/tech/ - Technology

This might not sound that impressive, but i've just managed to get program-agnostic rio-style window creation working flawlessly in FVWM. Previously it was a flickery, unreliable mess of xdotool commands, but now it's spawning every window iconified, hooking into the window creation event to set geometry from my rectangle selection program and deiconifying it to its correct position.

If you could keep track of all terminals and from which one a particular program is spawned, you might be able to reach true rio emulation closer than even the plan9port version.

Desktop and window management general, i guess.

News from the radio (from like 5 mins ago): instagram is running an ad to promite a law at the european level to force ID verification to download stuff from the app store. Why? Because "teen safety".

I did a quick google search and was able to find this https://about.instagram.com/it-it/approvazionedeigenitori

> Instagram is therefore calling for European legislation that would require age verification and parental approval in app stores, where apps are normally downloaded.
> We are actively collaborating with other industry players, policy makers, civil society, parents and experts in support of this initiative.
> A survey conducted by Morning Consult indicates that three out of four parents in the eight European countries surveyed ( France, Italy, Denmark, Germany, Spain, Poland, Ireland, and the Netherlands), are in favor of legislation requiring parental approval for teen app downloads.

Anyone else?

Comrades, we need a thread on privacy. Any decent activist should try ways of staying anonymous on the web and prevent being tracked by governments and corporations.General tips===* Use free software as much as you can.* Use GNU/Linux and keep it up-to-date, to be sure that you don't have unpatched security exploits* Don't use Flash Player, use youtube-dl instead for watching streaming videos online* Do not use Google, use DuckDuckGo or StartPage instead* Use a password manager like Keepass or for GNU/Linux users keepassx. Create new passwords for every site that you visit and use a strong password as a master password. A tip for easy remembering of your master password is to use a sentence. "i fucking love cookies and tits!" with extra capital characters etc. is easier to remember than some random characters and long enough to prevent brute force attacks of any kind.* Use the Tor Browser Bundle if you really want to stay anonymous.Firefox====* Go to Preferences -> History and set History to "Never remember history". * See for additional tweaks: https://github.com/amq/firefox-debloat and https://vikingvpn.com/cybersecurity-wiki/browser-security/guide-hardening-mozilla-firefox-for-privacy-and-securityAdd-ons-----------* Use uBlock Origin for preventing tracking etc. Bonus: use hard-mode to manually whitelist external domains on sites. Don't use uBlock but be sure to use uBlock Origin https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-mode* HTTPS Everywhere* DecentralEyes: prevents CDN hosting from tracking you (Google for Jquery etc.)* Self Destructing Cookies: only allow cookies that you choose to allowOS==* Encrypt your hard drive or home partition at least* If you use GNU/Linux, you can try to restrict systemd or syslog from logging. * Use a distribution which takes security seriously. Also, be sure that you don't install a lot of things outside the repository. It will cover most of your needs.Real life tips===* Pay with cash if you canFeel free to provide tips to each other comrades!

Thread for questions that don't deserve their own thread.
I wanna buy some headphones to go outside i don't want to spend more than 100€ on them. I want them to be mostly durable and secondly to have good sound quality, also i don't want to look like a jackass while wearing them, any suggestions?

i recently came to possess a printed out slide deck detailing an nsa collection program against telegram. i got it very accidentally, i live in a building with many national security-types and found the printout in the trash area. sounds crazy, not sure who's it was or why they took it out of a secure facility, but weirder things have happened. in a past life i used to work in government and even held a security clearance at times, and the program seems plausible to me. not going to post the slides themselves, don't want anyone to get in trouble, but i have no problem summarizing.

* the nsa collection program is called JUICYSTUFF. sometimes abbreviated JUST or JUST*. the program has buckets for different targets. JUSTRUMORS = russia, JUSTCHAOS = china, JUSTDISORDER = north korea, JUSTINSIGHT = iran, JUSTHAVOC = violent extremist organizations, JUSTMIRE = rest of world, JUSTSILENCE = telegram bots, etc.

* the program primarily uses two technical tools, TEMPTINGBAKE, sometimes abbreviated TEBA, and HUNTINGGLASS. both work by spoofing target users when interacting with telegram servers.

* TEMPTINGBAKE is the more sophisticated tool. given a telegram user id, it can collect the user's contact list, messages and media. it can only collect content accessible and readable on telegram servers so not things like secret chats. because its so sensitive nsa limits it to a few hundred targets per day. there are thousands of targeted users on TEMPTINGBAKE collection so most are collected every several weeks.

* HUNTINGGLASS requires a user id and additional telegram key information associated with the target user. nsa can usually provide this from other data holdings. it collects the same information as TEMPTINGBAKE.

* total telegram users targeted is in the 10s of thousands. tasking users is managed by an internal nsa jira instance. the target management aspect of the collection program is called JUDICIOUSHARVEST.

* nsa runs the program for the whole us intelligence community and the five eyes.

fair to have some skepticism about this, would love to see if any anons have heard of this program (i hadn't) or have ideas for figuring out accuracy. i hope the fact that this was printed means someone else out there with more knowledge is trying to get the word out. there's too much organizing that unfortunately happens on telegram not more secure methods imo, so i consider this as a warning. maybe telegram even tacPost too long. Click here to view the full text.

From https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/
>The Mobile Advertising ID or MAID — the unique alphanumeric identifier assigned to each mobile device — was originally envisioned as a way to distinguish individual mobile customers without relying on personally identifiable information such as phone numbers or email addresses.

>However, there is now a robust industry of marketing and advertising companies that specialize in assembling enormous lists of MAIDs that are “enriched” with historical and personal information about the individual behind each MAID.

>Some vendors offered only a handful of data fields, such as first and last name, MAID and email address. Other brokers sold far more detailed histories along with their MAID, including each subject’s social media profiles, precise GPS coordinates, and even likely consumer category.

>How are advertisers and data brokers gaining access to so much information? Some sources of MAID data can be apps on your phone such as AccuWeather, GasBuddy, Grindr, and MyFitnessPal that collect your MAID and location and sell that to brokers.

>A user’s MAID profile and location data also is commonly shared as a consequence of simply using a smartphone to visit a web page that features ads. In the few milliseconds before those ads load, the website will send a “bid request” to various ad exchanges, where advertisers can bid on the chance to place their ad in front of users who match the consumer profiles they’re seeking. A great deal of data can be included in a bid request, including the user’s precise location (the current open standard for bid requests is detailed here).

>The trouble is that virtually anyone can access the “bidstream” data flowing through these so-called “realtime bidding” networks, because the information is simultaneously broadcast in the clear to hundreds of entities around the world.

>The result is that there are a number of marketing companies that now enrich and broker access to this mobile location information. Earlier this year, the German news outlet netzpPost too long. Click here to view the full text.

I watched this video recently, and have been fascinated by the concept of "the peripheral web" (in contrast to "core web") and want to find more stuff out there. So how about a thread where we share neat stuff we find on the peripheral web?

First thing that comes to mind for me that isn't a blog or meta on this topic feel free to share either tho, just wanted to start the thread on a cool note is https://firstpersontetris.com/

Also relevant >>/tech/23548

Yall ever seen a sundog before? Its a neat optical effect that speaks magnitude about our position in the cosmos.
The corporate rats who tried to hold the world hostage last week with their schizophrenic chatbots changed their tune as soon as the sundog dropped.
Why?
Because the sundog is an incorruptible purity of alignment for all living beings, describing a triangle between viewer, sun, and the geometry.
A sundog is the aether organizing itself faster than the speed of light, just to give humanity one more cycloptic wink before we shake off an old snakes' skin

> OpenAI is now fighting a court order to preserve all ChatGPT user logs—including deleted chats and sensitive chats logged through its API business offering—after news organizations suing over copyright claims accused the AI company of destroying evidence.
> OpenAI alleged that the court rushed the order based only on a hunch raised by The New York Times and other news plaintiffs. And now, without "any just cause," OpenAI argued, the order "continues to prevent OpenAI from respecting its users’ privacy decisions." That risk extended to users of ChatGPT Free, Plus, and Pro, as well as users of OpenAI’s application programming interface (API), OpenAI said.
> The court order came after news organizations expressed concern that people using ChatGPT to skirt paywalls "might be more likely to 'delete all [their] searches' to cover their tracks," OpenAI explained. Evidence to support that claim, news plaintiffs argued, was missing from the record because so far, OpenAI had only shared samples of chat logs that users had agreed that the company could retain. Sharing the news plaintiffs' concerns, the judge, Ona Wang, ultimately agreed that OpenAI likely would never stop deleting that alleged evidence absent a court order, granting news plaintiffs' request to preserve all chats.

https://arstechnica.com/tech-policy/2025/06/openai-says-court-forcing-it-to-save-all-chatgpt-logs-is-a-privacy-nightmare/

In other words the US has decided that the techbro slop emprire wasn't invasive enough already. All of this because the newspapers are mad they could potentially be missing 0.03% of the paying custumers btw, which is going to be like 1% of what openAI will have to pay in storage.

>a lot of people use it!
This has gotta be one of the worst reasons for choosing a programming language for your team out there. The entire argument is premised on the idea that this makes it easier to hire for, but the more popular your language choice is the more scriptkiddies you’re gonna get applying for your company and you end up going through excruciating hiring processes, meanwhile if you just say "ok we're using Rust" the only hiring friction will be finding someone who isn't annoying at Christmas parties.