re: EU_politics + encryption + privacy
On the other hand, people supporting the rejection of 12143/1/20 REV 1 should also think about supporting the Reclaim Your Face ECI, which seeks to ban biometric mass surveillance (i.e., invasive surveillance in the physical space, as opposed to invasive surveillance in the virtual space by limiting encryption), provided they are comfortable providing the requisite personal details to the ECI.
re: EU_politics + encryption + privacy
It makes sense that the nationality is required _if_ this is for petitions to the EU Parliament from EU citizens only. It's also conceivable that one would lose/gain nationality of an EU country, so allowing it to be edited also makes sense.
There's of course the much broader question about democracy whether it's acceptable to restrict participation to EU citizens, or should residents, or even everyone potentially affected by a decision be able to tell their opinion.
re: EU_politics + encryption + privacy
EU_politics + encryption + privacy
The EU Council has approved a resolution to undermine encrypted communications for EU citicens:
https://data.consilium.europa.eu/doc/document/ST-13084-2020-REV-1/en/pdf
A petition to declining this resolution and to keep citicens' privacy is online at the EU parliament:
https://www.europarl.europa.eu/petitions/en/petition/content/1222%252F2020/html/Keep+Encryption
As of today at 14:59 CET this petition has been signed by 15 supporters
----------------------------------------------------------
I'm now pretty happy with where I am with blocking javascript as a default, the web is usable again :)
https://wordsmith.social/sotolf/surfing-with-javascript-blocked
I see you can explicitly delete the cache entry in CommonJS, but I'm wondering whether ESM supports anything like that. (Although I guess with your 227 MB dataset, memory leaks would be pretty apparent.)
Created new profiles for ungoogled-chromium, Firefox and Pale Moon with separate data and cache directories. Then I contained them with new firejail profiles that don’t have internet access but can see localhost (my usual profiles don’t have access to localhost and the local network). I styled Firefox and Pale Moon with chrome/userChrome.css and $XDG_CONFIG_HOME/gtk-3.0/gtk.css to have dimensions as close to ungoogled-chromium as possible (I can’t easily style Chromium, so this was the best option).
Now it’s only a matter of setting the dev console to the exactly same width in the three browsers and I can easily cycle between them to check rendering quirks.
#webdev #css
Sadly, I'm only 2/5 out of this: tiling vm (sway) and arch. Although maybe having a custom script that remaps a bunch key events (to create a multi-language layout and macros for sway) counts as a weird keyboard layout? My colleagues probably aren't able to type on it, at least. 😄 Also, I was trying to learn Colemak, but haven't managed yet.
A split keyboard sounds nice for programming! But I'm afraid it'd be quite annoying for drawing things (one hand on mouse/stylus, other hand for hotkeys). Maybe having one with lots of buttons on the left side that can be remapped would help? But that kinda defeats the purpose of having it split.
https://github.com/w3c/webappsec-subresource-integrity/issues/40
While straight up injecting unauthenticated JS code is of course easier to exploit, font rendering is a big can of worms and arbitrary code execution with carefully crafted web fonts wasn't unprecedented (although, fortunately, modern browsers have much better sandboxes than IE circa 2011).
https://yomuds.blogspot.com/2012/11/cve-2011-3402-and-cool-exploit-kit_28.html
https://cve.circl.lu/cve/CVE-2011-3402
Very interesting, I didn’t realise that subresource integrity was entirely missing from the ESM spec. So what this would mean is that, with ESM, any code loaded from any CDN could contain a potential government backdoor. How is this not a bigger issue?
https://github.com/skypackjs/skypack-cdn/issues/135
(I’m saying a government backdoor because it would most likely take a state-level actor to force a CDN company to do that but it could, of course, be a disgruntled employee or cracker.)
@robby @Novimatrem Crazy idea: periodically kill any process with --type=renderer in its command line 😄.
Pros: surely makes any Electron instance useless.
Con: also makes any Chromium instance useless. But I’d count that as a pro for browser diversity.
(Disclaimer: that’s a useful way to find rogue Electron instances. But killing them outright is probably counter-productive.)
@victoria Thanks, this is pretty cool! I was wanting to set up Dendrite on my VPS, but never got my head around the configuration.
I gather from this that Dendrite needs its own TLS certs (and it’s not enough to put a TLS reverse proxy in front of it). Or you’re using a different (self-signed) TLS cert in Dendrite, and one from Let’s Encrypt for Nginx?
Is there an unjetbrainsed-intellij-idea? Most of our students prefer IntelliJ over Eclipse, but I’m not that comfortable normalizing it by depicting it in learning materials — it’s way too close to being proprietary software for my taste. Plus, it does weird stuff like auto-downloading Amazon Corretto instead of using the perfectly good OpenJDK I installed in the course virtual machine 🙄.
university, plague
For those who don't know what happened, see this: https://github.com/net4people/bbs/issues/63 (Archive: https://web.archive.org/web/20210209133109/https://github.com/net4people/bbs/issues/63).
@kura @mangeurdenuage Firefox is definitely better than anything chromium based. It's the last independent browser. If Firefox dies, Google would have full control over the web. So keep supporting Firefox