• 2 Posts
  • 104 Comments
Joined 2Y ago
cake
Cake day: Jan 21, 2021

help-circle
rss

I don’t use bookmarks often but I really use them just like a prioritized browser history. If I know that I might want to visit a page again I bookmark it, maybe add some keywords, then pull it up by typing in the URL bar. The point of the bookmark is mostly to ensure that is is synced to all devices and ranks with a high priority. However another benefit is for websites with hard-to-understand URLs the bookmark icon can indicate that this is the one that I want.


I don’t know if I see that as a technicality. I see that as an important aspect of how abolishing copyright would work. I’m curious how this would be managed, is there a new law that all non-personal information is to be made public and freely available?

To me abolishing copyright and making all information public are very different things although obviously have some similarities.


Copyleft can also attempt to avoid keeping software secret. Abolishing copyright would just make proprietary software into a trade secret while now being able to use GPL or AGPL code freely.


FOSS is a copyright hack with the ultimate goal to abolish copyright

I don’t think this is a universal opinion. Otherwise copyleft and attribution licenses wouldn’t be used. It is clear that some people see value in having some control over their software.


Note that it isn’t the algorithm that is copyrighted. Algorithms are not copyrightable IIUC. It is the way the code is written that is “art” and copywritable. If this code was actually re-written using the same algorithm it would be fine. Much like you can own a recipe text but not the actual ingredients and steps of a recipe itself.

Of course you can still disagree. But I think that software is a creative endeavor and I think it is beneficial to provide some control to the author.

I do agree that software patents are generally harmful. There would maybe be some value to encouraging development and sharing of algorithms or techniques but I think the time frame would need to be much shorter (5y max maybe?) and in practice we have seen that most usage of software patents are not valuable to society and many software innovations are released in research journals for free anyways, so the best option is probably just to scrap the idea.


There are examples of it outputting entire complex algorithms that are definitely copyrightable and reasonable to be copyrighted. A recent example is https://twitter.com/docsparse/status/1581461734665367554.

I think copyright can be absurd, and I think it needs to be cut back in a lot of ways. But I think some amount of copyright makes sense and GitHub Copilot sometimes violates what I see as morally correct.


Personally I don’t have any problem with it being trained on copyrighted code. I also think that much of the code produced by GitHub Copilot is “original” and free from copyright. However there are many examples of cases where it spits out verbatim or near-identical copies of copyrighted code. It is clear to me that the code in these cases is still owned by the original owner.

It is identical to human learning. I can read and learn from copyrighted code and write my own code with that newfound knowledge. However if I memorize and re-write code it doesn’t magically make it mine.


I don’t know about illegal but they should be forced to prominently advertise their security update lifetime. Sort of like energy labels are put onto household appliances or nutrition labels are put onto food.


Yes, you need to download all transitive dependencies.

But this isn’t dependency hell, it is just tedious. Dependency Hell is when your dependency tree requires two (or more) version of a single package so that not all of the dependencies can be satisfied.


I don’t remember that working but I haven’t used Debian in years so it could be.


apt is the tool for downloading packages. So if you don’t have internet access apt won’t be very useful.

The command to install packages on debian is dpkg. So if you download a Debian package (usually named *.deb) you can install it with dpkg -i $pkg as long as you have the dependencies installed. Of course you can also install the dependencies this way, so just make sure that you bring the package and all packages that it depends on to the target machine.


That just seems to be about granting an app access to all keys, which is not quite the same as per-app keys.

I know that macOS has this for sandboxed apps from the app store, maybe they have it for “sideloaded” apps as well but at least most OSes don’t have that. At least for Windows and Linux there isn’t a good way to identify an “app” to separate it from any other. My macOS knowledge is rusty but IIRC you install apps in a system-owned directory and apps only have permission to update themselves so maybe you could use the application path as a key, but the other listed affected OSes don’t have that.


Do you have links to “set up properly”. The problem is that for most systems other than maybe some of the “app store” type setups the OS has not concept of “application”. The credentials are just the user and that is the same for all unsandboxed apps.



But the malicious npm package can just read whatever key the app reads then decrypt the values. They are running with the same permission.

The only thing that really improves this is per-app sandboxing but if you are sandboxing the app then it shouldn’t be able to read any arbitrary files out of your home directly anyways.

Keychains are an improvement but not much. 99% of users will just unlock the keychain upon login so it doesn’t really provide much benefit. Unsandboxed apps are indistinguishable to the keyring daemon so they can just request one anothers’ keys. (Maybe windows or mac has some codesigning magic so that the keyring daemon knows the identity of the app at a finer grain than the user level? but at this point we are really just back to sandboxed apps).

Basically there is nearly no point to most apps to doing anything special to store sensitive files. If your app is secure enough that the user will be happy to unlock the keychain on every app launch sure. But that is a nearly non-existent use case. In general the OS should just provide secure storage as the default. For sandboxed apps they won’t have access to each others storage unless explicitly granted, for non-sandboxed apps there isn’t much you can do besides obscurity.



I don’t get it. Of course the app stores these in cleartext, the app needs to access them to login. Sure it could encrypt it but that is just obscurity, the key would have to be stored to somewhere the app has access to for it to use the tokens.

The article doesn’t seem to say that these were world-readable or otherwise visible to other users. So this seems like mostly a non-story. Use full disk encryption and you’ll be fine.


I’d be surprised if the devs were against it. Probably just that no one has done it yet.


Communities have RSS feeds of posts. You should just be able to paste the channel URL (such as https://lemmy.ml/c/asklemmy) into your reader. (If your reader doesn’t support auto-discovery there is a feed icon on the channel page).

There are also user feeds. There don’t appear to be feeds for comments on a post or searches but maybe we can see those some day.


It’s a nice sunny day after a few days of thunderstorm. Have a busy day at work but the job is interesting enough. After work looking forward to working on my own stuff.