The website makes it sound like all of the code being bespoke and "based on standards" is some kind of huge advantage but all I see is a Herculean undertaking with too few engineers and too many standards.

W3C lists 1138 separate standards currently, so if each of their three engineers implements one discrete standard every day, with no breaks/weekends/holidays, then having an alpha available that adheres to all 2024 web standards should be possible by 2026?

This is obviously also without testing but these guys are serious, senior engineers, so their code will be perfect on the first try, right?

Love the passion though, can't wait to see how this project plays out.

"If you have nothing to hide then you have nothing to fear."

Given the strong presence of the privacy community on Lemmy, I have to say that I'm a bit shocked to hear so many in these discussions chiming in to support voting transparency.

I'm on board with the idea of using ring signatures to validate the legitimacy of a vote and moderating spammers based on metadata.

Or, for something (potentially) easier to implement, aggregating vote tallies at the instance level (votes visible to your instance admin and mods) and federating the votes anonymously by instance, so you might see something like:

• lemmy.world: 9 up, 2 down
• discuss.tchncs.de: 3 up, 4 down
• Etc

Up/down votes are the method of community moderation that sets Reddit apart from many other platforms. If the Lemmy community is trying to capture some of that magic, which is good for both highlighting gems AND burying turds, radical transparency isn't the path to get there.

In fact, I'd argue that the secret ballot has already been thoroughly discussed and tested throughout history and there are plenty of legitimate examples of why it would be better if they were more secret than they are today.

Many people have brought up the idea of brigading, but would this truly get better if votes are public? Is it hard to imagine noticing that an account you generally trust has voted and matching their vote, even subconsciously?

For those who feel that they aren't able to post on Lemmy because downvotes make you feel sad, my feeling is that if you make posts in a community and they consistently get down voted to oblivion, you're in the wrong place. The people in that community don't value your contributions, and you should find another place to share them. This is the system working as intended and the mods should be thankful that such a system has been implemented.

The last point I'll make is about the potential for a chilling effect - making users less likely to interact with a post in any way due to a fear of retaliation. Look - if you're looking for a platform where all of your activity is public, those are out there. Why should we make Lemmy look just like every other platform?

Resistance seems like a bit much, can we compromise and agree it's the first sign that a Democratic senator has a pulse?

on device

scam detection

I know I'll be downvoted into oblivion as I can hardly believe I've formed this opinion myself, but tbh this is a good application for some of this AI tech.

Anecdotally, a friend of mine grew up well-off; from an immigrant family but their parents were educated and in a lucrative profession so he always went to private schools etc. Fast forward to about 10 years after all the kids moved out; the parents had divorced amicably and his mom had a sizeable retirement along with the payout she had from the divorce. In the 7 figures - she never had to worry about money.

Anywho, mom ran into some medical issues so the kids had to get involved with her finances again, as she couldn't do it herself. Turns out that over the course of months or years, mom had been getting scammed to the tune of tens of thousands of dollars at a time, to the point where she had actually taken out a mortgage on the home she previously owned outright. They're still sorting things out but the number he has tossed out in the past is ~$1.4M that got wired overseas and is just... gone now.

So yes, I probably won't turn this feature on myself, but for the tens of millions of uneducated and inept people out there, this could genuinely make a difference in avoiding some catastrophic outcomes. It certainly isn't a perfect solution, but I suspect my friend would rate it as much better than nothing, and I would argue that this falls short of being "strictly evil".

What an absolute failure of the legal system to understand the issue at hand and appropriately assign liability.

Here's an article with more context, but tl;dr the "hackers" used credential stuffing, meaning that they used username and password combos that were breached from other sites. The users were reusing weak password combinations and 23andme only had visibility into legitimate login attempts with accurate username and password combos.

Arguably 23andme should not have built out their internal data sharing service quite so broadly, but presumably many users are looking to find long lost relatives, so I understand the rationale for it.

Thus continues the long, sorrowful, swan song of the password.

Yes, all of the most advanced chip making factories are in Taiwan. It's the biggest reason that the US passed the CHIPS act and also why there is so much geopolitical tension around Taiwan.

Why did you think there was so much focus on Taiwan? Boba is great and all, but surely it doesn't merit the protection of the US Navy. 😁

Since we're all throwing random ideas out here, I want to equip my vehicle with an annoyingly loud external speaker so that when someone near me does something dumb, I can personally shame them.

It sounds like someone got ahold of a 6 year old copy of Google's risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I'd point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

Just make the retirement age enforced for elected officials too. If the average American is expected to retire at 67, shouldn't our representatives be younger than that?

Legend has it that some people spend their entire work day trying to determine if a nipple is a boy nipple or a girl nipple. Could you fucking imagine?

That is truly a superb owl

Agree that passkeys are the direction we seem to be headed, much to my chagrin.

I agree with the technical advantages. Where passkeys make me uneasy is when considering their disadvantages, which I see primarily as:

• Lack of user support for disaster recovery - let's say you have a single smartphone with your passkeys and it falls off a bridge. You'd like to replace it but you can't access any of your accounts because your passkey is tied to your phone. Now you're basically locked out of the internet until you're able to set up a new phone and sufficiently validate your identity with your identity provider and get a new passkey.
• Consolidating access to one's digital life to a small subset of identity providers. Most users will probably allow Apple/Google/etc to become the single gatekeeper to their digital identity. I know this isn't a requirement of the technology, but I've interacted with users for long enough to see where this is headed. What's the recourse for when someone uses social engineering to reset your passkey and an attacker is then able to fully assume your identity across a wide array of sites?
• What does liability look like if your identity provider is coerced into sharing your passkey? In the past this would only provide access to a single account, but with passkeys it could open the door to a collection of your personal info.

There's no silver bullet for the authentication problem, and I don't think the passkey is an exception. What the passkey does provide is relief from credential stuffing, and I'm certain that consumer-facing websites see that as a massive advantage so I expect that eventually passwords will be relegated to the tomes of history, though it will likely be quite a slow process.

So what happens if you try to sleep outside? Do the cops pick you up and bring you to a shelter where they provide a bed, meals, and a roommate named Bubba who thinks you're purdy?

Conservatives are so short sighted - this is just giving handouts with extra hands and limited humanity.

It sounds like someone got ahold of a 6 year old copy of Google's risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I'd point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

In this thread: "Biden did not have a 1-on-1 conversation with my manager that resulted in a massive raise, so I declare these statistics invalid!"

This seems to happen a lot on Lemmy, makes me miss the Economics subreddit.

I know that not everyone has had the opportunity to take classes in economics, but the amount of people who are unable to see past their own nose is incredible.

How would we prefer our leaders to make policy decisions? Should they pick a random 10 people and ask what they think, or would it be better to gather a wide range of data on the topic to build an understanding of the economic impacts for 300M+ people? I'd argue that it would be irresponsible for policymakers to ignore the aggregate statistics, but commenters in this thread seem dead set on asserting that because their personal circumstances don't follow the narrative, the statistics must be a lie.

This is the clearest explanation for Disco Elysium I've ever read, thank you.

It Takes Two is a masterpiece for co-op gameplay and is great for casual gameplay. A Way Out was made by the same studio before It Takes Two and it's easy to see where they were able to improve on the experience, but it's also a great game for local co-op.

I'm not an expert, but I have family that operates within this industry, unaffiliated with the ugly homes organization.

Tl;dr The idea is that these companies buy homes that have fallen into a state of disrepair, fix them up so that they comply with modern building safety regulations, slap on a new coat of paint, then sell the property for a profit.

Since they don't fully investigate the issues that the home has before making an offer, they make offers that are wildly lower than most valuations would indicate, which leads to the reputation of being scammy. Sometimes there are structural issues that are extremely expensive to resolve and the project is barely profitable, but in other instances there is little repair work required, and they make a big profit. Lowballing every offer ensures that they can't lose, but also means that this is rarely a good option unless you are in serious financial straits.

The vast majority of the international community does not recognise Israel's annexation of the Golan Heights.

Tl;dr Israel is illegally occupying land, and people who used to live there are...

*checks notes*

Upset about it? Weird.

If Israel has a right to defend itself, why don't their neighbors have the same rights?

D'oh, of course. Britain said it was probably fine, don't worry about it. Quick, let's all enforce the insane borders due to our historical tendency to support misguided decisions made by Britain as it's imperial power contracted and they used the opportunity to fuck over as many Muslims as possible.

As an atheist, all of this bickering over which version of Abraham's assertion of paternalistic traditions is more correct is exhausting, but if we're going to try to make a case that liberal institutions are effective, everyone needs to follow the same rules. Israel doesn't get a free pass because Britain said they were extra special that one time.

To be clear, I'm not calling for the end of Israel. They're there now and they have lots of guns so maybe don't fuck with them, BUT we can't seriously act shocked when Israeli settlers continue to illegally settle lands outside of Israel's borders and they face resistance. The behavior is abhorrent and should be condemned as such.

What, you hate teenagers or something?