Quoting: mattaraxia

Quoting: Purple Library Guy

Quoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.

I generally give back what I get.

Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.

So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.

You are extremely disagreeable while agreeing with exactly what I said then. And while you may do that generally, you objectively didn't here. You are frankly, objectively wrong that such measures are overblown for a system like yours. Luckily though, you don't need to understand them for them to continue becoming popular. They will come without your time and attention, and we'll all be better for it while you rant and rave when you aren't informed.

Something something "gamer types" I guess.

What can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position. Maybe there is such, but all you've been saying is I'm not being nice to you and, basically, you have the authority of expertise so I should assume you are correct when you make bare assertions. If it came to argument from authority, well, I probably trust the authority of Clem Lefebvre and the maintainers of Debian, who are still using normal packaging for the most part, more than I trust your authority, since I don't know who you are and you've given no indication of what you know. Argument from authority isn't actually valid in either direction, so I won't stand behind that, but I haven't seen any argument based on anything else.

As a side note, I'm not even much of a gamer--I'm mainly here because I consider gaming strategically important in making it possible for the Linux desktop to spread. So, something something totally swing and a miss, I guess.

If you had some kind of statistics about how often not-especially-secure desktops of private individuals get compromised (by anything except phishing), and/or how severe the results of such tend to be, that would be a counter-argument. You haven't even vaguely gestured in that direction, you've just made unsupported claims that I don't understand the dangers (and that failure to slavishly adhere to the latest security fashions represents vicious ingratitude to the unsung heroes busy securing my desktop for me). Those aren't arguments.

View this comment - View article - View full comments

Quoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.

I generally give back what I get.

Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.

So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.

View this comment - View article - View full comments

11 different kinds of deer . . . you can tell this is made by people with a vision, not just grubbers for the bottom line.

View this comment - View article - View full comments

I chuckled when the trailer got to playing as Vincent Van Gogh. And Nero.

View this comment - View article - View full comments

Quoting: mattaraxiaSorry this is very late, but worth responding to.

That's just missing the point.

I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.

See, this right here. This is the problem with many computer security types: They're freakin' drama queens. If I get a computer virus it will not break my neck. Sheesh.
(Also, they're used to getting away with talking down to people)

The thing is, in order to decide how much effort it is worth putting into security, and how much inconvenience is worth putting up with for security, you have to assess the risk, the severity of the likely consequences if the risk comes up, and how much effort and inconvenience you're talking about. For a private individual's computer, the severity isn't all that damn high. And as I've noted, the risk per year is low. So, it is rational for ordinary people not to be willing to put in much effort. If security types want me to sandbox all my applications, then those applications had better come from the "Software centre" sandboxed and update along with all the other applications when I tell the update thingie to do its thing. If those things are not true, it is not worth it to use special sandboxed applications from another source that will not update unless I think about updating them individually--especially since the result of that is I will have dozens of applications that I do not update regularly, so it's really unclear what the net security impact would be.

View this comment - View article - View full comments

Quoting: hell0

Quoting: Purple Library Guy

Quoting: ssj17vegetaGoogle taking bolder and bolder steps against ad blocking

Going slightly off topic . . . So, can someone answer me this question:
Why can't there be ad blocking that the websites can't even tell is happening?

It's essentially a game of cat and mouse. A website cannot know exactly what happens on your computer, but it can guess some of it. Let's assume you want to watch a video and there is a video advert that should play before it.

• Your ad blocker simply drops the request to the advert, your video plays.


• Now the provider decides to check whether the advert video has been requested and block main video otherwise.


• Ad blocker now send a request but close the connection immediately, faking the advert view.


• Provider adds a check to ensure 100% of the advert was downloaded.


• Ad blocker now downloads the whole advert and drops it.


• Provider adds a mechanism to delay the play button by the duration of the advert video.


• Ad blocker now signals to the player the advert is done playing even though it hasn't played, restoring the button.


• ... and so on

In short, the answer is that it's not possible because you could always invent a new way to circumvent or detect whatever the ad blocker does to block the ads. The good news is that in the opposite is true and ad blockers are free to evolve in order to bypass the new checks.

Back on topic, I personally do not mind subscription models or not owning my games. I've never replayed an old game and as such they do not really have value to me. The same would be true for movies or books, I have no issue reading a book from the library and never seeing it again or ever owning it.

That said, I do not use any subscription service because I have yet to find one that is not just a thinly veiled attempt to extract more money. Unless you count steam, which I use because it offers good value to me. Also, access the the entire steam catalogue for a reasonable amount per month would definitely be something I'd sign up for.

Another consideration is that I care about video games as part of the human culture and history, I would like to see them archived and available long after their original publisher is gone. So any subscription service which aims to block this would be an immediate no (such as purely streaming-based services).

I see your point, although it seems to me that the advertiser has far fewer points of leverage the moment it's not about video.

View this comment - View article - View full comments

One problem with working for the Sovereign Tech Fund is that insistence on paying in Sovereigns. Bags of coins in this day and age . . .

View this comment - View article - View full comments

Quoting: Eike

Quoting: Purple Library Guy

Quoting: ssj17vegetaGoogle taking bolder and bolder steps against ad blocking

Going slightly off topic . . . So, can someone answer me this question:
Why can't there be ad blocking that the websites can't even tell is happening?

I mean, like, normal well-behaved ad blocking as far as I can tell tries to justify its existence in terms of reducing bandwidth, by stopping the ads from being downloaded in the first place. And so, the websites can tell you're using them because they're telling the websites not to send the ads, I guess. And so in turn, browsers are willing to feature them in their easy-to-look-up add-on libraries, I guess, because they're playing nice and letting the websites give you a hard time for using them. But this makes them not so useful, right?

But I don't really care about the bandwidth. Couldn't an ad blocker just let the ads get downloaded but just make it so they aren't shown to you? Then the website wouldn't be able to tell the difference and you could have an ad blocker that worked. Is that not possible?

I fear yes, it might be impossible. Web went from mostly HTML to mostly JavaScript. Without it, many websites just don't work. But with Javascript, the website can check if the relevant (for the website owner) parts are displayed or not. Of course, the blocker could lie to the code, but it wouldn't know when it had to lie and when it had to say the truth to keep the page working.

Then couldn't it just display the ads and then paint over them with the background colour? I don't care if they're there, I just care if I see them.

View this comment - View article - View full comments

Quoting: ssj17vegetaGoogle taking bolder and bolder steps against ad blocking

Going slightly off topic . . . So, can someone answer me this question:
Why can't there be ad blocking that the websites can't even tell is happening?

I mean, like, normal well-behaved ad blocking as far as I can tell tries to justify its existence in terms of reducing bandwidth, by stopping the ads from being downloaded in the first place. And so, the websites can tell you're using them because they're telling the websites not to send the ads, I guess. And so in turn, browsers are willing to feature them in their easy-to-look-up add-on libraries, I guess, because they're playing nice and letting the websites give you a hard time for using them. But this makes them not so useful, right?

But I don't really care about the bandwidth. Couldn't an ad blocker just let the ads get downloaded but just make it so they aren't shown to you? Then the website wouldn't be able to tell the difference and you could have an ad blocker that worked. Is that not possible?

View this comment - View article - View full comments

One big problem with the whole idea of "subscription services" where you don't own (whatever it is) is that they are chokepoints. They are platforms, and with all these platforms the idea is NOT to give you choice, whatever that Ubisoft flack might be murfling. It is to suck you in until it is difficult to get out again, to stand between you and the products you want, and then start making the terms worse so they can make the big profits that are the point of the whole exercise. Cory Doctorow has explained this enshittification process over and over with many examples, and we should heed his words. There is no way game subscription services will be an exception to the general "enshittification" rule.

View this comment - View article - View full comments