• 5 Posts
  • 535 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle
  • require a separate device that looks like a calculator to use online banking

    To be fair this actually provides a very high level of security? At least in my experience with AIB (in Ireland) you needed to enter the amount of the transactions and some other core details (maybe part of the recipient’s account number? can’t quite recall). Then you entered your PIN. This signed the transaction which provides very strong verification that you (via the PIN) authorize the specific transaction via a trusted device that is very unlikely to be compromised (unless you give someone physical access to it).

    It is obviously quite inconvenient. But provides a huge level of security. Unlike this Safety Net crap which is currently quite easy to bypass.


  • which is supposed to enforce to run apps in secured phones

    The point of the Google Play Integrity API is to ensure that the user is not in control of their phone, but that one of a small number of megacorps are in control.

    Can the user pull their data out of apps? Not acceptable. Can the user access the app file itself? Not acceptable. Can the user modify apps? Not acceptable.

    Basically it ensures that the user has no control over their own computing.




  • Just to be clear it is probably a good thing that YouTube re-encodes all videos. Videos are a highly complex format and decoders are prone to security vulnerabilities. By transcoding everything (in a controlled sandbox) YouTube takes most of this risk on and makes it highly unlikely that the resulting video that they serve to the general public is able to exploit any bugs in decoders.

    Plus YouTube serves videos in a variety of formats and resolutions (and now different bitrates within a resolution). So even if they did try to preserve the original encoding where possible you wouldn’t get it most of the time because there is a better match for your device.


  • From my experience it doesn’t matter if there is an “Enhanced Bitrate” option or not. My assumption is that around the time that they added this option they dropped the regular 1080p bitrate for all videos. However they likely didn’t eagerly re-encode old videos. So old videos still look OK for “1080p” but newer videos look trash whether or not the “1080p Enhanced Bitrate” option is available.



  • I’m pretty sure that YouTube has been compressing videos harder in general. This loosely correlates with their release of the “1080p Enhanced Bitrate” option. But even 4k videos seem to have gotten worse to my eyes.

    Watching a higher resolution is definitely a valid strategy. Optimal video compression is very complicated and while compressing at the native resolution is more efficient you can only go so far with less bits. Since the higher resolution versions have higher bitrates they just fundamentally have more data available and will give an overall better picture. If you are worried about possible fuzziness you can try using 4k rather than 1440p as it is a clean doubling of 1080p so you won’t lose any crisp edges.





  • To put it another way you want to be using all of your RAM and swap. It becomes a problem if you are frequently reading from Swap. (Writing isn’t usually as much of an issue as they may be proactive writes in case more memory needs to be filled up).

    Basically a perfect OS would use RAM + Swap such that the least disk reads need to be issued. This can mean swapping out some idle anonymous memory so that the space can be used as disk cache for some hotter data.

    In this screenshot the OS decided that it was better to swap out 3GiB of something to use that space for the disk cache (“Cached” ). It is likely right about this decision (but is not always).

    3 GiB does seem a bit high. But if you have lots of processes running that are using memory but are mostly idle it could definitely happen. For example in my case I often have lots of Language Servers running in my IDE, but many of them are for projects that I am not actively looking at so they are just waiting for something to happen. These often take lots of memory and it may make sense to swap these out until they are used again.


    1. Launching Steam games outside of Steam can be very difficult. Some games outright won’t allow it.
    2. Steam provides native libraries such as the overlay, networking and matchmaking tools, achievements… You need to have Windows versions of these which wouldn’t be distributed by default in the Linux version of Steam.
    3. In the past Steam just didn’t run under Linux, so you had no other option.


  • It used to be common and useful. I did this even after Valve shipped a native Linux TF2 as at the beginning the Wine method gave better results on my hardware. But that time has long passed as Valve has integrated Wine (Proton) and in almost all cases the Linux native builds will outperform Wine (and Steam will let you use the Windows version via Proton if you want even if there is a native Linux build).

    So while I suspect that there are still a few people doing this out of momentum, habit or reading old tutorials I am not aware of any good reasons to do this anymore.





  • NAT sort of accidentally includes what is called a “stateful firewall”. It blocks inbound connections because it doesn’t know where they should go. IPv6 eliminates the need for NAT but doesn’t prevent stateful firewalls. It is just as easy to implement stateful firewalls (actually a bit easier) for IPv6 without NAT. The difference is that the choice is yours, rather than being a technical limitation.

    For example if I had a smart microwave I would want to ensure that there is some sort of firewall (or more likely for me not connect it to the internet at all, but I digress). However I may want my gaming computer to be directly accessible so that my friends can connect to my game without going through some third-party relay, or maybe my voice chat can be direct between me and my friends for extra privacy and better latency.

    Also relying on network-level protection like this is a good idea in general. Eventually a friend is going to come over with an infected network and connect to your WiFi. With just NAT this will allow the malware on their computer to access your microwave as they are “inside the NAT”. If you were applying a proper stateful firewall you would likely apply it to all traffic, not just internet traffic.


  • Mostly dropping the analogy as it falls apart quickly once you try to talk about more specific details.

    How do I handle whether I want my phone number to be known to the world?

    If you don’t want people to be able to call you then you can block incoming calls. This is sort of the like IPv4 NAT case, people can’t connect in (unless you forward ports). Or if you want to you can allow incoming calls. The choice is up to you now rather than being forced by a technical limitation.

    Does my phone number ever change on its own or can I freely change it?

    Generally you will be provided a “prefix” by your ISP. In v4 this would typically be a full address. In v6 there are a huge number of addresses inside this prefix. In both cases how often the prefix chances is up to your ISP, but for v6 you can chance the suffix you use inside of the prefix as often as you want.

    Who has the phone book?

    There are two main parts of “the phone book”. There is “Who owns this address?” and “How do I get to this address?” Both of these are basically identical between IPv4 and IPv6.

    For “Who owns this address?” there is a global directory of assignments. This is typically done in multiple layers.

    1. The whole address space is split among reserved addresses and continental registries.
    2. The continental registries distribute addresses to organizations or individuals.
    3. The organizations and individuals distribute addresses to customers/devices.
    4. This may continue, for example if your home internet connection is assigned multiple addresses (rare on v4, expected on v6) then you can assign addresses to devices in your house.

    For “Who do I get to this address?” A protocol called BGP is used to advertise where an address is available from. So I may say “If you want to get to addresses 32 to 64 come talk to me”. This is sort of like in a hotel how there are signs saying which room numbers are in which direction. When two networks are connected they share this information between them to establish a “routing table”, so they know how to get to everywhere else on the internet.

    This may look something like this:

    1. Your laptop wants to talk to address 17. It has learned that addresses 1-8 are “local”, everything else goes out your home internet connection.
    2. Your residential ISP is connected to 4 different other networks (likely a Tier 1 ISP), two of these have access to address 17, but one is “closer” so your ISP sends it there.
    3. This tier 1 ISP knows that a network it is connected to serves addresses 16-32. (Maybe this is your friend’s residential ISP.) So it sends the traffic there.
    4. Your friends residential ISP knows that addresses 16-20 are assigned to your friends house, so it sends the traffic there.
    5. Your friends router knows that address 17 is their desktop, so it sends the traffic there.

    Overall no single places knows how to get to every other address. But they know the best next step. So you don’t know where 17 is, but you know to send it to your ISP, your ISP doesn’t know where 17 is but knows that their partner tier 1 ISP knows how to get there, the tier 1 ISP doesn’t know where 17 is, but knows that it belongs to your friend’s ISP, your friends ISP doesn’t know what device 17 is, but knows that it is in your friends house, then finally your friends home router actually knows that 17 is your friends desktop.

    You can sort of imagine this like delivering mail. If I send mail in Canada that is addressed to England, Canada Post doesn’t really care where exactly I am sending the letter. It just knows that it needs to forward it to Royal Mail and they will handle it from there.