/tech/ - Technology

>>30996
Think found an example of functional core, imperative shell in my ~/Software directory, metainfo.py in my torrent client.
Basically this object which maintains the overall state of the torrent (excluding the message handlers) is initialized by a set of twelve static method calls.
However, theoretically the object could be recreated every time its state would otherwise need to change and it could be frozen.

It still reads from disk and the network which means that it's not easily tested.
Wonder how the network and filesystem aware parts of the protocol could be implemented in such a way as to separate out the actual IO?
For example how do you test that a piece is properly received without performing the IO to write and receive a piece when there's state to be maintained for the connection etc.?
Should think some about a sans-io [^1] torrent client guess.

:[^1] https://sans-io.readthedocs.io/how-to-sans-io.html#how-to-write-i-o-free-protocol-implementations

>>31045
For reals, when you deconstruct a list, are the names
- h t (head, tail)
- a d (car, cdr)
- v vs (or a as, x xs, etc.)
or something else?

>>31053
Think prefer "x : xs" of these even though it's less descriptive than the other two (what is "x"?), it generalizes to arbitrary collections, and iterators better, and when used generically allows for more description, for example "for file in files".

>>31053
Looking at my imageboard arsvia's code it seems like there's room to pull validation logic into the data model and to factor out this functionality into static methods for testability. This could be done using SQLAlchemy validators [^1] or custom initializers.

:[^1] https://docs.sqlalchemy.org/en/20/orm/mapped_attributes.html#simple-validators

>>31056
>pull validation logic into the data model and to factor out this functionality into static methods for testability
This is actually really cool to me! Arsvia could have the service layer virtually deleted. The entire program can be written as rendering and object initialization/mutation with static IO free methods handling the bulk of init. There's probably some errors in the attached image, but the idea was applied to a scratch buffer with the image object. The init method acts as a imperative shell for the functional core of the static private methods.

>>31057
Obviously the stupid calls to the validation logic in __get_mime should be validators for the size and mime.

>>30981
if f-droid is using their own set of keys to sign your app, then google would have to revoke them explicitly through TOS violation, they can't technically enforce this policy as stated, I imagine they're just going to stop execution of unsigned apps through safety net, sort of how iOS does it

>>30980
>>30981
Google can require F-droid to take down apps they don't like (i.e. alternative front ends, adblockers, etc)

Linux phones need investment, so, thanks Google.

like this wont get broken in like a week lol

>>30979
>no excuses not to switch to a pinephone
^ not a serious person

it's also the exact same thing apple did and the eu outlawed it so they allowed side-loading again,so I assume even if it does happen the european parliament will say the playstore is a "monopoly" (consumer rights is the only good thing about the EU tbh)

>leftism seems to be categorically anti-harm
Uhhh… there’s lots of pernicious obnoxious stuff on here.

>>30950
Excuse me I want to know too because from what search engines found it means either anti-harassment or countering an AGM-88 HARM

>>30948
>categorically anti-harm
lol philosophytards

>categorically anti-harm
"There's never any excuse to be mean" wot if theyre bourgeois tho?

>>31046
Wonder if you could have this but for the ingroup only. Sounds kinda terrible, but there could be coordination among just the people who accept the terms.

>>31023
Welcome to the future
https://forum.agoraroad.com/index.php?threads/dead-internet-theory-most-of-the-internet-is-fake.3011/

>>31041
We've got a thread on that too
→ >>16322
Enjoy!

>>31021
>>31023

So….your argument is that instead of legitimate, practical benefits that come from what we have now and will continue to grow, if implemented correctly, the only "real" AI is magical fairy dust and that somehow any implementations that reach that level just don't count, because a bunch of people with vested interest marked that as the aspirational goal? That seems a bit like shitting on the concept of a space program because we're all not living in orbital ring stations across the solar system and on our way to building a Dyson sphere around the sun.
>When people, but particularly stakeholders, think of AI, they aren't really thinking of computer vision to help robot butlers navigate tables better, but the final solution that will solve the struggle between workers and capital holders, that is, the machine god that has grown so vast and enormous it's able to do every job ever.
I just don't think that most stakeholders, especially investors across the market or some other business deciding if they're going integrate AI with their business plan,l are thinking about this. They're thinking about how they won't need to hire Amazon Mechanical Turk workers in order to sort things because a LLM + OCR can do it. T They're thinking that they can avoid hiring a (probably offshored, and limited to reading off a decision tree which often has humans acting more and more like chatbots, than the other way around) low level customer service dept if they can get a performant model and bidirectional voice features to do the same thing. Those who are running "AI development and/or trying to sell AI service" companies, like so-called OpenAI, are going to wax poetic about AI solving all the problems so they keep getting investment to expand their platform, but pretty much everyone else is looking for what can be done with the technology in a practical manner. That's the crux of a lot of capitalism's problems after all, right? Planning for short term and direct ROI to the exclusion of other factors; why would it be any different here? This is not to say that every institution or individual interested in AI must fall into this category (there are many that do not, from individuals to university research departments aPost too long. Click here to view the full text.

>>31047
They didn't seem to be saying anything approximate to that.

>Written in C, so no.

This is what happens when people learn programming from internet memes instead of reading a book.

>written in a lower level language.
You want a VPN implemented through minecraft redstone? Lua?
I assumed your qualm with C was it wasn't rust / some other memory safe thing, now I have no idea your intent.

Anyone in this thread who thinks C to be inherently insecure should look at the security record of qmail, which is unmatched in the recent history of software engineering.

>>30455
Nobody tell him what the Python interpreter is written in.

Both Wireguard and OpenVPN are just protocols. What you're looking for is alternative implementations, OP.
There are user-space implementations of both protocols in languages like Rust, Go, or some other niche meme language you may worship. If you're persistent enough, there are probably some microkernel-based operating systems which can let you use these alternative implementations as low-level components of the OS - on par with original, C-based implementations.
I have to warn you though, that most original implementations of VPN protocols use C language for very good reasons:

1. Building a high-performance VPN daemon in user-space is an absolute pain in the ass on contemporary operating systems
2. Integrating higher-level languages into kernel code is pure fucking pain. The only operating system that does this correctly is NetBSD (as far as I'm aware) with their Lua modules.
3. If you're building a kernel module that's pretty much just a wrapper over a cryptographic protocol - memory safety isn't even your first concern. One of many reasons why you shouldn't roll out your own crypto, is that implementing cryptographic protocols in a way that's not susceptible to timing side channel attacks is absurdly difficult. In case of higher-level languages whose compilers/interpreters may introduce automatically generated optimizations for the resulting code - you can't really predict whether your program is going to contain timing side channels or not. Some langauges provide special constructs to explicitly allow secure cryptographic code to be written, but in most cases - it's safe to say we have far more experience with writing correct crypto code in C than in, let's say, Python.

>>30802
Your grandma could use Linux at this point.

Does the government actually spy on people via some secret backdoor in Windows? Do they even need to? They could just subpoena your ISP/VPN provider or come into your house and search your hard drive, what operating system you use isn't really that important, the more important consideration is whether or not you encrypted your files and you can do that on any OS.

>>30865
That is in large part the problem.
If you're doing something an idiot could do, Linux is fine. If you're doing server admin, Linux is fine. If you're an end user who likes to tinker a bit but using a graphical interface, you can get fucked - either give up and use the computer like granny, or learn the inane conventions of the unix-world's CLI.
Lesson 1: Everything is a file (and that file is fuckyou.txt)

>>30866
Even pretty old versions of Windows contained a thing called "_NSAKEY".
>https://en.wikipedia.org/wiki/NSAKEY
Another point is that modern versions of Windows contain Cortana, M$ Recall and Copilot. There AI agents can read your whole screen and (for example) they can be used to flag you as a person of interest.

>They could just subpoena your ISP/VPN provider or come into your house and search your hard drive,
That's true.

>what operating system you use isn't really that important
Yes it is, since there are other threats, too, because proprietary software usually also send analytics data to ad companies. And how exactly you can be sure what your proprietary operating system does in the background? You don't have any way to confirm it. This issue also affects file/disk encryption methods. I would never trust BitLocker.

>>30843
Labubuntu

>>30907
Why not a pinephone
>uber
Don't they have a browser webapp?

>>30905
>massive anti-GOS shilling

Where? Go to Reddit, Youtube or any mainstream plattform, the, are all pro Gos. Mainstream media is promoting and advertising Gos on a massive scale: "These phones are so secure, police can't break them!"

I have to own a smartphone for my job and the software my company uses is only on IOS, therefore I must own an iPhone to continue being employed. I have already lost my right to choose which devices or software I will or won't use in my work life, does it really make any difference if I take some principled stand against proprietary software during my free hours? Is everybody in the world supposed to quit their jobs if their jobs force them to use proprietary software?

kinda seems like a privacy oriented OS on your voluntary government sponsored wiretipe is not a thing

There are issues with GrapheneOS worth discussion, but most of what someone seems to be posting in this thread is very badly misinformed.

Pixels, like the Nexus before them, were the "developer focused" phone that got AOSP and similar development for it primarily, instead of contesting with whatever bullshit Samsung wanted to drop atop it, or how Samsung or Verizon decided to stop updating your OS or firmware in a year or two etc.
>Pixel hardware
Pixel hardware is exactly as proprietary as the rest of mobile hardware. Do you think that a Qualcomm Snapdragon chip is magically FOSS top to bottom? Hell, most Tensor chips were basically Samsung Exynos which again were certain proprietary bits. Like all other phone SoC, there are licensed bits and proprietary hardware elements, as well as closed baseband firmware and the use of binary blobs etc. This is common with just about any device. Do I wish it was different? Absolutely and we should leverage Google, Qualcomm and others into shipping more open hardware if possible, but there's nothing magically more locked down or suspicious with the Pixel line vs other manufacturers.
>but uh what if its compromised, i don't have any evidence it is but if it was it could be reading everything and saving everything etc
There's literally more evidence that Chinese made smartphones from their major companies have vacuumed up tons of data vs those from other brands, yet you're worried about a hypothetical like this? There's more evidence for and wider hypothetical potential for a lot of the chinese devices using chinese chips made in chinese factories etc.

These are issues with GrapheneOS and Pixel that are worth critiquing fairly, but nothing like what is being discussed here.

Does anyone have recommendations for learning threat modelling that's not corporate nonsense and not limited to cloud microservices and other web applications?

>>30698
Start with
https://www.schneier.com/
You'll have to dig through the archives a bit since he's gotten distracted by the new shiny toy, but it is all there

>>29869
I would choose Creative Commons Attribution-NonCommercial-ShareAlike.
https://creativecommons.org/licenses/by-nc-sa/4.0/

Need a new phone, I hate all the os that come preinstalled and just want lineage. Is the oneplus 9 pro still a good option for a few years or do i go with oneplus 11? 11 seems more expensive for less gain.

I'm looking for an old imageboard script that has two colors to the left of every reply, one for the post and one for reference. Is anyone aware of what this is? Just remember an esoteric screenshot from ages ago.

>>30708
BSD Init has startup and shutdown scripts, which are kind of like the scripts runit uses to emulate sysv runlevels. Otherwise runit uses an entirely different service supervision model than BSD, which only has sysv-style init.d (rc.d in their case) and inittab.

AUR Chaos malware: an analysis
>https://www.mh4ckt3mh4ckt1c4s.xyz/blog/aur-chaos-malware-analysis/

* There were malicious packages in Arch User Repo that installed remote access tool (RAT).
* The known malware packages are: librewolf-fix-bin, firefox-patch-bin, zen-browser-patched-bin, minecraft-cracked, ttf-ms-fonts-all, vesktop-bin-patched, ttf-all-ms-fonts.
* There might be even more malware on the AUR!
* Be sure to always review all package PKGBUILD files, even when you are updating AUR packages that were previously to be known to be good.
* I suggest using rua or yay AUR helper because they can show diff views of AUR packages.


>>26557
I would just run FreeBSD if you want to use it. You could also use Slackware but I think FreeBSD or some more mainstream GNU/Linux distro is better, since package management is painful on Slackware.

>>30936
>Be sure to always review all package PKGBUILD files, even when you are updating AUR packages that were previously to be known to be good.
If they can pull malware directly from the PKGBUILD, they might as well go all the way and pull a legit-looking source from a compromised mirror. At this point you're better off getting the upstream source and handpicking any patches you need yourself.

Given that the distro refers to many AUR packages in its wiki and those especially would be maintained by relatively trusted community members, they should have made a PKGBUILD repository with barebones vetting already. Arch retardation syndrome strikes again!

>>30936
>>30937
Having read the article, the perpetrator seems to have been discovered very much because they were an amateur. As i already mentioned, a smart attacker could have inserted the suspect code directly into the program source, which could either fork unprivileged malware, like a miner, or try to gain root privileges through an install wizard invoking sudo or any privilege escalation 0day.

>>26557
It depends on what specific features of FreeBSD you are looking for in a Linux distro.

If you want a BSD init system, the only distro I know of that uses BSD init is CRUX; Arch used to use it, being originally based on CRUX, but has long since moved to systemd. The other init systems on Linux like SysV, openrc, and runit are all totally different systems from BSD init.

If you want ZFS, you can set up OpenZFS after the fact on any Linux distro, but if you want ZFS-on-root right out of the box then FreeBSD and Ubuntu are the only OSes I know of that provide that in their installers.

If you want jails, there's not really any equivalent to that on Linux, there's containerization and things like Docker but they work in a fundamentally different way than jails.

If you want a lightweight minimal OS that adheres to KISS principles and doesn't use systemd, there is Alpine Linux, Void, Gentoo, etc.

AVIF is a mess from a technical standpoint. designed by committee. it doesn't just store a straight up image, no no no. it splits the image up into chunks, each of which can be stored using any codec supported by the format. this is a huge hassle for the internal data model for many project, for example ffmpeg
WebP is OK, but getting support for it everywhere seems to be slow going. I'm not convinced it's sufficiently better than cjpeg to justify widespread use. JPEG itself has many features that improve its compression that no one uses for some reason. like pyramidal coding

>>30836
to elaborate on this:
https://calendar.perfplanet.com/2014/mozjpeg-3-0/
>Mozilla has done a study of image formats and concluded that WebP and JPEG XR are not a big-enough improvement over well-optimized JPEG. In the study only HEVC (H.265) was significantly better, but it’s a patent-encumbered format, so it can’t be used freely (shhhh!)

>>30806
>>30836
webp seems ok to me. I guess avif is technically more fancier, but it has no support. both can do lossy and lossless so that's not an issue

It just werks™