Hacker Newsnew | past | comments | ask | show | jobs | submit | Spunkie's commentslogin

    > You could also DM an offline friend a tracking pixel to reconstruct their activity, a lot of this endpoint security is entirely up to the user.
Only for as long as they have the steam chat window open and your tracking pixel/message is a recent enough message to be actually loaded. I don't use steam chat enough to remember if they do any of these, but your plan also ignores any possible automatic security/scanning/proxy shenanigans on steams part that will muddy your pixels tracking data or just break it.

    > That logic is acceptable.
I completely disagree. I use invisible status all the time on steam. I very much have an expectation that when set to invisible my friends would not be able to track my online status.

reply


I don't have any comments on their supposed slant, but I do know electrek.co articles often contain mistakes or inaccuracies.

When I comment on the articles or email their authors/editors about the inaccuracies they never respond, nor fix the article.

So yeah... Take anything on electrek.co with a grain of salt.


I love and use mullvad myself but I don't think they are very competitive for the average person. They mostly just care about getting around geo blocks on websites and streaming services, which mullvad puts 0 effort into facilitating.


If there is one old format that actually should have a revival, it's minidisk. I was really holding out for their production keep on until that revival came but they gave up the ghost this year.

Tiny digital CDs packaged in little neon jewel floppy disks is the neotokyo future we all deserve.


Did you get the UI scaling in PS CS2 working?

I wasn't able to so it's unusable for me on 4k or 1440p.


I can find a dozen solutions to sign a PDF on linux without much trouble. Now redacting seems a whole nother story.

I've failed to find even a single option on linux that does real PDF redaction like adobe acrobat. Most don't do redaction at all or worse they say they redact but it's actually just black highlighter on black text or some other kind of overlay that leaves the underlying text data intact.


It sounds good in theory but signal updates are beyond excessive, sometimes multiple times a day but almost certainly every few days.

Most of the time there is zero explanation for the update. They are just training their users to auto accept updates with no thought about why, which in itself is a security risk.

If signal really is pushing these updates for "security" then it must be one of the most insecure apps ever built. I legitimately can't think of another app or program that updates more frequently... Maybe youtube-dl?


  > It sounds good in theory but signal updates are beyond excessive
Those are two different arguments.

Updating too frequently is not equivalent to "doesn't need to be updated." I can agree that they update a bit too frequently but that's nowhere near the argument about never updating.

A program cannot be secure if it does not update. Full stop.

  > Most of the time there is zero explanation for the update
There's always a changelog.

If you, unlike most people, are interested it is all open source

  https://github.com/signalapp
  https://github.com/signalapp/libsignal/releases
  https://github.com/signalapp/Signal-Android/releases
  https://github.com/signalapp/Signal-iOS/releases
  https://github.com/signalapp/Signal-Desktop/releases
I would suggest looking at the actual commits and not just the release notes. Libsignal usually has more info about the security

  >  legitimately can't think of another app or program that updates more frequently
Probably because they do so silently.


That change log for android sucks - the same content for 20 releases or so...


You'll need to trawl through the actual commits it appears: https://github.com/signalapp/Signal-Android/commits/main/


Yes BUT I ALSO SAID

  >> I would suggest looking at the actual commits and not just the release notes


Last I looked a couple of years ago, GitHub 2fa has a lot of shoddy gotchas actually. There are a handful of GH issues on it with tons of comments.

For example it was impossible to remove/delete a phone number 2fa, even if you registered multiple other 2fa sources like security keys.


    > These are people for God's sake. Empathy!
One man's empathy is another man's hatred.

From my perspective your take and actions in this thread is itself completely devoid of empathy.

The reason for colorful language breaking through professionalism is because there is real human emotion behind those words. Real pain and suffering, lost time in the life that will never be regained, an ever widening bald spot from the stress. That type of thing yearns to be expressed in a way that generic corpo speak is by design unable to communicate.

Your response to these emotions is to simply stick your head in the sand(aka refuse to read the blog post)? Worse yet, even without that context, you are here trying to convince those around you to also stick their heads in the sand?

To dream up scenarios where theoretical someones in a giant faceless corp might maybe possibly be offended? Instead of trying to listen and understand the person already in front of you who has actually been offended?

Again everything is a matter of perspective, but from mine your comments severely lack the empathy you supposedly call for.


We went the route inspired by gamingonlinux.com

So anywhere there is a YouTube embed we instead display a static thumbnail with 2 inline buttons underneath. 1 button to accept cookies and then load the embed and 1 button to view the video directly on YouTube in a new tab.

It works nicely and also pushed us to switch most of our videos to being first party hosted instead of YouTube.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: