• 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle
  • What’s considered “healthy” and “optimal” by research conducted by and on folks living in the higher and drier northern latitudes doesn’t always match what people in the tropics “feel”.

    The annual average for humidity is 77% where I grew up, and highest humidity is around 88% during the monsoons. Well outside your healthy range. My childhood home doesn’t have air conditioning to this day, so I do feel these humidities whenever I’m there. And I like it, unless it’s peak summer (I adore the monsoons - it’s my favourite season, and I miss that I don’t really have “proper” monsoon rains where I live now). Most friends who still live there also adore the monsoon weather - though they hate that their clothes takes days to dry after a wash, and other inconveniences. None of them use dehumidifiers, or complain of humidity outside the summer sweating season.

    The annual average where I currently live is 55%. Which is pretty high on your healthy range. But my skin feels dry AF, even with daily moisturization, my lips crack if I drink < 5L water per day, and my hair has this brittle texture I don’t like. All of which disappears after a week in my childhood home.

    So high humidity might promote mould growth (though I have never encountered it myself, it’s entirely possible we will find some if we break the walls down), but to people who grew up with it, it can also feel comfortable. Hence the market for humidifiers, with air conditioning on the rise - rather than dehumidifiers.


  • Counter Rant

    I don’t understand the insistence in the western Anglophone world that milk automatically means cow’s milk.

    Coconut milk is a very normal word to say in my mother tongue (Bengali). What else are you even supposed to call it? Coconut “beverage” or “liquid” would be hella confusing because we wouldn’t know if one means the milk (the creamy liquid that comes from pressing the coconut pulp) or the water (the transparent liquid that resides in the pulp, and tastes and behaves completely differently). Are we supposed to go invent a new word every time we encounter a milky liquid?

    Also, what about other mammalian milks? Do we need to invent a new name for goat milk? (Which is a fairly common drink in India, possibly thanks to Gandhi’s obsession with the stuff) What about sheep milk (not very common in India, but widely used in some parts of Europe). Or Yak’s Milk? (Pretty popular in specific pockets of India).

    Milk is any white creamy liquid. That’s how it has always been used, in English and in other languages, going back centuries. The cow agriculture industry must have mounted one hell of a PR campaign to convince western consumes that milk automatically implies it must come from a cow. In India, you just look at the packaging. Does it have a picture of a cow on it? Well then it comes from a cow. Does it have a coconut on it? You guessed it, it comes from a coconut. Simple. I don’t see how that can ever be confusing to customers.

    Rant over



  • I don’t have experience with a sarong, but a saree is basically the same thing.

    The difference is in the shape and size of the piece of cloth. That’s how you can tell a saree, bedsheet and towel apart. There is also usually difference in material (but fine silk towels exist, as do coarse cotton sarees), patterns/weaves (but there are towels and sarees that share pretty similar patterns) and quality of materials used (but again, ridiculously high quality silk bedsheets are a thing). The real difference is the shape and size - sarees are always 5.5m x 1.15 m (‘standard’ 6-yards), or 8.2m x 1.15m (9-yards, worn only on special occasions now, and only in a few specific regions).

    In a pinch, a saree works as a towel or a bed sheet or a cover sheet of any sort, really. However, good luck getting a towel or bedsheet draped onto your body - you’ll look like you’re in a sack. They just don’t have the right shape!


  • Yes, access to production database is fairly common (for certain job functions, at least). Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯\_(ツ)_/¯

    And a moderation tool for direct messages? Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?

    and frankly you should assume that this is happening behind the scenes at every company.

    Look, I operate under the principle of “anything that I put online, will be eventually public and linked to me” (which is why I would never answer the original question, even with an anonymous account that isn’t linked to my email) and “everybody sucks at infosec” - but that doesn’t mean Instagram employees have a handy way to access a human readable list of people I have DMed.

    Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone


  • Ya, I mean Instagram is no bastion of privacy, I’m sure - but most managers wouldn’t be thrilled to learn their employees were accessing the production database for fun. It’s less a “but you violated our customer’s trust” and more a “you idiot, why you tempting fate, we are generally one typo away from the whole thing crumbling down anyway!”. And surely no company bothered to build a nice tool that’ll let their employees peruse the DM list of a random user - we can barely get them to build us actual monitoring infrastructure till something breaks! So one would have to put in some effort into gathering this information. Running background checks for some random friend - the risks and effort doesn’t feel like it would be worth it. It seems more likely the girlfriend peeked at OP’s Instagram client herself, or just took a guess, and made up “a source working at Instagram” as a plausible excuse.


  • You’re on the lemmy.world instance, so you can reach the admins by emailing info@lemmy.world, or posting in the support forum !support@lemmy.world

    Now to answer whether there’s a difference between being promoted and doing it yourself - In this case, it’s suspected that session tokens were compromised. You know how when you enter some events, they vet you/your ticket once at the door and then put a stamp on your hand? If you go out and want to get back in, you don’t have to do the whole verification song and dance again, just show them your stamp? Well, that’s pretty much what a session token is - Lemmy vets your password once when you log in, and gives an unique session token to whatever browser or app you used to log in. That way, when you reopen Lemmy, you don’t have to enter your password again.

    Now that token is compromised, you have to assume a hacker has your unique token. When you logged yourself back in, Lemmy did the whole validation process again and gave your browser/app a new, unique session token - that’s just how logging in works. But the important question is, did it invalidate the old session token when you logged out? Otherwise the hacker can still show the old token and pretend to be you.

    Now if your browser/app prompted you to log-in today, you can be sure that your browser/app tried to get into Lemmy and was denied access. That means you can be sure your old stamp/token is now invalid. Logging out and in yourself doesn’t give you the same guarantee - you will have to check Lemmy code (or run some experiments) to know if logout does actually invalidate the old token. I haven’t validated Lemmy’s code, but I will say most half decent software will invalidate your token when you log out. If you want an extra layer of protection, change your password as well - even the software devs that forget to invalidate tokens on logout usually remember to invalidate them on password changes.


  • I feel like people are overcomplicating this (& it doesn’t help that most early adopters are techies, who enjoy talking about things like federation protocols)

    One doesn’t need to understand the Fediverse in order to use it. That’s like trying to understand the mechanisms of internal combustion engine because I want to drive a car. I mean, that is fun and there are not-too-esoteric scenarios where the knowledge might even be helpful, but it sure as hell isn’t necessary!

    Migration was a breeze once I stopped worrying about the internal combustion engine.



  • I think the original analogy works better.

    If an EU country goes rogue, other EU nations can’t just isolate it and bar it’s citizens from entry. There is no expulsion from the EU AFAIK. But Lemmy instances can block another instance fairly easily and unilaterally - like how nations can refuse visa to citizens of a rogue nation. And Lemmy instanced are expected to federate with most other instances, just like countries are expected to grant visas to most other countries - unlike joining the EU, which is a whole big process and all EU members have to agree (there are no vetoes in Lemmy federation).

    But most importantly, the EU members are required to act as one in many circumstances - most laws apply across all EU members, EU negotiates trade deals as a block, etc. That is not true for Lemmy instances. Each is completely independent and makes its own laws - and must only comply with some very loose principles (which boil down to “don’t be a total jerk”) to not be isolated from other instances. This is much closer to the kind of independence countries have, than EU members.



  • I have worked on non-trivial (aka took 10-12 people over a year to even deliver an alpha) greenfield projects, where I literally made the first check-in into the repo.

    The only 500+ line PRs I raised was auto generated boilerplate code, or renaming something.

    I don’t understand the optimism of devs who spend weeks writing code without bothering to test anything they’ve written. Unless you’re writing utterly trivial BS, how does one have this level of confidence in their code? And if you did bother to stop and test, why on god’s green earth would you not raise a PR? Why wait till you have thousands of lines of code before asking for feedback?