varsock

joined 1 year ago
[–] [email protected] 44 points 1 month ago

Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.

There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.

I don't think they have skin the in shipping game but their algorithms are over optimized that they don't even show what your searching for, but trying to infer why you're searching for it. That or whoever pays them more. Certainly a search risk

[–] [email protected] 1 points 5 months ago

wow 10 months flew by since this was posted and since then the United States had a surprise privacy bill that is bipartisan that sort of addresses the issues you and I mentioned. https://www.washingtonpost.com/technology/2024/04/07/congress-privacy-deal-cantwell-rodgers/

This bill was proposed around the same time the TikTok ban was announced. I speculate that law makers had a difficult time framing the arguments against TikTok when "the data of citizens have no protections so there was no easy legal grounds to forbit the likes of TikTok to harvest it"

From what I've heard, this bill is pretty good. I need to educate myself more on it, however.

[–] [email protected] 2 points 7 months ago

was it ever? I participate in interview rounds at my company (several tech screens a month) and I must say a candidate's email was not something that drew attention

[–] [email protected] 2 points 7 months ago

you're able to unsubscribe from all those protomtions . . . that is in settings. Personally, a once-a-month newsletter of everything that is new is helpful bc I don't need to put in the effort tlinto keeping up

[–] [email protected] 2 points 7 months ago (1 children)

For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

I also have a policy to sync specified folders (and subfolder) with my family's devices. No more " hey can you send me all the pics from the XYZ trip"

We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.

[–] [email protected] 7 points 7 months ago

simply put, programming is glorified automation. There are jobs where the process that needs automating makes money.

[–] [email protected] 12 points 7 months ago

Debian has the advantage of not using snapd like Ubuntu does. You have to not only remove snaps but also instruct the package manager not you pull in snaps as dependencies and not to favor snap packages.

I have fond memories of Ubuntu being my first distro many years ago but pushing snaps onto users to compete with flatpak is a nuisance.

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago) (2 children)

I don't think I am well positioned to answer that question given my experience. Ill give it my best.

I believe the advantage of more abstraction of gRPC was desireable because we can point it at a socket (Unix domain or internet sockets) and communicate across different domains. I think we are shooting for a "microserves" architecture but running it on one machine. FFI (IIRC) is more low level and more about language interoperability. gRPC would allow us to prototype stuff faster in other languages (like Python or go) and optimize to rust if it became a bottleneck.

Short answer is, we are able to deliver more value, quicker, to customers (I guess). But I don't know much about FFI. Perhaps you can offer some reasons and use cases for it?

[–] [email protected] 0 points 8 months ago (5 children)

At work, we started the c++ migration to rust doing the following:

  1. Identify "subsystems" in the c++ code base
  2. Identify the ingress/egress data flows into this subsystem
  3. Replace those ingress/engress interfaces with grpc for data/event sharing (we have yet to profile the performance impact of passing an object over grpc, do work on it, then pass it back)
  4. Start a rewrite of the subsystem. from c++ to rust
  5. Swap out the two subsystems and reattach at the grpc interfaces
  6. Profit in that now our code is memory safe AND decoupled

The challenge here is identifying the subsystems. If the codebase didn't have distinct boundaries for subsystems, rewrite becomes much more difficult

[–] [email protected] 2 points 8 months ago (1 children)

hey, that's what the internet is for; information sharing :)

[–] [email protected] 2 points 8 months ago (3 children)

for the dummies (like me) that can't read the room, especially online, a sarcasm tag /s goes a long way 🙃

[–] [email protected] 2 points 8 months ago (5 children)

you sound like a Microsoft engineer ;)

 

The article discusses the use of targeted advertising data by government agencies, particularly focusing on how a technology consultant demonstrated the security risks posed by Grindr's data to national security agencies. It highlights the widespread availability and potential surveillance applications of advertising data, as well as the government's interest in obtaining and utilizing such data for intelligence purposes.

Why is this worth the read? It goes into detail how these data exchanges work and the mechanisms of obtaining such data. We often hear about the result of these actions, but how these actions are performed are described within.

(clear your cookies to read the paywalled article)

 

Below is a disturbing amount of information data brokers have ammased from buying your data from trackers in ads and apps.

"a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

... can access this data to trace individuals' movements—including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters"—over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

... target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava’s database," the FTC alleged, or "parents with different ages of children."

 

The sudo-rs project improves on the security of the original sudo by:

  • Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
  • Leaving out less commonly used features so as to reduce attack surface
  • Developing an extensive test suite which even managed to find bugs in the original sudo
 

Drawing attention on this instance so Admins are aware and can address the propagating exploit.

EDIT: Found more info about the patch.

A more thorough recap of the issue.

GitHub PR fixing the bug: https://github.com/LemmyNet/lemmy-ui/pull/1897/files

If your instance has custom emojis defined, this is exploitable everywhere Markdown is available. It is NOT restricted to admins, but can be used to steal an admin's JWT, which then lets the attacker get into that admin's account which can then spread the exploit further by putting it somewhere where it's rendered on every single page and then deface the site.

If your instance doesn't have any custom emojis, you are safe, the exploit requires custom emojis to trigger the bad code branch.

 

https://radar.cloudflare.com/domains

Source of this is from Matthew Prince, Co-founder & CEO of Cloudflare posted at 11:34 Jul 9,2023. It was posted to his twitter (@eastdakota). Not linking to twitter bc don't want a deadlink next time twitter makes API changes. And not to drive traffic to twitter :D

Edit: July 11th update, arstechnica published a detailed explanation

https://arstechnica.com/tech-policy/2023/07/twitter-is-tanking-amid-threads-surging-popularity-analysts-say/

view more: next ›