@Atemu@lemmy.ml avatar

Atemu

@Atemu@lemmy.ml

Interested in Linux, FOSS, data storage systems, unfucking our society and a bit of gaming.

Nixpkgs committer.

github.com/Atemu
reddit.com/u/Atemu12 (Probably won’t be active much anymore.)

This profile is from a federated server and may be incomplete. View on remote instance

Do you take pictures with GPS tags on?

Hiya, so quickly wondering wether you have enabled this or not. Obviously it's not great for privacy, but it also seems very nice to have for image cloud solutions, so that images can be sorted based on location. Are there any good solutions for this? I'd like have it enabled, but also afraid of sharing images with sensitive...

Atemu ,
@Atemu@lemmy.ml avatar

I used to not but I wish I did. I want to know where pictures were taken. Photo album software like Immich can also make cool maps out of your photos this way and group photos by location.

As long as you're not sharing the pictures with anyone, there is no loss of privacy whatsoever in doing this. I don't see any reason to generally label it as "not great for privacy".

When sharing publicly, you need to be careful of course and run the images through an EXIF metadata stripper.

Atemu ,
@Atemu@lemmy.ml avatar

Statistically it should always be better by now because the resource hog that is called windows slows older systems down.

That's not how any of this works.

Atemu ,
@Atemu@lemmy.ml avatar

Plenty more benchmark worse. What's your point exactly?

Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives ( www.phoronix.com )

Going through my usual scanning of all the "-next" Git subsystem branches of new code set to be introduced for the next Linux kernel merge window, a very notable addition was just queued up... Linux 6.10 is set to merge the NTSYNC driver for emulating the Microsoft Windows NT synchronization primitives within the kernel for...

[HELP] Option for Variable Refresh is gone after installing new graphics card (PowerColor 6750 XT)

Howdy. I just installed a new graphics card in my gaming rig, and now the option for Variable Refresh Rate is gone from the Display Settings when I log into a Gnome Xorg session. I swapped out my trusty Vega 64 for a new PowerColor 6750 XT. Before the swap, I always signed into an Xorg session and the option for Variable...

Atemu ,
@Atemu@lemmy.ml avatar

Does it work if you enable VRR via xorg config?

Which xorg driver are/were you using, amdgpu or modesetting?

Help with HDD

I have a 4TB HDD that I use to store music, films, images, and text files. I have a 250GB SDD that I use to install my OS and video games. So far I didn't have any problem with this setup, obviously it's a bit slower when it reads the HDD but nothing too serious, but lately it's gotten way worse, where it just lags too much when...

Atemu ,
@Atemu@lemmy.ml avatar

Monitor I/O on the drive; is anything using it while your system is idle?

What's I/O like when loading an album?

Atemu ,
@Atemu@lemmy.ml avatar

This reads like a phrase from Half as Interesting.

Anyone know exactly what info Youtube captures from you from its browser version (and by what means)?

I know the prevailing sentiment for a long time in the privacy community has been "DAE Youtube bad?" though I have always thought that it is kinda overblown. Besides, I am using Firefox which is supposed to isolate tabs so they can't speak to each other, so I felt a small amount safer using Youtube....

Atemu ,
@Atemu@lemmy.ml avatar

Typing anything in another window that is not my browser

Which windows exactly? The apps you're typing things into might be spying on you.

M$ and their 738 parters really value your privacy, so if you're typing things into Excel...

copypasting the words "trans" and "talking"

What applications were running on your computer while you did this? Any of them could be recording clipboard history; it requires no special privilege.

Heck, I wouldn't be surprised if Windows itself was recording this and sent it to daddy M$ to train LLMs and maybe sell it as a little multi-billion side hustle.

transgender videos about "How to change your voice" start popping up in my feed. Please know I have zero interest in transgender politics/culture/anything, it is not something I have ever searched for or engaged in online.

Maybe Google knows something you don't? JK.

A more plausible explanation is that Google knows that you're in the Fediverse (ever Googled it?) which has a far above average concentration of queer people.

What is also plausible is that someone living with you (i.e. your family) or a friend is trans and you're obviously associated with them.

Google doesn't recommend queer content because they think you're queer but because it's what their data-defined statistical algorithms (""AI"") predicts you are likely to be interested in and therefore watch ads for. If you know a queer person or are often in contact with them, you are simply quite a bit more likely to be interested in queer people than the average and therefore more likely to click on queer content.

Possible that Youtube is reading my clipboard? Reading my keystrokes?

Youtube itself? Near impossible.

Other applications? Possible but likelihood unknown.

Listening to an album via VLC, while Youtube is open in my browser. Suddenly, more tracks from that album start showing up in my suggested feed. Possible Youtube is reading the titles of other apps current open on my machine? (VLC changes its active title to the name of whatever file is currently open)

Again, Youtube itself directly isn't doing anything like this. If that album is related to what you were listening to on YT or is even simply also popular with people who listed to the same things on YT as you do or are just generally similar to your person; that's all it takes for YT to attempt to show it to you.

Also note again that any application on your Windows or Linux PC can read the window titles of any other application or even simply scan your media library or other files.

Discord does this for instance for their rich presence function for instance and I would again not be surprised if there was a little multi-billion side-hustle going on.

I use Youtube all the time as my personal version of Spotify.

If you're not reliant on YT's recommendations, I'd recommend you to download the songs you want to listen to and listen to them on a local player.

Atemu ,
@Atemu@lemmy.ml avatar

Then for a day and a half after I was working on that spreadsheet, it showed up at the top of the suggested videos.

Again, which applications had access to your clipboard and user files at that time? If any of the applications running on your computer was stealing your data and selling it for financial gain, Google would likely be buying it and obviously using it against you.

You also have to consider side-channels. Were you or your friends talking about that spreadsheet project via Discord or some other known abuser? Did you talk about it with a person in your room while daddy Google or Amazon were listening? (Alexa in the room, Google assistant on your phone etc.)

in short: years of nothing, nothing, nothing, TWO DAYS OF TRANS VIDEO SUGGESTIONS, and then since, nothing, nothing, nothing.

This might simply be expectation bias. You may have been shown such suggestions in the same pattern before and simply didn't notice because, contrary to the present, the topic wasn't on your mind and simply forgot about it because you're being shown irrelevant suggested topics all the time.

Even after reading a lot of people telling me that it is just The Algo^TM^ at work, that incident seems so razor specific to activity I was simply doing on my computer at the same time Youtube was open rather than anything that could be related to my personal interests.

That's how "The Algo^TM^" works. Google gathers data on you directly through its applications, from 3rd parties selling data they stole from you and indirectly through the same process from people you associate with.
It's even possible that some data broker simply made up the fact that you're trans. Google could have then assumed it's true because you associate with trans people here. I could very well see that happen in an enshittified system such as Google.

Atemu ,
@Atemu@lemmy.ml avatar

The process for this is that you want to set your prefix to the /boot partition in the (hd1, gpt1) syntax (use ls) and then load the "normal" module. From then on, you should have regular GRUB again and should be able to boot your OS to properly fix GRUB.

Atemu ,
@Atemu@lemmy.ml avatar

It's too early to tell; you must investigate further.

Redlib: Open-source, privacy-focused frontend for Reddit without Reddit's ads, trackers, and bloat. A fork of Libreddit. ( safereddit.com )

The purpose of this post is not to endorse the use of Reddit ( https://shields.tosdr.org/en_194.svg), but rather to inform users of a privacy-friendly approach in case they need to utilize the platform....

Standard notes: what about don’t put all your eggs in one basket rule?

If the owner of the standard notes will now be a proton, doesn't that contradict this principle? I have a proton email account but I don't want it linked to my standard notes account. I don't strongly trust companies that offer packaged services like google or Microsoft....

Atemu ,
@Atemu@lemmy.ml avatar

You activated my trap card!

It's entierly based on the excellent org-mode for Emacs.

Atemu ,
@Atemu@lemmy.ml avatar

XZ is a slog to compress and decompress but compresses a bit smaller than zstd.

zstd is quite quick to compress, very quick to decompress, scales to many cores (vanilla xz is single-core only) and scales a lot further in the quicker end of the compression speed <-> file size trade-off spectrum while using the same format.

Atemu ,
@Atemu@lemmy.ml avatar

Edge is so privileged you can't remove it... well, you kinda just can't remove it..

That will have to change with the DMA becuase otherwise M$ will get ...a really big slap on the wrist or something.

Atemu ,
@Atemu@lemmy.ml avatar

internet chromesplorer

I'm stealing that.

How the xz backdoor highlights a major flaw in Nix ( shadeyg56.vercel.app )

The main issue is the handling of security updates within the Nixpkgs ecosystem, which relies on Nix's CI system, Hydra, to test and build packages. Due to the extensive number of packages in the Nixpkgs repository, the process can be slow, causing delays in the release of updates. As an example, the updated xz 5.4.6 package...

Atemu ,
@Atemu@lemmy.ml avatar

No.

Atemu ,
@Atemu@lemmy.ml avatar

xz is necessarily in the stdenv. Patching it means rebuilding the world, no matter what you optimise.

Atemu ,
@Atemu@lemmy.ml avatar

AFAIK, affected versions never made it to stable as there was no reason to backport it.

Atemu ,
@Atemu@lemmy.ml avatar

This has nothing to do with "unstable" or the specific channel. It could have happened on the stable channel too; depending on the timing.

Atemu ,
@Atemu@lemmy.ml avatar

It was not vulnerable to this particular attack because the attack didn't specifically target Nixpkgs. It could have very well done so if they had wanted to.

Atemu ,
@Atemu@lemmy.ml avatar

This blog post misses entirely that this has nothing to do with the unstable channel. It just happened to only affect unstable this time because it gets updates first. If we had found out about the xz backdoor two months later (totally possible; we were really lucky this time), this would have affected a stable channel in exactly the same way. (It'd be slightly worse actually because that'd be a potentially breaking change too but I digress.)

I see two way to "fix" this:

  • Throw a shitton of money at builders. I could see this getting staging-next rebuild times down to just 1-2 days which I'd say is almost acceptable. This could even be a temporary thing to reduce cost; quickly renting an extremely large on-demand fleet from some cloud provider for a day whenever a critical world rebuild needs to be done which shouldn't be too often.
  • Implement pure grafting for important security patches through a second overlay-like mechanism.
Atemu ,
@Atemu@lemmy.ml avatar

This would better be done in the front-end rather than a comment bot.

Atemu ,
@Atemu@lemmy.ml avatar

I don't like the Piped bot at all.

What should be posted on the internet should be the canonical source of some content, not a proxy for it. If users prefer a proxy, they should configure their clients to redirect to the proxy. Piped instances come and go and the entire project is at the mercy of Google tolerating it/not taking action against it, so it could be gone tomorrow.

I use piped myself. I have client-side configurations which simply redirects all Youtube links to my piped instance. No need for any bots here.

Atemu ,
@Atemu@lemmy.ml avatar

That does not address the point made. It doesn't matter whether it's a complex hardware or software component in the stack; they will both fail.

Atemu ,
@Atemu@lemmy.ml avatar

That whole situation was such an overblown idiotic mess. Kagi has always used indices from companies that do far more unethical things than committing the extreme crime of having a CEO who has stupid opinions on human rights.
I 100% agree with Vlad's response to this whole thing and anyone who thinks otherwise should question what exactly it is they're criticising.

I don't like Brave (super shady IMHO) and certainly not their CEO but I didn't sign up for a 100% ethically correct search engine, I signed up for a search engine with innovative features and good search results. The only viable alternatives are to use 100% not ethically correct search indices with meh (Google) to bad (Bing, DDG) search results. If you're going to tell me how Google and M$ are somehow ethical, I'm going to have to laugh at you.

The whole argument amounts to whining about the status quo and bashing the one company that tries anything to change it. The only way to get away from the Google monopoly is alternative indices. Yes those alternatives may not be much more ethical than friggin Google. So what.

Atemu ,
@Atemu@lemmy.ml avatar

Your search results look very different to mine:

https://lemmy.ml/pictrs/image/01eae1b8-2367-4533-a739-a59b944b4946.png

Did you disable Grouped Results?

All the LLM-generated "top 10" listicles are grouped into one large block I can safely ignore. (I could hide them entirely but the visual grouping allows for easy mental filtering, so I haven't bothered.) Your weird top10 fake site does not show up.

But yes, as the linked article says, Kagi is primarily a proxy for Google with some extra on top. This is, unfortunately, a feature as Google's index still reigns supreme for general purpose search. It absolutely is bad and getting worse but sadly still the best you can get. Using only non-Google indices would just result in bad search results.
The Google-ness is somewhat mitigated by Kagi-exclusive features such as the LLM garbage grouping.

What Google also cannot do is highlighted in my screenshot: You can customise filtering and ranking.
The first search result is a Reddit thread with some decent discussion because I configured Kagi to prefer Reddit search results. In the case of household appliances, this doesn't do a whole lot as I have not researched trusted/untrusted sources in this field yet but it's very noticeable in fields like programming where I have manually ranked sites.

Kagi is not "all about" privacy. It's a factor, sure but ultimately you still have to trust a U.S. company. Better than "trusting" a known abuser (Google, M$) but without an external audit, I wouldn't put too much wight into this.
The index ain't it either as it's mostly Google though sometimes a bit better.
What really sets it apart is the features. Customised ranking aswell as blocking some sites outright (bye bye pinterest and userbenchmark) are immensely useful. So are filtering garbage results that Google still likes to return.

Atemu ,
@Atemu@lemmy.ml avatar

I personally have not found Kagi’s default search results to be all that impressive

At their worst, they're as bad as Google's. For me however, this is a great improvement over using bing/Google proxies which would be the alternative.

maybe if I took the time to customize, I might feel differently.

That's the killer feature IMHO.

Atemu ,
@Atemu@lemmy.ml avatar

I think you're underestimating how huge of an undertaking a half-decent search index is, much less a good one.

Atemu , (edited )
@Atemu@lemmy.ml avatar

Whether this is bad depends on your threat model. Additionally, you must also consider that other search engines are able to easily identify you without you explicitly identifying yourself. If you can't fool https://abrahamjuliot.github.io/creepjs/, you certainly can't fool Google for instance. And that's even ignoring the immense identifying potential of user behaviour.

Billing supports OpenNode AFAICT which I guess you could funnel your Moneros through but meh.

Edit: Phrasing.

Atemu ,
@Atemu@lemmy.ml avatar

Is "Grouped Results" disabled in settings?

Atemu ,
@Atemu@lemmy.ml avatar

Certainly better than the U.S. in that regard but I wouldn't consider Germany "resilient" either.

Atemu ,
@Atemu@lemmy.ml avatar

I think it could be because Google may offer them quite a bit longer hardware support. They had to go with some industrial SoC for the FP5 to get Qualcomm to offer even a half decent hardware support cycle.

Atemu ,
@Atemu@lemmy.ml avatar

Sorry, can't answer that as my crystal ball is broken at the moment.

Atemu ,
@Atemu@lemmy.ml avatar

You should IMO always do this when putting your work on a shared branch

No. You should never squash as a rule unless your entire team can't be bothered to use git correctly and in that case it's a workaround for that problem, not a generally good policy.

Automatic squashes make it impossible to split commit into logical units of work. It reduces every feature branch into a single commit which is quite stupid.
If you ever needed to look at a list of feature branch changes with one feature branch per line for some reason, the correct tool to use is a first-parent log. In a proper git history, that will show you all the merge commits on the main branch; one per feature branch; as if you had squashed.

Rebase "merges" are similarly stupid: You lose the entire notion of what happened together as a unit of work; what was part of the same feature branch and what wasn't. Merge commits denote the end of a feature branch and together with the merge base you can always determine what was committed as part of which feature branch.

Atemu ,
@Atemu@lemmy.ml avatar

The only difference between a *rebase-merge and a rebase is whether main is reset to it or not. If you kept the main branch label on D and added a feature branch label on G', that would be what @andrew meant.

Atemu ,
@Atemu@lemmy.ml avatar

you also lose the merge-commits, which convey no valuable information of their own.

In a feature branch workflow, I do not agree. The merge commit denotes the end of a feature branch. Without it, you lose all notion of what was and wasn't part of the same feature branch.

Atemu ,
@Atemu@lemmy.ml avatar

Note that I didn't say that you should never squash commits. You should do that but with the intention of producing a clearer history, not as a general rule eliminating any possibly useful history.

Atemu ,
@Atemu@lemmy.ml avatar

The thing is, you can get your cake and eat it too. Rebase your feature branches while in development and then merge them to the main branch when they're done.

Atemu ,
@Atemu@lemmy.ml avatar

They were mentioned because a file they are the code owner of was modified in the PR.

The modifications came from another branch which you accidentally(?) merged into yours. The problem is that those commits weren't in master yet, so GH considers them to be part of the changeset of your branch. If they were in master already, GH would only consider the merge commit itself part of the change set and it does not contain any changes itself (unless you resolved a conflict).

If you had rebased atop of the other branch, you would have still had the commits of the other branch in your changeset; it'd be as if you tried to merge the other branch into master + your changes.

Atemu ,
@Atemu@lemmy.ml avatar

I am not. Read the context mate.

Atemu ,
@Atemu@lemmy.ml avatar

That's a nice idea in theory but not possible in practice as the last Nixpkgs revision without a tainted version of xz is many months old. You'd trade one CVE for dozens of others.

Atemu ,
@Atemu@lemmy.ml avatar

That works for leaf packages but not for core node packages. Every package depends on xz in some way; it's in the stdenv aswell as bootstrap.

Atemu ,
@Atemu@lemmy.ml avatar

Those packages themselves depend on xz. Pretty much all of them.

What you're suggesting would only make the xz executable not be backdoored anymore but any other application using liblzma would still be as vulnerable as before. That's actually the only currently known attack vector; inject malicious code into SSHD via liblzma.

Atemu ,
@Atemu@lemmy.ml avatar

If you need languages other than "western European languages", you're SOL with this offline translator; whether you use it within Firefox or the extension.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • Mdev
  • SciFi
  • fountainpens
  • test
  • dev_playground
  • announcements
  • vexblue
  • anki
  • pamasich
  • VideoEditingRequests
  • kbinrun
  • All magazines