would have to mention your credentials because nothing else you’ve written indicates having any tech background at all.
ciferecaNinjo 3w ago • 50%
How have I made your point at all?
You have acknowledged the importance of having multiple points of failure. It’s a good start because the defect at hand is software with a single point of failure.
You're a bit incoherent with what you're talking about.
I suppose I assumed I was talking to someone with a bit of engineering history. It’s becoming clear that you don’t grasp software design. You’ve apparently not had any formal training in engineering and likely (at best) you’ve just picked up how to write a bit of code along the way. Software engineering so much more than that. You are really missing the big picture.
This has nothing to do with software design or anything else along those lines.
What an absurd claim to make. Of course it does. When software fails to to protect the data it’s entrusted with, it’s broken. Either the design is broken, or the implementation is broken (but design in the case at hand). Data integrity is paramount to infosec and critical to the duty of an application. Integrity is basically infosec 101. If you ever enter an infosec program, it’s the very first concept you’ll be taught. Then later on you might be taught that a good software design is built with security integrated into the design in early stages, as opposed to being an afterthought. Another concept you’ve not yet encounted is the principle of security in depth, which basically means it’s a bad idea to rely on a single mechanism. E.g. if you rely on the user to make a backup copy but then fail to protect the primary copy, you’ve failed to create security in depth, which requires having BOTH a primary copy AND a secondary copy.
This is a simple thing. If your data is valuable you secure it yourself.
That has nothing to do with the software defect being reported. While indeed it is a good idea to create backups, this does not excuse or obviate a poor software design that entails data loss and ultimately triggers a need for data recovery. When a software defect triggers the need for data recovery, in effect you have lost one of the redundant points of failure you advocated for.
When you reach the university level, hopefully you will be given a human factors class of some kind. Or if your first tech job is in aerospace or a notably non-sloppy project, you’ll hopefully at least learn human factors on the job. If you write software that’s intolerant to human errors and which fails to account for human characteristics, you’ve created a poor design (or most likely, no design.. just straight to code). When you blame the user, you’ve not only failed as an engineer but also in accountablity. If a user suffers from data loss because your software failed to protect the data, and you blame the user, any respectable org will either sack you or correct you. It is the duty of tech creators to assume that humans fuck up and to produce tools that is resilient to that. (maybe not in the gaming industry but just about any other type of project)
Good software is better than your underdeveloped understanding of technology reveals.
Thinking that a federated service is going to have a uniform or homogenous approach to things is folly
Where do you get /uniform/ from? Where do you get /homogenous approach/ from? Mbin has a software defect that Lemmy does not. Reporting mbin’s defect in no way derives and expectation that mbin mirror Lemmy. Lemmy is merely an example of a tool that does not have the particular defect herein. Lemmy demonstrates one possible way to protect against data loss. There are many different ways mbin can solve this problem, but it has wholly failed because it did fuck all. It did nothing to protect from data loss.
on your end and a failure of understanding what the technology is.
It’s a failure on your part to understand how to design quality software. Judging from the quality of apps over the past couple decades, it seems kids are no longer getting instruction on how to build quality technology and you have been conditioned by this shift in recent decades toward poorly designed technology. It’s really sad to see.
ciferecaNinjo 3w ago • 50%
Exactly. You’ve made my point for me. Precisely why this defect is a defect. The user’s view should be separate and disjoint from the timeline. Lemmy proves the wisdom of that philosophy. But again, it’s a failure of software design to create a fragile system with an expectation that human users will manually compensate for lack of availaiblity and integrity. I know you were inadvertenly attempting again to blame the user (and victim) for poor software design.
It’s a shame that kids are now being tought to produce software has lost sight of good design principles. That it’s okay to write software that suffers from data loss because someone should have another copy anyway (without realising that that other copy is also subject to failures nonetheless).
ciferecaNinjo 3w ago • 60%
Who cares?
Anyone who values their own time and suffers from data loss cares about data loss, obviously.
This is a serious question.
Bizarre.
Anything that is important to you should be backed up and/or archived. Relying on a third party social media app is folly.
This is a bug report on faulty software. If you have a clever workaround to the bug, specifics would be welcome. A bug report is not the place for general life coaching or personal advice. If there is an emacs mode that stores posts locally and copies them into a lemmy or mbin community and keeps a synchronised history of the two versions, feel free to share the details. But note that even such a tool would still just be a workaround to the software defect at hand.
fedia.io
Both Lemmy and mbin have a shitty way of treating authors of content that is censored by a moderator. **Lemmy**: if your post is removed from a community timeline, you still have the content. In fact, your logged-in profile looks no different, as if the message is still there. It’s quite similar to shadow banning. Slightly better though because if you pay attention or dig around, you can at least discover that you were censored. But shitty nonetheless that you get no notification of the censorship. **Mbin**: if your post is removed, you are subjected to ***data loss***. I just wrote a high effort post europe@feddit.org and it was censored for not being “news”. There is no rule that your post must be news, just a subtle mention in the topic of news. In fact they delete posts that are not news, despite not having a rule along those lines. So my article is lost due to this heavy-handed moderation style. Mbin authors are not deceived about the status of their post like on lemmy, but authors suffer from data loss. They do not get a copy of what they wrote so they cannot recover and post it elsewhere. It’s really disgusting that a moderator’s trigger happy delete button has data loss for someone else as a consequence. I probably spent 30 minutes writing the post only to have that effort thrown away by a couple clicks. Data loss is obviously a significant software defect.
ciferecaNinjo 3w ago • 50%
Wojciech Wiewiórowski was intent on calling mastodon a failure for political reasons. When pressed on the harms of public services using Twitter and Facebook, he defends them on the basis of content moderation. Of course what’s despicable about that stance is that a private sector surveillance advertiser is not who should be moderating who gets to say what to their representatives. Twitter, for example, denies access to people who do not disclose their mobile phone number to Twitter, which obviously also marginalises those who have no mobile phone subscription to begin with.
Effectively, the government has outsourced the duty of governance to private corporations -- without rules. Under capitalism.
The lack of funding on the free world platforms was due to lack of engagement. When the public service does not get much engagement they react by shrinking the funding.
We need the Facebook and Twitter users to stop engaging with gov agencies on those shitty platforms. Which obviously would not happen. Those pushover boot-licking addicts would never do that.
tl;dr: is it a good idea to put Elon Musk in control of who gets to talk to their government?
ciferecaNinjo 1mo ago • 100%
i don’t see any limitations in the sidebar
ciferecaNinjo 1mo ago • 100%
wow.. then when I posted the above thread, it responded with “This page isn’t working” and looked like an error msg that was generated by the browser itself. So I reposted. Same thing. Then I discovered that it posted despite the error. So then I deleted the dupe.
I tried to upvote this comment: https://fedia.io/m/Brussels/t/1145402/Delhaize-and-Intermarche-loyalty-more-intrusive-than-Colruyt-but-Colruyt/comment/7061005#entry-comment-7061005 Got a page that simply said “Error”. That’s it. Not internal server error or a 500 error.. just “error”. Thought it’s worth mention since it’s possibly the first time I've seen such a generic and info-deprived error msg.
ciferecaNinjo 1mo ago • 100%
the privacy policy for kbin.earth is just empty for me, on Ungoogled Chromium. I get the page title in large bold, but then an empty box below it despite enabling some foreign 3rd party JS (jwr.one).
But I must say, something like Cloudflare should not be buried in a privacy policy. It should be something that no one misses especially if Tor is whitelisted. A lot of Tor users likely rely on CF’s “just one moment..” page to know it’s a CF page (a mitm we usually want to avoid).
ciferecaNinjo 2mo ago • 100%
Thanks for the insights. I was looking for a client not a server. So maybe this can’t help me. A server somewhat hints that it would be bandwidth heavy. I’m looking to escape the stock JS web client. At the same time, I am on a very limited uplink. To give an idea, I browse web with images disabled because they would suck my quota dry.
The readme talks about docker. I’m not a docker user. I did a `git clone` when I was on a decent connection. ATM I’m not on a decent connection. The **releases** page lacks file sizes. And MS Github conceals the size: ``` curl -LI 'https://github.com/Xyphyn/photon/archive/refs/tags/v1.31.2-fix.1.tar.gz' | grep -i 'content-length' ``` output: > content-length: 0 So instead of fetching the tarball of unknown size, I need to know how to build either the app or the tarball from the cloned repo. Is that documented anywhere?
ciferecaNinjo 2mo ago • 100%
Photon is a strange beast. How do you install it?
It seems to only come as a docker container. That’s weird. I don’t have docker installed but docker should really be a choice.. not a sole means of installation. I see no deb file or tarball. It seems that it has taken a direction that makes it non-conducive to ever becoming part of the official Debian repos.
Then it seems as well that their official site “phtn.app” is a Cloudflare site -- which is a terrible sign. It shows that the devs are out of touch with digital rights, decentralisation, and privacy. That doesn’t in itself mean the app is bad but the tool is looking quite sketchy so far. Several red flags here.
(edit) I found a tarball on the releases page.
I often save websites to my local drive when collecting evidence that might later need to be presented in court. But of course there problems with that because I could trivially make alterations at will. And some websites give me different treatment based on my IP address. So I got in the habit of using `web.archive.org/save/$targetsite` to get a third party snapshot. That’s no longer working. It seems archive.org has cut off that service due to popular demand, which apparently outstrips their resources. Are there more reliable alternatives? I’m aware of `archive.ph` but that’s a non-starter (Cloudflare). In the 1990s there was a service that would email you a webpage. Would love to an out-of-band mechanism like that since email has come to carry some legal weight and meets standards of evidence in some countries (strangely enough).
ciferecaNinjo 2mo ago • 100%
Thanks!
Apparently it’s not as reproduceable as I thought. I was just now able to render my profile before logging in.
ciferecaNinjo 2mo ago • 100%
I noticed that when I visit my profile page (https://fedia.io/u/ciferecaNinjo) while logged out, I get a 504 gateway error, but if I login then my profile page renders fine. It has been this way the past few days. If I view my profile from a logged-out browser while logged in in another browser, the logged out browser sees the profile fine. So to reproduce it would be interesting to visit anyone’s profile who is logged out.
ciferecaNinjo 2mo ago • 100%
I just need to work out exactly what the effect of the user-configured node block is. In principle, if an LW user replies to either my thread or one of my comments in someone else’s thread, I would still want to see their comments and I would still want a notification. But I would want all LW-hosted threads to be hidden in timelines and search results.
On one occasion I commented in an LW-hosted thread without realising it. Then I later blocked the community that thread was in (forgetting about my past comment). Then at one point I discovered someone replied to me and I did not get the notification. That scenario should be quite rare but I wonder how it would pan out with the node-wide blocking option.
fedia.io
As the linked post demonstrates, if you enter a link like this: ``` [mail2tor](mail2torjgmxgexntbrmhvgluavhj7ouul5yar6ylbvjkxwqf6ixkwyd.onion) ``` mbin thinks it’s something else. Indeed it’s not a URL due to the lacking ‘scheme://’, but it’s bizarre what it does with the links. Since SSL is not generally needed for onions, every link would require some effort to know whether it should have a scheme of `http://` or `https://`. Mbin should just pick one of those schemes arbitrarily.. certainly not whatever it’s doing at the moment.
I often supply documents as evidence to regulators (e.g. GDPR regulators). A document is normally in A4 format and I digitally superimpose that onto an A4 page. Thus generally without shrinking or expanding. I label it by printing “**exhibit A**”, “**bewijsstuk A**”, or “**pièce A**” in the topmost rightmost corner at a 45° angle and give a small margin to avoid unprintable areas. I do that on every single page. If it would overlap something, I shift it down to avoid overlap. It seems to do the job well but a regulator once requested that I resubmit the evidence without my markups. So apparently they don’t like my style. Maybe they wonder if I could be making more material alterations. What is the normal convention in the legal industry? These evidence submissions are not for a court process but they always have potential to end up in court in the future. I have some ideas: * (only for paper submissions) I could stick a Post-It note to every document (every page?) and hand-write evidence labels. This would be inconvenient for them to scan. If they remove the notes to feed into a scanner, then the digital version is lossy and so they cannot dispense of the paper version. Or they must be diligent with entering the label into the file’s metadata or filename. * (only for electronic submissions) I could make the evidence label a PDF annotation, so when viewing the doc and printing it the user can decide whether to show/print annotations. This seems useful superficially but it’s problematic because the PDF tools poorly adhere to the standard to w.r.t. annotations. Many tools do not handle annotations well. A recipient’s app does not necessarily give them control over whether annotations appear, and how they appear (different fonts chosen by different tools and if a tool does not have the source font it may simply ignore the annotation). The 45° angle that sets it apart and makes it pop-out better is apparently impossible with PDF annotations. And with little control over the font it might look good in one viewer but overlap in another. * (versatile for both kinds of submissions) I could shrink the doc to ~90% of the original size, put a frame around it, and push it low on the page to leave space at the top for metadata like evidence labels. The the label is obviously not altering the original. * (versatile for both kinds of submissions) I could add a cover page to each doc with the sole purpose of writing “exhibit A”. Seems good for digital submissions but I really don’t like the idea of bulking out my paper submissions. It would add €1 to the cost for every ten docs. * (versatile for both kinds of submissions) Perhaps I could get away with rotating “exhibit A” 90° and finely printing it along the edge of the margin. This could even be combined with bullet 3 and maybe with less scaling (~95%). Any other ideas?
I would like to understand this paragraph: > § 2. Lorsque (un opérateur d'un [¹ réseau public de communications électroniques]¹) a l'intention d'établir des câbles, lignes aériennes et équipements connexes, de les enlever ou d'y exécuter des travaux, elle **tend** à rechercher un accord quant à l'endroit et la méthode d'exécution des travaux, avec la personne dont la propriété sert d'appui, est franchie ou traversée. Argos Translate yields: > § 2. When (an operator of a [¹ public electronic communications network]¹) intends to establish cables, airlines and related equipment, to remove or perform work therein, it **tends** to seek an agreement on the location and method of carrying out work, with the person whose property serves as a support, is crossed or crossed. I think *tends* is a false friend here because it seems unlikely in this context. A commercial machine translation yields: > § 2. When (an operator of a [¹ public electronic communications network]¹) intends to establish, remove or carry out work on cables, overhead lines and related equipment, it **shall** seek agreement as to the location and method of carrying out the work with the person whose property is used as support, is crossed or is being traversed. Sounds more accurate. I’m disappointed that there seems to be no requirement that the telecom company obtain consent from property owners. Is that correct? The telecom operator does not need consent on *whether* to use someone’s private property, only consent on *how* they deploy the cables?
