cultural reviewer and dabbler in stylistic premonitions

  • 69 Posts
  • 334 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle
  • Arthur Besse@lemmy.mltoAsklemmy@lemmy.ml*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    3 days ago

    The primary purpose of those buttons is of course to let those sites track everyone’s browsing activity across every site that uses them, which does not require that anyone ever click on them.

    Even if less than 0.0001% of people click them, anyone with an SEO/spammer “grindset” will assure site operators that the potential benefit of someone sharing a link they otherwise wouldn’t have is still at least theoretically non-zero. And, since there is absolutely no cost at all besides an acceptable number of extra milliseconds per pageload, really, it would be downright irresponsible not to have them there!



  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlWhat was Linux like in the 90s
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    6 days ago

    encryption would prevent the modem from seeing it when someone sends it, but such a short string will inevitably appear once in a while in ciphertext too. so, it would actually make it disconnect at random times instead :)

    (edit: actually at seven bytes i guess it would only occur once in every 72PB on average…)













  • as a mod/admin, i would appreciate being able to edit post titles. there have been a fair number of times where i asked a poster to do so, and then waited a while for them to before deleting the post if they don’t.

    and/or, it would be nice to have a way for us to temporarily semi-delete a post while waiting for OP to make requested changes to it; that is, to hide it from the community view but leave it visible to people with the URL, or people who find it via the user profiles of the poster or commenters in it.

    editing titles would be awkward without an edit history or, at the least, a way to see that some 2nd party had edited it, and editing post bodies would be even more so. but it would make sense and be useful with an edit history, i think.

    i would also appreciate having content addressability, portable identity, composable moderation, and… perhaps a pony 😂




  • Arthur Besse@lemmy.mlMtoLinux@lemmy.mlA good e-mail client for linux?
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    29 days ago

    still of Obi-wan Kenobi in Star Wars with subtitle "Now, that's a name I've not heard in a long time. A long time."

    At first i thought, wow, cool they’re still developing that? Doing a release or two a year, i see.

    I used to use it long ago, and was pretty happy with it.

    But looking closer now, what is going on with security there?! Sorry to be the bearer of probably bad news, but... 😬

    The only three CVEs in their changelog are from 2007, 2010, and 2014, and none are specific to claws.

    Does that mean they haven’t had any exploitable bugs? That seems extremely unlikely for a program written in C with the complexity that being an email client requires.

    All of the recent changelog entries which sound like possibly-security-relevant bugs have seven-digit numbers prefixed with “CID”, whereas the other bugs have four-digit bug numbers corresponding to entries in their bugzilla.

    After a few minutes of searching, I have failed to figure out what “CID” means, or indeed to find any reference to these numbers outside of claws commit messages and release announcements. In any case, from the types of bugs which have these numbers instead of bugzilla entries, it seems to be the designation they are using for security bugs.

    The effect of failing to register CVEs and issue security advisories is that downstream distributors of claws (such as the Linux distributions which the project’s website recommends installing it from) do not patch these issues.

    For instance, claws is included in Debian stable and three currently-supported LTS releases of Ubuntu - which are places where users could be receiving security updates if the project registered CVEs, but are not since they don’t.

    Even if you get claws from a rolling release distro, or build the latest release yourself, it looks like you’d still be lagging substantially on likely-security-relevant updates: there have actually been numerous commits containing CID numbers in the month since the last release.

    If the claws developers happen to read this: thanks for writing free software, but: please update your FAQ to explain these CID numbers, and start issuing security advisories and/or registering CVEs when appropriate so that your distributors will ship security updates to your users!