I'm not sure what Mullvad is based on - i think it's on Tor, which is Firefox based?
I do use mostly LibreWolf, but if FF also went to shit, I wonder if Tor, and thus Mullvad, would keep on going or not. Because I suppose LibreWolf would have troubles with keeping up, if Mozilla would enshitify FF, since they would probably have to fork and continue development on their own.
My best VCS experience so far was when working with Plastic SCM. I like how it can track merges, the code review workflow is also nice, and in general it was pretty nice to work with.
Fuck Unity, who paywalled it into unusability, though. Another amazing project that was bought and killed by absurd monetization by Unity, same as Parsec.
I can't really imagine how would this work in practice. While "I'm using industry standart AES encryption" may mean the cypher and the key itself will not be breakable, the bigger issue is how to get the 256b key from the player. Does he expect them to actually figure out and manually input 265b of data? That would be a pretty hefty game design challenge to make something like that possible.
I'm betting there's probably something that generates the key from a vastly smaller player input, i.e what gameobjects you interacted with, in what order, or what did you press/place somwhere. But that also means that the entropy is probably in the bruteforcable range, and once you find the function that decrypts the secrets, it should be pretty easy to find the function that generates the key, and the inputs it takes.
~~The only~~ A solution to keeping data from data-miners I can imagine would require just storing the key on the server - which could generally also be bypassed, since then you probably need a way to request the key, which could be data-mined and faked, so you're back at step one - how to validate requests for the key.
Or just make the secret puzzles so difficult, that they can't be brute-forced and the result really is 256b or more of data. Thinking about it, having specified 256 inputs you either have to make or are red-herrings that shouldn't be interacted with isn't really that much, but then the data-miner can just check the location of each one and filter out the inaccessible, and bruteforce the rest. And if all are accessible, it would make for a really difficult secret to discover properly.
I haven't really looked into it too much, but... Aren't they actually right in this case?
Sure, reading "we can't protect your privacy because you're using privacy-centric extension..." feels like bullshit, but from how I understand it based on the screenshot, the issue is that you have blocked the cookie permissions pop-up, whose main reason is to give you an option to opt-out of any tracking cookies, thus protecting your privacy. While also being required by law.
However, this depends on how exactly is the law formulated. How does it deals with a case where you don't accept, nor decline any cookies, and just ignore it? Are they not allowed to save any cookie until you accept it and specify what exactly can they save? Or should they not let you use the site until you accept it?
I vaguely remember that it used to be enough to just have a OK-able warning that this site is using cookies, but then it changed to include a choice to opt-out. Which could indicate that unless you opt-out, which they are required to give you a chance to, they can use whatever tracking cookies they want. And if that is the case, this message is actually correct.
I love this so much :D That reads like something I'd expect from ZA/UM, but it also thankfully alleviates most of the major issues I had with the game, which I've already talked about here on Lemmy. I really liked the game, but there was a lot of red flags point to it being just a quick corporate cash grab, where they decided to basically re-skin heir previous game based on with as low effort as possible, to quickly sell it and cash in on the Pokemon thing. It just smelled with corporate greed, and that they did not really cared about the game too much.
But assuming this screenshot is true, I'd say that it's clear that it wasn't development driven and pushed by corporate greed, but really just a few of guys trying their best.
I agree - was switching to Fedora about month and a half ago, and only learned about KDE vs Gnome like a week ago, when I was reinstaling to Nobara to fix some NVIDIA issues.
I did hear terms like KDE or Gnome thrown around, but never really realized that it's actually and important choice. And once you add X11 vs Wayland to the mix, it's suddenly so confusing I just subconsciously choose to ignore that choice and went with whatever the OS installed for me. I though that DE chouse is similar to X11 vs Wayland choice, i.e something tha is more about back-end than front-end, and didn't realize that's literally how your OS UI looks and controls, instead of how it works in the background (which I now know is what X11 vs Wayland is actually about)
Turned out I really don't like Gnome (Which was default for Fedora), but love KDE, which was thankfully a default for Nobara.
So, if you're ever recommending Linux to someone, be it in a comment or somwhere else, or someone is asking for a recommended distro, please include a short paragraph about the importance of choosing the correct DE, and explanation of what it is and that you can change it!
700kWh per transaction? That's absurd amount of power. That's 70 EUR of energy per one transaction at current (EU) exchange price.
Is there anyone here knowledgeable enough about this issue to say whether those numbers are correct, or just an overestimate? It feels wrong.
Mozilla won’t implement WEI
They are going to fight against WEI. Tooth and nails, for our sakes!
Just like they did with EME, the closed source video DRM in 2014. By being deeply concerned with the direction the web is going, and definitely against it, but...
We face a choice between a feature our users want and the degree to which that feature can be built to embody user control and privacy.
With most competing browsers and the content industry embracing the W3C EME specification, Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy.
Despite our dislike of DRM, we have come to believe Firefox needs to provide a mechanism for people to watch DRM-controlled content.
DRM requires closed systems to operate as currently required and is designed to remove user control, so Mozilla is taking steps to find alternative solutions to DRM. But Mozilla also believes that until an alternative system is in place, Firefox users should be able to choose whether to interact with DRM in order to watch streaming videos in the browser.
https://blog.mozilla.org/en/mozilla/drm-and-the-challenge-of-serving-users/
https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
Wouldn't that make it actually a lot worse? As in, if I just make my own instance with one user total, I'll just singlehandedly outvote every other server.
That's the only way. I don't think there's any other solution that would allow for you being able to be sure that the instance you are on doesn't have a way to acess your data - any other e2e encryption integrated into Lemmy UI would not and cannot be reliable, because an admin can just rewrite the code as he sees fit.
Only solution to this is to just encrypt the message manually before it touches anything Lemmy UI.
I've recently discovered pipenv, and it has been a massive QoL improvement. No need to figure out bazillion of commands just to create or start an environment, or deal with what params should you use for it like you do with venv. You just pipenv install -r requirements.txt, and everything is handled for you. And when you need to run it, just pipenv run python script.py and you are good to go.
The best thing however are the .pipfiles, that can be distributed instead of requirements.txt, and I don't get why it's not more common. It's basically requirements, but directly for pipenv, so you don't need to install anything and just pipenv run from the same folder.
I've done exactly that, worked as a Red Team Lead, and the success rate is pretty disturbing. That, and vishing - calling people from the company you find on Linkedin from a spoofed number of their IT that they fucked something up and need to download and run this .exe to fix it before The Audit that's currently happening notices it.
Even if we do internal infrastructure tests where they let you in, switch AVs to "detect mode" instead of "block mode" and the goal is to find as many unpatched systems/vulnerabilities as you can (instead of, well, testing the AV solution), what we usually do is run a password spray for all domain accounts with a combinations (you can try like 3 to not lock the accounts) of "" we every single time got at least few accounts.
Fortunately this kind of tests are getting more popular, and passwords such as this should've definitely been caught in some kind of security test. But it is also pretty depressing, when you repeat the same test next year, and 80% of the passwords are still the same, and vulnerabilities are still not patched.