0
2
submitted 4 months ago* (last edited 4 months ago) by debanqued@beehaw.org to c/bugs@sopuli.xyz

I installed the Aria2 app from f-droid. I just want to take a list of URLs of files to download and feed it to something that does the work. That’s what Aria2c does on the PC. The phone app is a strange beast and it’s poorly described & documented. When I launch it, it requires creating a profile. This profile wants an address. It’s alienating as fuck. I have a long list of URLs to fetch, not just one. In digging around, I see sparse vague mention of an “Aria server”. I don’t have an aria server and don’t want one. Is the address it demands under the “connection” tab supposed to lead to a server?

The readme.md is useless:

https://github.com/devgianlu/Aria2App

The app points to this link which has no navigation chain:

https://github.com/devgianlu/Aria2App/wiki/Create-a-profile

Following the link at the bottom of the page superfically seems like it could have useful info:

“To understand how DirectDownload work and how to set it up go here.”

but clicking /here/ leads to a dead page. I believe the correct link is this one. But on that page, this so-called “direct download” is not direct in the slightest. It talks about setting up a server and running python scripts. WTF.. why do I need a server? I don’t want a server. I want a direct download in the true sense of the word direct.

8
submitted 4 months ago* (last edited 4 months ago) by debanqued@beehaw.org to c/isitdown@infosec.pub

These are Lemmy instances with a “Sign Up” link which present you with a form to fill out to register. Then after you fill out the form and supply information like email address to the server, they respond with “registration closed”:

  • lemmy.escapebigtech.info (dead node now, but got instant reg. closed msg when they were alive)
  • expats.zone
  • hackertalks.com
  • lemmie.be
  • lemmy.killtime.online
  • lemmy.kmoneyserver.com
  • lemmy.sarcasticdeveloper.com
  • level-up.zone
  • zoo.splitlinux.org

I suppose it’s unlikely to be malice considering how many there are. It’s likely a case of shitty software design. There should be a toggle for open/closed registration and when it’s closed there should be no “Sign Up” button in the first place. And if someone visits the registration URL despite a lack of Sign Up link, it should show a reg. closed announcement.

Guess it’s worth mentioning there are some instances that accept your application for review (often with interview field) but then either let your application rot (“pending application” forever) or they silently reject it (you only discover non-acceptance when you make a login attempt and either get “login failed” or even more rudely it just re-renders the login form with no msg). These nodes fall into the selective non-acceptance category:

  • lemmy.cringecollective.io
  • lemmy.techtriage.guru
  • lemmy.hacktheplanet.be (pretends to send confirmation email then silently neglects to)
  • links.esq.social
  • dubvee.org

To be fair, I use a disposable email address which could be a reason the 5 above to reject my application. And if they did give a reason via email, I would not see it. Not sure if that’s happening but that’s also a case of bad software. That is, when a login attempt is made, the server could present the rationale for refusal. Another software defect would be failing to instantly reject an unacceptible email address.

4
submitted 4 months ago* (last edited 4 months ago) by debanqued@beehaw.org to c/gdpr@sopuli.xyz

Utility companies, telecoms, and banks all want consumers to register on their website so they do not have to send paper invoices via snail mail. When I started the registration process, the first demand was for an e-mail address.

Is that really necessary? They would probably argue that they need to send notifications that a new invoice has been prepared. I would argue that e-mail should be optional because:

  • They could send SMS notifications instead, if a data subject would prefer that.
  • They need not send any notification at all, in fact. Reminders is why calendars and alarm clocks exist. A consumer can login and fetch their invoice on a schedule. If a consumer neglects to login during a certain window of time, the data controller could send a paper invoice (which is what they must do for offline customers anyway).

They might argue that they need an email for password resets. But we could argue that SMS or paper mail can serve that purpose as well.

Does anyone see any holes in my legal theory? Any justification for obligatory email address disclosure that I am missing?

2
submitted 4 months ago by debanqued@beehaw.org to c/isitdown@infosec.pub
8
submitted 4 months ago* (last edited 4 months ago) by debanqued@beehaw.org to c/netneutrality@sopuli.xyz

Yikes. As some Tor users may know, the UN drafted the Unified Declaration of Human Rights, which in principle calls for privacy respect and inclusion. That same UN blocks the Tor community from their website. Indeed, being denied access to the text that embodies our human rights is rich in irony.

Well that same UN plans to create a “Global Digital Compact” to protect digital human rights. It’s a good idea, but wow, they just don’t have their shit together. I have so little confidence that they can grasp the problems they are hoping to solve. Cloudflare probably isn’t the least bit worried. Competence prevailing, Cloudflare should be worried, theoretically, but the UN doesn’t have the competence to even know who Cloudflare is.

[-] debanqued@beehaw.org 10 points 4 months ago* (last edited 4 months ago)

I don’t want to be an enabler of the drivel, so without posting the full URL to that article that’s reachable in the open free world, I will just say that medium.com links should never be publicly shared outside of Cloudflare’s walled garden. I realise aussie.zone is also in Cloudflare’s walled garden, but please be aware that it’s federated and reaches audiences who are excluded by Cloudflare.

The medium.com portion of the URL should be replaced by scribe.rip to make a medium article reachable to everyone. Though I must say this particular article doesn’t need any more reach than it has.

Anyone who just wants the answer: see @souperk@reddthat.com’s comment in this thread.

1

I created a whitelist access profile. That ensures that the whole WAN is blocked except what is exceptionally whitelisted. I started with an empty whitelist. The LAN is rightfully accessible and the WAN is rightfully inaccessible.

The router does not use DSL. Instead, it uses a USB mobile broadband LTE modem. The modem has its own website which gives SMS capability. The modem is technically upstream to the router, so it is blocked when the WAN blocking profile is enabled. I want to whitelist the modem so that when I am blocking WAN access I can still reach the web UI of the modem and monitor SMS msgs.

Fritzbox is designed so that all attempts to directly access an IP is blocked if whitelisting is in play. IP addresses cannot be whitelisted, only URLs using FQDNs. So I did “nslookup 10.10.50.8” to get the hostname of the modem. Then I whitelisted the hostname. That does not work. The modem is still blocked.

29
submitted 8 months ago* (last edited 8 months ago) by debanqued@beehaw.org to c/politics@beehaw.org

BBC World Service was covering the US elections and gave a brief blurb to inform non-US listeners on the basic differences between republicans and democrats. They essentially said something like:

Democrats prefer a big government with a tax-and-spend culture while republicans favor minimal governance with running on a lean budget, less spending¹

That’s technically accurate enough but it seemed to reflect a right-wing bias that seems inconsistent with BBC World Service. I wouldn’t be listening to BBC if they were anything like Fox News (read: faux news). The BBC could have just as well phrased it this way:

“Democrats prefer a government that is financed well enough to ensure protection of human rights…”

It’s the same narrative but expressed with dignity. When they are speaking on behalf of a political party it’s an attack on their dignity and character to fixate on a side-effect rather than the goal and intent. A big tax-and-spend gov is not a goal of dems, it’s a means to achieve protection of human rights. It’s a means that has no effective alternative.

① Paraphrasing from what I heard over the air -- it’s not an exact quote

#BBC #BBCWorldService

1
submitted 8 months ago by debanqued@beehaw.org to c/uklaw@feddit.uk

cross-posted from: https://beehaw.org/post/12271916

Suppose a law is named something like “The Royal Decree of June 14, 2018 regulating the Distribution of Pharmaceuticals and Vitamins”. If a document needs to refer to that law more than once, it makes a mess and causes some painful reading. How should something like that with a date be abbreviated?

(note that’s a fictitious law similarly named to the law I need to reference; it’s really a question of English and law and lawyers are perhaps best equipped to answer)

[-] debanqued@beehaw.org 21 points 8 months ago

This is why I’m so disgusted every time someone says “republicans and democrats are basically the same”, which I most often hear from Europeans.

[-] debanqued@beehaw.org 7 points 8 months ago
[-] debanqued@beehaw.org 33 points 8 months ago* (last edited 8 months ago)

from the article:

Subject to the terms of this Agreement, You hereby grant to HP a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display Your non-personal data for its business purposes.

Holy shit. I wonder if HP is feeding customers’ data to an #AI machine to exploit in some way. It doesn’t even seem to be limited to what people print. HP’s software package is probably not just a printer driver. But even if it is, a driver runs in the kernel space, so IIUC there’s no limit to what data it can mine.

[-] debanqued@beehaw.org 16 points 8 months ago

First and foremost, #HP is not an option for anyone who boycotts #Israel. And even neglecting that, HP is still the least ethical of all ink suppliers.

from the article:

Prices range from $6.99 per month for a plan that includes an HP Envy printer (the current model is the 6020e) and 20 printed pages. The priciest plan includes an HP OfficeJet Pro rental and 700 printed pages for $35.99 per month.

So the 20 page deal probably reflects the consumption of most households that print. That means the cost ranges from $7—35¢ per page. You must print 20 pages to reach 35¢ pp. A library would likely charge ~5—10¢ pp flat. Print shops tend to be cheaper than libraries.

The 700 page deal amounts to $36—5¢ pp. So you have to print exactly 700 pages to get a good price. Everyone who does not print exactly 700 pages every month for a span of 2 years will get screwed.

One of the most perturbing aspects of the subscription plan is that it requires subscribers to keep their printers connected to the Internet.

Bingo. It’s not a “smart” printer, it’s a dependent printer.

20
submitted 8 months ago* (last edited 7 months ago) by debanqued@beehaw.org to c/finance@beehaw.org

For the past ~15 years I have tried for the most part to boycott:

  • American Express for being an #ALEC member (which supports #climateDenial and obstructs public healthcare, public education, immigration, gun control, etc), and for participating in the #Wikileaks donation blockade
  • Visa for pushing the #warOnCash (member of #betterThanCashAlliance.org and offering huge rewards to merchants who refuse cash), for participating in the #Wikileaks donation blockade, and for blocking Tor users from anonymously opting out of data sharing on their credit cards
  • Mastercard for pushing the #warOnCash (member of betterThanCashAlliance.org), for participating in the #Wikileaks donation blockade, and for blocking Tor users from anonymously opting out of data sharing on their credit cards

Discovercard has always been a clear lesser of evils. So Discovercard has earned the majority of my business whenever cash is not possible. But now I hear chatter that #Discovercard might merge with a shitty bank that had an embarrassing data leak by an Amazon contractor: #CapitalOne. I was disappointed when Samual Jackson promoted #CapOne. Capital One supported Trump’s Jan.6 insurrection attempt among other things.

So what’s left? JCB (Japanese) and UnionPay (China). JCB pulled out of the US like 10 years ago. People outside the US can get a #JCB card but then IIRC it uses the Discovercard network in the US and the #AmEx network in Canada.

I already favor cash whenever possible. In other cases it will be hard to choose the lesser of evils between CapOne and Mastercard.

update


Found an insightful article detailing a loophole that the fed gave to Discovercard which is why Capital One intends to buy it.

[-] debanqued@beehaw.org 13 points 8 months ago* (last edited 8 months ago)

Glad to see CFPB might be growing their balls back after Trump neutered them. When Trump was in power the CFPB took no action on complaints of unlawful conduct and seemed quite inactive.. as if to just be managing their own office (like the EPA).

[-] debanqued@beehaw.org 8 points 8 months ago* (last edited 8 months ago)

Indeed as someone who straddles two places of living I can attest to that. When living in a relatively flat city I’m cycling everywhere (on e-bike until it was stolen, then on cheap muscle bike thereafter). My other place of living is extremely hilly. Used a muscle bike and quickly said “fuck this, I’m done”. Just like the article said about hills on the trails. And since I cannot justify the cost of an e-bike in that particular place/situation, I do not cycle at all when living there. But if an e-bike had been cost effective I would be getting more exercise in that area.

[-] debanqued@beehaw.org 15 points 8 months ago* (last edited 8 months ago)

That’s a great move. Instead of trying to regulate the baddies just offer a more honest, transparent consumer-respecting option from a public service that respects people’s privacy (CFPB does not block Tor, unlike #CreditKarma and #LendingTree).

I would love it even more if they would also enable people to deselect banks they want to avoid, such as the shit banks on this list:

https://git.disroot.org/cyberMonk/liberethos_paradigm/src/branch/master/usa_banks.md

1
submitted 8 months ago by debanqued@beehaw.org to c/uklaw@feddit.uk

cross-posted from: https://beehaw.org/post/12170575

The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data.

I might expand on this more but I’m looking for information about whether this legal theory has been analyzed or tested. If anyone knows of related court opinions rulings, or even some NGO’s analysis on this topic I would greatly appreciate a reference.

#askFedi

1
submitted 8 months ago* (last edited 8 months ago) by debanqued@beehaw.org to c/gdpr@sopuli.xyz

cross-posted from: https://beehaw.org/post/12170575

The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data.

I might expand on this more but I’m looking for information about whether this legal theory has been analyzed or tested. If anyone knows of related court opinions rulings, or even some NGO’s analysis on this topic I would greatly appreciate a reference.

#askFedi

[-] debanqued@beehaw.org 7 points 8 months ago

You’re referring to anonymity, not privacy.

Anonymity is part of privacy; not a dichotomy.

[-] debanqued@beehaw.org 24 points 11 months ago* (last edited 11 months ago)

We can make some headway by pushing govs to adopt OSS. The Italians have a law “public money → public code”. The whole public sector including public schools should be switching to open source. And part of that would compel contributions of some form. Whether it’s code contributions or payment for support. People should be demanding that their tax revenue is not wasted on software that does not enrich the commons. With profit-driven corporations it’s always a game where a number of variables have to be just right for the company. But the public sector is very much overlooked.

I recently looked at a Danish university and was disgusted with what I saw. They used MS Office and Google docs, and students were pushed to use those tools. They used Matlab not GNU Octave, because that’s what they saw industry using. Schools should be leading industry, not following it.

[-] debanqued@beehaw.org 23 points 11 months ago* (last edited 5 months ago)

I’ve not been tracking them because I tend to only collect dirt on the greatest of evils. What comes to mind:

  • default search engine: Google (this is what that Google money is for officially)
  • Mozilla gave the boot to a lot of plugins and imposed some kind of control-freakish trust mechanism. Plugins/extensions were evicted from the plugin repository and they made it hard for plugin creators to distribute their plugins. I lost several very useful plugins when Mozilla took this controlling protectionist stance.
  • MAFF ditched. Mozilla abandoned a good format for archiving websites. I had a lot of content saved in *.maff files which Mozilla dropped direct support for and at the same time they blocked MAFF plugins.
  • Without Firefox, Google would be easily targeted with anti-trust actions. Google props up Mozilla just enough to be able to claim they have “competition”. Google can be most dominant when it has a crippled competitor under its influence.
  • Google killed the free world JPEG XL format. When a browser as dominant as Chrome withholds support JPEG XL, there is then no reason for web devs to use that format. Google did this because JPEG XL competes with a proprietary Google format. Firefox does not support it out of the box either, likely because of Google’s influence. Firefox users can enable it by going through some config hoops, so if Chrome alone did not kill it, that certainly would.

I vaguely recall a slew of Mozilla actions that were anti-thetical to privacy and user interests which caused me to move them from “a decent browser” to a “lesser of evils”. Hopefully others have better records of Mozilla’s history.

update May 2024


  • Mozilla uses data abuser Cloudflare for their exclusive access-restricted blog
  • Mozilla has decided to add more tracking to their browser to collect people’s search activity.
[-] debanqued@beehaw.org 7 points 1 year ago* (last edited 1 year ago)

First of all Cloudflare does not disclose to excluded communities why they are excluded. This non-transparency keeps the marginalized in the dark about both the technical criteria for exclusion and also the business reason for exclusion.

Why I personally have been excluded is irrelevant trivia. The full extent of CF’s exclusion is unknown but it’s evident that at a minimum these groups of people are excluded:

  • public libraries
  • Tor users
  • VPN users
  • CGNAT users (often poor people in impoverished regions whose ISPs have fewer IPv4 addresses to allocate than the number of users)
  • people who use scripts to access web resources (and interactive users who merely appear to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images)
  • all people with a moral objection to exposing ~20—30% of their web traffic (metadata & payloads both) to one single centralized tech giant in a country without privacy safeguards.

I personally experience exclusion by all of the above except CGNAT.

view more: next ›

debanqued

joined 2 years ago