Notices by Patrick Georgi (patrick@georgi.family), page 2
-
Patrick Georgi (patrick@georgi.family)'s status on Wednesday, 02-Feb-2022 22:26:55 UTC 
Patrick Georgi
@jayrope @codewiz @nanook To be compliant with that court decision, the content security policy has to intercept the connections to BandCamp as well. Easier to just take BC off the page ;-)
The case wasn't about Google, interrupting BandCamp's use of Analytics won't help you when the lawyers swarm in. -
Patrick Georgi (patrick@georgi.family)'s status on Wednesday, 02-Feb-2022 22:26:54 UTC
Patrick Georgi
@jayrope @codewiz @nanook
The decision is for a single website, a single and a single external service (the only aspect that was named, Google Fonts). The legal theory on which it is based is more generic though.
"Die dynamische IP-Adresse stellt für einen Webseitenbetreiber ein personenbezogenes Datum dar" is where all other services come in: Not a word about Google.
"Dabei reicht es aus, dass für die Beklagte die abstrakte Möglichkeit der Bestimmbarkeit der Personen hinter der IP-Adresse besteht. Darauf, ob die Beklagte oder Google die konkrete Möglichkeit hat, die IP-Adresse mit dem Kläger zu verknüpfen, kommt es nicht an." mentions Google, but applies to everybody else as well.
"Berücksichtigt werden muss dabei auch, dass unstreitig die IP-Adresse an einen Server von Google in den USA übermittelt wurde, wobei dort kein angemessenes Datenschutzniveau gewährleistet ist" works just as well for BandCamp.
(And yes, IP addresses in log files are no trivial matter. Old news.) -
Patrick Georgi (patrick@georgi.family)'s status on Wednesday, 02-Feb-2022 09:28:13 UTC
Patrick Georgi
@codewiz @jayrope @nanook You can do whatever you want as long as:
1. You ask data subjects for consent first before loading such embeddings (there are some fine tools built to help with that, such as https://github.com/heiseonline/shariff or https://wordpress.org/plugins/real-cookie-banner/), or
2. you have a data processing agreement in place with the embedded sites and it appears enforceable. There have been some doubts if US based companies can do that at all, but the extent to that is unclear to me (it just seems that the "Privacy Shield" scheme wasn't accepted). -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 30-Jan-2022 23:29:07 UTC
Patrick Georgi
@codewiz @jayrope @nanook Google Fonts has a surprisingly complete set of "what we collect and what we do with that data" statements in their FAQ, and nothing in there points at collecting user data (they run statistics on the fonts), but the idea that it's used to collect user behavior has stuck.
Regarding "sharing common resources", that used to be true but isn't anymore: It allowed for cross-site tracking (is a resource cached or not) so third party resources are now cached per host context. That makes the Google Fonts offering less useful (besides the convenience) and just mirroring what you need on your own site is a lot less of a penalty than it used to be. -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 30-Jan-2022 23:04:59 UTC
Patrick Georgi
@codewiz @jayrope @nanook Correction: the decision doesn't talk about filtering out accesses, so I suppose nobody brought it up. The explicit part is about "encrypting" the IP, whatever they mean by that. In any case, it kinda follows that this court doesn't look kindly on "the client didn't sufficiently defend itself" style arguments.
The defendant is that particular website, so the damages part of the decision doesn't immediately apply to all users of Google Fonts (or even any other instance of third party site links), just this one site.
Still, the outcome isn't _that_ surprising, and I'd expect that topic to become a profitable field for lawyers specializing in cease & desist letters (of which we have too many) and a minefield for everybody else.
(opening the door to that might well be the real point of this lawsuit) -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 30-Jan-2022 23:00:00 UTC
Patrick Georgi
@codewiz @jayrope @nanook Apparently the German interpretation of the GDPR is tighter.
The argument "the client could have hidden the IP address (through VPN, I suppose?) or filter out accesses" was explicitly rejected in that court decision, by the way. -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 30-Jan-2022 22:42:03 UTC
Patrick Georgi
@codewiz @jayrope @nanook The client IP is considered PII by German data protection agencies and there are ad retargeting services (not Google AFAIK) that use it to probabilistically follow users around based on that and other signals without user consent. -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 30-Jan-2022 22:42:00 UTC
Patrick Georgi
@codewiz @jayrope @nanook See https://social.tchncs.de/@rufposten/107396066378971218 for IP-driven examples in this thread (with "consent"). It's a scummy industry but they're "not Google" and therefore flying under the radar. -
Patrick Georgi (patrick@georgi.family)'s status on Monday, 17-Jan-2022 08:02:09 UTC
Patrick Georgi
@codewiz I don't think the issue is with firmware development support (which is horrible for all vendors) but on the hardware side: apparently it's much easier to do a small-scale laptop production run with Intel than it is with AMD.
With Intel you can get a reference design, maybe even some support through some inept intern to help you sort out your customizations before you've sold the first Intel chip. With AMD you won't even get a phone call with their sales rep if the expected $$$ is too low (or so I've heard).
Simple reason: Intel can afford to waste lots of time on customers that usually get nowhere if that also means that they'll invest in the potential biggest computer vendor of the following decade (who will be nudged to optimize their workflow to work with Intel, and Intel only). -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 19-Dec-2021 09:35:03 UTC
Patrick Georgi
@codewiz mount -oro,loop your-lvm-partition /somewhere; cp /somewhere/bzImage /somewhere/initrd /tmp/foo; umount /somewhere; kvm -kernel /tmp/foo/kernel -initrd /tmp/foo/initrd -all -the -other -kvm -cruft
;-)
The more sophisticated variant (that gets by without the host kernel touching VM data, which can be awkward if the VM kernel messed with it in unknown ways) would be an emulation/qemu-q35 coreboot image with grub2 or filo or something as payload. That way the in-"flash" code knows your filesystem and can load kernels directly.
The option for enable such an image in kvm would be "kvm -bios /path/to/bios/image", and I guess libvirt has some underexercised config field doing the same. -
Patrick Georgi (patrick@georgi.family)'s status on Monday, 13-Dec-2021 17:40:56 UTC
Patrick Georgi
@codewiz Uhoh. The Trackpoint requirement is a hard one, it essentially limits you to Thinkpads. Lenovo seems to have managed to build the ultimate vendor lock-in with that.
Apparently the patents have expired, but customizing keyboards is already expensive enough as-is (see S76's keyboard at $280+) that no other vendor seems to dare to work on that.
If you _insist_ on the Trackpoint, there are options, but I'm not sure if any is ideal:
There's the Lenovo C13 Yoga Chromebook that comes with a Trackpoint _and_ coreboot, but as typical for Chromebooks, its specs are rather on the low-end (https://www.newegg.com/laptop/p/1B4-001H-02H79 is the highest-powered model I could find). Also, if you want non-Chrome OS in a comfortable setting, some assembly is required. There's a ready-made alternative firmware image providing a more standard boot method than the one Chrome OS uses, by a trusted community member, that should get you started quickly: https://mrchromebox.tech/#devices (look for "morphius", the code name for that device). It's built from upstream coreboot sources. You could customize your firmware yourself, but starting out is easier with tested releases.
And then there's the modding community, which offers after-market coreboot on some older Thinkpad models. These are usually entirely outdated, but newer models have the firmware locked down, so there's little to do about them. The workaround for _that_ problem is a PCB-swap in an old device like the 51nb X210, which is modern hardware on a new mainboard that is made to fit into an old Thinkpad (but apparently 51nb got into troubles with Lenovo and ceased that work? I never had much luck navigating modding communities, so it's hard for me to find out the latest). Some of these (eg. X210, https://review.coreboot.org/plugins/gitiles/coreboot/+/refs/heads/master/src/mainboard/51nb/x210/) come with after-market coreboot support, which makes that kind of setup doubly unsupported and exciting ;-)
Aside:
One upside with Chromebooks (except 5+ year olds and one particular recent Dell model, sadly): you can flash firmware externally without opening the box and even when the firmware on the device is non-functional (https://chromium.googlesource.com/chromiumos/platform/ec/+/cr50_stab/docs/case_closed_debugging.md). That makes them pretty neat if you want to mess with the firmware on your device. Those debug cables are in short supply, so a colleague recently published a video on how to build your own with parts that you can actually buy these days: https://www.youtube.com/watch?v=WGsyXlgSxFk -
Patrick Georgi (patrick@georgi.family)'s status on Monday, 13-Dec-2021 06:29:17 UTC
Patrick Georgi
@codewiz Putty is a Windows tool (yeah, there's a Linux port, but who is using that without coming from Windows first?), and I think that already changes the user base demographics for the better: The biggest problems I face as a coreboot maintainer are with a certain unhinged subgroup of Free Software Fundamentalists and they'd never (admit that they) use Windows. -
Patrick Georgi (patrick@georgi.family)'s status on Friday, 15-Oct-2021 11:55:50 UTC
Patrick Georgi
@codewiz @srevinsaju Whatever happened to GNOME adopting Vala (https://wiki.gnome.org/Projects/Vala)? -
Patrick Georgi (patrick@georgi.family)'s status on Monday, 11-Oct-2021 07:20:26 UTC
Patrick Georgi
@codewiz So you unlock your own padlock, rotate the disk so its hole lines up with the handle's metal rod, and then you can pull up the handle because the rod passes through the now-freed-up hole?
It's certainly a very interesting approach, thanks for sharing! -
Patrick Georgi (patrick@georgi.family)'s status on Friday, 08-Oct-2021 08:39:19 UTC
Patrick Georgi
@codewiz "French door" is a term that's been abused by real estate agents in the US to mean "double door" (while French doors, which also do not originate in France, would be glass paned). I wonder if the fridge folks simply adopted that? -
Patrick Georgi (patrick@georgi.family)'s status on Monday, 13-Sep-2021 06:09:58 UTC
Patrick Georgi
@codewiz @globalc The VIC-II has more restrictions than just the palette. https://mcdraw.xyz/ takes care of all that and you can manipulate dithering and color handling live until you like the result. -
Patrick Georgi (patrick@georgi.family)'s status on Sunday, 12-Sep-2021 21:48:38 UTC
Patrick Georgi
@codewiz The POST request returns something like "server error", so it's probably not for lack of trying on behalf of the browser... -
Patrick Georgi (patrick@georgi.family)'s status on Friday, 03-Sep-2021 22:09:14 UTC
Patrick Georgi
@codewiz phew, good question. For my own personal use I'm limited by the poor selection available in Germany, so...
Given the CPU + RAM requirements, you're stuck with Intel/AMD, no ARM. https://www.newegg.com/lenovo-20ux001tus/p/2WC-000J-00YC2 perhaps? -
Patrick Georgi (patrick@georgi.family)'s status on Friday, 03-Sep-2021 21:19:32 UTC
Patrick Georgi
@codewiz I totally believe that it's an interesting place to be but I prefer not processing user data (I guess I'd run into conundrums rather quickly), so I guess I'll stick with firmware and tooling and it seems that Search needs rather little of that ;-) -
Patrick Georgi (patrick@georgi.family)'s status on Friday, 03-Sep-2021 18:29:16 UTC
Patrick Georgi
@codewiz These days the founders are pretty much gone, though.
We would have benefited from having you over at Chrome OS, but that doesn't solve the corporate concern you apparently have :-/ Godspeed to whatever is next (I'll eagerly await your reveal :-) )
All Bobinas P4G content and data are available under the