Discord’s audio and video end-to-end encryption (“E2EE A/V” or “E2EE” for short)

That last bit is a little concerning. E2EE is widely understood to mean full end-to-end encryption of communications, not selective encryption of just the audio/video bits while passing the text around in the clear. If Discord starts writing "E2EE" for short when describing their partial solution, it is likely to mislead people into thinking their text chats are protected, or thinking that Discord is comparable to real E2EE systems. They aren't, and it isn't.

We want an E2EE A/V protocol that is publicly auditable

Their use of the word "auditable" here is also concerning. What does it mean for a protocol to be auditable? Sure, it's nice that they're publishing their design, but that doesn't allow independent audit of the implementation that actually runs on their servers and (importantly) people's devices. Without publicly auditable code that can be independently, built, run, and used instead of the binaries they provide, there's no practical way to know that it matches the design that was reviewed. And even if code is made available, without a way to verify that the code being run is the code that was inspected, any claim giving the impression that the system was audited is misleading at best.

During the rollout phase, a single non-supporting member being present forces the call to transport-only encryption. The call will automatically “upgrade” to E2EE if that member disconnects.

This sort of thing has historically been ripe for abuse. (See also: downgrade attack.) I hope they are very careful about how they implement it.

The protocol uses Messaging Layer Security (MLS) for group key exchange

Interesting. This makes me wonder if their motivation might be eventual compliance with the European Digital Markets Act. If that is the case, perhaps they also have a plan in the works for protecting text chats?

My early impression, based on what they wrote:

This won't fix Discord's major fundamental flaws. However, if their E2EE A/V design holds up to scrutiny, and if they were to fix their problematic language and provide truly auditable client code, the protection offered for audio & video could at least reduce Discord users' exposure to unwanted harvesting of voice & face samples. A step in the right direction, and a timely one, given that biometric data collection and AI impersonation are on the rise.

Seems unlikely that all these would have fallen here.

I wonder what sort of creature would go around collecting them, only to leave them out where they would reflect light and attract the attention of anyone passing by. It's almost as if...

What was that sound?

@latenightblog@procial.tchncs.de was created ~37 minutes ago.

Their only post violates rule 2, and probably violates lemmy.world rule 8 (misinformation).

Somebody please show them to the door.

I'm so sorry. I promise my laughter is not at you.

also any inputs are probably scraped

ftfy

Let's hope it's the bad outputs that are scrapped. <3

Games requiring kernel-level anti-cheat are such a small minority of games that I struggle to think how this could mean big anything (good or bad) to Linux gaming in general.

It's funny how different scenes stand out to different people. If someone had asked me to list the most memorable bits of The Lighthouse, the scenes you mentioned wouldn't have entered my mind. Dafoe's monologue, on the other hand, will stick with me for a long time to come.

We could quibble about the details, but all of them are fundamentally last-man-standing competitions.

The Hunger Games was indeed one of them. I didn't mention it because it's the most obvious one in current cultural memory (no need for me to point it out) and because Battle Royale came a decade earlier, and Battle Royal half a century before that. The characters' situation is probably older than printed words.

Even if a competitive game format was unique to the Hindi film, it would be tough to argue that nobody else could have thought of that detail when making their own variation of the same theme. Calling it a "blatant rip-off" of Luck (2009) is quite a stretch.

(Incidentally, the Luck synopsis that I read says it focuses on gambling, not competitive trials or children's games. A quick look at the video confirms it.)

They haven't even had the account for an hour and they've already violated lemmy.world ToS (calls for violence) in another thread. May the ban hammer strike swiftly.

Breaking! Community rule 1 (points 3, 4, and 5).

https://www.rottentomatoes.com/m/battle_royale

I wouldn't be surprised if the theme also showed up in books that predate all of these films.

There are a couple of emulation communities outside of Beehaw:

!emulation@lemmy.world

!emulation@lemmy.ml

many results say to install custom ROMs which I can’t since its a US model and the bootloader is locked.

Are you sure it can't be unlocked?

https://xdaforums.com/t/guide-to-root-galaxy-s22-plus-b-e-n-0-unlock-bootloader-and-flash-official-firmware-noob-friendly.4404351/

Many phones that don't officially support unlocking can be exploited to do so anyway. Some will lose relatively minor functionality in the process (camera enhancements were lost on mine, but the camera still works fine) but the tradeoff is often worth it.

And it was composed by Quincy Jones, who has earned a small mountain of awards for his music over the years. Not many TV shows get a theme as good as that one.

Here's the studio version:

https://www.youtube.com/watch?v=1-wZUgvSlOo

https://en.wikipedia.org/wiki/Internet_Draft

I think it's pretty clear that IETF drafts are not what author meant when he wrote draft, and I'm pretty sure the IETF doesn't have much to do with C++ standards.

Are you under the impression that there is no other sense of the word?

It might help you in the future when you are discussing things like drafts, specifications, and proposals.

As it turns out, I have done more than a little of that. Thankfully, I don't usually see such condescending remarks in the process, nor such insistence on misunderstanding. Good luck to you, too.

Either it’s a draft or it’s a new iteration of the language. Can’t be both.

It's a draft of a proposal for a new iteration. Is that so difficult to understand?

That's fair. I think the last word in the URL does a good job of representing the implementation's claimed level of maturity:

draft

:)

Is it true that Telegram doesn't encrypt group chats at all? Maybe that would get their attention?

My biggest criticism of Telegram (but not the only one) is that they use homebrew crypto. Of course, I don't know if your family would understand why that's bad.

this is yet another competing standard of static analysis.

No, it isn't.

Those are linters. They might or might not discover problematic use of unsafe language features lurking in existing code.

This proposal is a new iteration of the language and standard library. It would provide safe language features for preventing such problems existing in the first place.

It would be nice to include Zig's approach in the comparison. I've only just begun learning it, but the syntax seems pretty elegant from what I've seen so far.

Upvoting not because I share author's preference, but because I'm interested in reading other people's perspectives on the topic.

That number is a single manufacturer's performance target. It is not a guarantee of results. You might be able to get Intel to replace an SSD if it corrupts data in under 52 weeks (assuming you notice it) but your data will still be gone.

Hardware performance can and does vary by manufacturer, model, and production run. Even the nominally identical cores within a single CPU have slightly different operating limits. YMMV.

Note also: the 52 week target you quoted is halved for every 5° rise in temperature.

I explained that they ought to be recipes to new media every N number of years or risk deteriorating or becoming unreadable

This is important, and for some media, it should be more often than that.

People forget that flash memory uses electrical charge to store data. It's not durable. If left unpowered for too long, that data will get corrupted. A failure might not even be visible without examining every bit of every file.

Keep backups. Include recovery data (e.g. PAR2). Store them on multiple media. Keep them well-maintained (e.g. give flash drives power). Mind their environment. Copy them to new storage devices before the old ones become obsolete.

It's funny that with all our technology, paper is still the most durable storage medium (under normal conditions) that doesn't cost an arm and a leg.

Have they not heard of the TS100 or the Pinecil?

Of course they have.

An iFixit co-founder has been responding to questions over on Hacker News:

https://news.ycombinator.com/item?id=41521919

Review:

https://hackaday.com/2024/09/12/review-ifixits-fixhub-may-be-the-last-soldering-iron-you-ever-buy/

It might be interesting to determine whether the freezes are limited to Plasma or are happening within the kernel.

• Have you tried Control+Alt+F1/F2/F3 ... F8, to see if switching virtual consoles still works while the freezes are happening?
• Do you have another machine on the same network? You could use it to ssh into your desktop machine, and when the freezes are happening, see if they affect ssh interactivity.

Announcement from last year:

https://www.consumerreports.org/media-room/press-releases/2023/10/consumer-reports-introduces-free-permission-slip-by-cr-app-to-empower-consumers-to-take-back-control-of-their-personal-data/

How would this control people selling their used hardware? I don't see anything about Sony trying to disable resold consoles.

you'll get "a product that works like new with genuine PlayStation replacement parts (as needed) that has been thoroughly cleaned, inspected and tested". You will receive all the cables and paperwork you need for a PS5, and it comes with a 12-month manufacturer's warranty

That's worth a premium to some people.

What's Copilot? ;)

That's not how EOS works.

An SD card lasts for years, and the amount of plastic in one is negligible. It’s just not an issue.

Hark! The ghosts of countless generations of short-sighted polluters cry out in complacent, rationalizing unison!

It's not about expecting one model of memory card to save the Earth. It's about moving away from needless production of toxic materials, everywhere.

And if you don't care, nobody's going to force you to read The Lorax, but please don't go around shitting on people's appreciation for even the small things.

A journey of a thousand miles begins with a single step.

What’s your complaint? It’s a UE5 game

I'm not them, but I dislike Epic Online Servies, too. Last time I read the terms document, it granted permission for way too much data collection, and I'm not a fan of spyware.

Less plastic being manufactured? Sounds good to me. :)

Works fine for me. Maybe that's because I have scripts disabled? Try the archive link.

Control+F: VMS

Phrase not found

Disappointing that the author didn't seem aware of Windows NT's connections to VMS. Some fun facts:

• Dave Cutler, the WNT lead architect, previously worked on VMS.
• Several of WNT's internal systems bear similarity to those in VMS.
• VMS is a closer contemporary of Unix than WNT is.
• Advancing each letter in "VMS" yields "WNT". (It has long been speculated that this was no accident.)

It is possible. Before Cemu (Wii emulator) had a native Linux version, people ran the Windows version in Wine.

By the way, it's okay to say emulator. Hardware emulation is not the only kind of emulation.

I put the image in the text body (not the post's image field) so it wouldn't show unless you opened the post marked [SPOILER].

Are you using a client that circumvents that?

I’m trying to understand Git, but it’s a giant conceptual leap.

In that case, I suggest learning Mercurial first. Its underlying design is very similar to Git, but the interface is more consistent and does a much better job of presenting the concepts to humans (especially those already familiar with traditional version control). Then, once you're comfortable with the concepts and commands in Mercurial, learn Git, since it's everywhere nowadays.

Consider learning at least one new language, if not immediately (since you're in a hurry) then in your free time. Java is only one of many (and not even a particularly nice one IMHO). Try to find a language that you enjoy using; your programming life will be better for it. If you want something flexible and productive, consider Python. For more structure than that, maybe Go. If mobile apps interest you, there are Kotlin (Android), Swift (iOS), and Dart (both). If web development appeals to you, along with lots of job openings and lots of competition for those jobs, JavaScript. If you fancy the esoteric (and well-paying), Elixir and Erlang are worth a look. Lower level languages are in demand as well (e.g. C++, Rust) but they come with various kinds of pain that I wouldn't recommend to someone in your situation.

Above all, please make sure you're reserving time for things that make you happy, sleep, and (if still possible) some kind of exercise. Your own physical and mental health are important. If you endure a bad working environment or wear yourself thin for too long, you will burn out, which won't help you provide for yourself or anyone else.

Take care, OP.

I almost ignored that link because most of the opinions I've seen from Sweeney have been self-serving and/or misleading, but it turns out he raises some good points in that slide deck. It gets relevant to this discussion around page 27: Reliability. Thanks for sharing it.