HackerLangs
TopNewTrendsCommentsPastAskShowJobs

SahAssar

6,761 karmajoined há 12 anos

comments

SahAssar
·há 9 horas·discuss
Yes, it's wrong. But we have also agreed to all be wrong in the same way. Except during the specific day that we are wrong in different ways.

Correction: We are mostly right, most of the time, but wrong in ways most people don't notice except if they try to talk while everyone is wrong.

Clarification: Human perception of time is not understandable, and the machine abstraction even less so.
SahAssar
·há 3 dias·discuss
The parent said "2/3 of US installs are on non-phones (waydroid, nintendo switch, rpi, etc)", you responded with "Some Waydroid installations are on phones". My response to you was about the vast majority of waydroid installs tracked here are highly unlikely to be on phones due to the CPU architecture.
SahAssar
·há 3 dias·discuss
Is that really running x86_64?
SahAssar
·há 3 dias·discuss
Are we seeing different stats? Clearly x86_64 is the vast majority of waydroid installs.

    waydroid_x86_64         181015
    waydroid_arm64          8718
    waydroid_tv_x86_64      3200
    waydroid_x86            1215
    waydroid_arm64_only     914
    waydroid_car_arm64_only 69
    ---
    usa_total               337390
SahAssar
·há 3 dias·discuss
Right, but that would still not be x86_64 except on very uncommon phones. Look at the stats:

    waydroid_x86_64         181015
    waydroid_arm64          8718
    waydroid_tv_x86_64      3200
    waydroid_x86            1215
    waydroid_arm64_only     914
    waydroid_car_arm64_only 69
    ---
    usa_total               337390
SahAssar
·há 3 dias·discuss
Is it this one? https://www.youtube.com/watch?v=aGOmzQbRT_E
SahAssar
·há 3 dias·discuss
Given how uncommon x86 phones are (a few asus, lenovo, etc. that did not sell well) I think it's clear the vast majority of waydroid_x86_64 are not phones, right?
SahAssar
·há 3 dias·discuss
> But I don’t think I would want to create a real database user for every version of the app.

Why not? Database users are (usually) not expensive, and with groups you can give access to a group you just add the user to.

Adding this logic to the connection pooler seems more complicated.
SahAssar
·há 6 dias·discuss
On these you usually can't reject them. It says

> Data processing by advertising providers including personalised advertising with profiling (Consent required for free use)
SahAssar
·há 8 dias·discuss
Yeah, boring implies that it is predictable, proven and mostly unchanging. In software those almost always come with age.
SahAssar
·há 11 dias·discuss
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".

---

To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:

A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)

B) Automated domain validation in a standardized way (ACME)

C) Long term commitments of sponsorships to ensure people could trust it would stick around

---

I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
SahAssar
·há 11 dias·discuss
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.

Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
SahAssar
·há 11 dias·discuss
> Think of it as a similar model to ISRG and LetsEncrypt.

In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?

> rule of one person per subdomain

What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
SahAssar
·há 12 dias·discuss
The screenshot clearly says "NOTICE TYPE: DMCA".
SahAssar
·há 20 dias·discuss
> assuming we're talking just about "safe" Methods

That's a pretty big assumption. Any decent webdev should not let GET/HEAD/OPTIONS modify state (joining a meeting is changing state) and additionally PUT/DELETE should also be idempotent.

POST with JSON (or other non-form formats) api's should also have it's content-type header checked (text/plain forms can send a JSON body but the content-type will be text/plain). PUT/PATCH/DELETE and POST with a non-form content-type (application/x-www-form-urlencoded, multipart/form-data, or text/plain) will trigger a preflight so that CORS is properly checked before the actual request reaches the server.
SahAssar
·há 29 dias·discuss
Rolling release has nothing to do with this. It could just as well be a PPA in ubuntu or any deb repo for debian or similar.
SahAssar
·há 29 dias·discuss
> The current installation shall already contain one (or more) public keys that it trusts for updates

The current installation was fetched via HTTPS, right? Either by you or in the factory.

Just saying the "bootstrapping already happened" does not make it not happen. It still needs to bootstrap trust from somewhere
SahAssar
·há 29 dias·discuss
Those have been broken again and again. Even if not, how do you distribute the public keys for it, how do you bootstrap that trust?
SahAssar
·há 29 dias·discuss
> someone compromises the webserver

Sure, but that's true for 99% of things. Unless you establish trust outside of the normal distribution channel how would you protect against this? What is your proposed channel that is not bootstrapped from HTTPS PKI?
SahAssar
·há 30 dias·discuss
Yes. Or you can license it for specific purposes. But in general open data refers to data that is open to use by anyone, for any purpose, without restrictions except in some cases attribution.