[-] varsock@programming.dev 44 points 2 months ago

Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.

There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.

I don't think they have skin the in shipping game but their algorithms are over optimized that they don't even show what your searching for, but trying to infer why you're searching for it. That or whoever pays them more. Certainly a search risk

[-] varsock@programming.dev 17 points 8 months ago

At work, we started the c++ migration to rust doing the following:

  1. Identify "subsystems" in the c++ code base
  2. Identify the ingress/egress data flows into this subsystem
  3. Replace those ingress/engress interfaces with grpc for data/event sharing (we have yet to profile the performance impact of passing an object over grpc, do work on it, then pass it back)
  4. Start a rewrite of the subsystem. from c++ to rust
  5. Swap out the two subsystems and reattach at the grpc interfaces
  6. Profit in that now our code is memory safe AND decoupled

The challenge here is identifying the subsystems. If the codebase didn't have distinct boundaries for subsystems, rewrite becomes much more difficult

72
submitted 9 months ago by varsock@programming.dev to c/privacy@lemmy.ml

The article discusses the use of targeted advertising data by government agencies, particularly focusing on how a technology consultant demonstrated the security risks posed by Grindr's data to national security agencies. It highlights the widespread availability and potential surveillance applications of advertising data, as well as the government's interest in obtaining and utilizing such data for intelligence purposes.

Why is this worth the read? It goes into detail how these data exchanges work and the mechanisms of obtaining such data. We often hear about the result of these actions, but how these actions are performed are described within.

(clear your cookies to read the paywalled article)

[-] varsock@programming.dev 30 points 9 months ago

Had a distinguished collegue (from the Bell Lab days) say to me recently:

"IDEs take up a lot of RAM on my machine. Vim takes up a lot of squishy RAM in my head. I need squishy RAM to hold info relevant to problem solving, not options available in my tool chain."

[-] varsock@programming.dev 24 points 11 months ago

I'd really want to know what's driving them

likely ego

[-] varsock@programming.dev 21 points 1 year ago* (last edited 1 year ago)

The letter is a post on his own blog . Hard to distill into a summary so I recommend reading it get more context. But it seems to have boiled down to:

  • How It Was:

    • Strong adherence to the "don't be evil" ethos, focusing on societal good over profits.
    • Open, transparent communication and decision-making processes.
    • High morale, with a culture of learning from successes and failures.
    • Work focused on benefitting the web and users, rather than Google's immediate interests.
    • Collaboration and lack of internal silos, encouraging innovation and autonomy.
  • How It Is Now:

    • Shift from user-centric to Google-centric, and then to individual-centric decision making.
    • Eroded transparency and increase in organizational silos.
    • Decline in morale and a culture of distrust between employees and management.
    • Focus on short-term financial gains leading to layoffs and defensive employee behavior.
    • Lack of clear vision and leadership, resulting in confused and ineffective management.
    • Overall deterioration of Google's unique, innovative culture and values.
[-] varsock@programming.dev 17 points 1 year ago* (last edited 1 year ago)

There is a very effective approach (34:00), that big companies like cloudflare use, to ship a product in a fast and quality way. It bears parallels to what you are describing. In essence engineers should not get hung up in the details to trying to solve everything.

  1. Just build a proof of concept
  2. Discard the prototype no matter what and start from scratch keeping the initial feedback in mind
  3. Build something internally that you yourself will use
  4. Only once something is good enough and is used internally, then release it to beta.

So that tedious process in trying to flush out all the details before seeing a product (or open source effort) working end to end, might be premature before having the full picture.

[-] varsock@programming.dev 19 points 1 year ago

to add to this, id like standardization of qualification and competencies - kind of like a license so I don't have to "demonstrate" myself during interviews.

I hate being in a candidate pool that all have a degree and experience, we all go through a grueling interview process on college basics, and the "best one gets picked." Company says "our interview process works great, look at the great candidates we hire." like, duh, your candidate pool was already full of qualified engineers with degrees/experience, what did you expect to happen?

[-] varsock@programming.dev 33 points 1 year ago* (last edited 1 year ago)

I feel so powerless, so hopeless.

Bills aren't being passed by lawmakers because like many of us who care about privacy, they have not heard about the abilities of data brokers and have no visibility into how rampant and disgusting and invasive their behavior is.

Friends and family I talk to don't care. "Oh well, what are they going to do, find me personally?"

I feel if people were able to look themselves up in these databases, they would fear it as well

112
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/privacy@lemmy.ml

Below is a disturbing amount of information data brokers have ammased from buying your data from trackers in ads and apps.

"a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States.

... can access this data to trace individuals' movements—including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters"—over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged.

... target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava’s database," the FTC alleged, or "parents with different ages of children."

115

For all you USA peeps:

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

105

A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.

The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.

70
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/rust@programming.dev

The sudo-rs project improves on the security of the original sudo by:

  • Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
  • Leaving out less commonly used features so as to reduce attack surface
  • Developing an extensive test suite which even managed to find bugs in the original sudo
[-] varsock@programming.dev 23 points 1 year ago

Had a client that couldn't understand a small dataset of data. They needed "something interactive to filter and sort the data for a human to review." We suggested putting it into an excel spreadsheet, and did it for them. Customer didn't know how to use excel so we had to create a knock-off excel table GUI that had buttons labeled "filter and sort".

some people seem to have money they don't know what to do with smh

19

I have a device that reached end-of-life support and I'm burned out loading ROMs to extend it's support. Upon from my return from the trip I plan on purchasing a new device anyway, so buying one while traveling is also an option.

I'm traveling to a European Market that has stronger privacy rules GDPR and their devices must have lower SAR (regarding phone RF emissions).

Regarding RF and SAR

My carrier frequency bands in my home country are supported by European phones I'm looking at (Android and Apple). But do the phones dynamically manage the RF emission based on locale or are the limited at hardware or software?

Would purchasing the device abroad have an effect I think it does when I bring it home?

Regarding Privacy

This one is tricky, typically the account (gmail or Apple ID) is associated with the locale. If I were to create a new account and set up my device while abroad, will this have lasting effects? I have a friend who have immigrated and set their devices up abroad and their locale is still their OG country. One of them changed locales (for android) because spotify (app) wasnt available in their home country locale. So I speculate this is a solid approach if I were to do so.

I know I might have issues with availability of content (downloading from app stores). But as far as accounts go, my Spotify (and netflix if i stil had it) account is associated with my home country so I will still be able to watch shows in my locale. Being able to download the app is the limiting factor but there are ways to get around that with side loading.

So yeah, if anyone has experience with this and could call out some things I didn't consider or validate my expectations, would be appretiated.

[-] varsock@programming.dev 33 points 1 year ago* (last edited 1 year ago)

fantasize of all the ways I can hand in my resignation.

Then 3 months go by and still no offer, lower the bar and fantasize of all the ways I can hand in my resignation - but nicer

[-] varsock@programming.dev 21 points 1 year ago

A step in the right direction but until there are more robust privacy laws in place, this will not go away.

If their gov is restricted on buying from data brokers, are other governments, foreign entities?

The inherit issue is the American's data can be harvested and sold. Setting up legal restrictions toward certain entities will just cause those entities to "legally self identify" as another entity. Or do business with an entity that is allowed access to American's data.

17
304
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/programming@programming.dev

https://radar.cloudflare.com/domains

Source of this is from Matthew Prince, Co-founder & CEO of Cloudflare posted at 11:34 Jul 9,2023. It was posted to his twitter (@eastdakota). Not linking to twitter bc don't want a deadlink next time twitter makes API changes. And not to drive traffic to twitter :D

Edit: July 11th update, arstechnica published a detailed explanation

https://arstechnica.com/tech-policy/2023/07/twitter-is-tanking-amid-threads-surging-popularity-analysts-say/

[-] varsock@programming.dev 19 points 1 year ago

Not yet. The rumors are confirmed by Meta reaching out to a Mastadon admin, Kev, from fosstadon.org. He kindly made public the email.

Mail from Meta to Kev, from fosstadon.org, and reply

108

I am not one for policies restricting choice but I fear the situation where Meta sets up instances that become big, say like Lemmy.world. Then one day when their instance is popular, they decide to charge other instances to federate with Meta's instances.

Big corps like YouTube, twitter, Meta, etc are known to offer services at a loss to grow their service and then drop the hammer and demand payment to use what people already rely on.

I feel a policy that prevents federated corp instance from profiting early on from FOSS, self hosted, and volunteer federated servers is something to think about - though I do not know the best approach.

I like what Open Source software does with their licensing approach where you are free to view, use, and contribute but if you take you must distribute the source code to others. Some outright ban usage for profit without a license.

Obviously licensing applies well for software to prevent abuse, and I would like a discussion about what Terms of Use policies can prevent volunteer work from being abused - if any are desired.



see the following cross-post from: https://programming.dev/post/427323

Should programming.dev defederate from Meta if they implement ActivityPub?

I'm not suggesting anything, just want to know what do you think.

Here is a link if someone don't know what Meta's Threads is: https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/

1

With all the strengths and shortcomings of Chat-GPT, I wanted to share one consistent strength I found it has when working with regex.

  • You can ask it to generate regex patterns for known and custom things.
    • If you are skeptical it is correct (like me), you can ask it to break down the pattern and inspect why the decisions were made. If I don't understand some fields, I type up a quick test and make sure it covers all edge cases.
  • And my personal favorite, you can paste a regex and ask it to tell you what it matches to. No more writing regex and forgetting what they are for!

I don't always have the opportunity to use regex when I work and would shy away from it because it can become illegible, but now that it is so easy I find I am slapping it everywhere and I cutting down on logic when sanitizing inputs/data. The bonus is now that I'm using it more, I am becoming less reliant on having it be generated for me.

1

I want to discuss a topic, say a recent event like "Google Search will omit links to Canadian news sites in Canada". So I find communities where that topic might appear but I cannot search the contents of a community to see if that thread exists.

Has anyone figured out good approaches to searching in Lemmy? I mostly use mobile apps like Jeroba or Liftoff so my experience is limited to them.

1
submitted 1 year ago* (last edited 1 year ago) by varsock@programming.dev to c/no_stupid_questions@programming.dev

I'm still getting the hang of Lemmy and federated services.

I'm browsing the programming.dev instandce in the Liftoff app and I can choose to view:

  1. my subscribed communities on the server (currently none)
  2. Local communities on the server
  3. All (?)

I know All is not "all communities on Lemmy" but what perplexes me is I can see posts from another community that is hosted on a different server and it appears because it is "via programming.dev".

At first I thought it was because a user registered on " programming.dev " posted on another instance but I opened my eyes and saw the user's origin is no way related.

Any ideas?

EDIT:

After reading all the comments I’m pretty sure “via programming.dev” should read in the context of the post as !community@instance is known via programming.dev instance. I guess it makes it explicit which “all” I am browsing if I pick up browsing where I left off and forget I am not in the “all local”.

At this point I have only seen this on the Liftoff App for Lemmy but still trying other. Must be in the metadata and Liftoff decided to display it.

view more: next ›

varsock

joined 1 year ago