@kornel@mastodon.social
@kornel@mastodon.social avatar

kornel

@kornel@mastodon.social

I compress pixels (https://ImageOptim.com https://pngquant.org https://gif.ski).
Web Standards & #RustLang

This profile is from a federated server and may be incomplete. Browse more on the original instance.

daringfireball, to random
@daringfireball@mastodon.social avatar

Privacy-Concscious EU Now Requires Developers to Include Mailing Address and Phone Number on App Store Listings
https://daringfireball.net/linked/2024/03/15/dsa-mailing-address-phone-number

kornel,
@kornel@mastodon.social avatar

@daringfireball the headline sounds like you’re aiming for a “gotcha you privacy hypocrites”, but the consistent theme is consumer protection. As an individual you’re least powerful, so you get privacy protections and get to know who you’re doing business with.

It’s quite common to require businesses addresses and director names to be public. (Sole) trader is a legal category for a single-person business. People operating as traders will know, because they pay taxes as such.

kornel,
@kornel@mastodon.social avatar

@daringfireball @lapcatsoftware From my reading of the DSA, specifically par (24), it seems that Apple wants to avoid liability of being a platform by making it very clear that each app purchase is a contract with the developer directly, thus forcing devs to become real legal businesses.

That's unlike AppStore™ where customers buy from Apple's subsidiary in Luxembourg or Ireland, and devs have a contract with Apple, not users, therefore only Apple needs to know their business identity.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware The requirement to publish business details including phone is not new. That law is from 2011 (2011/83/EU Art6).

It wasn't an issue so far, because users were buying from Apple, and Apple complied with it (Apple's biz address and phone # is on their EU websites).

DSA added requirement for Apple to verify devs' biz details, which is why they must collect it. However, I don't see any requirement to publish devs' biz details if Apple chooses to be the seller.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware So it seems that everyone punts on the question whether they're "online platforms allowing consumers to conclude distance contracts with traders" by making sellers declare if they're traders.

This is a weird framing, because the real question is whether the platform sells to users itself, or just connects users with sellers.
Devs selling apps are traders/businesses either way, but either trade with the platform owner (as it used to be), or now with users directly.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware Yes, that's very likely. However, lawyers can also be very risk-averse and prefer overly cautious cover-your-ass interpretations to avoid risking liability or non-compliance. "Are you a trader" is probably much safer to ask than some user-friendlier question, or asserting themselves how the platform handles sales.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware The lawyers who wrote the DSA text failed to make "online platforms allowing consumers to conclude distance contracts with traders" sufficiently clear. Its definition is split into parts, and references to other laws, so I'm not surprised that nobody wants to bet a billion euro on their interpretation.

However, the unclear part is not whether somebody is a trader, but whether $corp is a "platform allowing consumers to conclude distance contracts (with others)".

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware EU traders did not have this privacy before either. Person selling online from home aready had to publish their phone and address.

This is not new in DSA. It is in consumer protection law from 2011 (2011/83 art 6).

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32011L0083#d1e1089-64-1

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware this is from 2011:

“the geographical address at which the trader is established and the trader’s telephone number, fax number and e-mail address, where available, to enable the consumer to contact the trader quickly and communicate with him efficiently and, where applicable, the geographical address and identity of the trader on whose behalf he is acting;”

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware What had changed is that until now Apple has been licensing software from you, and reselling to users as Apple<>user contract, not you<>user contract. This meant you only needed to tell your biz details to your buyer == Apple. And users were given Apple’s biz address when they bought apps from Apple.

But even before DSA, if you sold your software from your own website, you had to give your biz address and contact. e.g. Stripe (at least in EU) will tell customers your phone #.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware I have 1-person biz in the UK since it has been in the EU, and my biz revenues/taxes are public. I have to have company address and director’s address public. It can’t be a PO Box.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware just saying the expectation of anonymity/privacy you have never existed in the EU, even for 1-person businesses.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware If you’ve been selling through an intermediary or an umbrella company, you only had to give your biz info to the intermediary that was your only customer.

OTOH if you’ve been selling directly to users (your biz was on the invoice), then you haven’t been compliant with the 2011/83 law, and should have made your biz info available.

kornel,
@kornel@mastodon.social avatar

@lapcatsoftware Yes, it has added requirements for "online platforms allowing consumers to conclude distance contracts with traders".

What's unclear to me (it's not stated in the DSA as far as I can see) is whether a platform can still say "no, we don't allow consumers to conclude distance contacts with traders. They have a contract with us, and we have a contract with traders" (like it has been before).

bamboombibbitybop, to rust
@bamboombibbitybop@mastodon.social avatar

I know Rust has an extremely strict compiler and is designed from the ground up for memory safety, but what evidence is there for it being truly bulletproof in that regard? I feel like a lot of people read the phrase "written in Rust" and see "immune to exploits," but that certainly isn't the case, right? How safe is Rust, really? Obviously it's no contest if you're comparing to like, C++ or Java or whatever else, but is it really the end-all-be-all of secure low-level programming?

kornel,
@kornel@mastodon.social avatar

@FSMaxB There is a formal proof (RustBelt) that the borrow checking and ownership are sound, and there's an extension of it that covers some unsafe code too (Stacked Borrows).

kornel,
@kornel@mastodon.social avatar

@FSMaxB real rustc has more features and flexibility than the proven one, so it might have unknown logical holes, but they won’t be in the basics, so might be fixable (e.g. Pin had such fix).
The known soundness holes are likely just compiler bugs. There are new impls of the borrow checker and trait resolvers in the works.

kornel, to random
@kornel@mastodon.social avatar

content negotiation has some unwritten rules for images. Accept: image/png, */* technically allows image/avif, but that’s not a wise interpretation.
Except what a caching proxy is supposed to do when the origin only sends AVIF?

kornel,
@kornel@mastodon.social avatar

@magila The hard part here is Accept normalization. Being truly transparent and going to the origin for every single variation of Accept is costly. But as soon as the proxy starts to negotiate itself, the negotiation algorithm becomes tricky.

kornel, to random
@kornel@mastodon.social avatar

The best @oglaf:

https://www.oglaf.com/eyeroll/

drsensor, to rust

I hate 😂
How do I write the type annotation for this return type?

kornel,
@kornel@mastodon.social avatar

@drsensor In type hints for local variables, you can put _ where you can't name the type. In the return type you can use impl Trait to avoid naming specific type.

If you need a fully concrete nameable type, either make it Box<dyn Iterator<yada yada>>, or implement it manually on a struct rather than via map and closures, or if the closure doesn't need context, you can use fn() type instead of unnameable closure type.

jbzfn, to rust
@jbzfn@mastodon.social avatar

「 Putting the focus on memory safety is more than a little suspect when the worst CVEs come from programmers not putting in basic checks for path traversal and forgetting to fully check user credentials. What is also worrying is the complete lack of any reference to the favorite language of the military, medical, and aviation fields where things going boom (prematurely) is generally considered a bad thing: Ada 」

https://hackaday.com/2024/02/29/the-white-house-memory-safety-appeal-is-a-security-red-herring/

kornel,
@kornel@mastodon.social avatar

@jbzfn Programs that have memory safety vulnerabilities aren't magically immune to having path traversal and other logical bugs too. This is like .

LunarAkai, to rust

ehm, this might be a pretty stupid question: but if i want to start my webserver (rocket.rs project) on my server, i just need to start the project with cargo run --release? (besides nginx config)
or should i know about other better methods?

kornel,
@kornel@mastodon.social avatar

@LunarAkai cargo build -r and then take binary from target/release. If the server is Debian, try https://lib.rs/cargo-deb

kornel, to random
@kornel@mastodon.social avatar

This Veritasium video explains things very well. I feel like I’ve learned a ton about physics and economics, despite not being versed in either:

https://youtu.be/A5w-dEgIU1M

brandon, to random
@brandon@fosstodon.org avatar

Rustaceans: I'm having an issue nailing down a bug.

When I specify a crate using just cc = "1.0.73" in various cargo.toml files, the build fails saying that MSVC cannot be found.

However, when I clone the repo and use the same version but specifying the path:

cc = { path = "C:\Users\...." }

The build runs just fine.

I even tried specifying the path that cargo caches crates, and that also successfully builds.

I'm at a loss as to what to focus on next

kornel,
@kornel@mastodon.social avatar

@brandon It's weird.

Run cargo update to ensure cc is up to date (the repo may be latest version, your Cargo.lock may pick an old one).

If that doesn't help, here's the standard "turn it off and on again":

  • delete .cargo/registry (in your home dir), in case it got corrupted. It'll be redownloaded.

  • run rustup update and rustup default stable.

  • run cargo build -vvv to see what exactly gets built, and try to spot how good/broken builds differ.

hsivonen, to random
@hsivonen@mastodon.social avatar

Is there an nginx / Caddy competitor written with Rust’s hyper? I would not be too surprising if Cloudflare had made one, but I don’t see one on their GitHub.

kornel,
@kornel@mastodon.social avatar

@hsivonen Here it is: https://github.com/cloudflare/pingora

winter, to random
@winter@pleroma.envs.net avatar

you've heard of the smartphone, now try the all new scartphone!

kornel,
@kornel@mastodon.social avatar

@winter I hope the top of it is compatible with PCMCIA.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •