appleiphone

however bad of a day you're having, know that it's not nearly as bad as whatever the Crowdstrike security team is going through since waking up this morning

I miss being able to just use an API with `curl`.

Remember that? Remember how nice that was?

You just typed/pasted the URL, typed/piped any other content, and then it just prompted you to type your password. Done. That's it.

Now you need to log in with a browser, find some obscure settings page with API keys and generate a key. Paternalism demands that since some people insecurely store their password for automatic reuse, no one can ever API with a password.

Fine-grained permissions for the key? Hope you got it right the first time. You don't mind having a blocking decision point sprung on you, do ya? Of course not, you're a champ. Here's some docs to comb through.

That is, if the service actually offers API keys. If it requires OAuth, then haha, did you really think you can just make a key and use it? you fool, you unwashed barbarian simpleton.

No, first you'll need to file this form to register an App, and that will give you two keys, okay, and then you're going to take those keys, and - no, stop, stop trying to use the keys, imbecile - now you're going to write a tiny little program, nothing much, just spin up a web server and open a browser and make several API calls to handle the OAuth flow.

Okay, got all that? Excellent, now just run that program with the two keys you have, switch back to the browser, approve the authorization, and now you have two more keys, ain't that just great? You can tell it's more secure because the number of keys and manual steps is bigger.

And now, finally, you can use all four keys to make that API call you wanted. For now. That second pair of keys might expire later.

It's always "funny" to remember that software development as field often operates on the implicit and completely unsupported assumption that security bugs are fixed faster than they are introduced, adjusting for security bug severity.

This assumption is baked into security policies that are enforced at the organizational level regardless of whether they are locally good ideas or not. So you have all sorts of software updating basically automatically and this is supposedly proof that you deserve that SOC2 certification.

Different companies have different incentives. There are two main incentives:

Limiting legal liability

Improving security outcomes for users

Most companies have an overwhelming proportion of the first incentive.

This would be closer to OK if people were more honest about it, but even within a company they often start developing The Emperor's New Clothes types of behaviour.

---

I also suspect that security has generally been a convenient scapegoat to justify annoying, intrusive and outright abusive auto-updating practices in consumer software. "Nevermind when we introduced that critical security bug and just update every day for us, alright??"

Product managers almost always want every user to be on the latest version, for many reasons of varying coherence. For example, it enables A/B testing (provided your software doesn't just silently hotpatch it without your consent anyway).

---

I bring this up because (1) I felt like it, (2) there are a lot of not-so-well-supported assumptions in this field, which are mainly propagated for unrelated reasons. Companies will try to select assumptions that suit them.

Yes, if someone does software development right, the software should converge towards being more secure as it gets more updates. But the reality is that libraries and applications are heavily heterogenous -- they have different risk profiles, different development practices, different development velocities, and different tooling. The correct policy is more complicated and contextual.

Corporate incentives taint the field epistemologically. There's a general desire to confuse what is good for the corporation with what is good for users with what is good for the field.

The way this happens isn't by proposing obviously insane practices, but by taking things that sound maybe-reasonable and artificially amplifying confidence levels. There are aspects of the distortion that are obvious and aspects of the distortion that are most subtle. If you're on the inside and never talked to weird FOSS people, it's easy to find it normal.

One of the eternal joys and frustrations of being a software developer is trying to have effective knowledge about software development. And generally a pre-requisite to that is not believing false things.

For all the bullshit that goes on in the field, I feel _good_ about being able to form my own opinions. The situation, roughly speaking, is not rosy, but learning to derive some enjoyment from countering harmful and incorrect beliefs is a good adaptation. If everyone with a clue becomes miserable and frustrated then computing is doomed. So my first duty is to myself -- to talk about such things without being miserable. I tend to do a pretty okay job at that.

How to install NewPipe on Android

NewPipe is a YouTube replacement client for Android devices. It's open-source (meaning, you can see all of their code as you please), privacy-oriented, lightweight, and supports features that are normally locked behind a YouTube Premium paywall.

Disclaimer: I am not affiliated with NewPipe, YouTube, Android, Google, Alphabet Inc, or any other brand or name mentioned here. I made this guide to help my friends who were curious.

NewPipe's Website: https://newpipe.net/

The GitHub Repository

Step 0. Compatibility check

Make sure you're running an Android device! This won't work on an Apple device of any kind! Also, for those more tech-savvy among you, if you have the F-Droid store installed, you can download NewPipe straight from there!

Step 1. Downloading

Go to NewPipe's Github repo (repository, the codebase or where all of the code is stored). Scroll to the bottom of the page until you see "Releases". Click on the one that says "Latest" next to it in a little green bubble:

Your version number (v#...) will be different if you're reading this in the future! That's okay. Scroll past the changelog (unless you want to read it!) until you find "Assets":

Click on the first one, the one with the little cube ending in .apk. APK files are Android Package (Kit) and are the main format for downloading apps. Once you click on the link, it should begin downloading or your browser will ask you to confirm that you want to download this file. You should always verify the filename matches what you expect it to be (namely, the file format) before attempting to install! It might take a few moments for the file to download depending on your internet connection.

Step 2. Installation

Once you have the file downloaded, you can click the download popup in your notification bar or find the file in your device's file system. One of 2 things will happen:

You will get a popup asking if you want to install an APK by the name of NewPipe - confirm that you do (and make sure the app is really NewPipe!) and it will install automatically. You can then click "Open" to open the app and begin using it.

You will get a popup warning you that you have the ability to install apps from unknown sources disabled and that you can't install this. This is normal and does not mean that you downloaded the wrong thing.

If you got the first popup, continue past this step. For those of you who got the second, let's go over what this means.

By default, most Androids have this setting disabled. This is for security purposes, so you can't accidentally install a malicious app from the whole internet. If you enable this setting (allow installations from unknown/unsigned sources), you are theoretically putting yourself at risk. Realistically, you're probably fine. But, after installing NewPipe, you can always re-disable the setting if it makes you more comfortable. That will prevent you from installing updates in the future, but it can always be re-enabled.

Ready to turn that setting on? It will vary by your individual device! Some devices will take you directly to the page with the setting upon failed installation, and some you will just have to find it yourself using the searchbar in settings.

Once you've allowed installations from unknown sources (wording may vary slightly), try to repeat the steps above of clicking the download popup or finding the APK in your files and trying to install it. It should work correctly this time!

Step 3. Updating NewPipe

Like most apps, NewPipe is in development currently and frequently has new versions released to improve it and fix bugs. Unlike most apps, NewPipe needs to be manually updated, since we haven't downloaded through the Google Play store.

To update NewPipe, all you have to do is follow the above steps for installing the app, except that when you get the popup asking to install it, it will instead say "Update". That's it! NewPipe and Android handle the rest.

NewPipe also has popup notifications for when the app has a new update, so you don't have to worry about checking the GitHub for a new release. Just click on the "A new version is available" popup and it should take you directly to the webpage.

That's it! Enjoy browsing videos in peace without ads and with the ability to download and so much more. Pro tip: you can copy paste YouTube links into the NewPipe search bar to go directly to that video/playlist/channel.

I am going to a CONFERENCE FEBRUARY 26-27 !

You "ok Moose... thats neat I guess but" Me again(interrupting): I am going to sell you on this immediately! CrowdStrike will be there! You "I... neat I guess... wait was that not those guys that broke 10 million windows computers? Hospitals, 911 lines, trains, security all going down? Billions in damage, people died. Those guys?" YES! And they are giving TALKS ! :D 2 of them! Building Resilience: Amplify Cybersecurity with the Power of AI And 2024’s Threat Actors Unmasked: What to Expect in 2025 CROWDSTRIKE IS HERE TO TELL US HOW TO IDENTIFY CYBERSECURITY THREATS! The OBJECTIVELY biggest thread to cybersecurity in 2024 is here to tell you how to spot threats. I am SO going to ask if the answer is "We look in the mirror" I am going to bring the BIGGEST bucket of popcorn I can find, have LOADS of interesting fun questions and have an AWESOME day. And it is free. I am using days off, but I will try to convince my boss that it is education. Who knows.

Here is a link to the event. It is free if you are nearby :3

(via The US will ban sales of Kaspersky antivirus software next month)

The Biden administration has taken a sweeping action to ban Kaspersky Labs from selling its antivirus products to US customers. The Russian software company will not be able to sell to new customers starting in July and cannot provide service to current customers after September.

Ahead of the official news, a source told Reuters that the company's connections to the Russian government made it a security risk with the potential to install malware, collect privileged information, or withhold software updates on American computers. US Secretary of Commerce Gina Raimondo announced the ban at a briefing today.

"You have done nothing wrong, and you are not subject to any criminal or civil penalties," she said to current Kaspersky customers. "However, I would encourage you, in as strong as possible terms, to immediately stop using that software and switch to an alternative in order to protect yourself and your data and your family."

to my old school computer

the keys on you may get stuck

like they would if you were a neglacted piano

but this message I'm writing

i never expected to be my last

we aren't together anymore, and you're

a non-sentient piece of technology,

hurriedly assembled and slow,

made clunkily by a machine, you don't run anymore

today they'll shut you down, and you won't remember

the 27,000 documents and pictures and videos and memories

we shared together.

this is to my old school computer.

i would hold you forever, without the factory reset

that breaks six years of warmth and late nights spent together.

in another life, I could stay attached, and we would

never have to forget one another.

Update device within 19 hours. the clock winds down with a tick.

"The district requires you to update your Chromebook

before the deadline." but this update will never come

and this deadline is forever your last

even though you don't know me like I know you,

i'll miss you all the same.

maybe you're in there, and maybe you'll miss me too,

maybe you loved me like I loved you

you were a friend, and a help, a distraction

from the loud world around me. without you I am nothing.

i take a deep breath in, close your lid shakily, and mutter my

goodbye.

Absolutely mind-boggling how kaspersky, a software with near perfect rating when it comes to security, is being banned in the USA because it's from russia (it's being operated from the UK).

And the reason is that they COULD leak data to russia. Yknow, something every single other cyber security software COULD do as well. It was founded over 25 years ago and nothing ever happened, you think they gonna start now? Really? And, again, you don't have to be working for a russian company to be a russian spy, who's to tell some mcafee employee won't leak data instead?

I'm usually not one to defend a billion dollar company but the blatant lack of knowledge and "this man from russia made it = it's evil" reasoning is so infuriating. Maybe sit down for once and talk to the people who tested the security software. Jfc.

I used Netscape Navigator 4.0 as my main browser until 2018. I might have one of the only surviving installs of Netscape Navigator 8 and 9 since they were only available through a web installer attached to long-dead servers

While I appreciate the Netscape enthusiasm, the mere thought of using a 20-year-old piece of software to do your daily browsing, has me like

The security risks, fallentechnate! Oh the humanity!

Ok but with Sun and Moon's dialogue in the DLC all I can think about is Yzma's scrapped song from Emperor's New Groove

And moon destroying any source of light

father. you are so annoying sometimes. get's a single hint of something not working anymore and immediately doomsday's it and tries to set on the path of replacement. man is single-handedly keeping consumerism alive.

Why Digital Wallets Like WeGoFin Are the Future of Money Management

In a world where convenience, speed, and security drive financial transactions, digital wallets have emerged as the future of money management. Platforms like WeGoFin are transforming the way individuals and businesses handle finances, providing seamless, secure, and efficient payment solutions. Here’s why digital wallets are here to stay and how WeGoFin is leading the charge.

i don't think people realize how mason is deadass set to become a billionaire by his mid 30s.