largepanda's recent activity
-
Comment on What games have you been playing, and what's your opinion on them? in ~games
-
Comment on Why Lego is so expensive | So Expensive in ~hobbies
largepanda LinkTL;DR because Lego maintains extremely high quality standards, domestically manufacturing in Denmark, while treating and paying their employees very well in a wealthy European country. Lego also...TL;DR because Lego maintains extremely high quality standards, domestically manufacturing in Denmark, while treating and paying their employees very well in a wealthy European country. Lego also does way more licensed sets than they used to, which adds an extra 10-20% vs a comparable non-licensed set.
-
Comment on .Com prices go up at the end of the month in ~comp
largepanda Link ParentPorkbun, Namecheap, and Gandi are the ones I recommend.Porkbun, Namecheap, and Gandi are the ones I recommend.
-
Comment on Google confirms Play Store mass app deletion based on new quality standards—now just six weeks away in ~tech
largepanda (edited )Link ParentThere's also no shortage of garbage on F-Droid. Plenty of pet/hobby/student projects that barely passed the bar to be included, apps whose last commit is older than this website, not to mention...There's also no shortage of garbage on F-Droid. Plenty of pet/hobby/student projects that barely passed the bar to be included, apps whose last commit is older than this website, not to mention the big name apps with half a dozen nearly identical forks you have to wade through.
Searching "file manager" returns over 25 results, ranging from apps last updated 12 years ago that I can't even install on my current device, to multiple modern alternatives, with no clear discerning factor between them.
There's no reviews, there's no filtering criteria, you can't even sort a category or search results.
It's great if you have some technical background and already know what you're looking for, but for everyone else it's a barely usable mess.
-
Comment on 3840x2160 120 Hz KVM in ~comp
largepanda LinkThough it'd be a bit of work, you could likely add your own external toggle button to the Level1Techs KVM pretty easily: just open it up and wire a button to the physical button on the front of...Though it'd be a bit of work, you could likely add your own external toggle button to the Level1Techs KVM pretty easily: just open it up and wire a button to the physical button on the front of the case.
I'd probably do it by drilling a small hole in the back of the chassis and wiring the button to a mono 3.5" jack, then wiring the button on the other end to bridge those pins.
-
Comment on Question about Google's Find My Device network with the new trackers in ~tech
largepanda LinkI recently described how Apple's Find My network works, but the TL;DR is: lost devices send out bluetooth beacons with a rolling encryption public key, any Apple devices in earshot will hear that...I recently described how Apple's Find My network works, but the TL;DR is: lost devices send out bluetooth beacons with a rolling encryption public key, any Apple devices in earshot will hear that beacon, encrypt their current GPS position with that key, and send it to Apple servers. Any Apple user can download the position reports for any public key, but of course you need the private key to be able to decrypt it. You can read more in the reverse engineering done by the devs of OpenHaystack, which reimplements the protocol and lets you send beacons from any BLE device.
Reading through Google's explanations, I can't find a hard technical explanation like OpenHaystack's RE docs for Apple's network, but it appears to be much the same.
The main difference I'm noticing is:
Only the Bluetooth tag owner (and those they’ve chosen to share access with) can decrypt and view the tag’s location. With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.
This doesn't clarify whether Google has some record of who has what devices or not. Apple's network very explicitly doesn't, any valid Apple ID can request locations for any public key. If Google's network requires users to somehow register with them what devices they control, even if Google can't see the actual locations of those devices, that's a big step backwards.
Reading through Pebblebee's help center, they have a FAQ about how you configure a device. The TL;DR is that you can configure a Pebblebee tracker in three ways: as a Google Find My Device tracker, an Apple Find My tracker, or a Pebblebee app tracker. If you set it up in either platform app, the tracker is unusable in the Pebblebee app, and only configurable and usable via the Google/Apple app. This means the data never sees Pebblebee servers or their app, so there's no mechanism for the data to be taken by Pebblebee (the company) and potentially sold.
-
Comment on Microsoft shelves its underwater data center — Project Natick had fewer server failures compared to servers on land in ~tech
largepanda Link ParentThe main issue is the hardware is evolving too quickly. While the hardware in it might be running more reliably thanks to the quieter environment, that doesn't mean much when it's all out of date...The main issue is the hardware is evolving too quickly. While the hardware in it might be running more reliably thanks to the quieter environment, that doesn't mean much when it's all out of date and not worth running in a few years.
Hauling it in/out of the water to swap the servers out is a massive expense, and so is running servers that aren't cost effective anymore, so you're stuck in a lose-lose situation for continuing to run it.
-
Comment on Google's "Find My Device" network - The upcoming assault on user's privacy in ~tech
largepanda (edited )Link ParentI don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving. The (simplified) way it works is: First, you enroll your Find My device in the network....- Exemplary
I don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving.
The (simplified) way it works is:
First, you enroll your Find My device in the network. The device stores a master public key and your Apple device stores the corresponding private key. This all happens on-device and is synced encrypted through your iCloud keystore (like saved passwords, backup encryption keys, etc), Apple servers are never involved.
The Find My device will regularly send out a Bluetooth beacon with a "rolling" public key. These keys are cycled through every so often, meaning you'd have to listen for quite a while to be able to reliably track a specific device. Any Apple devices within earshot will take that key, encrypt the device's current location with the key, and then send it up to Apple servers (or cache it to be sent up later, if it has limited/no internet connection).
Later, anyone with a valid Apple ID can ask Apple for the beacons uploaded for a given public key (I believe Apple has been working on making this process use Oblivious HTTPS (OHTTPS), but I don't know if it's using it today). Apple doesn't limit what keys you can request the beacons for, and doesn't know what keys are associated with which accounts.
Then, your client will decrypt the beacons with the stored private key, and be able to show where your device is on a map, track it over time, etc.
Since the protocol is (technically) actually pretty open, if you know how the protocol works, you can use it to send beacons and track your own devices too, using a tool like OpenHaystack.
-
Comment on Science fiction or fantasy recommendations for children in ~books
largepanda Link ParentI've been re-reading Artemis Fowl lately as an adult, and the books still hold up incredibly well. Would definitely recommend to any child who enjoys scifi or fantasy.I've been re-reading Artemis Fowl lately as an adult, and the books still hold up incredibly well. Would definitely recommend to any child who enjoys scifi or fantasy.
-
Comment on New wi-fi takeover attack—all Windows users warned to update now in ~tech
largepanda Link ParentThis isn't an attack like "oh if you sign into your bank on starbucks wifi an attacker might be able to compromise it" (they can't, really). The attack is "if you're on the starbucks wifi at all...This isn't an attack like "oh if you sign into your bank on starbucks wifi an attacker might be able to compromise it" (they can't, really).
The attack is "if you're on the starbucks wifi at all an attacker can execute arbitrary code on your computer". No user interaction needed, connect to wifi and get a free crypto locker on your computer.
-
Comment on The spectacular failure of the Star Wars hotel in ~movies
largepanda Link ParentDisney demanded too high of a profit margin on this high cost experience, I suspect. Whether that was a desire to pay off the high up-front costs (construction, app dev, creative dev, training,...Disney demanded too high of a profit margin on this high cost experience, I suspect. Whether that was a desire to pay off the high up-front costs (construction, app dev, creative dev, training, etc) as quickly as possible, or just pure greed, I don't know.
-
Comment on The spectacular failure of the Star Wars hotel in ~movies
largepanda LinkGreat video, watched it last night. My takeaway from this is the same way I've viewed Disney Parks stuff in the past years: unbelievably overpriced, cashing in on their brand to fleece customers...Great video, watched it last night. My takeaway from this is the same way I've viewed Disney Parks stuff in the past years: unbelievably overpriced, cashing in on their brand to fleece customers for every penny they can.
What really hit the nail on the head for me was when they went into their hotel room and the TV only played trailers. If they wanted to watch anything from Disney+, they had to link an active paid Disney+ account. For a $6k/2night room. Do they need to give free D+ on that TV? No, absolutely not, if the rest of the hotel were worth it it'd just be a dumb quirk, but instead it's just fleecing to the highest order.
I hope Disney learns from these fumbles, though I'm not holding my breath.
-
Comment on SSL.com is evil and deceptive: Don’t do business with SSL.com in ~tech
largepanda Link ParentThat doesn't even mean you can't have TLS. You can just not forcibly redirect http clients to https, plenty of sites do that for retro support.That doesn't even mean you can't have TLS. You can just not forcibly redirect http clients to https, plenty of sites do that for retro support.
-
Comment on Ffmpeg and AV1 for HTML5 streaming in ~comp
largepanda Link ParentYou can install a browser extension like h264ify to force YouTube to only stream h264. You will, of course, lose the "1080p Premium"/1440p/2160p quality settings, but the regular...You can install a browser extension like h264ify to force YouTube to only stream h264. You will, of course, lose the "1080p Premium"/1440p/2160p quality settings, but the regular 144p/360p/480p/720p/1080p will be available.
I do the same thing on my 2015 Retina MBP I use sometimes. I miss the higher quality settings (especially since it's got a ~1440p screen), but I'll still take that over the like 50% CPU utilization for VP9 software decode.
-
Comment on Ffmpeg and AV1 for HTML5 streaming in ~comp
largepanda (edited )LinkAV1 adoption is steady but there's still lots of holdouts, and I wouldn't deploy it with no fallback today, unless this is an internal corporate environment and you know what client devices are...AV1 adoption is steady but there's still lots of holdouts, and I wouldn't deploy it with no fallback today, unless this is an internal corporate environment and you know what client devices are being used.
Consider that AV1 software decoding is very intensive on older hardware, far more so than h264 or vp9 software decoding, and forcing clients without hardware decoder support to do so in software will make for a very bad experience as their CPU usage shoots way up.
However, VP9+opus in a webm container is well supported today thanks to a decade of use by YouTube. VP9 software decoding places only a moderate load on older hardware, and VP9 hardware decoders have been around for nearly a decade, starting with Intel 7th gen (2016), AMD GCN 3 (2015), and Nvidia Pascal (2016) on desktop. VP9 will net you significant video savings, and Opus over AAC will cut your audio track sizes in half (not that they were likely large to begin with...).
YouTube is still serving h264 alongside VP9, but only up to 1080p. 1440p/2160p streams, as well as "1080p Premium", are VP9 only, with videos of any popularity also receiving AV1 encodes.
-
Comment on MIG-Switch dumper review in ~games
largepanda Link ParentThis is no more of a risk than you can already do from a hacked Switch, which are readily available to anyone who wants one.This is no more of a risk than you can already do from a hacked Switch, which are readily available to anyone who wants one.
-
Comment on Netflix’s Avatar: The Last Airbender has been renewed for two more seasons in ~tv
largepanda Link ParentThe original show was also 3 seasons, so they're just following the source material. Mostly that statement is a commitment to not try and extend it past the original story.The original show was also 3 seasons, so they're just following the source material.
Mostly that statement is a commitment to not try and extend it past the original story.
-
Comment on The Amazing Digital Circus getting an additional nine episodes in ~tv
largepanda LinkThe first episode was fantastic, so I'm looking forward to this. Between The Amazing Digital Circus, Hazbin Hotel/Helluva Boss, Lackadaisy, and others, it really feels like we're in a golden age...The first episode was fantastic, so I'm looking forward to this.
Between The Amazing Digital Circus, Hazbin Hotel/Helluva Boss, Lackadaisy, and others, it really feels like we're in a golden age of indie animation.
-
Comment on Side projects that were actually good? in ~music
largepanda Link ParentI'm a huge fan of Porter Robinson—Nurture is one of my favorite albums of all time—and Virtual Self does not disappoint. I hadn't heard he might be coming back to it, now I'm excited!I'm a huge fan of Porter Robinson—Nurture is one of my favorite albums of all time—and Virtual Self does not disappoint.
I hadn't heard he might be coming back to it, now I'm excited!
-
Comment on Alternative or fun ways to donate to charity? in ~talk
largepanda Link ParentIf you crash, you don't just start over. You get towed back to Tuscon, in real time, at a significantly slower speed than you were driving to Vegas.If you crash, you don't just start over. You get towed back to Tuscon, in real time, at a significantly slower speed than you were driving to Vegas.
Most of my gaming time lately has been taken up by Warframe. I played it briefly many years ago, but never got hooked into it. About a month ago a friend of mine was talking about the upcoming Warframe 1999 update, which sounded hilarious and absurd, so I decided to try picking the game back up, and have since fell in love with it. Combat is fun and interesting, all the different Warframes have unique play styles while being anchored to the same broad strokes, and the story is engaging (well, once you get to The Second Dream).
So far I've gotten through all the main quests and the star chart, and mostly have been trying to gear up to be able to handle Steel Path. I'm at MR14 (account level, scales exponentially), hoping to hit MR16 sometime soon when I feel like leveling a bunch more gear, at which point account level stops mattering except for clout.
The community is extremely nice and helpful, I suspect in no small part because the game is PvE only. The F2P mechanics are all reasonable and the drop tables are openly documented, so you know what you're getting into. After playing a lot of Helldivers 2 and now Warframe, live service games are really fun when they're not predatory skinnerboxes.
Outside of WF, I picked up the Factorio: Space Age expansion, but have resisted the urge to let it consume me (WF's already got me there). I'm maybe ten hours in and have only just unlocked bots on my playthrough, so I haven't seen much of the new content yet. From what I have seen, the fluid handling changes are extremely welcome, and I'm just starting to get to experiment with the quality mechanic.
I was playing and quite enjoying Dredge, got through most of the base game. I really like the fishing system, though the dredging minigame keeps messing me up more than it should. I enjoyed my time with it and would like to go back and work the rest of the way through it and its DLCs, which I picked up on sale but have yet to play.
I also picked up Tactical Breach Wizards and have been playing it here and there during downtime, and it's great. It's a turn based strategy game (ala XCOM), with a demo that went viral during Steam Next Fest that convinced me to buy it. Gameplay is fun but (so far) not overly challenging, the mechanics are interesting, and the writing is the right mix of serious and humor without getting too meta.