Seirdy's recent activity

  1. Comment on Abortion Search Noise Generator in ~tech

    Seirdy
    Link Parent
    When you search for abortion-related info, you may feel worried about being tracked. This tool allows others to make these searches randomly, increasing the likelihood of a false positive to...

    When you search for abortion-related info, you may feel worried about being tracked. This tool allows others to make these searches randomly, increasing the likelihood of a false positive to engines tracking these queries.

    If one person wears a ski mask, they look suspicious and might get pulled aside. If 50 other people wear a ski mask...

    2 votes

  4. Comment on Abortion bans are going to hit us worse than we think in ~talk

    Seirdy
    Link Parent
    Thank you for sharing this. I always have a preference for elevating other voices, asking for opinions, offering domain-specific advice, or assistance when I can't speak personally about an issue.

    Thank you for sharing this. I always have a preference for elevating other voices, asking for opinions, offering domain-specific advice, or assistance when I can't speak personally about an issue.

    2 votes

  5. Comment on The right thing for the wrong reasons: FLOSS doesn't imply security in ~comp

    Seirdy
    Link Parent
    Binary patching is harder and also more error prone, especially when certain build flags are used (binary-patching a program built with -fPIE -flto=thin -ffunction-sections -fdata-sections...

    Binary patching is harder and also more error prone, especially when certain build flags are used (binary-patching a program built with -fPIE -flto=thin -ffunction-sections -fdata-sections -fno-semantic-interposition is...not fun) or when the software uses binary obfuscation.

    Freedom is more than just understanding the software in question, though. Some vendors are quite hostile to reverse-engineering efforts, for instance.

    I wrote two previous posts on how FLOSS is a necessary but insufficient requirement to achieve user freedom, linked near the top.

    4 votes

  6. Comment on The right thing for the wrong reasons: FLOSS doesn't imply security in ~comp

    Seirdy
    Link
    A detailed post on how security audits are pretty similar regardless of source model, and how vulnerabilities are typically found. I believe in supporting free software for the right reasons, not...

    A detailed post on how security audits are pretty similar regardless of source model, and how vulnerabilities are typically found.

    I believe in supporting free software for the right reasons, not the wrong ones. I wrote this to address the wrong reasons.

    3 votes

  8. Comment on What are your favorite Linux distributions to use for gaming and as a daily driver, and why? in ~comp

    Seirdy
    Link
    I'd suggest Fedora. Fedora is semi-rolling: most packages roll while many are frozen. It also has frequent releases (every 6mo) so frozen packages don't get too out-of-date. Fedora's also ahead of...

    I'd suggest Fedora. Fedora is semi-rolling: most packages roll while many are frozen. It also has frequent releases (every 6mo) so frozen packages don't get too out-of-date.

    Fedora's also ahead of most distros on the security front. Fedora Silverblue and Kinoite have immutable root filesystems whose changes can be tracked using ostree. Fedora's working on supplementing this with FS-Verity (coming around Fedora 37) and dm-verity (WIP). If you combine that with some form of user-controlled verified boot, you can achieve a reasonable level of confidence in your system's integrity. On top of that, Fedora has SELinux support by default (though the default policies are admittedly lax).

    I don't like GNOME though; I use Fedora with Sway.

    4 votes

  9. Comment on <deleted topic> in ~tech

    Seirdy
    Link Parent
    (sorry i'm late) Thanks for the shout-out! I just updated Qwant's info.

    (sorry i'm late) Thanks for the shout-out! I just updated Qwant's info.

    1 vote

  10. Comment on Linux (In)security in ~comp

    Seirdy
    Link
    I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to...

    I love using Linux on the desktop for many reasons despite its insecure architecture. This article from a Whonix developer and GrapheneOS contributor explains how Linux is behind when it comes to (mostly desktop-oriented) exploit mitigations.

    Other articles worth checking out on madaidan's site take a critical look at Firefox and OpenBSD. He also has a good Linux hardening guide.

    4 votes

  12. Comment on Coverage is not strongly correlated with test suite effectiveness in ~comp

    Seirdy
    Link
    I felt this article misses the forest for the trees. Coverage isn't just for verifying correctness; it's useful for detecting API changes, eliminating dead code, and building a better...

    I felt this article misses the forest for the trees. Coverage isn't just for verifying correctness; it's useful for detecting API changes, eliminating dead code, and building a better understanding of program behavior.

    From a comment I posted on lobste.rs:

    I also find coverage extremely valuable for finding dead or unreachable code.

    I frequently find that unreachable code should be unreachable, e.g. error-handling for a function that doesn’t error when provided with certain inputs; this unreachable-by-design error handling should be replaced with panics since reaching them implies a critical bug. Doing so combines well with fuzz-testing.

    It’s also useful for discovering properties of inputs. Say I run a function isOdd that never returns true and thus never allows a certain branch to be covered. I therefore know that somehow all inputs are even; I can then investigate why this is and perhaps learn more about the algorithms or validation the program uses.

    In other words, good coverage helps me design better programs; it’s not just a bug-finding tool.

    This only holds true if I have a plethora of test cases (esp if I employ something like property testing) and if tests lean a little towards integration on the (contrived) “unit -> integration” test spectrum. I.e. only test user-facing parts and see what gets covered, and see how much code gets covered for each user-facing component.

    3 votes

  13. Comment on What is something you've changed your mind about recently? in ~talk

    Seirdy
    Link Parent
    Seconded. Official docs are underrated. The official Git book is the only tutorial you need, with manpages for reference and shell completion for quick lookups. For 90% of use cases, you'll be...

    Seconded. Official docs are underrated.

    The official Git book is the only tutorial you need, with manpages for reference and shell completion for quick lookups.

    For 90% of use cases, you'll be covered if you understand cherry-picking, bisect, the types of merging, and resolving conflicts. The knowledge it takes to do those operations also encompasses pretty much all the other important stuff.

    Also, learning how to collaborate with patches rather than branches/merges is extremely helpful for contributing to a variety of projects (Linux, ffmpeg, everything on Sourcehut, and many others).

    2 votes

  14. Comment on Misinformation about Permissions Policy and FLoC in ~comp

    Seirdy
    (edited )
    Link Parent
    Updated the reference to the other post. Edit: updated again (a few times); it's less finger-pointy now. I really need to be less quick to publish

    Updated the reference to the other post.

    Edit: updated again (a few times); it's less finger-pointy now.

    I really need to be less quick to publish

    3 votes

  15. Comment on Misinformation about Permissions Policy and FLoC in ~comp

    Seirdy
    Link
    Lots of people have been spreading the often-unnecessary advice to add a Permissions-Policy response header to their sites to opt-out of Google’s FLoC, and some have been going so far as to ask...

    Lots of people have been spreading the often-unnecessary advice to add a Permissions-Policy response header to their sites to opt-out of Google’s FLoC, and some have been going so far as to ask FLOSS maintainers to patch their software to make this the default. When discussions got heated to the point of accusing webmasters who don’t implement these headers of being “complicit” in Google’s surveillance, I felt I had to write this.

    Everybody: please calm down, take a deep breath, and read the spec before you make such prescriptive advice about it.

    FLoC is terrible, but telling everyone to add a magic “opt-out header” in every situation conveys a misunderstanding of everything you need to know about the opt-in/out process.

    2 votes

  17. Comment on I like that the boat is stuck in ~life

    Seirdy
    Link Parent
    Is there a name for this humorous style of repetitive, cheerful, repetitive writing? Especially with regards to generally negative news (oil spills, a naval jam, etc). Another example: Discourse...

    Is there a name for this humorous style of repetitive, cheerful, repetitive writing? Especially with regards to generally negative news (oil spills, a naval jam, etc).

    Another example: Discourse on HTTPS from n-gate, one of my favorite websites. I don't entirely agree with it and it isn't as funny as "the front fell off" and doesn't have the same sort of microhumor as the OP, but it was an excellent read nonetheless.

    6 votes

  18. Comment on A look at search engines with their own indexes in ~tech

    Seirdy
    Link Parent
    I discovered Petal, Gowiki, Crawlson, Yisou, Seznam, and Apple Search through my own access logs. I'm sure more have hit my site, but only keep logs for three to five days (and only for certain...

    I think it'd be interesting to cross-reference your findings with an aggregate of webserver logs.

    I discovered Petal, Gowiki, Crawlson, Yisou, Seznam, and Apple Search through my own access logs. I'm sure more have hit my site, but only keep logs for three to five days (and only for certain HTTP responses) and I don't plan on changing that.

    Most spiders in my experience aren't for search engines, let alone publicly-available general search engines; they're for SEO services, adtech, or benign content scrapers that grab content for link previews or bookmarking services.

    1 vote

  19. Comment on A look at search engines with their own indexes in ~tech

    Seirdy
    Link Parent
    It was originally designed for finding Android apps; however, it expanded to general search a few months ago. It continues to be mobile-first. I wouldn't directly use it for anything non-trivial...

    It was originally designed for finding Android apps; however, it expanded to general search a few months ago. It continues to be mobile-first.

    I wouldn't directly use it for anything non-trivial given its obvious privacy issues and piles of JS, but I hope it can be incorporated into other privacy-respecting metasearch/proxy engines.

    1 vote

  20. Comment on A look at search engines with their own indexes in ~tech

    Seirdy
    Link Parent
    That's just the tip of the iceberg; there are tons more that I didn't include because the list of Bing-based engines was just way too long.

    That's just the tip of the iceberg; there are tons more that I didn't include because the list of Bing-based engines was just way too long.

    4 votes