• 1 Post
  • 26 Comments
Joined 4 years ago
cake
Cake day: January 21st, 2021

help-circle

  • Yeah, the AI I am lukewarm on. I’m fine having them experiment, and it does seem that they are using it tastefully. It is something that I can see improving the experience in the future even if I feel it has little to no benefit to me now.

    But yes, the browser just seems like a distraction.



  • If your encryption algorithm is secure, you have no use for automatic lock-out.

    This isn’t true. You need your algorithm and your key to be secure. If the key needs to be remembered or entered often it probably can’t be secure. So brute force protection becomes very important.

    If it’s not, automatic lockout won’t do much against an attacker with physical access to the device.

    This isn’t true. Yes, with enough time and effort it is possible to extract any data from any device. But in practice physical HSMs do an excellent job at raising the cost of key extraction. I would much rather have an attacker steal my Yubikey than a USB with my GPG key lying on it.




  • Same here. I tried on the starter plan but had to upgrade. According to my account I have made 802 searches since January 4th. So 17.4 searches a day on average. This means that for a 31 day month I am looking at 620 searches.

    I am also a heavy user of bookmarks and browser history. So I don’t rely on search to open specific sites (like searching for “facebook” which is one of Google’s most popular queries). So someone who is in the habit of using search for direct navigation is probably going to be a good chunk higher.

    That being said I work on the computer and do a fair number of searches for my job. So I can believe that a light user is pretty comfortable at 300 searches a month. But moderate searches or people who use the search engine for navigation will need the unlimited plan.


  • kevincox@lemmy.mltoPrivacy@lemmy.mlThoughts on Kagi?
    link
    fedilink
    arrow-up
    15
    arrow-down
    2
    ·
    9 months ago

    I am currently subscribed and it is definitely a step up from other engines I have tried. The main feature is just that it seems to somewhat cut back the general blogspam and SEO fluff. It isn’t perfect but whenever I do compare it to Google, Brave or Duck Duck Go it seems to be ahead, or in rare cases similar.

    The ability to lower/block sites is also quite nice. I also have a few raised sites, but that is really a minor improvement compared to blocking crap like Quora and Pintrest.

    That being said the small plan is a pretty small number of searches so I need to pay for the unlimited plan which is quite expensive. I currently think it is worth it but it is definitely borderline value, not a slam-dunk decision.

    I also have concerns about them focusing on things I don’t care about. Lots of AI features and a browser. I don’t want any of that, just focus on search, there is still lots of room for improvement, even if they are currently leading the pack.



  • If you are relying on Docker as a security boundary you are making a mistake.

    Docker isolation is good enough to keep honest people honest but isn’t good enough to keep out malicious actors. The Linux kernel API is simply too large of an attack surface to be highly secure.

    If you want to run completely untrusted software you want a VM boundary at a very minimum. Ideally run it on completely separate hardware. There are few exceptions like browser isolation and gVisor which are strong software isolation without a VM but docker or any Linux container runner is not on that list. If the software has direct access to the host kernel it shouldn’t be considered secure.








  • Why I’ll need something like that?

    IIUC it is mostly to avoid placing huge load on the original package host when people download the same package hundreds of times a day in their CI workflow. It also means that Google can take control over the user experience rather than huge issues coming up every time some smaller host goes down or someone deletes an existing package version.

    Overall I doubt that this proxy was added as a source of tracking. And the privacy policy on the service is pretty strict: https://proxy.golang.org/privacy. So even though I am pretty wary of Google overall I think this is actually a fairly reasonable decision by them to have enabled by default.