The attacker can't be forced to make a request. In this PoC the attacker disabled their own outgoing image requests.
But that wouldn't help anyway, even if the image could be cached near the sender first, or the signal server prewarmed some other cache. After the victim opened the image, the attacker would see two locations that have the image cached, and could easily deduce which one is the victim's location (e.g. if Signal pre-warmed a random cache, repeating the attack a couple of times would be enough to eliminate the randomness).
I find it amusing that Chinese subsidies are painted as something terrible for the rest of the world and not China. You can a get high-tech cars for cheap, at China's expense! Chinese taxpayers are paying to upgrade your car!
(yeah, it's really about protecting local manufacturing that has fallen behind and can't compete, despite having its own domestic subsidies)
Exactly. Why shouldn't people take advantage of a tech startup's ridiculous prices backed by VC money? Why shouldn't people buy cheap EVs backed by Chinese tax payers?
It has been noted that if your competitor is paying out of pocket to flood the market with cheap goods, the optimal strategy is to buy up as much of the cheap goods as you can.
PNG and JPEG are simple enough that a single person can write a useful decoder for them from scratch in a weekend or two.
The newer formats achieve better compression by adding more and more stuff. They're year-long projects to reimplement, which makes almost everyone stick to their reference implementations.
Nah the space savings can significantly cut down on bandwidth costs at scale. They'll get (and have been?) pushed by Google and friends for that reason.
ICC isn't too complex itself, but the bolted-on design of color profiles makes them annoying to handle, and easy to ignore.
You can't just handle pixels, you need to handle pixels in a context of input and output profiles. That's a pain like code-page based text encodings before Unicode, and we haven't established a Unicode equivalent for pixels yet.
The problem colour profiles solves is about how the monitor should display those colours. It’s so that what you see on the screen is going to be exactly the same shade of CMYK as what gets printed.
It’s a big problem for magazine (and equivalent) publishing. Movies too. But much less of an issue for other media industries which are targeting end user devices like smart phones and laptops.
The equivalent in typefaces would be the font rasterisation itself (like Microsoft Clear Type) rather than code pages.
"Unicode for pixels" would be something like Rec.2020 color (with some specific high depth and HDR solution defined) used in all APIs that take pixels. Currently sRGB is the closest to a universal default, but that's ASCII of pixels.
You need a monitor profile because the display protocol takes dumb numeric values that are interpreted in monitor-specific way, instead of being sent in some universal color space, and converted to monitor's internal format by the monitor itself.
In this analogy monitors are like pre-Unicode printers, where characters were just bytes, and the bytes mapped to whatever 8-bit language-specific font the printer had.
You’re assuming that monitors and printers can be trusted to accurately reproduce the colour space even if there was a profile attached (which, by the way, most monitors do actually have).
This isn’t true. Particularly with monitors where people can adjust the contract and brightness.
The reason colour profiles exist is so that computers can be calibrated to support the monitor output.
You are also ignoring the fact that environmental factors can have an effect too. Ie how the room is lit.
Comparing something standardised like writing glyphs with something highly individual (monitor calibration) doesn’t make a whole lot of sense.
They're right that they need to actually shift the power away from Bluesky and have users use other servers.
The AT protocol may promise decentralisation and an insurance policy, but that is meaningless if Bluesky the company can stop using the AT protocol and survive it.
As long as the majority of users use the official app and log in to the primary server with their username/password, not the protocol's private key, Bluesky isn't forced to continue using the AT protocol. They still have power to push the enshittify button, block federation, and keep users captive on the official app/website like Musk's X does.
When the meaning of a word gets distorted by use in bad faith, it's no longer useful for its original purpose.
Switching to another word isn't ceding power to the bad people. It's taking away their power to redefine things. It's letting them have the now-useless word exclusively, which will become associated with their speech, and not the original meaning. The original meaning is reclaimed by using a new not-yet-soiled word for it, and the cycle continues.
Is there a specific other word you'd suggest? I was watching an event last week where the promoters:
* had everyone declare their pronouns
* advertised their segregated black-only event next month
* repeatedly interrupted to chant "trans rights!"
This is a very common cluster of behavior, and I'm not sure what I would call it other than "woke". If there's another word that would be better, I'm all ears. But my experience has been that proponents don't find any word acceptable, because what they object to is the very idea that this is a distinct cluster of behavior. They feel, as the source article says, that each of my bullet points is just an independent matter of respect.
Cargo is 10 years old, and it's been working great. It has already proven that it's on a different path than npm.
* Rust has a strong type system, with good encapsulation and immutability by default, so the library interfaces are much less fragile than in JS. There's tooling for documenting APIs and checking SemVer compat.
* Rust takes stability more seriously than Node.js. Node makes SemVer-major releases regularly, and for a long time had awful churn from unstable C++ API.
* Cargo/crates-io has a good design, and a robust implementation. It had a chance to learn from npm's mistakes, and avoid them before they happened (e.g. it had a policy preventing left-pad from day one).
And the number of deps looks high, but it isn't what it seems. Rust projects tend split themselves into many small packages, even when they all are part of the same project written by the same people.
Cargo makes all transitive dependencies very visible. In C you depend on pre-built dynamic libraries, so you just don't see what they depend on, and what their dependencies depend on.
For example, Rust's reqwest shows up as 150 transitive dependencies, but it has fewer supported protocols, fewer features, and less code overall than a 1 dep of libcurl.
Yes, it works with GitHub, GitLab, Bitbucket, and everything else. It's built into the compiler toolchain.
It works with every syntax that you can compile, because it uses the compiler itself to extract the documentation.
Yes, it works on Windows too. Rust supports Windows as a first-class platform. It works with dependencies too (the docs even link across packages). The fragmentation of C tooling and unreliability/complexity of integrating with C builds is not a universal problem.
Rust's built-in documentation generator creates HTML, so anything with a browser can show it. It also has JSON format for 3rd party tooling.
The same language syntax for the documentation is understood by Rust's LSP server, so vim, emacs, and other editors with LSP plugins can show the documentation inline too.
I've been using this for years, and it works great. I don't miss maintaining C headers at all. I write function definitions once, document them in the same place where the code is, and get high fidelity always up-to-date API docs automatically.
It would be easily fixable if CommandlineToArgvA was obtaining the command line itself. Then instead of converting to ANSI and then parsing that, it could parse args in Unicode, and then convert argument by argument to ANSI. The output would be ANSI compatible, but split and unescaped in the true form.
Unfortunately, the parsing is a two-step operation, with the application calling GetCommandLineA itself first and passing that to the parser, so a fix would need a hack to correlate the versions of the command line input without breaking when it's given a different string.
It's not the first pointless downgrade of the LG remote: they've already removed the pause button.
Now pausing and unpausing is done with the general-purpose click-wheel, is up to each app to implement, and is dependent on the UI state.
If a wrong element is focused (which is not hard to do, because the button is a scroll wheel surrounded by directional buttons), you may end up toggling subtitles or some other option when trying to pause or unpause.
It used to be a hardware button that always worked, was trivial to find by feel, easy to activate, and worked instantly.
Now it's "wait, I need to pause! Oops, I moved the scroll wheel button by a notch when pressing it, so it's a mouse cursor now! I fast-forwarded to the second half of the movie and the audio is in French."
Oh, hey, I was working on that back in 2014 for one of the big TV manufacturers. The project was ultimately cancelled.
It was nice for things like switching HDMI inputs; you could dynamically update the name and icon, making it more intuitive for someone who had never used the TV before and didn't know what was plugged into which port. You could also adjust settings more easily without everyone have to watch together with you on the big screen as you dug to find the obscure setting to tweak.
But your complaints were equally valid, and were a concern at the time.
I would have liked to see it ship, if just to see if customers liked it. A traditional remote still worked too. But oh well.
When I press the "input" button on my remote, the TV displays a list of HDMI ports and what is plugged into them. Why would I want to be looking at my remote for that information? I'm already remote-controlling the best display device I own.
They have very few buttons, which you can't tell apart in the dark (unless you remember the layout) and everything must be done through the UI which tries to upsell you some streaming service everywhere.
What TVs should be adding, though, is Wiimote functionality. Build the IR array into the bezel and let me point the remote to select something with a cursor, with arrow keys as a fallback if I'm lazy.
Was it LG? I bought a lot of their discontinued Android-powered “smart” remotes for a project a few years ago. They unfortunately had their uses for other applications limited by a battery life of less than 30 minutes - I assume they were meant to live on the included Qi-powered stand.
Yeah, the Logitech Harmony remotes that combined real buttons with a touch screen, particulary the Harmony One, were amazing. You had buttons for all of the common stuff, like volume, play, pause, numbers, and so on, but then you also had a touch screen so you could directly trigger actions that can't have physical buttons because they're different between individual setups.
even if it was pricey. (Used to be able to get them refurbed at a decent price...) The touchscreen works really well, you can even use it to control the cursor on a PC. It has the buttons you'd expect on a remote control. It can run your Phillips Hue, CD changer, Blu Ray Player, TV everything. Makes the dominant paradigm of Apple, Netflix, Spotify and all that look like garbage, but I guess a lot of people now don't have anything to control with it anymore.
The configuration of my system got messed up and and I didn't bother to fix it because I thought they'd discontinued it; the latest I've seen is that they quit manufacturing it but they are still keeping the database up so I might trying bringing it up again.
My more well-to-do uncle has an older version of this for his absurd setup. Idk that it was the remote's fault or not, but the system was so stupidly complicated it burned into my brain that I'd just much rather not have any of the materialistic garbage it attempted to control. Not judging exactly, because everyone has different preferences, but I just couldn't envision myself loving what amounts to the digestion of video enough to try and wrangle any of it.
A TV and a receiver? Sure, fine. But also the PlayStation, movie server, regular cable input, Roku and Netflix and the "Smart" features of the TV for some reason. So many redundant boxes and services.
Maybe it's because I'm not part of the demographic that wants to own a house with a basement or extra rooms in the suburbs to begin with, but I can see how it would be quite a nice setup if you already had the house, money, and interest in media.
Nowadays, devices like the Broadlink RM4 Pro fills the same niche. It can learn both IR and Wireless protocols to remotely control most household devices (not just audio/video stuff).
The difference is that is does not come with a remote - instead there is either a phone app which can be used to directly control it or it can work with Alexa/Home Assistant.
I think it's a great way to "smarten" some older "dumb" devices.
I'll note my displeasure that buttons appear to be disappearing for "smart lighting" products where I assume they expect that you don't want light switches and want to control everything from a phone.
Phillips used to make a great switch, for instance, that was powered by the piezoelectric effect and didn't need batteries. I got a good deal on mine but regular pricing was unreasonable and it's been replaced by something nowhere near as cool. Sengled switches work well and are well priced but whenever the power goes out (10x a year at my location) they drain the battery trying to contact the hub, so I've spent in CR2032's whatever I saved.
(I'm glad Phillips avoided making the own goal of selling off the Hue brand because we'd still like to have a few Western brands in this space. I mean, they are getting their ass kicked by the likes of
Vizio did this back in the 2018 time frame (ask me how I know). It's a small Android tablet with the Vizio app on it. You can also just download the app onto your phone and use it that way. It was so unpopular that Vizio eventually relented and handed out normal remotes. As far as I know, their modern TVs continue to use a standard remote.
I still have my 2018 Vizio that came with the stupid android tablet. On day one I blocked internet access for the TV, plugged in an Apple TV, and put the android remote in a drawer where it sits to this day.
I bought a very cheap Vizio TV around that time (I was in college) that didn't include a remote in the box. You had to use the app.
I'm sure I'm messing up some of the details, but --
The TV needed to be connected to a network for the app to work. The university required you to register the device's MAC address before it could join the network. The TV had an ethernet port, and its MAC was printed on a sticker on the back of the TV, so I was able to get that going. But it wasn't convenient to keep an ethernet cable routed to the TV (the room was awkward) so my roommate and I wanted to get it on the WiFi.
There was literally no way to open the TV's OSD and view the WiFi MAC address with the Vizio app. You needed a physical remote to access that part of the UI.
IIRC we ended up finding an old WiFi access point and connected the TV to it in order to view its WiFi MAC in the access point's admin UI.
They could have just given us a damn remote in the box! It was infuriating.
Well, my TV is it's own remote: it's one of my tablets or my phone or my laptop connected to a Raspberry Pi 3B with a TV hat, connected to the antenna on the roof. It runs tvheadend and I run its client on my devices, TVH Client on Android and TVH Player on Linux and Windows. Those devices are smart and can also run Netflix, YouTube etc without the TV spying on me. Each app can do its own spying but at least for YouTube there are alternative players that are more well behaved.
If there is another person at home I can boot a second Raspberry connected to another cable from the antenna or connect one of those devices to the HDMI input of my TV that sits unused in a corner of my living room. It's not usual to watch something with other people nowadays.
With this arrangement everybody can watch TV anywhere in the house and carry it wherever they go without having to pause the stream.
Phone remotes do indeed exist! Both Roku and Apple TV (and definitely others; that’s just my direct experience) have them. They’re ok, handy when you need it.
So I gotta imagine Samsung/LG will eventually just make apps anyways. Why bother with a touch screen remote that has to be a similar size anyways
This is utterly aggravating. That's literally the button I use the most by a factor of 10x. The center button behavior differs between apps and is inconsistent enough to drive me crazy. This just makes me want to live more exclusively inside a single app, and that app is without question going to be Jellyfin. I'm certainly not a normal consumer, but I'm just moving further and further away from what they want.
Jellyfin is so bad on my XBOX I'm thinking of going back to Plex. I was really angry when Plex pivoted to a FAST service but after I got sucked into Tubi it didn't seem fair to punish Plex anymore.
At least a Kagi search (for FAST Service Acronym) gives me:
"FAST (free ad-supported streaming TV) is a business model. It is, as the name implies, a streaming TV service that supplies programming for free. Period. Almost all of the FAST services offer linear channels and on demand options."
Give Tubi a try, it's like broadcast TV and the lower tier of cable channels died and went to heaven. Fox news is spending heavily on it at a loss right now so it's in the early phase of the enshittification cycle. (I didn't take it personally when I gave it my email and it showed me retargeted ads for brands I'd disengaged with years ago)
What are the odds that this was tested with actual users?
I remember a time long ago, in a galaxy far far away where the user experience mattered more than whatever whims designers had.
My old car, for example, had big buttons that were meant to be usable with gloves. That was a godsend in the Swedish winter. It wasn't very pretty, but the memory of it makes me want to scream every time I have to use a touch interface in a car.
Can you imagine if management were to prioritize what consumers wanted, rather than jumping onto the latest trend for their careers?
We might have TVs with remote locator buttons that would make the remote control ping audible via a press of a button on the TV? So much time saved and happiness granted with ancient technology.
But no, AI. Bad product folks who want to experiment and make their mark more than they want to improve the experience.
You can buy a LG compatible remote on Amazon for $ 10-20 with a pause button that will most certainly work. The codes are still being interpreted, just that they removed or repurposed the physical button on the remote. My kid destroy LG remotes on a yearly basis and I have purchased the cheap one (non magic wand or whatever they call the Wii like experience). It does what I need it to do. Change the brightness, input, channel and volume as well as HDMI-Arc play pause.
I know this is unequivocally a bad solution, but LG is weirdly good about supporting remotes across generations.
No guarantees about the 2025 model, but a couple of years back I specifically bought a _newer_ remote, because my 2018 model didn’t have a pause button, but the 2019 ones did. Everything worked fine out of the box.
Are there 3rd party remotes for these TVs? Or is the problem that there is not even a general "pause" command now?
I got an old TCL(don't get me started) and when the original remote died I got a noname IR thing that is even capable of switching to a custom channel.
Third party remotes do work on most TVs, I use a Nvidia Shield Remote on my TCL over bluetooth for example.
I cannot however turn the TV on using that remote. Having a dedicated Play/Pause Button is still worth it however.
I had an LG TV and it developed a terrible blue tint after 2 years because LG used low quality backlight LEDs. So now I am avoiding LG. It's the only TV I've had in my life that deteriorated. I am still using an 18 year old Sony in another room which is still as good as new.
My 2020 LG CX has a pause button on the remote, but my mum's 2021 C1 doesn't have it anymore. It's a lot worse to use because every time you pick up the remote the cursor appears on the screen and clicking the general purpose wheel will click whatever the cursor is pointing to, so sometimes you need to aim the remote(carefully!) to pause, instead of just having a button for it like on my remote.
> It's not the first pointless downgrade of the LG remote: they've already removed the pause button.
I don't have an LG nor a TV but why would you need a pause button. Isn't it more interesting to have play button act as a toggle play/pause like on any software video/music player?
White, plastic, 6 buttons (up, down, left, right, select, cancel). That's it. Worked great with Kodi on an Intel MacMini. Could easily do everything I needed to do.
Since then they first ruined it by changing it be a kind of metal that felt like chalk on my hands. It was horrible
It was impossible to use because trying to select (clicking the touch surface) would always end up also adding left/right/up/down events so you'd always select something other than what you wanted to select. I have no idea how that POS ever made it out of user testing.
They made it slightly better but still broken by changing it back to a circle.
But the circle itself is still a touch surface and still always moves your selection as you try to select something. It's atrocious!
In any case, the 6 button remote back from the beginning was the best. I still use Kodi on an AppleTV now, but I use a separate remote and only use 6 buttons.
When something is playing, pressing the cetner button pauses, pressing again unpauses, pressing up/down adjusts the volume. Pressing back exits the movie, holding the center for 2 seconds brings up more detailed controls.
Kodi also has the best queing experience of any app. Pressing right skips forward 10 seconds, again within some threshhold, 30 second, then 1 min, 3 mins, then 10. I can get anywhere in a movie instantly.
Compare this to Netflix, or Apple TV+, or Crunchyroll, or Amazon, etc... They all suck. Generally left/right jumps +10 or +30 period. If you want to get to the end you're forced to hold right, wait for it to go into "fast forward mode", then press right for 2x, 4x, 8x, 16x, Then wait forever as it slowly goes through the movie. So bad.
For what it’s worth, the touch surface can be disabled so that the latest remote only accepts physical presses. I discovered this after losing my mind for a month or so, and it’s made a huge difference.
It may be interpreted in a defeatist way that poka-yoke is pointless, because it can always be defeated, but in reality improvements that save almost all "idiots" are still worthwhile.
An interlock in the microwave doors can't stop a better idiot from disassembling it, but it prevents a lot of everyday mistakes, and that's super helpful.
I have always thought of this saying as a warning that just because you have implemented a single layer of interlock doesn't mean that you are done.
For instance, let's say you risk electrocuting yourself if you insert a cable the wrong way. So the designers specify a keyed connector, which is the right thing to do. However, it is good to have in mind that some super-idiot will find a way to insert it the wrong way anyways. And as much as you believe in Darwinism, it may still be a good idea to mitigate the risk of electrocution if it happens.
But that wouldn't help anyway, even if the image could be cached near the sender first, or the signal server prewarmed some other cache. After the victim opened the image, the attacker would see two locations that have the image cached, and could easily deduce which one is the victim's location (e.g. if Signal pre-warmed a random cache, repeating the attack a couple of times would be enough to eliminate the randomness).