Internet of shit
-
@Rhywden I sometimes have similar issues with my Apple TV, where I only get sound on a black screen, or just a spinning wait indicator — almost (?) exclusively when trying to play something from the Amazon Prime app, come to think of it. But restart the device and videos play fine again.
This aside from the lunacy of the cable making a difference for whether or not certain video qualities can be played over it. If a cable can’t handle all the signals that might be sent over it, specify a different connector for it so that your average consumer can’t get confused by this. (Which the latest iterations of USB also seem to have forgotten, BTW.)
-
@Gurth said in Internet of shit:
@Rhywden I sometimes have similar issues with my Apple TV, where I only get sound on a black screen, or just a spinning wait indicator — almost (?) exclusively when trying to play something from the Amazon Prime app, come to think of it. But restart the device and videos play fine again.
This aside from the lunacy of the cable making a difference for whether or not certain video qualities can be played over it. If a cable can’t handle all the signals that might be sent over it, specify a different connector for it so that your average consumer can’t get confused by this. (Which the latest iterations of USB also seem to have forgotten, BTW.)
No, speed rating starts to matter at high resolution.
-
@Gurth said in Internet of shit:
@Rhywden I sometimes have similar issues with my Apple TV, where I only get sound on a black screen, or just a spinning wait indicator — almost (?) exclusively when trying to play something from the Amazon Prime app, come to think of it. But restart the device and videos play fine again.
This aside from the lunacy of the cable making a difference for whether or not certain video qualities can be played over it. If a cable can’t handle all the signals that might be sent over it, specify a different connector for it so that your average consumer can’t get confused by this. (Which the latest iterations of USB also seem to have forgotten, BTW.)
The problem with USB-C is that it needs an active negotiation - there's actually a chip in the connector. It's not a mere cable with wires.
This matters when you want to push 240 W through such a wire.
-
That’s what I’m saying: when these kinds of things matter, use a different connector so that users can’t fit an unsuitable cable.
-
@Gurth said in Internet of shit:
so that users can’t fit an unsuitable cable.
You think they still won't?
-
@Gurth said in Internet of shit:
That’s what I’m saying: when these kinds of things matter, use a different connector so that users can’t fit an unsuitable cable.
Unfortunately, it's not that simple.
Let's say that some new, different connector had been introduced for 4K HDMI.
If all your devices are 4K, no problem. But what if some aren't, either because they predate 4K or don't support it? Then you have two choices:
-
include both the old and new connector on all new devices. This makes them more expensive, and doesn't solve the "wrong cable" problem: if both devices have the old connector, what prevents the user from using an old cable to connect them, then get frustrated because 4K doesn't work?
-
include only the new connector on new devices. Which means that 3 different types of cables must be sold in stores:
- new connectors on both ends (4K device-to-4K device)
- old connectors on both ends (non 4K device-to-non 4K device)
- old connector on one end, new connector on the other end (non 4K device-to-4K device)
You could also use new connector-to-old connector adapters, but that doesn't fix the root problem, either.
Then 8K (or some other improvement) gets released, and now you have three different connectors, and five cable types. Etc.
The current situation isn't optimal, but this is even worse.
-
-
@Zerosquare plus either way it doesn't stop companies making cables that aren't up to spec.
-
@Gurth said in Internet of shit:
That’s what I’m saying: when these kinds of things matter, use a different connector so that users can’t fit an unsuitable cable.
Then you once again have a plethora of cables and connectors and we're back where we started.
-
@topspin said in Internet of shit:
@remi you mean like a Tesla?
I wondered how long it would take for someone to bring that up... I'm surprised it took more than a day!
Anyway, it's actually a
example, not a one, because Tesla is perfectly demonstrating that problem. They're applying the software engineering approach of "we don't guarantee anything" to the hardware world, and getting (rightfully) bashed over the head for doing so. Because no one outside of the software world considers this as normal!Sadly, the way software makes its way into every aspect of our lives (the Io
thread is 
And yes, doing proper guarantees on code would tremendously increase the cost and slow down development, but for one thing if we'd done that from the start we wouldn't notice (it would just be part of the cost of doing business, like if you make any electrical apparatus you don't let any live wire accessible and nobody whines that boohoo all that insulation makes electrical work soooo difficult) and for another... would it really be such a bad thing if we had less random software random things?
-
What do you think of having Google or Microsoft spell-checking your passwords?
Thanks to latest developments in Chrome and Edge, you can have them doing it:
https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/
-
@BernieTheBernie That's great, because I keep typing 'p455w0rd' instead of 'password' for some reason. That's going to be a super-helpful time saver.
-
@BernieTheBernie said in Internet of shit:
What do you think of having Google or Microsoft spell-checking your passwords?
Thanks to latest developments in Chrome and Edge, you can have them doing it:
https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/Well, they'd better validate my password.
laughs in OpenID Connect
Yes, I realize it captures other sites and form data as well and that is bad, but
-
@BernieTheBernie Why would they be providing spell-checking services to a password field? (Unless we're talking about those idiots who did a password field by just using a custom font.
prevents finding the link...)Other forms of PII might be leaked that way, however.
-
@dkf said in Internet of shit:
@BernieTheBernie Why would they be providing spell-checking services to a password field? (
TFA mentions it happens when someone clicks the "show password" button - and I always assumed those worked because they either weren't actually password fields at all, or they were being changed from password fields to text fields.
-
@dkf said in Internet of shit:
@BernieTheBernie Why would they be providing spell-checking services to a password field? (Unless we're talking about those idiots who did a password field by just using a custom font.
prevents finding the link...)Other forms of PII might be leaked that way, however.
Because they set it for all fields and forget to turn it off for the ones where it's not appropriate. If they can actually tell which ones that is—the article mentions the page author can also turn it off by adding
spellcheck=falseattribute, but that just means that for a change the web page authors would have to know about it, which most don't and if they do, they don't give enough fucks to actually add it.
-
@remi it would also mean that by now we probably would have a solid, secure foundation on which we could build on (probably bad for MS
). And fewer people building stupid shit, in exchange for things being build by people who have at least some clue what they’re doing.(Insert blakeyrant about nerds gatekeeping and HyperCard)
-
@topspin yes, in the same way as we have, for example, well-established standards for electrical safety and on the whole (barring a few
Chinese devices) it works pretty well.Of course now it's not going to happen, but yeah, if history had been different and that had been the case since the start, I don't think we would necessarily be in a much worse situation overall. But that's all just wishful thinking anyway, so...
-
@remi We have standards for electrical safety because mains voltage could be life-threatening without them in a way enough people understand. And we do actually have software safety standards for things where failure does present danger to life and limb too. They are often poorly focused, creating additional busywork that does not help the cause, and then the people who don't actually understand them create more busywork that misses the point for themselves, but they exist and do help. And it should be noted that the software tends to be just as big mess inside as any other—the standards rely mainly on testing the thing to death.
And on the other hand we have a lot of physical stuff that does not have much in the way of standards. It's just that for the physical stuff it's much easier to tell whether it still serves the purpose or is broken, so the implied warranty of fitness for particular purpose does some good for it.
-
@remi said in Internet of shit:
if history had been different and that had been the case since the start, I don't think we would necessarily be in a much worse situation overall.
I don't think for electrical installations things were that different at the beginning (and a few things I've seen and heard from old houses confirm me in this belief). The reason why we have these standards now is that at some point people got tired of all the houses burning down and folks getting electrocuted.
-
Passwords are really only part of the problem. There's probably quite some information being typed into forms that one might consider sensitive, even aside from personal information. Can't imagine that all businesses will be very happy with potentially having their internal stuff transmitted to Google/Microsoft...
The
spellcheck=falsemight turn that off, but considering how many shitty legacy systems will have to get updated to use that? I see a future where extended spell check gets turned off by default by businesses, and that's probably the best choice for anybody, really.
-
@cvi said in Internet of shit:
I see a future where extended spell check gets turned off by default by businesses, and that's probably the best choice for anybody, really.
I really can't understand how anyone could hear "this sends everything you ever type to $HELL_KNOWS_WHOM_OR_WHERE to Improve Your Experience" and not immediately run away screaming; but considering how little people seem to care about "smart speakers" doing the same thing with all the conversations within one's own home...
-
@ixvedeusi said in Internet of shit:
sends everything you ever type to $HELL_KNOWS_WHOM_OR_WHERE
That said, turning on automatic subtitles in a skype call in Swiss German is hilarious
-
@ixvedeusi said in Internet of shit:
@cvi said in Internet of shit:
I see a future where extended spell check gets turned off by default by businesses, and that's probably the best choice for anybody, really.
I really can't understand how anyone could hear "this sends everything you ever type to $HELL_KNOWS_WHOM_OR_WHERE to Improve Your Experience" and not immediately run away screaming; but considering how little people seem to care about "smart speakers" doing the same thing with all the conversations within one's own home...
It is absolutely insane. No way to sugar coat it.
We have the technology to do OCR, voice to text, face recognition, and other magic locally on a phone. But they send all your data to MS/Google for fucking spell checking, a problem solved in the 1980s.
While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.
I seriously doubt this is “known” in the way that more than a marginal fraction of users understand what’s happening and what the implications are.
I hadn’t heard of it until this, at least. Granted, I’m generally not using Chrome or Edge because I don’t trust them as far as I can throw them. I vaguely assume they pull shit like that all the time, but certainly didn’t “know” about this “feature”.A simple HTML solution: 'spellcheck=false'
That’s fucking idiotic, unless they assume people have
s to see the future. What other attributes do you need to include to prevent further bullshit they’ll come up with soon?
-
@topspin said in Internet of shit:
That’s fucking idiotic, unless they assume people have
s to see the future.Yup. Totally.
-
@remi said in Internet of shit:
would it really be such a bad thing if we had less random software random things?
The cryptographic community would like to have a word with you about CSRNGs.
-
@HardwareGeek On one hand I was going to say that less stupid Io
things would mean less need for cryptographic stuff, but then I remembered what the average Io thing does (or rather doesn't, namely "security") and thus, no, less stupid Io things would not really mean less need for cryptographic stuff.
-
@Rhywden said in Internet of shit:
when it's running for too long
Yeah, on our Samsung "Smart" TV, if we play more than approximately 93 hours of HDCP content it kinda... dies. Super fun!
Because it seems to only run the counter with "copy protected" content (that the TV itself is playing, because Smart TV means it's not actually receiving HDCP from another device, just itself, but that matters?) so normal TV and not-protected shit doesn't count, which made it all the harder to figure out...
-
@loopback0 said in Internet of shit:
they were being changed from password fields to text fields.
This, unfortunately, is the standard way of doing it! At least, if you want UI elements that match the site design. Otherwise you could just let the browser use its own ugly glyphs, but who wants that??! :sarcmark:
-
@loopback0 said in Internet of shit:
@dkf said in Internet of shit:
@BernieTheBernie Why would they be providing spell-checking services to a password field? (
TFA mentions it happens when someone clicks the "show password" button - and I always assumed those worked because they either weren't actually password fields at all, or they were being changed from password fields to text fields.
This is exactly how they’re implemented. It’s very dumb that the text ever needs to be sent off-browser though.
-
@Arantor said in Internet of shit:
@loopback0 said in Internet of shit:
@dkf said in Internet of shit:
@BernieTheBernie Why would they be providing spell-checking services to a password field? (
TFA mentions it happens when someone clicks the "show password" button - and I always assumed those worked because they either weren't actually password fields at all, or they were being changed from password fields to text fields.
This is exactly how they’re implemented. It’s very dumb that the text ever needs to be sent off-browser though.
Huh? How else can you steal the passwords?
-
-
@boomzilla said in Internet of shit:
@Arantor said in Internet of shit:
@loopback0 said in Internet of shit:
@dkf said in Internet of shit:
@BernieTheBernie Why would they be providing spell-checking services to a password field? (
TFA mentions it happens when someone clicks the "show password" button - and I always assumed those worked because they either weren't actually password fields at all, or they were being changed from password fields to text fields.
This is exactly how they’re implemented. It’s very dumb that the text ever needs to be sent off-browser though.
Huh? How else can you steal the passwords?
That’s just it, it’s not about stealing passwords per se. This is browser dumbness in action - there’s no logical reason for spell checking to ever be done off-browser because browsers can have the dictionary locally for a much cheaper operation, and the passwords only get exfiltrated this way because the box they’re in suddenly becomes a text box and text boxes are the subject of spell checking.
The browser isn’t tracking where the text box came from, merely it is a text box whose content has not been spell checked yet therefore it needs checking.
Switching from a password to a text box to make the password visible isn’t in itself a dumb action, but the browser pushing that to an external data source is.
-
@topspin said in Internet of shit:
by now we probably would have a solid, secure foundation on which we could build on
Is
westill humans?
-
@Gribnit said in Internet of shit:
@topspin said in Internet of shit:
by now we probably would have a solid, secure foundation on which we could build on
Is
westill humans?it probably includes the lizards too
-
@Luhmann E_SAME_PICTURE
-
@Luhmann said in Internet of shit:
@Gribnit said in Internet of shit:
@topspin said in Internet of shit:
by now we probably would have a solid, secure foundation on which we could build on
Is
westill humans?it probably includes the lizards too
If reptiloids existed, we would not be lizards, all our systems would be perfect, and we would not be fucking lizards.
-
-
@Arantor said in Internet of shit:
there’s no logical reason for spell checking to ever be done off-browser because browsers can have the dictionary locally for a much cheaper operation
For spell checking there is not. For autocarrot there is though: the server keeps a huge table of how likely which correction is for what misspelling so it can best carrot your moist takes.
-
@Bulb said in Internet of shit:
@Arantor said in Internet of shit:
there’s no logical reason for spell checking to ever be done off-browser because browsers can have the dictionary locally for a much cheaper operation
For spell checking there is not. For autocarrot there is though: the server keeps a huge table of how likely which correction is for what misspelling so it can best carrot your moist takes.
So put probability weights in the existing
tries and put in a heuristic path fitter or something.
-
@Bulb surely this table doesn’t need to be updated that often and can be downloaded by browsers once a week or whatever?
-
@Arantor It's not about changing often but about being big I suppose.
Though it's probably not that big, really. It's just an excuse to exfiltrate passwords…
-
… after all predictive typing has been running fully device-side on mobile phones for ages and this is simpler if anything.
-
@Gribnit said in Internet of shit:
we would not be fucking lizards.
@Luhmann said in Internet of shit:
@Gribnit said in Internet of shit:
fucking lizards
paging @Tsaukpaetra to the nope thread
Pre-Edit: Damnit.
-
@Bulb said in Internet of shit:
predictive typing has been running fully device-side on mobile phones for ages
And it works so well!
-
@HardwareGeek said in Internet of shit:
@Bulb said in Internet of shit:
predictive typing has been running fully device-side on mobile phones for ages
And it works so well!
Checking - "fu
ndck you right in the ... logic?" And it was going so well up til then.
-
@HardwareGeek said in Internet of shit:
@Bulb said in Internet of shit:
predictive typing has been running fully device-side on mobile phones for ages
And it works so well!
It's not like the online variant works any better.
-
@Bulb
But at least the online variant has a dark web resale value.
-
-
And the regret didn’t set in the moment it was turned on?
“I wish it were more sticky and unpleasant around here” is a thought I have never had.
-
@kazitor said in Internet of shit:
“I wish it were more sticky and unpleasant around here” is a thought I have never had.
Well, not everyone can afford a trip to Australia
