• 3 Posts
  • 434 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle

  • IMHO UnifiedPush is just a poor re-implementation of WebPush which is an open and distributed standard that supports (and in the browser requires, so support is universal) E2EE.

    UnifiedPush would be better as a framework for WebPush providers and a client API. But use the same protocol and backends as WebPush (as how to get a WebPush endpoint is defined as a JS API in browsers, would would need to be adapted).



  • I paid for GPM for quite a while. I then started working at Google and beta tested YouTube Music from very early on and gave lots of feedback about how it sucked. When they shut down GPM I cancelled my YouTube Premium membership and installed an ad blocker. Not just YTM but so many things about YouTube were getting worse and worse and I couldn’t find it in myself to keep paying for a service that kept removing features.


  • Yes, but in my experience it is pretty trash. Unlike Google Play Music which matched the music to known tracks and shuffled it in with recommended playlists and other features on YouTube Music the uploaded songs are basically completely isolated. At that point why use a streaming service?



  • This isn’t how YouTube has streamed videos for many, many years.

    Most video and live streams work by serving a sequence of small self-contained video files (often in the 1-5s range). Sometimes audio is also separate files (avoids duplication as you often use the same audio for all video qualities as well as enables audio-only streaming). This is done for a few reasons but primarily to allow quite seamless switching between quality levels on-the-fly.

    Inserting ads in a stream like this is trivial. You just add a few ad chunks between the regular video chunks. The only real complication is that the ad needs to start at a chunk boundary. (And if you want it to be hard to detect you probably want the length of the ad to be a multiple of the regular chunk size). There is no re-encoding or other processing required at all. Just update the “playlist” (the list of chunks in the video) and the player will play the ad without knowing that it is “different” from the rest of the chunks.


  • kevincox@lemmy.mltoTechnology@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    1 month ago

    That is a pretty weak argument. The issues are minor and in a library that people are moving off of to a better build and stronger validated library. Yes, it should have been like that in the first place, but the problem is minor and being addressed.

    I would look more to the various features of Matrix that aren’t encrypted like room names, topics, reactions, … and not to mention the oodles of unencrypted metadata. I really wouldn’t call Matrix a high-privacy system.

    I like Matrix and use it regularly, but it definitely doesn’t have a privacy-first mindset like Signal does. I’m hoping that this improves over time, but without a strong privacy first leadership it seems unlikely to happen.



  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    I mean it is always better to have more open source. But the point of the multi-hop system is that you don’t need to trust the server. Even if the server was open source:

    1. You wouldn’t know that we are running an unmodified version.
    2. If you need to trust the server then someone could compel us to tap it or monitor it.

    The open source client is enough to verify this and the security of the whole scheme.


  • Yeah, I can’t believe how hard targeting other consoles is for basically no reason. I love this Godot page that accurately showcases the difference:

    https://docs.godotengine.org/en/stable/tutorials/platform/consoles.html

    Currently, the only console Godot officially supports is Steam Deck (through the official Linux export templates).

    The reason other consoles are not officially supported are:

    • To develop for consoles, one must be licensed as a company. As an open source project, Godot has no legal structure to provide console ports.
    • Console SDKs are secret and covered by non-disclosure agreements. Even if we could get access to them, we could not publish the platform-specific code under an open source license.

    Who at these console companies think that making it hard to develop software for them is beneficial? It’s not like the SDK APIs are actually technologically interesting in any way (maybe some early consoles were, the last “interesting” hardware is probably the PS2). Even if the APIs were open source (the signatures, not the implementation) every console has DRM to prevent running unsigned games, so it wouldn’t allow people to distribute games outside of the console marker’s control (other than modded systems).

    So to develop for the Steam Deck:

    1. Click export.
    2. Test a bit.

    To develop for Switch (or any other locked-down console):

    1. Select a third-party who maintains a Godot port.
    2. Negotiate a contract.
      • If this falls through go back to step 1.
    3. Integrate your code to their port.
    4. Click export.
    5. Test a bit.

    What it could be (after you register with Nintendo to get access to the SDK download):

    1. Download the SDK to whatever location Godot expects it.
    2. Click export.
    3. Test a bit.

    All they need to do is grant an open source license on the API headers. All the rest is done for them and magically they have more games on their platform.


  • kevincox@lemmy.mltoPrivacy@lemmy.mlIn search for a good VPN
    link
    fedilink
    arrow-up
    26
    arrow-down
    1
    ·
    2 months ago

    Mullvad is one of the best options if you care about privacy. They take privacy seriously, both on their side and pushing users towards private options. They also support fully anonymous payments. Their price is also incredibly reasonable.

    I’m actually working on a VPN product as well. It is a multi-hop system so that we can’t track you. But it isn’t publicly available yet, so in the meantime I happily recommend Mullvad.


  • HTTP/1.1 403 UNAUTHORIZED
    {
      "error": {
        "status": "UNAUTHORIZED",
        "message": "Unauthorized access",
      },
    }
    

    I would separate the status from the HTTP status.

    1. The HTTP status is great for reasonable default behaviours from clients.
    2. The application status can be used for adding more specific errors. (Is the access token expired, is your account blocked, is your organization blocked)

    Even if you don’t need the status now, it is nice to have it if you want to add it in the future.

    You can use a string or an integer as the status code, string is probably a bit more convenient for easy readability.

    The message should be something that could be sent directly to the user, but mostly helpful to developers.


  • This is basically admitting that consumers don’t actually value their subscription service for the cost. If users were buying used bikes and signing up for subscriptions Peloton would be thrilled, they would do everything that they could to encourage that like free trials. But it must be that most people who buy used bikes don’t find the subscription worth it and cancel within a few months. Adding this fee both extracts more money and creates a sunk cost fallacy that will cause them to go longer before cancelling.

    If the product sold itself they would just let people pay them subscriptions, its basically free money.


  • Vista sucked so bad. I got a nice new laptop and it was constant pain. One of the real breaking points was that it would refuse to let me modify or delete some files even as superuser. If I recall correctly they weren’t even system files, maybe a separate partition or something.

    I tried installing XP but there was some sort of driver issue with my CD drive. It would start installing fine, but then once it tried to reboot off of the HDD to finish the installation it couldn’t find the installation CD to finish copying things, so the install just crashed half-way done.

    I installed Ubuntu on a partition, dual booted for a while. After a few months I realized that I never even used the Windows partition anymore so I wiped it.


  • Likely what is happening is that the game is probing audio devices and triggering the mic on your headphones to get picked up. This switches them into the “headset” profile which has awful audio quality. I don’t know why the UI isn’t showing that, make sure you are checking while the game is running and the audio sounds bad.

    If you want your headphone mic to work there is not much choice. There isn’t a standard bluetooth profile with good audio and mic. If you never want to use your headphone mic you can probably configure some advanced settings in your audio manager (probably PulseAudio or PipeWire).


  • These are all good points. This is why it is important to match your recommendations to the person. For example if I know they have Chrome and a Google account I might just recommend using that. Yes, it isn’t end-to-end encrypted and Google isn’t great for privacy but at least they are already managing logins over all of their devices.

    In many cases perfect is the enemy of better. I would rather them use any password manager and unique passwords (even “a text file on their desktop”) than them sticking to one password anywhere because other solutions are too complicated.


  • It depends on your threat model. It does mostly reduce the benefit from 2FA, but you are probably still very safe if you use a random password per site. I mostly use 2FA when forced (other than a few high-value accounts) so I don’t worry about it. For most people having a random password which is auto-filled so that you don’t type it into the wrong site is more than sufficient to keep themselves secure.



  • kevincox@lemmy.mltoPrivacy@lemmy.mlUse a password manager
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    3 months ago

    Honestly nothing. I recommend this to everyone because it is the easiest way to set up and offers huge advantages.

    1. No more password reuse, per site random passwords.
    2. Auto-fill reduces chance of phishing attacks work because you get suspicious if the password doesn’t auto-fill.
    3. Most browsers will integrate it into their sync service to reduce the risk of you losing your passwords.

    I think these are the two biggest benefits and every browser password manager will accomplish both.