I installed the Aria2 app from f-droid. I just want to take a list of URLs of files to download and feed it to something that does the work. That’s what Aria2c does on the PC. The phone app is a strange beast and it’s poorly described & documented. When I launch it, it requires creating a profile. This profile wants an address. It’s alienating as fuck. I have a long list of URLs to fetch, not just one. In digging around, I see sparse vague mention of an “Aria server”. I don’t have an aria server and don’t want one. Is the address it demands under the “connection” tab supposed to lead to a server?
The readme.md is useless:
https://github.com/devgianlu/Aria2App
The app points to this link which has no navigation chain:
https://github.com/devgianlu/Aria2App/wiki/Create-a-profile
Following the link at the bottom of the page superfically seems like it could have useful info:
“To understand how DirectDownload work and how to set it up go here.”
but clicking /here/ leads to a dead page. I believe the correct link is this one. But on that page, this so-called “direct download” is not direct in the slightest. It talks about setting up a server and running python scripts. WTF.. why do I need a server? I don’t want a server. I want a direct download in the true sense of the word direct.
I would love to put my code where my mouth is. It’s on my long list of projects. The defects I describe in this thread probably do not justify a forking effort and I’m not enthusiastic about learning JavaScript, which is not just a shitty language but also it’s the wrong tool for the job. Although Rust is probbly a decent choice for the backend (but Ada would probably be better).
The biggest deficiency is that there is no decent threadiverse desktop client. I am just baffled that a majority of threadiverse users are using phones. There are like a dozen different mobile clients to choose from and not a single decent client for the desktop. So if I build anything it will be a proper client for a sensibly sized screen (non-portable).
As for fixing the defects exposed in this thread, the upstream Lemmy devs are rather stubborn but I think devs of an existing fork (Lenny?) might be more open to improvements.
Who would use a well-designed variant? You can see from the thread that millennials & gen Zers actually expect designs that prioritise the anti-bot agenda above the needs of both the direct user (the admin) and the end user. A majority of the population does not see how Google, Spamhaus, and Microsoft have broken email. This threadiverse crowd entered after email was already ruined. The emotional attachment to gmail (calling it what it is.. there is no generic netneutral email infra anymore) trumps software that avoids the dog food problem. I might be the sole user of such software, especially if I also code it to enforce decentralisation (which would necessarily include anti-centralisation features that would be unpopular).
to have not actually had an account yet makes it pretty obvious when you try to login and fail that the application has not been accepted.
That would be a blunt non-transparent/non-specific message to send. It’s not obvious /why/ the reg was denied.
If the instance admins wanted to talk about it, they’d have emailed you; or published some means of contacting them outside lemmy.
Lemmy software is designed as comms software itself with email address disclosure optional. An admin can make it mandatory, but Lemmy’s design should cater for the email-free option regardless of how an admin toggles that setting.
I wouldn’t expect to receive the reason for refusing the application via any other means than the email I’d provided in that application.
I get that. People are accustomed to relying on email. But this is not an excuse for software deficiencies.
That’s the entire purpose of providing an email; so you could be contacted when/if there are updates to your applications status.
That can be accomplished without email. Email is a convenience at best. Some users have decided email is an inconvenience and do not use it. And Lemmy supports that -- partially.
Let’s be clear about who the software is expected to serve. The comms feature of giving feedback to users without an email account is not to directly serve the end user. Software should serve its user (the Lemmy admin in this case). A Lemmy admin does not want to take the time to express themselves on their decision only to have their msg blackholed. They don’t necessarily know that an email address is disposable. The end user benefits by extension, but it’s about creating software that serves the direct user of the s/w. If you’re an admin who makes email optional, you might still want to be able to get a msg to a user.
The core purpose of the Lemmy platform is communication. So relying on out-of-band tech is kind of embarrassing. Think of it from the dog food angle. An in-band msg has the advantage that the admin has more control (e.g. they can edit a msg later and they can know whether the msg has been fetched). Lemmy relying on email as a primary means of comms is a dog food problem.
The only sensible concession I would see to make is that there are a hell of a lot more important things for Lemmy devs to work on because the software has a lot of relatively serious defects. I’m talking about how great software would be coded, but extra diligent handling of denials should have a low triage in the big scheme of the state of where Lemmy is right now.
The cognitive dissonance in this
It seems you don’t know what that phrase means. It doesn’t follow from anything else you wrote why you think that.
You don’t think providing an email from a throw away service would strike the software as a malicious user/spam bot???
You don’t think that legitimate streetwise users secure themselves by supplying disposable email addresses???
You keep talking like you know everything
The post intends to solicit intelligent and civil discourse with logical reasoning, not the sort of ego-charged emotional hot-headed pissing contest you’re trying to bring here.
I’m not seeing how this is a good justification for login refusals to lack information and transparency. When you are denied a login, a well designed system tells you why you are denied and the rationale the server gives you should either include enough info to imply a remedial course of action (e.g. “re-apply and tell us more detail about why you like our node”), or at least make it clear that the refusal is final for reasons that are non-remedial. Users should not have to guess about why they are denied a login when countless things can go wrong with email at any moment. The denial rationale should be emailed and also copied into the server records to present upon login attempts.
The only exception to this would be if they really believe they are blocking a malicious user. Then there is some merit to being non-transparent to threat agents. But the status quo is to treat apps rejected for any arbitrary reason as they would an attacker.
These are Lemmy instances with a “Sign Up” link which present you with a form to fill out to register. Then after you fill out the form and supply information like email address to the server, they respond with “registration closed”:
- lemmy.escapebigtech.info (dead node now, but got instant reg. closed msg when they were alive)
- expats.zone
- hackertalks.com
- lemmie.be
- lemmy.killtime.online
- lemmy.kmoneyserver.com
- lemmy.sarcasticdeveloper.com
- level-up.zone
- zoo.splitlinux.org
I suppose it’s unlikely to be malice considering how many there are. It’s likely a case of shitty software design. There should be a toggle for open/closed registration and when it’s closed there should be no “Sign Up” button in the first place. And if someone visits the registration URL despite a lack of Sign Up link, it should show a reg. closed announcement.
Guess it’s worth mentioning there are some instances that accept your application for review (often with interview field) but then either let your application rot (“pending application” forever) or they silently reject it (you only discover non-acceptance when you make a login attempt and either get “login failed” or even more rudely it just re-renders the login form with no msg). These nodes fall into the selective non-acceptance category:
- lemmy.cringecollective.io
- lemmy.techtriage.guru
- lemmy.hacktheplanet.be (pretends to send confirmation email then silently neglects to)
- links.esq.social
- dubvee.org
To be fair, I use a disposable email address which could be a reason the 5 above to reject my application. And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software. That is, when a login attempt is made, the server could present the rationale for refusal. Another software defect would be failing to instantly reject an unacceptible email address.
Utility companies, telecoms, and banks all want consumers to register on their website so they do not have to send paper invoices via snail mail. When I started the registration process, the first demand was for an e-mail address.
Is that really necessary? They would probably argue that they need to send notifications that a new invoice has been prepared. I would argue that e-mail should be optional because:
- They could send SMS notifications instead, if a data subject would prefer that.
- They need not send any notification at all, in fact. Reminders is why calendars and alarm clocks exist. A consumer can login and fetch their invoice on a schedule. If a consumer neglects to login during a certain window of time, the data controller could send a paper invoice (which is what they must do for offline customers anyway).
They might argue that they need an email for password resets. But we could argue that SMS or paper mail can serve that purpose as well.
Does anyone see any holes in my legal theory? Any justification for obligatory email address disclosure that I am missing?
There is no valid reason for the United Nations blocking Tor.
A mom & pop shop selling cupcakes would have a valid reason (lack of funding, lack of competence, no conflicting principles). Blocking Tor is a cheap and sloppy attempt at separating ham from spam which inherently entails blocking ham, ultimately against the principles the UN theoretically supports. The UN should have the funding and competence to support their own values.
The UN probably should not be drafting rules about digital inclusion when they themselves have an embarrassing display of digital exclusion.
Yikes. As some Tor users may know, the UN drafted the Unified Declaration of Human Rights, which in principle calls for privacy respect and inclusion. That same UN blocks the Tor community from their website. Indeed, being denied access to the text that embodies our human rights is rich in irony.
Well that same UN plans to create a “Global Digital Compact” to protect digital human rights. It’s a good idea, but wow, they just don’t have their shit together. I have so little confidence that they can grasp the problems they are hoping to solve. Cloudflare probably isn’t the least bit worried. Competence prevailing, Cloudflare should be worried, theoretically, but the UN doesn’t have the competence to even know who Cloudflare is.
I don’t want to be an enabler of the drivel, so without posting the full URL to that article that’s reachable in the open free world, I will just say that medium.com links should never be publicly shared outside of Cloudflare’s walled garden. I realise aussie.zone is also in Cloudflare’s walled garden, but please be aware that it’s federated and reaches audiences who are excluded by Cloudflare.
The medium.com portion of the URL should be replaced by scribe.rip to make a medium article reachable to everyone. Though I must say this particular article doesn’t need any more reach than it has.
Anyone who just wants the answer: see @souperk@reddthat.com’s comment in this thread.
Interstate commerce is governed by the federal government.
Not exclusively. Interstate commerce implies that the feds can regulate it, not that they have exclusive power to do so. We see this with MJ laws. The fed believes it has the power to prohibit marijuana on the basis of interstate commerce, but in fact mj can be grown locally, sold locally, and consumed locally. Just like internet service can be.
Suppose you want to buy a stun gun in New York. You can find stun guns sold via mail order from another state (thus interstate commerce), but New York still managed to ban them despite the role of interstate commerce.
A close analog would be phone laws. The fed has the TCPA to protect you from telemarketers, but at the same time various states add additional legal protections for consumers w.r.t. telemarketing and those laws have force even if the caller is outside the country. (Collecting on the judgement is another matter).
Schools now require the internet for kids. ISPs being allowed to be anything more than a dumb pipe means they have the control of what information is sent across their network.
Education is specifically a duty of the state set out in the Constitution. If you can point to the statute requiring schools to provide internet for students, I believe it will be state law not federal law that you find.
The internet is now a basic human right in the United States for numerous reasons, one of which is #2.
I don’t quite follow. Are you saying that because education is a human right, that internet access is a human right? It doesn’t work that way. First of all, people who do not exercise their right to an education would not derive any rights implied by education. As for the students, if a state requires internet in education that does not mean that internet access becomes a human right. E.g. an Amish family might lawfully opt to homeschool their child, without internet. That would satisfy the right to education enshrined in the Unified Declaration of Human Rights (UDHR) just fine. A student attending public school in a state that mandates internet in schools would merely have the incidental privilege of internet access, not an expanded human right that students in other states and countries do not have under the same human rights convocation. If your claim were true, it would mean that California (for example) requiring internet provisions for students would then mean students in Haiti (a country that also signed the UDHR that entitles people to a right to education) or Texas would gain a right to internet access via the state of California’s internal law. A state cannot amend the UDHR willy nilly like that.
Also, if internet could be construed as a human right by some mechanism that’s escaping me, the fed is not exclusively bound by human rights law. The fed signed the treaty, but all governments therein (state and local) are also bound to uphold human rights. Even private companies are bound to human rights law in the wording of the text, though expectation of enforcement gets shaky.
ISPs cross state boundaries and should be governed by interstate law.
I subscribed to internet service from a WISP at one point. A dude in my neighborhood rolled out his own ISP service. His market did not even exceed the city.
The local ISPs have ISPs themselves and as you climb the supply chain eventually you get into the internet backbone which would be interstate, but that’s not where the netneutrality problem manifests. The netneutrality problem is at the bottom of the supply chain in the last mile of cable where the end user meets their local ISP.
Also with MJ laws, several states have liberated the use of marijuana despite the feds using the interstate commerce act to ban it.
An ISP being a business, especially a publicly-traded one, will sacrifice all manner of consumer/user-protection in order to maximize profit. And having the states govern against that will lead to a smattering of laws where it becomes muddy on what can actually be enforced, and where.
Sure, and if the fed is relaxed because the telecoms feed the warchests of the POTUS and Congress, you have a nationwide shit-show. A progressive state can fix that by imposing netneutrality requirements. Just like many states introduce extra anti-telemarketing laws that give consumers protection above and beyond the TCPA.
And having the states govern against that will lead to a smattering of laws where it becomes muddy on what can actually be enforced, and where.
That’s a problem for the ISPs that benefits consumers. If ISPs operating in different states then have to adjust their framework for one state that mandates netneutrality, the cost of maintaining different frameworks in different states becomes a diminishing return. US consumers often benefit from EU law in this way. The EU forced PC makers to make disassembly fast and trivial, so harmful components could quickly and cheaply be removed before trashing obsolete hardware. The US did not impose this. Dell was disturbed because they had to make pro-environment adjustments as a condition to access to the EU market. They calculated that it would be more costly to sell two different versions, so the PCs they made for both the EU market and the US market become more eco-friendly. Thanks to the EU muddying the waters.
The right to repair will have the same consequences.
Why would it necessarily have to be federal law, and not state law?
Whether the legislation is appropriate at the state or fed domain is unclear. Certainly if the orange tyrant takes power again, I would probably want state govs to be able to protect consumers from netneutrality abuses.
It’s worth noting that the FCC’s so-called “Open” Internet Advisory Committee (#OIAC) tragically gives two seats on the board to:
- Cloudflare
- Comcast
Both of whom are abusers of #netneutrality, especially Cloudflare. A well-informed Trump-free administration should be showing Cloudflare and Comcast the door ASAP.
Sure, Trump would just bring them back. But it’d at least be a good symbolic move.
Indeed, as someone else pointed out, the needed change should come from pro-netneutrality legislation. And the legislation needs to be broad enough to block Cloudflare’s broad discriminatory arbitrary attack on access equality, not just tinker with speeds at the ISP consumer level.
It’s not a topic issue. The discussions are largely around platforms and custodians. They bring lots of ethical problems. Anything on this page is relevant to personal finance:
https://git.disroot.org/cyberMonk/liberethos_paradigm/src/branch/master/usa_banks.md
If someone managing their personal finances wants to ask how to avoid the bad players and still achieve their goals, it’s relevant. But Bogleheads is not keen. I don’t recall the particulars (it was over a decade ago) but it wasn’t topic related. It was just a conservative moderator or crowd who don’t want ethics getting in their way or cluttering their view.
Tor. I wonder if that is a more fraud or trolling concern. Or maybe for financial houses more of a US law concern.
Certainly not a legal issue in the US. Tor works ATM on Bogleheads. Cloudflare is often chosen out of ignorance by admins who don’t even know what Tor is, or at least don’t know that most Tor traffic is legit. It’s usually a lazy move. I don’t recall the details about Boglehead’s tor hostility but they’re reachable over Tor right now.
I used the Bogleheads forum over 15 years ago. It eventually turned sour and I left.
One of my issues is that the banking and finance sector and consumers engaging in it are conservatives. So if you want to ask a question like “where can I find a relatively ethical bank/investment firm that does not invest in fossil fuels?” it’s alienating to right-wingers to consider ethics. They don’t see the ethical problems that plague the industry and at the same time they don’t recognize the concept of ethical consumption. They just expect everyone to look after number 1. Bogleheads had little tolerance for politics, which inherently forces a narrow discussion of what financial products bring what value to the selfish types of consumers who neglect ethics. They don’t want someone exposing JP Morgan’s investment in private prisons or fossil fuels, or even how JPM Chase has a sneaky anti-Tor policy to discover which of their customers use Tor. Bogleheads did not kill my account.. it was just that ethical topics either had crickets or hostility, and censorship. IIRC what ultimately drove me off was Bogleheads started blocking Tor or using Cloudflare or something that demonstrated disrespect for digital rights. But apparently they re-liberated their forums since it seems Tor is permitted again.
For medical chatter I would look at mander.xyz, which is science focused.
For law it’s a bit of a ghost town, but at least there is a ghost town ready to host interested litigants→ links.esq.social
There is !personalfinance@sopuli.xyz, which would be somewhat related to personal tax. There is also a Lemmy instance dedicated to finance. I don’t recall it off the top of my head but the instance joined Cloudflare so I immediately abandoned it.
For the record, lemmy.ml is a terrible place to discuss tax or personal finance. The admins of that instance treat personal finance questions as spam and even go over the heads of moderators to censor such discussion because of their political baggage. IMO sopuli.xyz might be a good place to create an account and create finance communities.
BBC World Service was covering the US elections and gave a brief blurb to inform non-US listeners on the basic differences between republicans and democrats. They essentially said something like:
> Democrats prefer a big government with a tax-and-spend culture while republicans favor minimal governance with running on a lean budget, less spending¹
That’s technically accurate enough but it seemed to reflect a right-wing bias that seems inconsistent with BBC World Service. I wouldn’t be listening to BBC if they were anything like Fox News (read: faux news). The BBC could have just as well phrased it this way:
“Democrats prefer a government that is financed well enough to ensure protection of human rights…”
It’s the same narrative but expressed with dignity. When they are speaking on behalf of a political party it’s an attack on their dignity and character to fixate on a side-effect rather than the goal and intent. A big tax-and-spend gov is not a goal of dems, it’s a means to achieve protection of human rights. It’s a means that has no effective alternative.
① Paraphrasing from what I heard over the air -- it’s not an exact quote
#BBC #BBCWorldService
You’re talking about Republicans but then saying “state” is a generic word.
I’m saying when I personally used the word “state” in the bit that you quoted, I was using the generic meaning of state. It’s an overloaded word (multiple meanings). What I mean by the “generic meaning” is that I was not referring to the state level jurisdiction. E.g. if the context were Texas, my use of the word “state” was not the state of Texas in that quote. The word state can simply mean government at any level. A federal government (aka nation state) can also generically be referred to as the “state”, even though it’s not state as the jurisdictional construct that composes the United States.
Likewise, even a local government like a city or county can be generically called the “state”. So to answer your question, the state of Texas can ban welfare checks from the state level in the whole state of Texas, but a lower (non-republican controlled) government can circumvent that by offering food and shelter instead of checks.
Welfare can happen at any level. I went to the emergency room and racked up a 4-figure hospital bill, and said “I have no insurance or income”. It was no problem.. the county had financial aid that I qualified for. The county paid the bill for me, not the state¹ or fed.
- in that case, I mean state in the sense of a jurisdictional construct.
And to be clear, the use of “state” in your quote was the generic sense of the word.
(emphasis added)
cross-posted from: https://beehaw.org/post/12271916
> Suppose a law is named something like “The Royal Decree of June 14, 2018 regulating the Distribution of Pharmaceuticals and Vitamins”. If a document needs to refer to that law more than once, it makes a mess and causes some painful reading. How should something like that with a date be abbreviated? >
(note that’s a fictitious law similarly named to the law I need to reference; it’s really a question of English and law and lawyers are perhaps best equipped to answer)
The local govs taking direct action. The state gov may be controlled by human rights hostile republicans at the state level, but there are many smaller governments within the state controlled by liberals.
And to be clear, the use of “state” in your quote was the generic sense of the word.
I mean, again, you’re claiming if Republicans get rid of minimum wage
Min wage is entirely different than what these bans are about. There are no wages in this context. This is about a flat periodic income for non-wage earners for the most part.
then they’ll have to come up with some state-sponsored plan to get Bob his shoes when the inevitable wage reduction makes shoes even more unaffordable.
You’re confused about how these bans work. If they don’t want to give Bob a flat living income from state funds at the state level, a ban is pointless because they can simply neglect to provide the money (as they already control the policy and money at the state level). The purpose of a ban is to prevent lower governments from acting. So if they implement a state-level statute banning Bob getting min income, city/county X can cannot give Bob a min income but they can still buy Bob a pair of shoes. Hence how it can backfire.
I’ve seen public libraries with sewing machines. So for example a librarian could theoretically use it to help Bob construct a pair of shoes using material that’s supplied by public money to the libraries. Such an outcome is a game of whack-a-mole.. The republicans would have to discover that’s happening and then legislate against it separately.
You say this like they have any decency or shame.
I”m not sure how you arrive at that. You seem to have missed my point. That is, if the republicans get what they want (a ban on min incomes), they could end up getting as a consequence something they want even less: the state getting involved in commerce in the course of upholding human rights legal obligations.
It makes little sense because they know full well the money will spent one way or another. So most likely this is a political tactic for something else. If there is a segment of unmotivated R voters somewhere but a strong likelihood that they would be more motivated to the polls if there were a proposition to ban any form of welfare, getting a proposition on the ballot would actually just be a trick to get more people turning out for Trump (because they will tick the Trump box while they are there).
What matters to republicans the most is not any kind of values or ideology; it’s simply nothing more than taking and holding power.
IIRC it was the Bush election where the republicans put a proposition on the ballot for gay marriage. Superficially you would think “sure, the republicans want to stop gay marriage”. But in reality the republican politicians did not care about gay marriage at all. They cared about a segment of elderly non-voting christian right conservatives. Those voters could not be motivated to get off their asses and travel to the polls to vote for Bush, but they would be damned if gays could get married, so they were highly motivated to vote in that election and of course while they are in the voting booth they ticked the Bush box. The gay marriage proposition was just a trick to get more votes for candidates.
This is why I’m so disgusted every time someone says “republicans and democrats are basically the same”, which I most often hear from Europeans.
Regulators have dragged their feet on new bank merger guidelines. They now have a $35 billion reason to get moving.
For the past ~15 years I have tried for the most part to boycott:
- American Express for being an #ALEC member (which supports #climateDenial and obstructs public healthcare, public education, immigration, gun control, etc), and for participating in the #Wikileaks donation blockade
- Visa for pushing the #warOnCash (member of #betterThanCashAlliance.org and offering huge rewards to merchants who refuse cash), for participating in the #Wikileaks donation blockade, and for blocking Tor users from anonymously opting out of data sharing on their credit cards
- Mastercard for pushing the #warOnCash (member of betterThanCashAlliance.org), for participating in the #Wikileaks donation blockade, and for blocking Tor users from anonymously opting out of data sharing on their credit cards
Discovercard has always been a clear lesser of evils. So Discovercard has earned the majority of my business whenever cash is not possible. But now I hear chatter that #Discovercard might merge with a shitty bank that had an embarrassing data leak by an Amazon contractor: #CapitalOne. I was disappointed when Samual Jackson promoted #CapOne. Capital One supported Trump’s Jan.6 insurrection attempt among other things.
So what’s left? JCB (Japanese) and UnionPay (China). JCB pulled out of the US like 10 years ago. People outside the US can get a #JCB card but then IIRC it uses the Discovercard network in the US and the #AmEx network in Canada.
I already favor cash whenever possible. In other cases it will be hard to choose the lesser of evils between CapOne and Mastercard.
update --- Found an insightful article detailing a loophole that the fed gave to Discovercard which is why Capital One intends to buy it.
cross-posted from: https://beehaw.org/post/12170575
> The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data. > > I might expand on this more but I’m looking for information about whether this legal theory has been analyzed or tested. If anyone knows of related court opinions rulings, or even some NGO’s analysis on this topic I would greatly appreciate a reference. > > #askFedi
cross-posted from: https://beehaw.org/post/12170575
> The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data. > > I might expand on this more but I’m looking for information about whether this legal theory has been analyzed or tested. If anyone knows of related court opinions rulings, or even some NGO’s analysis on this topic I would greatly appreciate a reference. > > #askFedi
I posted an apparently off-topic post to !foss@beehaw.org. The moderator removed it from the timeline because discussion about software that should be FOSS was considered irrelevant to FOSS. Perhaps fair enough, but it’s an injustice that people in a discussion were cut off. The thread should continue even if it’s not linked in the community timeline. I received a reply that I could not reply to. What’s the point in blocking a discussion that’s no longer visible from the timeline?
It’s more than just an unwanted behavior because the UI is broken enough to render a dysfunctional reply mechanism. That is, I can click the reply button to a comment in an orphaned thread (via notifications) and the UI serves me with a blank form where I can then waste human time writing a msg, only to find that clicking submit causes it to go to lunch in an endless spinner loop. So time is wasted on the composition then time is wasted wondering what’s wrong with the network. When in fact the reply should simply go through.
(edit) this is similar to this issue. Slight difference though: @jarfil@beehaw.org merely expects to be able to reply to lingering notifications after a mod action. That’s good but I would go further and propose that the thread should still be reachable and functional (just not linked in the timeline where it was problematic).
This series of single word spam has 1 vote each:
https://beehaw.org/comment/2351412
Yet there are responses to the same comment with many more upvotes. Why don’t the higher valued comments rise above the comments with a score of 1?
When trying to access https://beehaw.org/c/finance it gives a 502 bad gateway -- “Worker Bees are busy updating the website”.
Mozilla is ~83% funded by Google. That’s right- the maker of the dominant Chrome browser is mostly behind its own noteworthy “competitor”. When Google holds that much influence over Mozilla, I call it a false duopoly because consumers are duped into thinking the two are strongly competing with each other. In Mozilla’s effort to please Google and to a lesser extent the end users, it often gets caught pulling anti-user shenanigans. Users accept it because they see Firefox as the lesser of evils.
Even if it were a true duopoly, it would be insufficient anyway. For a tool that is so central to the UX of billions of people, there should be many more competitors.
public option
Every notable government has an online presence where they distribute information to the public. Yet they leave it to the public to come up with their own browser which may or may not be compatible with the public web service. In principle, if a government is going to distribute content to the public, they also have a duty to equip the public to be able to consume the content. Telling people to come up with their own private sector tools to reach the public sector is a bit off. It would be like telling citizens they can receive information about legislation that passes if they buy a private subscription to the Washington Post. The government should produce their own open source browser which adheres to open public standards and which all the gov websites are tested with.
I propose Italy
Italy is perhaps the only country in the world to have a “public money → public code” law, whereby any software development effort that is financed by the gov must be open source. So IMO Italy should develop a browser to be used to access websites of the Italian gov. Italy can save us from the false duopoly from Google.
In the run-up to the midterm elections, a growing number of conservative groups are turning their attention to often-ignored school board races.
Since last year, republicans have launched a campaign to get conservatives on school boards. This is the political party in the US who favors privatization of everything. They are sympathetic to giant corporations and champion #citizensUnited (which elevates corporations above humans). #Ohio has a large number of extremists intending to take school board positions.
I don’t get the impression #FOSS orgs like #FSF are paying attention. The FOSS movement stands to lose some ground here. #FreeSoftware in education is important and FSF does not even have a campaign for it on their website.
cross-posted from: https://beehaw.org/post/8984968
When the FSF Free Software Directory directs people to freedom-lacking places
> The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:
>
> * projects jailed in MS #Github (amid substantial ethical issues)
> * projects jailed in #Gitlab·com (amid substantial ethical issues)
> * projects with resources (docs, forums, wikis, APIs, etc) that are jailed in #Cloudflare’s walled garden (amid substantial ethical issues)
>
> FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?
>
> The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:
>
> * All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
> * Does not discriminate against classes of users, or against any country. (C2)
> * Permits access via Tor (we consider this an important site function). (C3)
>
> Failing any of those earns an “F” grade (Github & gitlab·com both fail).
>
> If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. #InternetArchive’s #ALA membership automatically invokes the Library Bill of Rights (LBR), which includes:
>
> * V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
> * VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
> * VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
>
> The LBR is consistent with FSF’s principles so this is a naturally fitting solution. The Universal Declaration of Human Rights is also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, making it public enough to observe these UDHR clauses:
>
> * art.21 ¶2. Everyone has the right of equal access to public service in his country.
> * art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
>
> These fundamental egalitarian principles & rights are a minimum low bar to set that cannot be construed as “unreasonable” or “purist” or “extremist”.
Some groups of people who are excluded when resources are inside Cloudflare’s walled-garden include:
- public library users
- Tor users
- CGNAT users (often poor people in impoverished regions whose ISPs have fewer IPv4 addresses to allocate than the number of users)
- people who use scripts to access web resources (and interactive users who merely appear to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images)
- all people with a moral objection to exposing ~20—30% of their web traffic (metadata & payloads both) to one single centralized tech giant in a country without privacy safeguards. (29% of the 200 most popular Github projects also make use of Cloudflare)
cross-posted from: https://beehaw.org/post/8984968
> The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example: > > * projects jailed in MS #Github (amid substantial ethical issues) > * projects jailed in #Gitlab·com (amid substantial ethical issues) > * projects with resources (docs, forums, wikis, APIs, etc) that are jailed in #Cloudflare’s walled garden (amid substantial ethical issues) > > FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?
> UPDATE
>
> The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:
>
> * All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
> * Does not discriminate against classes of users, or against any country. (C2)
> * Permits access via Tor (we consider this an important site function). (C3)
>
> If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. It also automatically invokes the Library Bill of Rights (LBR) because #InternetArchive is an #ALA member:
>
> * V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
> * VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
> * VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
>
> The LBR is consistent with FSF’s principles so this is naturally a good solution. The Universal Declaration of Human Rights are also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, likely making it public enough to observe these UDHR clauses:
>
> * art.21 ¶2. Everyone has the right of equal access to public service in his country.
> * art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
>
> These fundamental principles & rights are a minimum low bar to set that cannot be construed as “not reasonable” or “purist” or “extremist”.
The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:
- projects jailed in MS #Github (amid substantial ethical issues)
- projects jailed in #Gitlab·com (amid substantial ethical issues)
- projects with resources (docs, forums, wikis, APIs, etc) that are jailed in #Cloudflare’s walled garden (amid substantial ethical issues)
FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?
UPDATE
The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:
All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)Does not discriminate against classes of users, or against any country. (C2)Permits access via Tor (we consider this an important site function). (C3)
Failing any of those earns an “F” grade (Github & gitlab·com both fail).
If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. #InternetArchive’s #ALA membership automatically invokes the Library Bill of Rights (LBR), which includes:
V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
The LBR is consistent with FSF’s principles so this is a naturally fitting solution. The Universal Declaration of Human Rights is also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, making it public enough to observe these UDHR clauses:
art.21 ¶2. Everyone has the right of equal access to public service in his country.art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
These fundamental egalitarian principles & rights are a minimum low bar to set that cannot be construed as “unreasonable” or “purist” or “extremist”.
The data breach that MGM Resorts is calling a cyberattack is expected to cost the casino giant more than $100 million.
How sensitive is a DL number? DL numbers are typically an encoding of full name, DoB, and gender. So IIUC, it’s as sensitive as that info, which as far as I can tell is not overly hard to get legitimately. A criminal with that info can derive your DL# anyway. Yet apparently DL numbers are used to identify you when opening various kinds of accounts online and it’s treated as some kind of secret magic number that only you would know. Am I missing something, or is the real problem that the DL# is being used and trusted to verify identities?
To be clear, the breach did not only grab DL №s, it was also involves:
> “other personal information, including names, contact information, driver’s license numbers, Social Security numbers and passport numbers belonging to some customers who did business with MGM prior to March of 2019”
I used to be sloppy with my driver’s license, letting casinos and various businesses keep a copy of it. I decided at one point that my home address, handwritten sig, height, etc, is more sensitive than my nationality, so when ID is demanded I tend to show my passport instead of DL whenever possible. The passport shows much less info. But I wonder if I can still do better.
What if I slip the DL or passport into a sleeve that covers all fields except my name with a black box. So when the casino or whoever scans it, they only have a partial copy on record. Would that work? Does anyone do this?
cross-posted from: https://fedia.io/m/privacy/t/346211
> I need to check the balance of my bank card. It’s apparently becoming quite rare for ATMs to support balance inquiries. So as I try many different ATMs to check the balance, some ATMs demand PIN entry before you even see the service offers. So I enter my PIN and then it only gives a cash withdrawal option, at which point I eject. > > Couple problems here: > > * anti-fraud AI sensors can be very fragile & trigger happy. If my card is inserted into several different ATMs with & no transaction is initiated, I am of course concerned that my account will be frozen due to fraud false positive. > > * some ATMs automatically print out your balance on the receipt if you ask for a receipt. Some show it on the screen Some ATMs will only print the balance on the receipt if you specifically requested the balance in your session. Some ATMs are completely incapable of balance inquiries (at least for cards from other banks). Consumers seem to have no way of knowing what kind of ATM they are dealing with in advance, which forces us to experiment. > > Questions: > > * when an ATM demands PIN in advance, does that mean the transaction will signal the bank even if the session is terminated when the menu shows no balance inquiry option? IIUC, the PIN can be verified using the cards EMV chip without using the network - but is that necessarily the case? > > * when an ATM shows the menu options before asking for a PIN, can we count on no signal being sent to the bank? > > One of my accounts got frozen for fraud. I called the bank, complained, demanded answers. The bankers themselves are kept in the dark and left guessing about what happened. One banker said “you asked for more than the daily limit 2 or 3 times, which failed, then you went to a different ATM and tried again. Since you went to a different machine, that likely looked like fraud”. (of course I tried a different machine -- why would a legit user keep trying the same machine?)