I agree. I'm a firefox guy myself and it's been painful shifting my workload to chrome for testing + developing this. The extension has a lot of browser engine complexity (and unfortunately us non-chromium folks seem to be a dying breed) so I haven't been able to justify implementing cross-browser support yet. Hopefully soon!
Just some different fields in the manifest, and there are specifics that work completely different or are not available (for example favicons).
I have tried Chrome -> Firefox before and it was surprisingly easy. Safari is more difficult in my experience, it's missing complete API's like the bookmarks one.
It is definitely possible, but not straightforward. With Manifest V3, the only way you can do this stuff is with the browser userScripts API. That is the only way you can execute remote code within the browser (and each script is considered "remote code").
These changes are the reason many of the existing userscript managers stopped working/being developed after MV3 went live. It is a real pain in the butt and unfortunately the functionality is not exactly the same between chrome and the generic browser API that firefox uses. There are a lot of edge cases that make everything even more of a pain.
Life would be much better (in many ways) if chrome didn't force MV3 down our throats.
This is different though. PP is saying that you require a phone number to sign up, and phone numbers are being used to match your account to your user name.
"Signal does not send your phone number to anyone unless you have enabled that others can see it and then you send them a message or make a call to them."
Neither of these are the issue, the issue is the required association of a phone number with a Signal account. You cannot register a Signal account without a phone number.
It's something you'd want to avoid if your life, liberty or well-being are at risk if you're de-anonymized.
Signal, like most services, block text verification services, free texting apps, etc.
e-SIM wise, depending on where you are, that might require identifying yourself, and depending on your threat model, having to purchase one in person or with payment info that can be traced back to you might be too risky. Same thing when it comes to using one in a device you own, or in a location that can help de-anonymize you.
In the end, Signal does this because they know the ban hammer would come down hard on them from the Justice Department and every state AG and legislature if Signal allowed bad actors to anonymously use their app and network to commit crimes.
The issue is that there are plenty of people who are not doing heinous things whose security and anonymity might be at risk because of the measure put in place to placate governments.
You're confusing privacy with security. Phone numbers are a privacy problem and NOT a security problem.
Think of it this way. There's a vault that's locked with secrets inside, but the door is transparent. This does not prevent privacy. But the vault provides security.
Signal is not a transparent door, but is opaque. You can't see inside the vault. But the phone number reveals that you have access to the vault. This is very different than a security problem. Anyone connecting the two can see that you have a vault (security)[0], but they cannot see inside (privacy) or even when you access it (privacy).
There is no security issue with phone numbers.
[0] or can see that at some point in time you had a vault or someone that previously had that number had a vault
If your number is seized then the new account holder has no chat history. i.e. the vault is cleared out. In that situation you will also be kicked out, clearly telling you that your account has been hijacked.
It does not matter if you lose control of the number, the new person will be able to register. The 7 days period is for you to get control of the number back or make sure all your contacts know about the issue.
am I reading it wrong? but on my phone if i activate reglock again it says that if pin fails the account is blocked for seven days. I asume that after 7 days one still needs the pin to register or am i wrong?
There's a balance they want to strike. You can't assume phone numbers are unique to a person across time. So they need to be able to expire when someone stops using a number.
But again, acting on the other side also gets a notification in the chat stating that the security number has changed. The new person doesn't have the signal chat history. So if you're talking about sensitive things then it's a strong indication you should reverify their identity. Not practical for every day users but that's also not a typical threat scenario
Seems like you missed reading the entire context above. The discussion was about a number being seized or taken over by someone else. So your reply on inactivity is irrelevant since the new owner of the number can just wait a mere week and use it with Signal.
If you have done the out-of-band safety number verification, then impersonation attempts will give you a warning that their safety number has changed. I know this because I got that error when my wife replaced her cell phone.
I believe (though I haven't verified it myself) that even if you haven't verified the numbers using an out-of-band exchange mechanism, you will get a warning if the safety number as observed by their server changes. I believe they would need to know your Signal PIN to restore from backup, which means that even if you've set that it will give an alert, presuming basic security competence from the people you are conversing with.
> If you have done the out-of-band safety number verification
I personally have never seen anyone do this, even when they’re supposed to do it right from the very beginning. So practically this is of very little value to most of the user base.
You get notifications if the safety number gets changed from a device change either way. But doing the in person validation helps ensure that particular safety number you received was actually their safety number and not a MitM on first contact.
Yes, but with a canary. Would you rather not have a canary? The other person also receives a warning that the verification number has changed. It's not like the existence of a phone number is what creates the ability to hijack an account. And again, you can do registration locking so that solves that problem.
You can also do verification of your contacts. Best done in person where you can check the keys.
> MITM attack
I don't think that means what you think it means. Who is in the middle? This is E2EE
The privacy loss is "phone number has registered a signal account"
It does not
- conclude the user has or even has a signal account
- who that person is talking to
- what that person is talking about
- when those texts or messages are sent or received
What can you infer here that becomes a security risk? I guess if signal is outlawed before you have installed or your number was ever associated with an account? But it still have plausible deniability there
There’s a big difference between somebody not being your friend and somebody being your enemy. I’ve had a similar experience with a sub par employee, who at some point admitted that he wasn’t doing his best at work because he was "only there to exchange his time for money, not make any meaningful contributions".
That guy was absolutely immersed in internet culture, making him less self-aware and very unpleasant to work with.
> "only there to exchange his time for money, not make any meaningful contributions"
I sometimes wish companies were more open to accepting these roles, instead of the up or out model.
There is in many teams a lot of busywork that for various reasons can't be automated (or new incoming busywork that takes over when the older one gets automated).
If an employee is content with just handling this kind of lower level busywork and go home at 4:30pm in exchange of not pursuing raises and promotions, there's nothing wrong with that. That work still needs to get done, so rather than getting a never ending stream of junior new hires constantly having to get trained, I'd be fine with having someone who is happy to stay at that level and take it easy.
Up or out generally stops once someone reaches engineer or sr engineer. Most of the time a jr engineer is going to need substantial mentoring and support. Them never moving beyond that point likely results in a net negative gain if you need another person always available to provide that for their entire time there if it goes beyond 1-2 years.
> I sometimes wish companies were more open to accepting these roles, instead of the up or out model.
But companies live or die by talent / passion density. If you try to only hire talented / passionate people, then many of them will still just be fit for grunt work so grunt work still gets done. If you on the other hand hire for grunt work you wont find much talent at all so company fails after a while.
Companies require different attributes in various roles. Those attributes extend far beyond passion and talent. The trouble with hiring based on those two attributes alone is that you're setting up a culture where the people who do the necessary grunt work are failed hires and where the employee themself feels held back. In otherwords, you are setting up a toxic workplace.
I never saw a company hire grunt programmers separately though, and when you suggest that they should people also get angry at you here. So what do you want really? Do you want to have to pass the same tests as these roles, or do you want to pass grunt tests and have a different role? You can only have one of those.
Yes. if the work is installing software and being on pager duty then we can really stop pretending that identifying O(nlog(n))is relevant. And if the job is to write a compiler optimizer, it's pretty important you know the basics of CS (like decidability).
smashing these two together and pretending they are the same has been a huge source of cognitive dissonance in the industry and serves no one.
I mean with as many 'who do these simple Google bugs last for years' posts we see on HN, how much of the grind and grunt work is getting done? If everyone thinks they are a superstar then anything that's not an A+ project ends up on a 'killed by Google list'.
As bad as big non-tech companies are at things I quite often see they are better at providing fixes and updates for the little hidden pieces in the background because they have people that aren't fighting their way up the ladder.
Showing up to work and actually doing their job, even if it’s the minimum, would be an upgrade over the Reddit toxic mindset I was describing about.
The problematic juniors show up to their jobs determined to be uncooperative, sow discontent among coworkers, stonewall progress in meetings, and think they’re just going to job-hop to the next company before the performance management catches up to them. They see the jobs or even the concept of working to live in general as a scam and feel like they’re winning some deep cultural war if they collect paychecks while making life difficult for their manager.
Have companies given any of these young people a reason to think differently?
“I have altered the deal, pray I don’t alter it further” has been the majority of my career and my peers. Very few people(as a percentage of population) actually have had enough leverage at any point to not have to eat shit if their company says so.
This is the type of toxic, cynical attitude GP is talking about. It doesn’t have to be this way, and you approaching it with this expectation is possibly creating a self-fulfilling prophecy.
And? Part of the toxicity is coming from a misunderstanding that for some reason the company is morally obligated to keep offering you employment ad infinitum.
If the work runs out, find another job. Nothing wrong with that.
I didn’t really approach it that way. The companies did to me. My experience with companies has been entirely that unless the money is already in my pocket, I should expect them to renege on the deal.
At this point it’s in the corporations court. If you have managed to generate a relationship with your labor force where they are no longer lying flat, but actively trying to cause sabotage like you described then I think you(the companies in question, not you in particular) share some of the onus on how we got here
Edit: and to be clear I’ve been working in tech for over a decade, this is not a perspective from a new grad with only the internet as their source of information. The younger generation has seen their older siblings and cousins getting fucked over more and more each year and we’re reaching the point of societal unrest where a large group of people no longer think the “deal” society is offering them is worth it
Companies brought this on themselves, they treated their employees as disposable cogs and then started complaining when employees returned the favour.
You can't complain about people becoming cynical when right now you can see all the tech giants investing ridiculous sums in order to eliminate staff from their payroll.
When you look at the quality and the dog eat dog mentality of many CEOs out there do you expect any different? If you can look at modern capitalism without a cynical eye it's very likely you've lived a pretty privileged life.
CEOs are also employees. This is a weird thing where you have invented enemies in your head you’ve never talked to.
Yeah capitalism is sad in a lot of ways - particular the modes of possible value. But we are actually talking about working in hierarchical management organizations which have existed forever and have nothing to do exclusively with capitalism.
A subset are paid incredibly well. For arbitrary lines im going to put that at 250k+/year in comp by year 2-3 of your career.
Another large cohort is paid pretty well with salaries from 110k-150k by that same point who have effectively no negotiation power and are given “take it or leave it” deals with the only leverage being to find another job
And even for the incredibly well paid ones, as the other commentator noted, there’s documented proof of organized wage suppression by the corporations
Just the existence of the Bay Area tech antitrust suit and the pittance of a settlement should tell you otherwise. Who knows how sky high developer salaries would be if those companies hadn’t conspired to lower salaries during such a strong and low-interest-rate economy.
A grocery store I worked at tracked finances and they were available to all employees. The grocery store made $270 per worker per hour. New hires were paid less than 1/10 of the value they provided.
I can only imagine how much more exploitative tech is
I mean ... if a junior can stonewall a progress on a meeting then seniors there somehow horribly failed the meeting moderation. I have literally never seen that, because you can just make meeting without them the next time
Second, I seriously doubt juniors ability to "sow discontent" among more experienced seniors. They can latch on existing discontent, but juniors are too low on hierarchy and seniors have too much of opinions for juniors to have much power there.
I’ve seen it. In my organization, open discussion and creating space for disagreement and alternate perspectives are the norm. A couple of junior programmers were upset about a process change, and weaponized the process to sow discontent at every retrospective, usually through vague “a lot of people have told me they’re unhappy about X” comments. A huge amount of energy was spent trying to take their concerns seriously and address them.
Eventually they were removed from the team. It should have been sooner, but the manager is very empathetic and supportive of his team. Morale immediately shot up and things are much better now, as well as more productive.
Not every workplace is a dog-eat-dog hellscape. In fact, I’d say they’re the minority. But you do reap what you sow: if you’re determined to see it as a zero-sum game and go looking for conflict, you’ll find it.
I’m not sure how you’re getting that at all. GGP said they didn’t see how junior developers could “sow dissent” and I shared an example of where it happened. I wasn’t making any generalizations. (I also wasn’t on that team.)
In some sense this is the standard gambit of wage labor. If you want people to act like they have skin in the game, then they must have that. Tech is notable as a field for incentivizing overperformance and mission-driven-ness.
In many countries being a developer is a plain office job just like everything else, and everyone that doesn't want to move into management after reaching seniority is seen as a failure.
Go into business yourself for a bit and see the world from an entirely different angle. If you don't make it and come back to employment (most likely) you will be a much humbled and more enlightened person.
I mean really no, and yes I've been on both sides. Owners have skin in the game. That's why when Musk says we should work 80+ hours a week he should be summarily ignored. He stands to gain billions while the rank and file stand to gain ulcers and an investor class that fights against them getting health insurance.
The number of absolutely toxic business owners is insane.
The number of absolutely toxic employees is also insane. Are businesses justified to treat employees as if all of them were that toxic? Should not employees then not treat their employers as if all of them are toxic?
I think it’s important to distinguish between human leadership and the capitalist entities they work within.
I’ve worked for multiple small businesses, led by wonderful humans, which ran out of money. When those businesses went under, it tore their leaders apart to let workers go — but those leaders were still constrained in how the could act by economic realities.
There are both leaders and workers who are too cynical about each other. But it makes sense to be guarded with every company, even if I think it’s debatable how best to act — and how we might dream of improving matters at the macroeconomic level.
You don't solve the problem by "humbling the workers".
The solution is rewarding people when a company is successful and more importantly not punishing hard workers. Right now people are under the impression that slacking and working hard will be equally rewarded, because that is the truth. Hard workers also get laid off so that CEOs can make a few extra bucks.
This mindset is completely sane. Sorry but if you work 40+ hours a week and barely can afford a vacation there is no reason for me to work hard. Especially not if I see managers with new cars every year.
> Sorry but if you work 40+ hours a week and barely can afford a vacation
Software developers are relatively highly paid. When they start acting like they’re minimum wage workers flipping burgers at a dead-end job, they’re missing the big picture. That’s the problem I’m trying to communicate.
This is a generalization. Salary in Europe is different to salary in the USA for example. I earn median wage currently. Also lots of non degree having devs out there that aren't 6 figure earners.
I don't know why you come up with an ideological statement like that.
The management culture, anti software/nerd mindset among the population and eastern European competition in the offshoring market have a much bigger impact.
E.g. even though Germany is practicing mercantilist beggar thy neighbour export surplus policies, the country has failed to become an exporter of software or be known for quality software. Anyone who wants to work in the software industry is better off leaving the Eurozone and going to Switzerland where they get paid more in addition to the things you claim are the cause.
I've had the same experience -- employees who do the minimum and then whine when (one case) asked for a raise or he'd quit and I said sgtm; and (a different person) I chose to mentor and promote other people on the team. Some people can't wrap their minds around the idea that our interests aren't always aligned, but sometimes they are and also why would I invest in someone who doesn't invest here. Mentoring and promoting people is one of the best pieces of my job, but my time is finite and I want to also spend it productively :shrug:
In German en dashes are more common than em dashes. I’ve been using them regularly for at least 20 years, both in German and English texts. I never liked it when people just threw in ordinary hyphen instead of an en dash, but few people note the difference.
Note that UG (haftungsbeschränkt) is a mandatorily for-profit type of company. It is required to retain one quarter of earnings until it reaches 25000€ - the minimum capitalization for a GmbH - and then it may apply to convert to a GmbH.
Maybe both? I tried using different animals, scenarios, solvable versions, unsolvable versions, it gave me the correct answer with high reasoning in LM Studio. It does tell me it's in the training data, but it does reason through things fairly well. It doesn't feel like it's just reciting the solution and picks up on nuances around the variations.
If I switch from LM Studio to Ollama and run it using the CLI without changing anything, it will fail and it's harder to set the reasoning amount. If I use the Ollama UI, it seems to do a lot less reasoning. Not sure the Ollama UI has an option anywhere to adjust the system prompt so I can set the reasoning to high. In LM Studio even with the Unsloth GGUF, I can set the reasoning to high in the system prompt even though LM Studio won't give you the reasoning amount button to choose it with on that version.
In case of the river puzzle there is a huge difference between repeating an answer that you read somewhere and figuring it out on your own, one requires reasoning the other does not. If you swap out the animals involved, then you need some reasoning to recognize the identical structure of the puzzles and map between the two sets of animals. But you are still very far from the amount of reasoning required to solve the puzzle without already knowing the answer.
You can do it brute force, that requires again more reasoning than mapping between structurally identical puzzles. And finally you can solve it systematically, that requires the largest amount of reasoning. And in all those cases there is a crucial difference between blindly repeating the steps of a solution that you have seen before and coming up with that solution on your own even if you can not tell the two cases apart by looking at the output which would be identical.
As mgoetzke challenges, change the names of the items to something different, but the same puzzle. If it fails with "fox, hen, seeds" instead of "wolf, goat, cabbage" then it wasn't reasoning or applying something learned to another case. It was just regurgitating from the training data.
> Können Sie diesen Satz lesen, da er in Base-64-kodiertem Deutsch vorliegt? Haben Sie die Antwort von Grund auf erschlossen oder haben Sie nur Base 64 erkannt und das Ergebnis dann in Google Translate eingegeben? Was ist überhaupt „reasoning“, wenn man nicht das Gelernte aus einem Fall auf einen anderen anwendet?
>
> Can you read this sentence, since it's in Base-64 encoded German? Did you deduce the answer from scratch, or did you just recognize Base 64 and then enter the result into Google Translate? What is "reasoning" anyway if you don't apply what you've learned from one case to another?
It is doing, but it's doing one thing: reading. Encouraging kids to read makes sense for building literacy and encouraging imagination, but there's a point where enough is enough, reading the 6th installment of Harry Potter is for entertainment, and they're better off riding a bike, building something, and making friends.
It's the same for adults. We blindly praise reading, but much of it belongs on the shelf at an airport bookstore, it's not particularly challenging or informing, and it might as well be video games or TV.
