LewsTherinTelescope's recent activity
-
Comment on Disney reportedly keen on buying Fortnite developer Epic Games in ~games
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentFrom what I can find, it sounds like it originally referred to transferring a file between two devices (contrast "download" from a server). My guess would be it made its way to Android by people...From what I can find, it sounds like it originally referred to transferring a file between two devices (contrast "download" from a server). My guess would be it made its way to Android by people installing APKs from their computer over ADB and then over time became broader to mean any direct APK install, but I can't find much proof either way so this is entirely speculation.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentOh for sure they need to clean their own shit up too, just responding to the "does absolutely nothing" point with a thing it can do. Whether they will execute that properly remains to be seen (and...Oh for sure they need to clean their own shit up too, just responding to the "does absolutely nothing" point with a thing it can do. Whether they will execute that properly remains to be seen (and as I said in my comment, the broader anti-privacy trends going on make me worried about this).
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentI know someone who's looking for a job and the number of times they've gotten excited at an offer/interview only to come back and say "oh, it was fake" after looking into the company more......I know someone who's looking for a job and the number of times they've gotten excited at an offer/interview only to come back and say "oh, it was fake" after looking into the company more... Shit's rough out there.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentSure, that prompt on its own won't solve it, but the article lists further steps beyond that to hopefully further lessen the odds (rebooting to cut off any calls, delay to remove the panic impulse...Sure, that prompt on its own won't solve it, but the article lists further steps beyond that to hopefully further lessen the odds (rebooting to cut off any calls, delay to remove the panic impulse and give a chance to talk to people about it). I'm just talking about the use of the word "coached".
But yeah, it's not going to solve everything, nothing will; that doesn't mean no attempt can be made. It'd be good to get better at the other solutions you mention too (especially on the Play Store that they control), but given those aren't going to be perfect either, attacking the problem from multiple angles is probably more effective than just one.
-
Comment on The 49MB web page in ~comp
LewsTherinTelescope Link ParentGoing without JS entirely requires too much manual work for me, but I do keep uBlock Origin in medium mode—blocks all third-party scripts and frames unless whitelisted, along with applying the...Going without JS entirely requires too much manual work for me, but I do keep uBlock Origin in medium mode—blocks all third-party scripts and frames unless whitelisted, along with applying the usual filter rules—and the web is a whole lot more useable that way. Posts like this article reinforce that this is DEFINITELY the right call, that's insane.
(I imagine using uBO in normal mode would still work pretty well, but the extra upkeep medium requires is small enough that I don't mind doing it in exchange for the stronger guarantees.)
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link Parent(Not same person, answering for myself.) Difference with Windows to me is that there almost all software is distributed exclusively or near-exclusively outside the Microsoft Store, so in practice...(Not same person, answering for myself.) Difference with Windows to me is that there almost all software is distributed exclusively or near-exclusively outside the Microsoft Store, so in practice almost every single user who ever installs anything would need to turn it off. This would make it completely useless as a protection, so the inconvenience is a bigger factor.
If the ecosystem were such that the vast majority of programs were downloaded via one of a few stores and the number of people running direct-download installers/programs was small, as is the case on Android, then yes I would be fine with them adding a toggle to allow running unsigned EXEs and making you wait a bit to turn it on.
(If this was required for every individual install rather than being a one-time thing I would feel differently, and same if the app could only be registered if it was uploaded to Google Play rather than having the separate dashboard + third-party store support, or if it cost $100 every year like Apple's notarization crap.)
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentOther way around, currently you don't need to enter developer options but with the new flow you will need to. Agree that if the prompt uses "coached" that would probably be a bad word choice, but...Other way around, currently you don't need to enter developer options but with the new flow you will need to.
Agree that if the prompt uses "coached" that would probably be a bad word choice, but the options in the mockup use the more neutral phrasings
Yes, someone is guiding meandNo one is instructing me, so I'm hoping "coached" is just being used in the announcement to explain the issue and the actual thing will use a better term. -
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentEspecially when usually the scammers will be targeting people who have the least existing technical knowledge and thus will be harder to educate. And even if you reduce the pool of things you need...Especially when usually the scammers will be targeting people who have the least existing technical knowledge and thus will be harder to educate. And even if you reduce the pool of things you need apps for, there'll always be some things where a website either can't work or isn't preferable—how much malware gets in from imitating malware-protectors, which if you really did need one (as the scammers try to convince you that you do) would probably need more access to the device than a website has?
Whether you think this is the right way to combat scammers or not, I don't think the proposal of "just make the idea of installing apps silly" works.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentThe problematic thing is that you need to register the key you'll use for each individual app, which would mean if you want to release both on F-Droid (built by them with their key) and another...The problematic thing is that you need to register the key you'll use for each individual app, which would mean if you want to release both on F-Droid (built by them with their key) and another store like Google Play (built by you with your key) it's more complicated (need to build with separate package names), and for existing apps wouldn't work at all (because their names are already set). If I remember correctly, the registration process is also done in a way that in F-Droid's case would make it difficult to register it with their key even if you wanted to (the org might be able to do it but it'd require a lot of manual effort on their part for each new app, and the first issue of not being able to have the app anywhere else still stands).
My understanding is that the end user going through the so-called "advanced flow" from this post would allow them to install everything like normal, though? But the reboot and subsequent one-day delay is a new point of non-negligible friction, so I can understand people being unhappy about it.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentI have no idea what the legal policies are, I'm talking about my own judgement. Toggles with clear explanations and a delay to interrupt any in-progress scam attempts make sense to me, even if...I have no idea what the legal policies are, I'm talking about my own judgement. Toggles with clear explanations and a delay to interrupt any in-progress scam attempts make sense to me, even if it'll be mildly annoying for the first day with a new phone next time I need to get one.
F-Droid will probably require opting in to use it since they build from source themselves, but for "professional" stores like Epic or Samsung where devs upload the APK(s) themselves, wouldn't most apps probably have verification info set up already (or be by devs who can do the verification easily)? I don't doubt that Google intends on malicious compliance with the rulings, but I'm not sure this deeply impacts most app stores, and for the last couple this new announcement carves out a space for them to remain. Perhaps I'm not thinking through the implications enough, though.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentDevil's advocate: It means that if someone sends out a malware-riddled app outside established storefronts and their dev account gets shut down, it's much harder for them to just spin a new one...Developers having a government issued ID does absolutely nothing to build trust for me as a user.
Devil's advocate: It means that if someone sends out a malware-riddled app outside established storefronts and their dev account gets shut down, it's much harder for them to just spin a new one back up, and if they were sloppy might even directly tell you who they are so you can shut them down entirely.
That said, I am worried given the broader trends you mention. As long as an opt-out process like this exists and isn't unreasonably onerous I can tentatively accept it (imo the steps listed here are justified for protecting the average user even if a bit annoying for users like me), but definitely side-eyeing it and worried for the future.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
LewsTherinTelescope Link ParentMy impression is the limited distribution process is supposed to be easier for a non-technical user who is only ever going to install one or two things directly from someone they know to do that...My impression is the limited distribution process is supposed to be easier for a non-technical user who is only ever going to install one or two things directly from someone they know to do that without having to remove the anti-scam roadblocks in other situations, not necessarily easier for developers or power users (who probably should just use the "advanced flow" to opt out).
-
Comment on Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 in ~comp
LewsTherinTelescope Link ParentIt's slightly more complicated: setHTML will always strip certain dangerous elements like <script> no matter what you set in the sanitizer settings, and the separate method setHTMLUnsafe has to be...Given that there are configuration options to change how strict the sanitation is, this allows for unsafe/sanitized html if you need it but you have to make the decision to do it instead of it being unsafe by default.
It's slightly more complicated:
setHTMLwill always strip certain dangerous elements like<script>no matter what you set in the sanitizer settings, and the separate methodsetHTMLUnsafehas to be used if you want to bypass this. But yeah, the goal with the name seems to be to frame the XSS-safe version as the default and the risky version as an explicit choice for those who know they definitely need it. -
Comment on What’s a point that you think many people missed? in ~talk
LewsTherinTelescope Link ParentI'm not trying to say that they exist separately, one definitely relies on the other. All I'm saying that when I think of why I value privacy, creating room for honesty is not part of the...I'm not trying to say that they exist separately, one definitely relies on the other. All I'm saying that when I think of why I value privacy, creating room for honesty is not part of the equation—I value privacy on its own, the fact of it creating room for honesty is just a natural neutral side effect to me.
-
Comment on What’s a point that you think many people missed? in ~talk
LewsTherinTelescope Link ParentI agree with this. What I'm trying to say is that I don't believe the ability to be dishonest (or simply private) is valuable because it makes the chance for honesty, I believe that ability is...I think the natural thing is honesty but sometimes you need to be able to be dishonest until you have calculated that it's safe to do or say something in a specific context, or at least safe enough to try it.
I agree with this. What I'm trying to say is that I don't believe the ability to be dishonest (or simply private) is valuable because it makes the chance for honesty, I believe that ability is valuable because there are circumstances where it's important on its own merits. Honesty then contextually gains value, but granting that value is not the goal and does not itself justify anything, it's just a natural consequence of the situation being what it is, imo.
Maybe you refer to judges and not juries?
Replacing juries with judges also works, the specific details of the situation aren't the important part. I was just trying to use it as an analogy about what I see as the order of cause and effect. "Yes, [X good thing] is valuable because of [Y situation], but that doesn't mean [Y situation] is valuable because it produces the circumstances to allow [X good thing]; [Y situation] is valuable in its own right, and [X good thing] is a new opportunity which happens to come from that."
-
Comment on What’s a point that you think many people missed? in ~talk
LewsTherinTelescope Link ParentThis isn't necessarily inaccurate, it's true that honesty is only a virtue because you have the chance to be dishonest, but in general I don't find "we should embrace a bad thing because it gives...This isn't necessarily inaccurate, it's true that honesty is only a virtue because you have the chance to be dishonest, but in general I don't find "we should embrace a bad thing because it gives people a chance to overcome it" a compelling argument, personally. We don't tolerate trials because they're necessary evils to give people a chance to be jurors, we have trials because they themselves are useful, and the ability to be a juror is a new service that happens to arise from this. Similarly, I don't tolerate privacy because it's a necessary evil to give people a chance to be honest, I value privacy because imo it itself is good, and the ability to be honest is a new virtue that happens to arise from it.
-
Comment on Mac advice for a long time Windows user in ~tech
LewsTherinTelescope Link ParentYou don't need to use the command line for that fyi, there's an Options button in the snipping tool.You don't need to use the command line for that fyi, there's an Options button in the snipping tool.
-
Comment on Mac advice for a long time Windows user in ~tech
LewsTherinTelescope LinkWhen I first got a Mac I tried rebinding Ctrl and Cmd to match my muscle memory, but things don't always map one-to-one and it ultimately didn't work as well as I'd hoped. You can try it in case...- When I first got a Mac I tried rebinding
CtrlandCmdto match my muscle memory, but things don't always map one-to-one and it ultimately didn't work as well as I'd hoped. You can try it in case you find it helpful, but personally I recommend just biting the bullet and retraining your hands. Cmd+,is pretty much always the shortcut to open the settings for whatever app you're using. If you want to get really power user-y, you can set custom shortcuts for any app to open any item from the top menu bar (though I haven't used this a ton).- Spotlight (
Cmd+Space) is basically the equivalent to the Start menu's search bar, except less bad. I've found some of the extra features in Raycast (third-party replacement/upgrade for it) pretty handy as well, but the vanilla version is still useful if you can't/don't want to install it. - There are a few fancy screenshot options that might be useful, though you can always fall back on just capturing the full screen and editing manually afterward if you don't want to keep track, or you can use the visual tool (
Cmd+Shift+5by default). - Edit: Oh yeah, remember that unlike Windows, closing all... well, windows... of an app does not usually automatically close the app itself, you need to do that separately from the menu (or with
Cmd+Q). I still can't decide if I prefer this behavior or not, but it isn't usually changeable, so you'll have to get used to it regardless.
- When I first got a Mac I tried rebinding
-
Comment on Amazon to allow EPUB and PDF downloads of DRM-free Kindle titles in ~books
LewsTherinTelescope Link ParentCertain publishers like Tor release their books without DRM, so this could be relevant there too. It's weird that if you've already chosen to have the book DRM-free it doesn't automatically apply,...Certain publishers like Tor release their books without DRM, so this could be relevant there too.
It's weird that if you've already chosen to have the book DRM-free it doesn't automatically apply, though. Attempting to give the benefit of the doubt (which is sketchy because this is Amazon, but for the sake of trying), maybe there's a contractual issue with making the books available in a new format without opt-in? Still, in that case surely they could send out a notification asking if you want to enable downloads for your existing catalog or something.
They do have a cart now, I wonder when that got added.