Brekkjern's recent activity
-
Comment on Gemini protocol in ~tildes
-
Comment on Cloud Servers for the Broke in ~comp
Brekkjern LinkOracle has been known to just delete servers on their free tier without warning, so keeping proper backups is more important than other cloud services. If you have something you are dependent on...Oracle has been known to just delete servers on their free tier without warning, so keeping proper backups is more important than other cloud services. If you have something you are dependent on running there, then you should probably find a more reliable host.
-
Comment on Can we talk about BattleBit Remastered? It's kind of a big deal. in ~games
Brekkjern Link ParentThe map you are thinking of is probably Frugis, and I agree with you on all points. The 254 player mode is fun every now and then but 64v64 is honestly better balanced and the maps are better...The map you are thinking of is probably Frugis, and I agree with you on all points. The 254 player mode is fun every now and then but 64v64 is honestly better balanced and the maps are better designed for the player count.
-
Comment on Men are lost. Here’s a map out of the wilderness. in ~life.men
Brekkjern Link ParentGreat men and great role models aren't the same. Especially since many of the people you point to didn't live in modern society, and apart from Arnold, are not people who come from the same...Great men and great role models aren't the same. Especially since many of the people you point to didn't live in modern society, and apart from Arnold, are not people who come from the same stratum as the majority of men (though, even he came from a family with some influence). What we lack are (mostly) universally liked men you could look up to and aspire to become. Not for their political power or influence, but because of their morals and drive.
And honestly, therein lies the problem. Nearly any white cis man you point to will by default be assumed to have gotten to wherever they are by coasting on the privileges they have enjoyed throughout their life. It is difficult to even promote such a character because it in many ways would be immoral to take advantage of those perceived benefits. They might be a good role model otherwise, but getting over that hurdle is difficult.
I can't really speak for black male role models. Most I know of have grown up in the US and the history there is decidedly different to the one in my country. Potential POC male role models here are often so because their immigrant background first, and their gender second.
I don't feel like I really have any point or conclusion with this comment, other than just airing my thoughts about the difficulty of finding potential role models really.
-
Comment on Reddit demands moderators remove NSFW labels, or else in ~tech
Brekkjern Link ParentWhat I really miss after the Reddit API fuckery are communities like NCD. They are very niche and there are few sites that have either the user numbers, or the functionality to support communities...What I really miss after the Reddit API fuckery are communities like NCD. They are very niche and there are few sites that have either the user numbers, or the functionality to support communities like it. Tildes is nice and all, but the category system isn't granular enough to allow niche communities space to grow yet, so the front page is more similar to a better moderated r/all, which is nice, but it doesn't scratch the same itch that Reddit did for me.
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
Brekkjern Link ParentBecause users are more comfortable going through an OAuth flow to allow a third party access to their accounts than to discover features in a settings page to toggle them on or off. It is...Again, I'm not saying that users shouldn't have built-in OCR. Why would someone export to a third-party instead of flipping a switch to turn on OCR in their email settings?
Because users are more comfortable going through an OAuth flow to allow a third party access to their accounts than to discover features in a settings page to toggle them on or off.
Security-through-obscurity is the wrong framing for this: we're not talking about infrastructure or a transmission protocol. It's a matter of defense-in-depth, i.e. not serving your data up on a silver platter for retrieval.
It is absolutely not the wrong framing here. You agree that the data is available in the mailbox, but your argument is that just removing them from the search index will suffice for security. It will not. If we were to actually do security in depth, then Google should scan for such documents and require an extra authentication to open them (enter your password, or touch your 2FA). That would actually secure the information instead of attempt to hide it from an attacker.
-
Comment on Reddit demands moderators remove NSFW labels, or else in ~tech
Brekkjern Link ParentIt's a bit difficult to explain, but the short of it is that it's a shitposting sub about war. The community is generally pro justified military violence and is mostly circlejerking about military...It's a bit difficult to explain, but the short of it is that it's a shitposting sub about war. The community is generally pro justified military violence and is mostly circlejerking about military hardware or campaigns. With the Ukrainian war a lot of the memeing has been about the tactics, strategy, and politics (read: complete incompetence) of Russian forces.
-
Comment on What are you reading these days? in ~books
Brekkjern Link ParentThis post made me pick up the first book in Black Company a few days ago, and I've just read through the first part of the story. So far it is absolutely great, and I am loving it a lot. The...This post made me pick up the first book in Black Company a few days ago, and I've just read through the first part of the story. So far it is absolutely great, and I am loving it a lot. The characters are interesting and the writing is excellent. It's really difficult to put down.
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
Brekkjern Link ParentWhat security benefits? You are still arguing like obscurity is security. It is not. And the upside of the current implementation is that it is a feature where users can search for information...would give all the security benefits with none of the downside of their current implementation, no?
What security benefits? You are still arguing like obscurity is security. It is not. And the upside of the current implementation is that it is a feature where users can search for information that is in images. This is not a downside. That is the point.
I agree that people suck at security, which is why I think Google shouldn't OCR without a user explicitly enabling the feature: it's an insecure default.
It's not insecure at all. You have to be properly authenticated and authorized to view the data. Denying this feature could at worst mean that people would give their mailbox content to a third party to have OCR of their content for better search, increasing the attack surface on their data by the new provider. Protecting users from dumb decisions like this is likely going to be a larger benefit than detection through volume of extraction.
-
Comment on What is your favorite deck builder and why? in ~games.tabletop
Brekkjern LinkMy favourite is Tyrants of the Underdark. It's got an excellent combination of deck building and territory control, and it's light on the complexity, but still allows for a lot of strategy. There...My favourite is Tyrants of the Underdark. It's got an excellent combination of deck building and territory control, and it's light on the complexity, but still allows for a lot of strategy. There are plenty of ways to earn points, which means that lagging behind on territory control isn't completely damning to your game. Many times the player with the least map control might even win because of other smart plays.
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
Brekkjern Link ParentFixed that for you. This is what Google will trigger on. Not the volume of data. Security is by preventing access to the data in the first place. This is why Google is pushing 2FA solutions so...Many people and orgs haven't historically been managing data with
OCR'd imagessecurity in mindFixed that for you.
when Google notices the same sketchy IP logging into accounts connected to ten different orgs
This is what Google will trigger on. Not the volume of data.
Security is by preventing access to the data in the first place. This is why Google is pushing 2FA solutions so hard. It is also why they would want to OCR incoming email to uncover phishing, which would likely prevent more data leakage than the extra time it would take for an attacker to do their own OCR scans on the downloaded data.
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
Brekkjern Link ParentIf the data is sensitive and you don't trust the processor of the data, then why would you have the data sent through a party you don't trust? This is what encryption is for. Not obfuscation.If the data is sensitive and you don't trust the processor of the data, then why would you have the data sent through a party you don't trust? This is what encryption is for. Not obfuscation.
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
Brekkjern LinkWhy is it an issue that images are OCR scanned? To me this sounds like a feature, and an excellent way to prevent spammers from trying to get around spam filters by just putting the incriminating...Why is it an issue that images are OCR scanned? To me this sounds like a feature, and an excellent way to prevent spammers from trying to get around spam filters by just putting the incriminating text in the image.
-
Comment on What have you been listening to this week? in ~music
Brekkjern Link ParentAs good as those are, the venue went nuts when Maniac came on. I love them all though :)As good as those are, the venue went nuts when Maniac came on. I love them all though :)
-
Comment on Which board games have you all been playing this week (to 2nd July)? in ~games.tabletop
Brekkjern LinkThis sunday we played one of my favourites which is Tyrants of the Underdark with the expansion pack. I love how simple and approachable that game is for people who are new to deck builders, but...This sunday we played one of my favourites which is Tyrants of the Underdark with the expansion pack. I love how simple and approachable that game is for people who are new to deck builders, but still being entertaining and exciting for people who have played before. It's also a game where it's really difficult to predict who is going to win, even down to the last round, as territory control is only one of the ways to gain points. It's an excellent game and I can highly recommend it to others looking for a new game.
-
Comment on Any Tildes android app? in ~tildes
Brekkjern Link ParentIf that was actually what they argued we could at least have a proper discussion, but no, it's about the semantics of browsing the site and that you have a browser on your phone, never mind that...If that was actually what they argued we could at least have a proper discussion, but no, it's about the semantics of browsing the site and that you have a browser on your phone, never mind that the problems with the design are mostly about interaction with the site apart from the browsing itself.
As for the design philosophy, there is no reason an app developer couldn't adhere to that same philosophy. We wouldn't know until someone actually created an app. An app could also enforce parts of the philosophy like preventing comments from being posted within a certain amount of page view time to make sure people have actually spent time reading the posts.
And also, it isn't really a given that the way the site has been designed is the best way to follow the philosophy either. The app developer might have different ideas, and maybe they come up with some ideas the site developers could use. Again, we wouldn't know until someone tried.
-
Comment on Any Tildes android app? in ~tildes
Brekkjern Link ParentWhy do people in this community argue so vehemently against having an app for this site? Does it really matter to a non-user of the app that other users are using something else to navigate the site?Why do people in this community argue so vehemently against having an app for this site? Does it really matter to a non-user of the app that other users are using something else to navigate the site?
-
Comment on ‘Diversity fatigue’? Hollywood loses four DEI leaders in less than two weeks in ~movies
Brekkjern Link ParentIt is still just fine to call it a point of contact. The fact that an acronym can mean several things depending on context doesn't invalidate the other meanings just because of a new popular usage.It is still just fine to call it a point of contact. The fact that an acronym can mean several things depending on context doesn't invalidate the other meanings just because of a new popular usage.
-
Comment on What consumeristic and somewhat pointless hobby do you have? in ~hobbies
Brekkjern Link ParentAre you me? Picked up a synth case about a year ago now, and I've been playing with it a bit since then, but I have totally stepped on the G.A.S. and just bought the new Befaco 7U case to expand...Are you me? Picked up a synth case about a year ago now, and I've been playing with it a bit since then, but I have totally stepped on the G.A.S. and just bought the new Befaco 7U case to expand my rack. Bought a few modules you have to assemble yourself too, and now the hobby has gotten another layer of hobby too. It's great! Just don't look too closely at the impact it's had on my wallet...
-
Comment on What are the benefits of using Linux for the less computer competent? in ~comp
Brekkjern Link ParentA bit of both. There are always security vulnerabilities in software (with a few caveats). We are just waiting to discover them, but when it comes to CTFs they are made by people who want them to...A bit of both. There are always security vulnerabilities in software (with a few caveats). We are just waiting to discover them, but when it comes to CTFs they are made by people who want them to be solvable if you know how to find the known vulnerabilities, so in a CTF they are often older versions with known vulns to exploit. That doesn't mean there aren't other unknown vulnerabilities and zero-days to find in that version, but the creators of that task chose it for the specific known vuln.
For IRL security it mostly boils down to preventing remote code execution so an attacker doesn't have a gateway in for a privilege escalation. That means guarding the interface between users and your service, and making sure any code you run on your side is vetted, or at least properly sandboxed. Preferably both.
I implemented Gemini link preview on my IRC bot a while back purely because of the meltdown the community had over the favicons of one of the tabbed Gemini browsers. It was used a handful of times since then, and I hoped it annoyed the people who thinks a favicon is breaking the spec.
This is the GitHub issue that inspired me: https://github.com/makew0rld/amfora/issues/199