The fact that any Xorg client can become a key logger without any user input or authentication is a pretty big security hole imo.
By design Xorg has no isolation between clients so they can all read each others input, control others windows, and inject keystrokes into other applications. That’s unacceptable in the modern age and makes any attempt at sandboxing or separation of privileges for GUI applications completely pointless.
> The fact that any Xorg client can become a key logger without any user input or authentication is a pretty big security hole imo.
This "hole" doesn't exist. For an X client to capture input, it must be authenticated by either the unix user permission or by an access control list (where the default is to deny). Individual clients can also be marked untrusted which sandboxes them to some extent (though not as much as using a separate X server of course).
I'll grant that in practice, most the time these restrictions are very lax... in part because they can break some applications. But at the same time, in practice, it doesn't seem to matter that much since either you're running things you trust anyway or if a malicious application has access to your X connection they also have access to all your other files so you're in trouble anyway.
Apologies for not answering your question directly, but I'm pretty sure this is what XWayland does to allow for compatibility of X apps ontop of wayland.
Even when applying to companies that are LGBTQ friendly? I sometimes self identify on applications if the company has a good reputation with that kind of thing because I’d expect It would give me some diversity points. But maybe that’s not the best idea.
> Even when applying to companies that are LGBTQ friendly? I sometimes self identify on applications if the company has a good reputation with that kind of thing because I’d expect It would give me some diversity points. But maybe that’s not the best idea.
Pretending to be LBGTQ friendly is a good PR while changing actual company culture is hard, expensive and takes time. So don't get fooled by PR stunts and changed policies because they will always be eaten by real company culture.
Looking into the details it seems like they're using Convergent Encryption [1][2] in order to enable deduplication in iCloud drive and photos. Which would imply it is possible for an attacker to determine if your account is storing a file for which they know the plaintext. It's still a lot better than the status quo but that's a pretty big asterisk in my mind.
Your kidding right? Anything IO bound like an server isn’t going to be remotely affected by the speed of underlying language. There’s almost no compute required for a mastodon server just take HTTP requests and store and retrieve data from a database. The CPU is going to be active for a fraction of a millisecond before it becomes blocked on either the database or network.
You’d be surprised at how brutally inefficient RoR code actually is. Anyway, ActivityPub is a protocol, and Mastodon isn’t relevant for this discussion.
Hard disagree. Friendly programming languages such as Python and Ruby on Rails are good for small applications but when applications grow, so does their footprint.
You can get equivalent performance through more work, more caching layers, more servers and more hardware resources, but there's a real limit to how much one server can handle before it starts slowing down.
The simple fact is that a a Bash web server will never be as fast as a bespoke x64 assembly HTTP server. There's a huge gradient between the two and I'm not suggesting we need to build a Mastodon backend in C, but this "it's a web server so who cares about performance" approach to programming languages needs to go.
Take a look at the techempower listing if you don't believe me. Ignore the weird, bespoke, benchmark oriented servers and focus on real world applications if you wish to make the gap smaller but even among big frameworks you'll find the differences. JSON serialisation is one example every web API needs to deal with, and ASP.NET stands head and shoulders above Ruby on Rails performance, for example.
In practice, there's probably no real performance difference between the JVM, dotnet, and Rust frameworks because of I/O limitations. However, Ruby on Rails lives in a whole different performance segment, next to PHP and Python.
You are wrong. Web applications written in languages like Python or Ruby will spend most of their time spinning the CPU instead of retrieving stuff from the database. There are languages that are just that slow.
I’m not so sure that’s true reading through the privacy notice when enabling SMS filtering it reads “You can install and use third-party SMS filters. If you do, the filter provider can access all of the text and content included in incoming SMS and MMS messages that you receive from unknown senders.”
That doesn’t sound like the same thing as the content blocker api it sounds like it provides plaintext access to sms messages. And it’s enough of a risk that I decided not to install it.
I don’t think you need to be from the west coast to understand people saying SIKE. It’s a pretty common phrase across the US. I’m from Colorado and I heard that a fair amount growing up. Agree on the appropriate name though it was my first thought reading that it had been broken.
They can usually still see Domain names. DNS traffic is normally sent in the clear and in the event it’s not the SNI field in TLS (https) is unencrypted. So your ISP can know which domains you visit but not the individual sites on those domains you visit. (i.e they would know you visited google.com but not that you requested the page: google.com/q=your+question) Which depending on the site might not be all that sensitive but I’m sure you can think of a few examples of sites you wouldn’t want anyone to knowing you went to even if they couldn’t see which page.
To me being FIPS compliment would be a good definition of something being “Military Grade” because that would be the actual standards the US military would use. However, that still doesn’t mean it has the best security because really good algorithms like Ed25519 aren’t FIPS compliant dispute being much better than their FIPS counterparts IMO.
No Flops are floating point operations. GPUs are better at them because they run floating point operations in parallel on thousands of optimized cores. While python will run a floating point operation serially on (likely) a single general purpose CPU core. None of this really pertains to websites where the main bottle neck is IO so python is as good as anything else.
I think it's a joke, they're likely aware of what you said. It's also possibly a sarcastic way of pointing out what you said, that a lot of things Python is used for are things where the main bottle neck is IO, so things like this should be read with such context taken into account.
By design Xorg has no isolation between clients so they can all read each others input, control others windows, and inject keystrokes into other applications. That’s unacceptable in the modern age and makes any attempt at sandboxing or separation of privileges for GUI applications completely pointless.