I hope you didn’t literally use XOR

It's XOR(key, block) with IV and chaining: https://github.com/RommieEcho/qrcatalyst-open/blob/main/src/routes/anon/XORCipher.js

Since it's chained at the byte level, you can strip it out by just XORing each byte against all following bytes. Then the IV can be XORed out of the first block, at which point you have just a series of XOR(key, plaintext) blocks that can be attacked with conventional methods.

Isn't that a classic corporate raid technique? Sell the company's assets to you or an organization you control, then lease them back to the original owners.

This isn't just about teens - the article shows that every age under 45 is less happy, and - excluding a brief bump in the late 20s - people just keep getting unhappy as they get older. There's no "it gets better" age to look forward to.

From the Privacy Policy:

Your Location

When you create an account, we ask you to share your location with us through the App in order to use all features. We use your location to determine your distance from other users and to help you find personals and missed connections in your area. We collect this information automatically by collecting your Internet Protocol address and your Unique Device ID. It is possible to opt out of sharing your location at sign up, but app functionality is limited.

yeah, don't use this app.

I have concerns about this site, tbh. I can't find anything overtly wrong, but a few things stand out:

• Unclear focus / purpose. (is this for dating? social interaction? both?)
• App-only model, but with a read-only webview for some reason. (Why would you do this, except to allow anonymous scraping and/or collect extra data?)
• Supposedly built by a solo trans person, who somehow has resources to create a website and two separate apps.
• Includes an iOS app, which has hurdles that few indies are able to deal with.
• Closed-source, no clear ownership or transparency.
• App collects location data, according to Google.

It could just be my paranoia speaking, but I'd advise against using this. It feels like a honeypot or some kind of trap.

That's not entirely true. Practice is important, but homework actually has a negative impact on learning: https://hachyderm.io/@Impossible_PhD/112969358305278574

In my experience, the larger threadiverse instances have gradually collected the worst ex-redditors, who have brought the worst of reddit's culture. I'm unfortunately not surprised that lemmy.world has queerphobic mods, given how the users behave. 😕

My product manager is doing the opposite - pushing us to replace "bandwidth" and "effort" with "time". We're now expected to provide an accurate hour estimate for all work items, projects, and bugs. Getting it done later or sooner is penalized on the metrics.

There's a limited pool of random inputs, so it's possible to collect them all with enough input samples. In the past, the creator has asked people not to upload their input file because there are bots that scrape GitHub looking for the inputs.

Thanks for the reminder! I almost forgot to set up my repo. 🤦‍♀️ I'll be publishing my solutions on GitHub for anyone interested. This year I finally got around to restructuring things to keep the input files out of git, so I won't have to feel guilty about leaking the problem inputs.

I agree that this is nothing to panic over, but I want to clarify that Lemmy is not safe from this. Lemmy and Mastodon both use the same protocol (ActivityPub) and that's also the protocol that Threads will use to federate. Just as Mastodon users can like, boost, and reply to Lemmy threads / comments, Threads users will be able to do the same. That's why it's important to defederate Threads on all ActivityPub-enabled instances.

it’s all people getting mad on behalf of their instances when everybody behind the scenes is chill and understands!

I think that's becoming A Thing ™️ on the fediverse recently. I've seen this exact scenario play out on the microblogging side more than once.