Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.
The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting this.)
the GrapheneOS developers would like you to know that switching to Ironfox, the only Android Firefox fork (to my knowledge) that implements process sandboxing (and also ships ublock origin for convenience) (also also, the Firefox situation on Android looks so much like intentional Mozilla sabotage, cause they have a perfectly good sandbox sitting there disabled) is utterly unsafe because it doesn’t work with a lesser Android sandbox named
isolatedProcessor have the V8 sandbox (because it isn’t V8) and its usage will result in your immediate deathso anyway I’m currently switching from vanadium to ironfox and it’s a lot better so far
This all-or-nothing approach, where compromises are never allowed, is my biggest annoyance with some privacy/security advocates, and also it unfortunately influences many software design choices. Since this is a nice thread for ranting, here’s a few examples:
This has gotten pretty long already, I will stop now. To be clear, this is not a rant against security… I treat security of my devices seriously. But I’m annoyed that I am forced to have protections in place against threat models that are irrelevant, or at least sufficiently negligible, for my personal use cases. (IMO one root cause is that too much software these days is written for the needs of enterprise IT environments, because that’s where the real money is, but that’s a different rant altogether.)
also, I forgot to point this out earlier, but it’s worth saying: the only reason why I’m considering GrapheneOS as a viable path forward is because as an AOSP fork, it isn’t all-or-nothing. I can create a private space or profile for Google Play Services and all my spyware shit and keep it isolated, and ending the session kills all the processes those apps might have been running.
that’s fantastic! I finally don’t have to switch fully to open source apps and do without working non-janky notifications to have a modicum of privacy on Android! the graphene devs assume I’m not gonna be perfect and they ruggedized their fork against that and put a ton of effort into making even stuff that’s deeply reliant on Google safer! why in fuck aren’t they like that for everything?
exactly! and taking this shit seriously is why this overbearing shit sucks, especially when it’s theater or enforced for threats that aren’t realistic for your threat model. unlike some of these fuckers, we both actually intend to daily the devices we’re locking down.
oh I fucking hate this. it’s the same shit as forcing dark mode off/on as part of fingerprinting protection. not only is this the absolute wrong way to fix that shit, it’s pretty monstrous for anyone who needs dark mode or light mode to use their device in anything resembling comfort — your user may have a visual impairment or severe light sensitivity, and now they’re fucked cause the developers couldn’t accept a minor fingerprinting risk (and light/dark mode and smooth scrolling are both utterly minor, to be real)
motherfucker yes! the CA infrastructure is nowhere near usable for all cases and we all know it, but locking down the web and making development and self-hosting fucking annoying is the game for the browser vendors and Google in particular. to add to this: why the fuck is my browser acting like me not having a cert for localhost is a tragedy? why does the browser sandbox not allow certain shit unless I’m using https of all things to access localhost? where precisely is the fucking threat here? (I’m sure some well-paid security asshole at one of the browser vendors could snark a list of unlikely shit as reasons why local host needs to be treated as insecure with no toggle or dev tools option to treat it otherwise… and I just don’t give a fuck)
I’d love good secure boot! the one on PCs ain’t it at all, and unfortunately the secure ones tend to be used to lock out device owners from modifying what they own and implement shit like attestation that’s just there to violate your rights and make sure you’re not blocking ads, so unfortunately good secure boot might be incompatible with capitalism. for now though at least graphene seems to benefit from a secure secure boot chain that hasn’t been locked down yet?
100% correct
hey those are my gripes with much of modern computing, give them back! I’m gonna tell mom
so much more software needs a “I know what I’m doing, shut the fuck up” button