Melody Fwygon

  • 0 Posts
  • 134 Comments
Joined 2 years ago
cake
Cake day: June 1st, 2023

help-circle
  • Given the absurd number of sites that require a login for no discernible security reason at all whatsoever; I get it.

    A “Common” password makes sense. This password should never be used to log into or protect anything secure however.

    Similarly a “Common” password might be used to enable login more easily from certain devices; but ideally this “temporary” password should probably be something that is, yet again, different from the first “Common” password you use.

    It boggles my mind that someone like this isn’t at least using a specific passphrase for secure work accounts only.

    While I can personally understand a need for some password reuse across multiple domains; at least there should be some separation of larger “superdomains” such as “work”, “personal” and “throwaway” so that breaches don’t have such a catastrophic impact.

    A system of generating secure, unrelated but memorable phrases (for you) for those times you can’t carry or use a password manager is frequently essential. That way you can recall the password on the fly when it is asked of you; all you need to do is think about the unrelated thing you attached that information to.


  • Good idea; bad execution.

    If they think for a minute that Trump won’t order his goons to arrest people doing this; they’re being careless.

    Instead of a bullhorn; a private message blast out to any interested parties would suffice; ideally via a secure Signal group chat or something similar. A phone tree being set into motion could work too; ringing phones; as could an SMS trigger an alert to all neighborhood residents.

    All that said; it’s good that they’re basically warning folks of federal agents snooping around. There’s no reason to let them get away with it casually during this Administration; if they want to illegally investigate immigrants, make it hard on them. Document everything.


  • This is mostly useless to me; I already enforce all tabs into unique containers to isolate browsing and website contexts from one another; while still allowing me to make exceptions to the rule and “unbreak” things if that’s causing an issue, but still keeping things isolated from the rest of the browsing.

    As for Tab Management; I use two windows and a plugin; Tab Stash Plus; which collapses tabs I stash into a bookmark.

    Every so often when I reach a critical mass of tabs I personally go through them and play “Keep/Toss” with more odds on Toss. Only useful tabs get stashed and are then searchable from the plugin.

    In general; since this feature now presents a possibility of an extremely UNWANTED AI integration I will be setting the config to off and leaving it off…using a relevant config policy tool or plugin to enforce this to off if needed. I hate AI features that I didn’t ask for and this one definitely doesn’t seem like it’s going to be helpful nor compatible with my current workflow.



  • No; it’s not inarguable.

    I do feel that some minor limitations around social media should exist; such as hours of the day you may not be allowed to read or post; but they should be simple age-gates created to privately verify a person’s age via a simple SSO/OAuth style token. If you can’t authenticate against some privacy respecting identity proving entity you probably aren’t old enough and any account(s) you create would be limited.

    Not all social media needs to be age-gated either; but social networks could be forced by law to avoid monetizing your account or habits at all if you don’t willingly identify. (and by doing so; also CONSENT TO THIS MONETIZATION) In short; if you are not verified they’re required to assume you are a child and handle your data as such…with utmost respect to your privacy.


  • All that being said; I’m going to be watching carefully.

    I still think they have time to backpedal, make it right, and clarify. I don’t permit my installations to talk to their data collection services anyways; via network policies. I have no problem tightening those screws and forcefully disabling their telemetry in other ways as well.

    If I have to migrate; well; I already have LibreWolf installed. I might try a few other forks next; to see which ones ‘just work’ with the web properly to protect my privacy while still allowing all websites to work properly as intended so long as I give that website appropriate permissions as I see fit.


  • I don’t believe that anyone misunderstood the wording.

    The problem lies within the broad meaning of the chosen words. If you are angry, you have absolutely every right to be.

    Regardless of Mozilla’s intent here they have made a rather large mistake in re-wording their Terms. Rather than engaging with a legal team in problematic regions; they took the lazy way out and used overbroad terms to cover their bottom.

    Frequently when wording like this changes it causes companies to only be bound by weak verbal promises which oftentimes go out the door whenever an executive change takes place, or an executive feels threatened enough.

    Do not be deceived; this is a downgrade of their promise. It is inevitable that the promises will be broken now that there is no fear of a lawsuit. There’s nothing left to bind them to their promises.

    The Mozilla foundation wasn’t ever intended to remain “financially viable”; it was supposed to remain non-profit. They should be “rightsizing” and taking pay cuts instead of slipping a EULA roofie into their terms of use.


  • It is not only true; it is required by the WMF. Wikipedia and Wikimedia will go dark before it compromises those values.

    Wikipedia can always be revived by it’s massive worldwide community; on Tor even. Trump taking down the WMF servers won’t help; the databases probably get backed up daily and would likely end up on torrents within moments of it being taken down.


  • As an editor with advanced rollback rights on Wikipedia; I can agree with the above statement.

    It is Extremely Difficult; even with slighly escalated rollback rights such as mine; to push an agenda on Wikipedia.

    WP:NPOV is a good read and the editing community and contribution culture on Wikipedia enforces it strongly.

    EnWiki itself for certain has some very strong Page Protection policies that prevent just any editor from munging up the encyclopedia or changing history.

    It’s safe to say that Wikimedia cannot be bent or broken easily by special interest groups…Vandalism and PoV pushing is quickly quelled by sysops on Wikipedia. There are more of us editors than Elon could ever possibly hope to take on.

    Not even Elon Musk gets to ignore Wikimedia policies. That will never change. They are written in blood and sweat and cannot be manipulated. The entire foundation is set up in a way that it always, eventually, cracks down on corruption and greed. Not even a cabal of admins, bureaucrats and Wikimedia Stewards can help you.



  • I suspect they probably do far more than their title lets on; but damn that’s an extremely unfortunate title to have. I can’t imagine that particular part of the title sells well on the resume.

    That said; I think numbers 2 through 5 could probably see their pay halved or cut by a third and they’d still be fine. I wouldn’t push anyone below 200k though. I didn’t suggest the Chairperson because it appears that Mozilla isn’t actually paying them, some other entity is doing so and it’s being reported here for “tax purposes”.

    Note: This isn’t to suggest that they need to cut these folks’ pay right now; it’s just observing where Mozilla might reduce spending if it were to become necessary to keep things going for them. I am actually assuming good faith that each of these folks are well worth their current pay.


  • Hearing this sort of law go into effect just makes me sadly want to ban anyone from the UK from my small communities.

    I’d hate to be forced to do it; but I certainly would immediately start swinging the hammer with IP range bans and banning anyone who is clearly professing to be from the UK.

    Unfortunately the kind of laws they’re trying to pass do nothing to fix whatever problems they have Online; and are basically meaningless political posturing. I feel sorry for people in the UK and strongly recommend they start using VPNs; as it’s the only way to ensure they won’t get snared up in the ensuing waves of bans when compliance with the OSA law that they let get passed is mandatory

    The shoe is clearly on the other foot. It’s not so easy to manage when politicians are allowed to get so uninformed that they go out of their way to pass bad laws.




  • I am glad to see it when the selfish people at the top fall so far down the hill. They orchestrate their own falling typically, much like Ikarus in his waxen wings, falling when he flew too close to the sun in direct sunlight at the height of a hot summer’s day.

    As for Google; I hope the DoJ not only pulls up all of the resultant weeds in the garden, but also makes sure to till and salt the soil thoroughly, so that no part of Google can ever hope to rejoin it’s other pieces to form a monopoly or ‘anything like a monopoly’ on anything, ever, again.

    Google must rightfully suffer a most painful and enduring ‘Corporate Death Penalty’ so to speak; in order to ensure that no company ever gets so bold again. We must also repeat this with several other large companies like Microsoft, Amazon and Apple too; as well as a few other companies I’m unable to name because I’m unaware of how ridiculously massive and monopolistic they are.


  • This is exactly the kind of task I’d expect AI to be useful for; it goes through a massive amount of freshly digitized data and it scans for, and flags for human action (and/or) review, things that are specified by a human for the AI to identify in a large batch of data.

    Basically AI doing data-processing drudge work that no human could ever hope to achieve with any level of speed approaching that at which the AI can do it.

    Do I think the AI should be doing these tasks unsupervised? Absolutely not! But the fact of the matter is; the AIs are being supervised in this task by the human clerks who are, at least in theory, expected to read the deed over and make sure it makes some sort of legal sense and that it didn’t just cut out some harmless turn of phrase written into the covenant that actually has no racist meaning, intention or function. I’m assuming a lot of good faith here, but I’m guessing the human who is guiding the AI making these mass edits can just, by means of physicality, pull out the original document and see which language originally existed if it became an issue.

    To be clear; I do think it’s a good thing that the law is mandating and making these kinds of edits to property covenants in general to bring them more in line with modern law.




  • I’m going to be bold enough to say we don’t have as wide of an AI/LLM issue on the Fediverse as the other platforms will have.

    I’m certain that if someone did collect data from the Fediverse; it would become a hot topic and it might not be enough data anyways as the Fediverse is not mainstream enough normally. So the data and language collected here might skew in a few imaginable ways that one might find undesirable for a general model of word frequencies.

    Also the fact that people might not appreciate that data being collected. Let’s be real. It’s too soon for such a project to begin. The AI TREND MUST DIE as it currently lives and it’s corpse must be rotted away completely. Now, in internet time that may not be all that long…a few to several years…the memory of the internet can be short-lived at times. It must, however, fade from the public conscience into some obscurity first.

    Once the technology no longer lies in greedy hands again; new development can begin anew.


  • It feels like this vulnerability isn’t notable for the majority of users who don’t typically include “Being compromised by a Nation-State-Level Actor.”

    That being said; I do hope they get it fixed; and it looks like there’s already mitigations in place like protecting the authentication by another factor such as a PIN. That helps; for people who do have the rare threat model issue in play.

    The complexity of the attack also seems clearly difficult to achieve in any time frame; and would require likely hundreds of man-hours of work to pull off.

    If we assume they’re funded enough to park a van of specialty equipment close enough to you; steal your key and clone it; then return it before you notice…nothing you can do can defend against them.