Making it part of the spec means implementors have to discover for themselves that they don't have to do it to interoperate, which is all kinds of badness in terms of barriers to adoption.
I think it's exactly the right model, where the actual recommendations are computed locally at the user's request. But I also think it's complementary to what I'm trying to do, which is to give people a safe way to publish aggregate statistical data about "people who like this also like that", which would be useful input to something like Ultra Gleeper.
@joachim Oh, neat. Now I have questions about Cast Rewinder. 1) Is the idea to trickle just a few episodes per week to your podcast client, like https://archivebinge.net does for webcomics? 2) Do you rely on the upstream podcast feeds having all the episodes in one feed document, or do you have some magic for finding older episodes? (Lately I've been advocating for publishers to adopt RFC5005, "Feed Paging and Archiving", to solve the latter issue.)
You can avoid #YouTube's weird algorithms and broken subscription system by subscribing to channels through RSS instead. You don't need an account, just a feed reader.
Put the channel's username in this address:
You can then add this RSS address to your feed reader app.
For example, OnePotChefShow's RSS feed is:
You can also make RSS feeds from channel IDs (strings of letters and numbers):
@noemi I've been researching approaches to privacy-preserving distributed recommendations, but I haven't got the math quite right yet. I'm pretty sure it's possible to get the benefits of "algorithms" for content recommendations without actually sharing anyone's private data with anyone else though. As a first step, I wrote up some of the related research recently: https://jamey.thesharps.us/2018/07/10/private-secure-multiparty-histograms/
I feel like instead of decrying all content recommendation systems as evil spyware, we should work on ethical alternatives.
Your small tech org, user group, or open source community could, for just USD$200, get a code of conduct evaluation, a report, and a half-hour meeting about next steps. From/with an expert. This is AMAZING value for money, in my opinion. http://lifeofaudrey.com/2018/07/16/coc-consult.html
browser standards Show more
@garbados Browser security is full of half-measures too. For example, people realized that iframes plus CSS enabled click-jacking attacks. So rather than preventing input events from passing through a CSS box into an iframe it occludes, they decided that servers should be able to declare, "please don't put me in an iframe", which became default advice in frameworks like Django. Then browsers implemented this with no visual indication of why your iframe isn't rendering. 😤
Abraham Lincoln: *Slaps the roof of a house divided* This bad boy cannot stand
I just published an article that describes in technical detail how Russia executed their attacks on the US election, how they got caught, and what capabilities the US appears to have.
What Mueller's Latest Indictment Reveals About Russian and U.S. Spycraft
@aaronpk Hey Aaron, I've been thinking about WebSub for intermittently-connected clients, and here's a thought I want to run by you:
A hub could allow stateless WebSocket connections, and treat them as subscriptions that last for exactly as long as the connection stays open. Ideally you'd multiplex all subscriptions at a hub onto the same socket, I think.
Do you think that would be a useful/desirable extension to WebSub?
@gcupc @djsundog Yeah, when the client participates voluntarily I think that's ethically just fine. Which is why I'd like a standard way for the client to signal that they're expecting the proxy to terminate the TLS connection, rather than trying to do it transparently… sigh.
I also had trouble configuring Squid for the caching policy I wanted, last time I tried to do this. But for old-browser purposes it's probably fine?
"Apologies for the intrusion," said a strange voice in my head. "We are telepaths on a distant planet, and usually tune humanity out as background noise. But so many of you ask, all the time, so we checked: yes, there are others like you, and yes, you can be loved. Okay?"
#MicroFiction #TootFic #SmallStories
i really dislike the loads and loads of pressure people are put under in cooking competition shows
why not a bob ross cooking show where everyone chills out and becomes friends
and have it be not dominated by white judges pls
@gcupc @djsundog Thanks for the pointer! You're referring specifically to the SslBump configuration? Ugh, I'd feel a lot better if the client was expecting the proxy to be in the middle, rather than getting a random untrusted server certificate as the only clue.
I think this was actually possible with HTTP/1.0 proxies, because the protocol was you send the entire URL, including scheme, in the request line. I feel like HTTP/1.1 is worse in this one way.
@gcupc @djsundog Is there any standard way to set up a proxy that terminates TLS? As far as I can tell, asking any HTTP client today to use a proxy for HTTPS means the client uses CONNECT mode so the proxy has to just forward the raw TLS byte stream. Which seems like a good idea generally, but I actually really want to be able to have a private caching proxy that can cache HTTPS requests too…