Zak

Zak , 1 day ago

It seems to me that a carrier should be able to lock a subsidized/financed device until it's paid off. That makes it possible for people who would otherwise not qualify for financing to have relatively up-to-date devices.

A carrier should not be able to lock a device that's paid off for any length of time.

Zak , 1 day ago

I suppose it depends on whether you think regulation should be used to dissuade poor people from buying expensive phones. That seems like a reasonable enough goal, though I don't believe that's the proper role of government.

I've always bought phones outright, used when finances so dictated. I agree that's the wiser approach.

Zak , 1 day ago

Subsidized devices blur the line between a fee for terminating service early, and paying off the cost of the device. Perhaps the former should be banned to encourage competition, and the cost of the device and the service clearly separated. That way it's clear when the device is paid off and (in my imagined ideal regulatory scenario) must be unlocked.

a poor person would have to pay BOTH. An early termination fee AND then go buy a new phone

They probably don't have to pay the fee. They might owe it legally, but the likely consequences for not paying are some impact on their credit score and inability to get service from that carrier under their own name for a while.

Zak , 2 days ago

I’m sure Apple shares a lot of the blame, but holy shit how is this not solved in 2024. I shouldn’t have to resort to spam filled shitware from Meta to get remotely modern messaging cross platform

There's no shortage of options; the problem is getting the people you're talking to to agree on one you like. I find Signal strikes a good balance between goodness and ease of use, and many people I know who aren't tech or privacy nerds use it.

Zak , 2 days ago (edited 2 days ago)

Google had the chance to make its Hangouts messaging app dominant when it was, briefly the default SMS client on Android devices. They threw that away following pushback from carriers.

I'm glad Google doesn't have the dominant messaging service, but I find it bizarre anybody still uses SMS when there are so many internet-based options. I have six, and if somebody really wants to use another, I'll probably add it.

Zak , 3 days ago

There's nothing keeping them from scraping that kind of data now.

Zak , 3 days ago

I'm guessing not a lot of users know about it. Their ActivityPub implementation is still only about half done.

It will be interesting to see of they promote it heavily when it's more complete.

Zak , 4 days ago

My (self-hosted) Mastodon server seems unable to view profiles on Threads. As far as I can tell, there's nobody to talk to about that.

I don't have high hopes about Meta having good intentions here, but I am eager to see platforms that would have previously been walled gardens open up to the federated model. I do think we have some work to do on the open source side to manage the potential massive increase in exposure once Threads users can follow users of other software.

Of course you can pick a server that blocks Threads if you just don't want to deal with that.

Zak , 4 days ago

I like Condorcet methods.

This is a ranked method that's different from instant runoff, with its defining characteristic being that the winner would beat every other candidate in a two-way race. The biggest downside is that determining the result is more mathematically complex than other methods, which makes it harder to explain and might lead people to mistrust the result.

Condorcet methods benefit candidates few voters hate, which is the inverse of the current and past two US presidential elections. Given a situation where two dominant parties run widely unpopular candidates, a Condorcet method would create a very strong probability that any palatable third-party candidate wins, though over the long term a system using such a method probably wouldn't have two dominant parties.

Zak , 4 days ago

The Dutch system is open list proportional representation, with the twist that lists may overlap between districts.

I think Condorcet methods are better suited to voting for individual candidates. It's certainly possible to have multi-member districts (and I think that's a good idea), but probably doesn't pair well with proportional representation.

Zak , 8 days ago

This comment does not show an image when viewed on lemmy.world. The image is also missing viewed on lemm.ee. The original Mastodon post does have an image.

Zak , 11 days ago

I'm not immunocompromised or any other kind of high-risk and I wear an N95 mask in most indoor public settings.

I plan on doing it until something changes. That could mean any of:

• SARS-CoV-2 mutates into a dominant strain with a low risk of long-term disability
• A new vaccine is developed that reduces the risk of long-term disability following COVID, or probability of infection to virtually nil
• Monitoring programs, such as CDC wastewater testing show a low risk of infection

It seems to me people collectively decided to stop caring about COVID even though most of the risks that were present two years ago still exist. I would therefore ask the inverse: why stop protecting yourself before the danger is over?

Zak , 11 days ago

That's correct; the omicron variant that became dominant a bit over two years ago was more contagious and less deadly than those that preceded it. Current variants are similar to omicron in those respects.

The rate of long-term disability is still high.

Zak , 19 days ago

Why do you have an app for that?

Zak , 19 days ago

I'm inclined to think this should be illegal because it could lead to a situation where insurance is unavailable to or unaffordable for anyone who doesn't opt in to fairly invasive tracking.

Zak , 19 days ago

It's also illegal in most jurisdictions. My point isn't that anyone should drive without insurance, but that allowing insurance companies to offer discounts for accepting spying will lead to the spying being effectively mandatory for most people.

Zak OP , 20 days ago

Abandoned doesn't necessarily imply no longer useful. Sometimes, though rarely in the modern world software is finished.

I may give it a try. It does actually have the features I'm asking for.

Zak OP , 19 days ago

That's a valid point, though it looks like Popfile's installation instructions call for manually installing libraries, presumably current ones. I think it processes only text, not PDFs or images, which are traditional sources of vulnerabilities. I'm fairly certain it doesn't attempt to execute Javascript. It is, itself written in Perl, which is memory-safe.

It's worth considering security because there's so much malware out there trying to spread indiscriminately, but Popfile is less vulnerable than an Android app (which bundles its dependencies) or anything written in C (which is subject to all kinds of memory management bugs).

Zak , 20 days ago

According to a memory snapshot from Firefox 126 devtools, with uBlock Origin, immediately after a fresh page load:

• old.reddit.com: 52.54 mb
• new.reddit.com: 93.48 mb
• lemmy.world: 54.44 mb
• old.lemmy.world: 20.25 mb

I imagine both versions of Reddit would be worse without the adblocker. There are multiple frontends for Lemmy, and I did not test them all. Other browsers might differ slightly.

Zak , 20 days ago

Lemmy.world hosts at least five web frontends, which are in the frontpage sidebar:

• The default Lemmy UI
• https://a.lemmy.world - Alexandrite UI
• https://photon.lemmy.world - Photon UI
• https://m.lemmy.world - Voyager mobile UI
• https://old.lemmy.world - A familiar UI

It's possible to use other frontends as well, which don't necessarily have to be hosted by your Lemmy server.

Zak , 20 days ago

Are there React apps that don't have memory leaks?

Zak , 21 days ago

Not yet, but they're actively developing ActivityPub support.

Zak , 23 days ago

They're using loaded language to say that without access to the source code and the ability to modify it, Cara could start behaving in a way you don't like and you wouldn't be able to do anything about it.

Zak , 23 days ago

I think it would be great for new social things like this to just speak ActivityPub. They can build up their own user experience and culture while joining a larger network. I don't have a problem with the software itself being non-free if the protocols are and they commit to supporting account migration.

Zak , 27 days ago

I would LOVE feedback from folks if you get a chance to try it out!

I have feedback completely unrelated to the recommendation engine: please consider using CSS prefers-color-scheme instead of defaulting to light mode.

Zak , 1 month ago

People in Europe switched to internet based messaging (mostly WhatsApp) as soon as smartphones got popular enough.

Zak , 1 month ago

The public should not care what Kyle Rittenhouse thinks and we should not amplify a stupid thing he said.

Zak , 1 month ago

Instant message apps just got replaced with Whatsapp, Signal, etc.

Alternately, Whatsapp, Signal, etc... are instant message apps. I'm a little surprised none of the messaging apps that had been popular on PCs managed to stay popular on mobile.

Zak , 1 month ago

Even if somebody wanted to make an unmoderated ATProto app, I guess they could? Good luck with the app stores and regulators and users

ActivityPub provides the option to do just that. Anybody can spin up a server running Mastodon, Lemmy, Pleroma, etc... and moderate it however they like. There are a multitude of clients in app stores and an unmoderated server won't affect that because they're generic clients like web browsers. There are countries such a server could be hosted in with minimal regulations.

As for users... you'll probably get some and they'll probably be horrible. Most people will probably block your server.

Zak , 1 month ago

It seems like there are some good ideas in there. Are there third parties out there running servers for each component that are open to the public yet?

Zak , 1 month ago

Yes, a code-oriented one meant to be very fast and responsive. It's pre-alpha on Linux but compiles without any fuss for me. I haven't spent much time with it, but the only bug I've seen so far is an uncommanded theme change when switching between files.

Zak , 1 month ago

Can we do Emacs vs. Vi next?

Zak , 1 month ago

Lemmy search works pretty well on larger servers, and they're indexed by major web search engines.

The microblog side of things is worse, with Mastodon long having near-useless search because it might "encourage negative social dynamics" or some such. Some other software, such as Akkoma has had better search, and Mastodon has recently improved somewhat for accounts that opt into being searchable. Mastodon directs search engines not to index most pages.

Some people get very upset about attempts to build general-purpose fediverse search tools.

Zak , 1 month ago

I think it's a small, but very loud minority who have unrealistic expectations about how other people will use data they share in a manner that's inherently rather public. I kind of see where they're coming from, but ActivityPub with open federation doesn't work that way.

Zak , 1 month ago

There are two general areas:

• The history of the internet is full of examples of companies taking data about or creative output from people and trying to make money from it without permission, in ways the original creator might not like. Nobody has gone there with a Fediverse scraper or search project that we know of yet, but it's going to happen if the Fediverse gets big enough.
• Some people want to be able to easily share things with a certain audience without them being easily discoverable by a different audience. There are of course privacy settings to control visibility and software like Matrix that provides not only access control by cryptographic security, but those add friction. It's only possible for this group to have it both ways if nobody develops good search tools, which turns some of them into bullies.

Zak , 1 month ago

The proposed solution of an intermediate server caching embeds is needlessly complex. The first server a link is posted to can fetch the embed, then push it out to every server receiving the post.

Zak , 1 month ago

In this case, generating fake excerpts is not something a user on a server controlled by someone else can do; they have to operate a malicious server themselves. Defederation is a good solution to malicious servers.

Certainly someone very determined could spin up a bunch of malicious servers and put out a bunch of posts containing fake excerpts, but they'd need followers to get any reach on the microblog side of the fediverse. They could spam Lemmy communities, but users would notice and downvote/report the posts.

So I think "just defederate" probably is an adequate solution here, at least as things currently sit. Were the fediverse to grow by an order of magnitude, I think it would need a reputation system to add a bit of friction to a brand new server or user getting a lot of reach quickly.

Zak , 1 month ago

I think they mean like IRC, Matrix, or Discord: real-time chat rather than asynchronous. They may mean such a thing integrated into a Lemmy client, but it's pretty unclear in the original question.

Zak , 1 month ago

Forfeiture of revenue and a slap on the wrist civil penalty doesn't seem like enough for selling fake PPE during a deadly pandemic.

Zak , 2 months ago

Look up the block lists of popular servers. You'll find some examples of what you're looking for there.

Zak , 3 months ago

I think after XMPP, Google Talk, Wave, Hangouts, Allo, etc... people should know better than to adopt a messaging service from Google.

Yes, I know RCS is theoretically an open standard, but if Google can keep me from using it, it effectively belongs to Google.

Zak , 3 months ago

What's really bizarre is that Google had the chance to be a dominant player in messaging when they made Hangouts the default SMS client on Android. Instead, they backpedaled and let Hangouts wither into obscurity. I'm mostly glad they screwed that up, but also puzzled.

Zak , 3 months ago

Google is probably trying to get around the cardinal rule of network security: you can't trust the client.

Their RCS client probably doesn't make sending a huge volume of messages (i.e. spam) easy, and more automation is possible with root. Yes, it's stupid, but it's not completely without purpose.

Zak , 3 months ago

I'm a hardliner when it comes to user control of their own devices, so I'm not going to agree with Google's behavior here even if it, on average results in a benefit to users.

I don't think it provides a net benefit to users though. I think Google wants to be lazy about building spam-mitigation solutions, and wouldn't be sad if it results in fewer users blocking ads and tracking. If Google was positioning its RCS client as a hardcore security product, maybe it should warn both sides of the conversations that there's a risk of compromise, but even Signal, which is far more dedicated to security doesn't do that.

Zero-click exploits are a more common attack vector than modified operating systems in the real world, and I'd be willing to wager my up-to-date LineageOS install is less vulnerable to them than the average person's phone.