Pup Biru

i’d say that’s mostly reasonable… not to say you can’t mess around in the guts of python, but you can mess around a lot more in c

the flip side of this is that python has a lot more guard rails: it’s simply impossible to write entire classes of sometimes very dangerous and subtle bugs in python code, while in c… go for it! that’s valid operations that you may have decided to do for performance reasons (also a reasonable argument, but if you know you’re not doing this fuckery then maybe it’s better to just let software not let you do them by accident or on purpose)

right? like if white space weren’t required, how would you format your code differently? arbitrary white space all over the place? no indentation? that is some spicy garbage code

to really hammer home this “many ways to hide”: the PDF is kinda just like a container… it contains other things like images (the patterns for example)… these patterns are probably vector graphics (made up of lines rather than pixels)… this means you can magnify them basically infinitely… and they can contain transparent lines and all sorts of things. they could easily embed that same text in the SVG image, at tiny scale (less than a pixel at 100% scale), and make it transparent… no PDF editor is going to touch the image data: it simply doesn’t really understand it to that degree - it’s an image; not a PDF after all… so that information will remain even after you’ve removed all visible/reasonable marks

this is just 1 example of practically infinite places it could be - and remember, this text is just lines in an image! it’s not like you can ctrl+f for the text necessarily… you’d have to go through every image manually and inspect every single line, and even then there are no guarantees (perhaps they encoded that information like morse code in bumps in some lines that are only barely visible at 1000% magnification)

Would or is also a really good way to sniff WiFi passwords. If anybody says “Well yes, I am indeed $HOME_NETWORK_NAME” your phone just hands them the password.

okay that’s very untrue… wifi passwords aren’t really passwords; more accurately they’re pre-shared keys… they are used to generate the encryption parameters used to talk to the AP. the password is never sent over the air, and there’s a 4-way handshake

corpos aren’t who you’re protecting against with encrypted drives… they’re not going to gain access to anything via bypassing your OS: they get everything via software you’ve installed or things like tracking

the main thing you’re protecting against with encryption is theft (or if you think you’re being physically targeted, it also stops them from modifying your system… eg replacing your kernel or a binary that gives them access somehow)

looks around

shit looks like the world is fresh out of free republics… could i interest you instead in a flawed democracy?

…button

makeup is self care: on a man or a woman… too much makeup, like anything else being too much, is performative and lacks taste… taste is an appropriate amount of something applied in a thoughtful manner

you wouldn’t wear a suit to the pub, but it never hurts to not wear ripped jeans and a shirt that’s 2 sizes too large… just like you probably wouldn’t wear an entire face of makeup to a weekly drinks with friends, but you might wear some mascara or concealer (doesn’t matter if you’re a guy or a gal these things make you look great either way)

offer them the plates so they don’t have to reach or move around the table and help them stack them when they’re there… pause your conversations and ensure they spend as little time sorting your dishes as possible, and then both they can get back to what they’re doing and you can continue your conversations in private

especially true when there are plates, bowls, and cups of all shapes

exception being it’s okay to pile cutlery on a single plate because that’s always going on the top and if not it’s easy to tip off all at once to restack

in global shipping, closeness actually doesn’t make things necessarily more eco friendly: when you have 100 ships full of cargo heading from china to the US, they’ve got to return too… either they return full of something, or nothing

i’m not sure how it all works out in this case, but slowly moving things from the US to asia is practically free, in pretty much all regards

which they handled about as well as you can: prompt and clear notification without trying to pass the buck

the potential of a data breach is just a fact of life with any SAAS product - bugs happen… and it’s exactly the SAAS part of the product that makes the invites/login/aggregation of servers so smooth

there are some admin endpoints that are authenticated using any local IP, but the method they use allows spoofing the IP so those endpoints become accessible essentially without authentication

there were some other issues to do with unauthenticated enumeration and playback of content i believe too

i’m not likely to wrangle installing and maintaining wireguard on my mums cheap smart tv

and if that’s the solution, as i said you get plex local playback so that’s free still anyway

my main issues

• jellyfin has known security vulnerabilities and shouldn’t be run on a public network. that means everyone using your server remotely needs to be on a VPN… and then you may as well use plex because it’s “local” so the remote streaming thing doesn’t apply
• swiftfin (which i need for apple tv) doesn’t support media segments

the thing that everyone always glosses over is that jellyfin should not be run on a public network. it has known security vulnerabilities… that includes VPN remote proxy, so now you have to have external users on your actual VPN, and if that’s the case then plex will work fine because it’s “local”, and has a lot more features

(and my main issue: media segments don’t work on swiftfin)

strict AI regulation will summon the Antichrist

oh that sounds bad!

no AI regulation will lead to misinformation and potentially a collapse of or at least significant degradation to society and here are legitimate theories with numbers to back them up as to why that’s the case

ah! hmm… yup… shit it’s just so hard to choose

the good guys are people defending their country from military incursion

in this particular case (or rather ukraine, poland, estonia), in every conceivable situation, russia are the bad guys and nato are absolutely the good guys

has nato done some disagreeable shit in the past? sure! absolutely! there’s your grey: nato aren’t always the cut and dry good guys… but in this case… cut and dry: russia can fuck right off and nato is a force for good

the mozilla foundation is largely responsible for the whole adtech and ai slop nonsense that nobody asked for

the mozilla corporation is responsible for firefox. there is no way to support firefox development

absolutely this

CSP is also a possibility, but really you’re talking about an internal attack on your own infrastructure: either by infra teams on your production or devs on your infrastructure (or an external malicious actor able to deploy code)… i think that’s just so unlikely that it’s not worthy of concern unless you’re something like a bank

bonus points: check out the *arr stack and don’t worry about manually downloading content ever again