hello

  • 59 Posts
  • 157 Comments
Joined 5M ago
cake
Cake day: Jan 17, 2022

help-circle
rss

I had to do a double take on the date to make sure this wasn’t a story from a year ago, when bitcoin difficulty actually did fall almost 50%.

Now I see the headline says “bitcoin” but the article’s “decreased by 50%” claim is actually talking about a nebulous collection of things they call “the largest cryptocurrency networks”. But, when it comes to bitcoin specifically, this article is still just factually incorrect, stating:

“The electricity consumption of the bitcoin network has fallen by a third from its high of 11 June”

It only takes a moment of looking at difficulty charts on any website to see that the all-time high was actually 11 May (when the difficulty hit 31.25 T) and as of yesterday it is now down to 29.57 T, for a decrease of 5.3%.

The interesting story here is that for the last year (since last summer’s actually-almost-50% difficulty drop from 25 T to 13.6 T, which came soon after the price dropped and then rapidly turned back around along with it) the difficulty has continued to rise despite the price falling again. The fact that the difficulty climb has finally slowed (it’s gone down twice and up once since the 11 May peak) is unsurprising - what is surprising is that it didn’t do it sooner.



lmao the ISS is literally the least self-sufficient place anywhere in the universe where humans currently live



if you live in a GDPR country, consider filing a complaint with your local data protection authority


i think DDG is hosted on AWS

not that it makes much difference but the DDG domains i just checked are currently pointing at Microsoft-owned IP addresses


Can anyone shed any light on what the impetus to this letter was? It very much reads like it must be in response to something specific having been widely distributed prematurely, but doesn’t say what it is/was.



In theory I think you can:

  1. put a peer tube video URL in the search box here
  2. wait a moment for lemmy to fetch the video page
  3. comment on the resulting lemmy page for the video
  4. your comment should appear on peertube

However, I just tried it with this video (that instance is running peertube 4.2.0, which is required for some features according to the lemmy release notes) and my comment here has not yet appeared on peertube (nor are the four existing comments on that video appearing on lemmy, nor is the one other video on that channel appearing on the lemmy page for that channel).


currently trying to figure out how to build a linux image for it 🤷‍♀️

https://github.com/skiffos/skiffos already has support for two other riscv boards; maybe adding support to it for this one wouldn’t be too hard?


see my other comment in this thread, it can translate offline now


The current link in this post goes to a year-old story about the online translation feature… here is the same site’s coverage of this week’s news - which is that there is now offline translation support: https://www.ghacks.net/2022/05/30/firefox-translations-firefoxs-offline-translate-feature-is-making-progress/ (i assume this is what OP actually meant to post). (edit: OP fixed the post’s link)

Here is a web page that loads their wasm translation engline and does the actual translation offline (and it does work in the stable release of Firefox). It’s irritating that the extension still requires a nightly firefox build, as I’d like to use it in my daily browsing but I don’t want to use nightly all the time.


There are a small number of apps that have legitimate reasons for background location access, like OsmAnd which is very nice for making GPX tracks (in an offline, privacy-respecting way). But yeah “foreground location” and “background location” should be different permissions, and really, why should that app even run in the background?

(note: OsmAnd should be installed from f-droid to get the unrestricted free software version; the version in google play hilariously requires you to pay for the ability to download more than a few maps 🤣 )




on the website it sounds like it’s opt-in (via participating sites’ GDPR cookie popups), and it’s a new thing from a major european carrier, so i assume it was designed with GDPR compliance in mind.

(tag yourself; i’m the consenting laptop user sitting on the radio waves)



i lol’d at the comically large shadows in this one (“BaZik”):


Oh yeah, for sure. As Paul Delaroche famously [might or might not have] said: La peinture est morte, à dater de ce jour!


the article doesn't mention that an expired certificate is the cause, but that is credibly claimed on twitter here: https://nitter.net/jwildeboer/status/1530227390286290944
fedilink



do you think most brave users know or care what BAT is? i suspect not.



also via HN i just found https://videomentions.com/search which does it for youtube channels.

I still haven’t found something that can search a private offline video+subs library, though.



glancing at their website and whitepaper:

  • they encrypt your “master key” using a password (via PBKDF2 with 200,000 rounds of sha512). this means they can do an offline brute force attack on your passphrase and will eventually be able to see all of your files.

  • because it is browser-based, you’re trusting it to continue delivering you legit javascript every time you use it. if the server is ever compromised, they don’t need to brute force passwords: attackers could see a user’s files the next time they login by just sending them some slightly different javascript and waiting for them to type in their password. (note that the whole purpose of encrypting your files before sending them is because you should assume the server will be compromised. if you trust that it won’t be, why would you bother with encryption?)

  • they use email addresses as account IDs, making it easy for attackers who have compromised the server to know who they might want to target

  • they are hosted at hetzner, a well-known cheap german web host not exactly known for their security

  • the offer “10GB free for life” which is obviously not sustainable. (to claim to offer such a thing makes them either liars or fools.)

this concludes my 2 minute review. tldr: i recommend against using this service.


downloadable binaries are how the overwhelming majority of currently-running programs got distributed; it isn’t merely a convenience, it is the status quo. (and, I don’t think that should change - it would be a waste of time and energy for everyone to run source-based distributions and need to compile everything themselves. i just wish the binaries were reproducible so that we didn’t need to rely on build infrastructure remaining honest!)




Why aren't non-reproducibly-built binaries of GPL-licensed software considered undistributable?
cross-posted from: https://lemmy.ml/post/274345 > Reading the rather disturbing (albeit refreshingly honest, compared to some other distros) [answer to the FAQ "Can Slackware be recompiled from scratch?"](https://docs.slackware.com/slackware:faq#can_slackware_be_recompiled_from_scratch) got me wondering... > > GPLv3 says: > > The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. > > GPLv2 says something similar: > > The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. > > In the absence of [reproducible builds](https://en.wikipedia.org/wiki/Reproducible_builds), how is it actually legal for third parties (not the copyright holder) to distribute binaries of GPL-licensed software? > > Even if I have the corresponding source code and precisely the same build environment that the distributor built a binary with, if the build process is not reproducible then I cannot actually ***generate*** precisely the same copyrighted ***work in object code form*** which I've received. > > The GPL doesn't seem to say anything about how distributing source code and build scripts which can generate a different-but-effectively-equivalent(-but-not-easily-verifiably-so) binary being sufficient to comply with the source code requirement. > > So, how is distributing these binaries not copyright infringement? > > (Obviously in practice everyone agrees that it is OK to distribute non-reproducible binaries, since most everyone does it, but the answer "the entire free software community just seems to agree that slightly violating the GPL is OK because reproducible builds are too much work" is pretty unsatisfying.)
fedilink

Why aren't non-reproducibly-built binaries of GPL-licensed software considered undistributable?
Reading the rather disturbing (albeit refreshingly honest, compared to some other distros) [answer to the FAQ "Can Slackware be recompiled from scratch?"](https://docs.slackware.com/slackware:faq#can_slackware_be_recompiled_from_scratch) got me wondering... GPLv3 says: > The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. GPLv2 says something similar: > The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. In the absence of [reproducible builds](https://en.wikipedia.org/wiki/Reproducible_builds), how is it actually legal for third parties (not the copyright holder) to distribute binaries of GPL-licensed software? Even if I have the corresponding source code and precisely the same build environment that the distributor built a binary with, if the build process is not reproducible then I cannot actually ***generate*** precisely the same copyrighted ***work in object code form*** which I've received. The GPL doesn't seem to say anything about how distributing source code and build scripts which can generate a different-but-effectively-equivalent(-but-not-easily-verifiably-so) binary being sufficient to comply with the source code requirement. So, how is distributing these binaries not copyright infringement? (Obviously in practice everyone agrees that it is OK to distribute non-reproducible binaries, since most everyone does it, but the answer "the entire free software community just seems to agree that slightly violating the GPL is OK because reproducible builds are too much work" is pretty unsatisfying.)
fedilink



via https://news.ycombinator.com/item?id=31351013
fedilink

via https://news.ycombinator.com/item?id=30911598
fedilink