Thanks, good to know!

I think their question is, what do you mean by “secure”? Because as the saying goes for internet services: usually, if you’re not paying, you’re not the customer, you’re the product.

The existence of this article is confusing to me. FB doesn’t need to “scrape” their own site, and they don’t care about whether you set your photos to public or private.

Yeah that’s true. Not always ideal, though. I’d prefer the option to spoof a location to the app, just to avoid dealing with apps that unnecessarily block features when you deny them location permissions.

I assume it’s part of the security for the app to not even know whether the GPS data was ever there.

Agreed. Anyone who thinks it’s ok to just expose ssh on 22 to the internet has never looked at their logs. The port will be found in minutes, and be hammered by thousands of login attempts by multiple bots 24/7. Sure you can block repeat failed logins, but that list will just always be growing.

Normal for who? I wouldn’t expose SSH on 22 to the internet unless you have someone whose full time job is monitoring it for security and keeping it up to date. There are a whole lotta downsides and virtually no upsides given that more secure alternatives have almost zero overhead.

I find it to be a bit sketchy in general, because it means the OS is actually parsing and editing the actual bytes of the file contextually when an app tries to access it. Probably making a shadow copy somewhere without the GPS exif data.

But yeah, I agree, at a minimum the OS should pop up a notification that “By default, GPS data will be stripped from the file due to inadequate location permissions” until the user either changes their preference or says “that’s fine, don’t remind me for this app”. Having it happen silently just isn’t good.

Also, yesterday was Bandcamp Friday (they forgoe their cut and everything goes to the artist). The next two are Oct 4th and Dec 6th.

You’re not entering a contract with those people, let alone being paid. If you believe you’re getting paid in an untracable way, your govt would like a word with you.

I don’t know why you think the company got played, did you read the article? Dude is busted. Best case, they’re going to garnish his income for the rest of his life.

ToS was the wrong term. Artists agree to a contract when they monetize their content on Spotify. The contract specifies exactly what the artist will be paid for. If the artist was misrepresenting facts in order to be paid more than the contract would otherwise stipulate, it’s called fraud, and that is a crime.

Artificial streams are not new. Spotify has many articles dedicated to describing the problem of artificial streams, and the penalties for artists engaging in it. Here are One, Two, Three of them just from a single search.

This is a loophole in the same way that taking stuff when the owner isn’t looking is a loophole. In other words, it’s just called a crime.

It’s not a loophole, though. Their ToS specifically prohibits creating artificial streams. The guy isn’t going to get away with it. The AI generated music isn’t a problem, but spinning up bots to give it streams is the same as using click bots to farm ad revenue. If the man catches you, the man’s gonna win.

Vulfpeck made a silent album and asked fans to stream it nonstop. THAT was a loophole, because there wasn’t anything spotify could do, there wasn’t anything in their agreement that said they couldn’t do that, and that’s awesome. Spotify (and the others I assume) has since plugged that hole, but I applaud them for taking advantage while they could.

Yeah, I have to think there are others out there doing this same thing at a smaller scale, being more subtle about it, and not getting caught. This guy just got a bit too greedy.

I think this was Steve Jobs’ primary skill. He could see a clear vision of the product people didn’t know they wanted. Bottom to top, from the hardware to run on, to the typeface their apps used; he knew that the best user experiences happened when every level of the stack harmonized to create a very finely tuned user experience.

Unfortunately, the people who are that good usually don’t work for free. We’re very fortunate that Valve is choosing to open source their work and keep their SteamDeck platform an open one.

Debian is the only one there I haven’t actually tried myself as a daily driver, so idk if using the terminal is necessary. I’ve just heard it’s solid and I assumed all normal user operations can be done via GUI in gnome or KDE like you can with Fedora.

It’s better to ask which distro is dummy proof. Some are made for noobs and windows users, others are not, and they’re all based on “Linux”.

Mint, Debian, and Fedora are all good starter options, and all are made to get stuff done without having to use the command line.

I agree. Specifying the same param twice like this feels like it should be idempotent. Sometimes a final cmdline string is built by multiple tools concatenating their outputs together; if each one adds --force without any way to know if it’s already been added elsewhere, this could lead to undesirable behavior.

Even --forceforce would be better.

Dumpster fire or not, it doesn’t let you actually see recent posts unless you’re signed in anymore. So all the public services that use it (or Facebook) to make public statements are inaccessible.

IMO the US should start a .gov mastodon instance for these types of accounts. Moderation might be a challenge given that there’s a fine line between censorship on a private platform, and infringement of free speech on a publicly funded one, but I think we’ll need to figure it out eventually.

I remember when the mapping of virtual memory segments clicked for me. I think i said out loud, “that’s so clever!”. Now it just seems so fundamental to managing memory for user space applications, but I hadn’t thought about how it was done before.

Immich is a self-hosted photo hosting service. They’re listing this in their docs because people are trying to upload photos with GPS data, hitting this cursed behavior because they didn’t give immich Location access (because why would you?), and then filing unnecessary bug reports on them about their disappearing data.

To be clear, no one is against stripping GPS data, that’s not what anyone takes issue with, it’s the silently part that is unexpected behavior.

It’s cursed because it happens silently, such that you might accidentally be deleting gps data you wanted to keep without noticing, for a reason that you probably wouldn’t think to check, probably instead erroneously filing a bug on the app for doing it.