Natanael

Natanael , 13 hours ago

Define "new security measures"

Natanael , 1 day ago

In Canada there was a company using an LLM chatbot who had to uphold a claim the bot had made to one of their customers. So there's precedence for forcing companies to take responsibility for what their LLMs says (at least if they're presenting it as trustworthy and representative)

Natanael , 23 hours ago

But it has to be clearly presented. Consumer law and defamation law has different requirements on disclaimers

Natanael , 1 day ago

Already possible on a Steam Deck

Natanael , 1 day ago

Gimbal

Natanael , 3 days ago

Performance cores versus efficiency cores?

Natanael , 5 days ago

There was a similar case where they couldn't even get to a trial because almost every single potential juror disqualified themselves immediately when they heard what the charges were by stating they would not uphold that law (the court only want people on the jury who will plausible apply the law "neutrally")

Natanael , 6 days ago

A lot of those exploit EU rules on open markets to dodge proper local licensing (I'm also from Sweden)

Natanael , 6 days ago

Advertised WiFi MAC is randomized per AP by most devices these days, and Bluetooth also have equivalent privacy protocols. So unless you can get the device to connect to you then you won't see a static identifier that can be followed

Natanael , 6 days ago

No passive scanning in the background though

Natanael , 8 days ago (edited 8 days ago)

There's a million different ways "third party" can go. Sometimes they take the job seriously and have enough mandate to get it done, sometimes they don't. The latter is especially risky and problematic when they're hired by the party accused.

The only way to ensure you get the former is to let somebody not involved in the accusations make the choice of which auditors to hire

Natanael , 11 days ago

https://www.datacenterdynamics.com/en/news/fire-destroys-ovhclouds-sbg2-data-center-strasbourg/

🤷

Natanael , 11 days ago

Interestingly enough it's the same kind of historical relationship with Russia and Ukraine, where Russia claims rights over Ukraine due to "shared history", when in fact the details of that history supports Ukraine claiming Russia instead.

Natanael , 12 days ago

That won't be a copyright issue, but if you're deliberately making it indistinguishable from somebody else it can be a publicity rights issue by (false) implicit support from the one impersonated.

Natanael , 12 days ago

Before 2010 it was almost exclusively used to refer to cryptography, outside of some even more niche fields (parts of biology, political sciences, etc)

I run /r/crypto on reddit, for cryptography, and the spam is horrendous and the flood of idiots is never ending

Natanael , 13 days ago

This thing influence how air moves through it, so it would make electrics more silent too

Natanael , 13 days ago

When loudness is described there's often lists with examples of things with their typical loudness specified in dB, so you can compare against things you may have heard.

See the image chart here

https://decibelpro.app/blog/decibel-chart-of-common-sound-sources/

Natanael , 13 days ago

Destructive interference is a thing. The energy of the vibrations doesn't go away, however you CAN shift that energy into different frequencies and destructive interference done correctly will effectively shift it into so high frequencies that the vibrations are better compared with heat than with sound (what is heat convection anyway if not extremely high frequency sound? :)

Natanael , 14 days ago

There's already attempts to create synthetic data to train on

Natanael , 15 days ago

Minecraft chat, which is what most of these three kids in a trenchcoat are coming from

Natanael , 15 days ago

Also, you can use a telephoto lens, like from that little bush you can see in the center if you zoom in (not that anybody sensible would bother)

Natanael , 17 days ago

Not all of iCloud is end to end encrypted unless you manually activate their extra secure mode (which disables a few features too)

Natanael , 17 days ago

If it's completely random then 50%, that's how stream ciphers works.

Natanael , 17 days ago

Deletion commands are unfortunately not very reliable on many SSDs

Natanael , 18 days ago

Your DMs is about to get weird(er)

Natanael , 18 days ago

The upgrade to PoE (Pepsi over Ethernet)

Natanael , 20 days ago

Create an alias and set forwarding

Natanael , 22 days ago

You can also spin up your own Bluesky PDS (the account server) since federation is live now, or your own appview (basically the feed display server that has most of the smarts) and point your app to it, or set up your own relay (CDN like server) and point your appview and even point feed generators to it (3rd party custom feeds are supported in Bluesky)

So if you don't like the decision made by anybody else you can just replace them. And yeah, just like on Mastodon nobody's going to use unmoderated appviews, subscribe to scrappy feeds, or federate with a PDS hosting only shitty people.

Natanael , 22 days ago

The biggest individual difference is that bluesky makes identity independent of the hosting server (via cryptographic keys) and makes content location independent of the hosting server (via content addressing).

And these features together also enable more efficient caching and propagation in the network as well as enabling features like custom feeds and 3rd party moderation tooling which works the same independently of which server you're on. So Bluesky can give you a better global view of the network and more efficient communication between users on many different servers in the same thread.

Ironically enough, Jack's other favorite place Nostr (which is built as P2P with repeater nodes) is also adding moderation tooling similar to that in Bluesky (labelers making use of the content addressing and account key ID) to flag stuff

Natanael , 22 days ago

I think short form video specifically is pretty bad (in high volume)

https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2023.1298361/full

Natanael , 22 days ago

Bluesky is open source and have a site for documentation

Splitting off identity means you can bail and take your friends and post history with you when a server either goes down, gets hacked, or if the admin goes insane, or if it gets freenoded (hostile takeover and impersonation)

On bluesky the closeness comes more from the personal connections plus the choice of feeds

Natanael , 22 days ago

Yes, there's already some 3rd party reimplementations of both clients and PDS servers and feed generators (but haven't heard of custom appviews yet). I don't know anybody running an open PDS yet though, it's mostly individuals running them

Natanael , 23 days ago

It's all for the profit margin that quarter

Natanael , 24 days ago

Keep in mind that because few residential users max out capacity simultaneously the ISPs "overbook" capacity, and usually this works out because they have solid stats on average use and usually few people need the max capacity simultaneously.

Of course some ISPs are greedier than others and do it to the extreme where the uplink/downlink is regularly maxed out without giving anything near the promised bandwidth to a significant fraction of customers. The latter part should be disincentivized.

Force the ISPs to keep stats on peak load and how frequently their customers are unable to get advertised bandwidth, and if it's above some threshold it should be considered comparable to excess downtime, and then they should be forced to pay back the affected customers. The only way they can avoid losing money is by either changing their plans to make a realistic offer or by building out capacity.

Natanael , 26 days ago

When the oil industry doesn't have to pay to clean up their externalities we already don't have a free market. You break it you pay. Fixing the externalities by incentivizing better technology is at minimum a correction to the market.

Natanael , 26 days ago

Pushing a route also means that the network traffic will be sent over the same interface as the DHCP server instead of the virtual network interface. This is intended functionality that isn’t clearly stated in the RFC. Therefore, for the routes we push, it is never encrypted by the VPN’s virtual interface but instead transmitted by the network interface that is talking to the DHCP server. As an attacker, we can select which IP addresses go over the tunnel and which addresses go over the network interface talking to our DHCP server.

Ok, so double encrypted and authenticated traffic (TLS inside the VPN) would still be safe, and some stuff requiring an internal network origin via the VPN is safe (because the attacker can't break into the VPN connection and your client won't get the right response), but a ton of other traffic is exposed (especially unencrypted internal traffic on corporate networks, especially if it's also reachable without a VPN or if anything sends credentials in plaintext)

Natanael , 26 days ago

Yeah, it's like a fake traffic cop basically, sending your (network) traffic down the wrong route

Natanael , 26 days ago

Hilariously enough, Windows users can use WSL to run a Linux VPN (but only applications running in WSL are safe if I understand the attack right)

Natanael , 26 days ago

Plaintext connections inside corporate networks can still be MITM'ed if the adversary knows what they're targeting, while they can't connect to the corporate network they can still steal credentials

Natanael , 25 days ago

These types of attacks would likely be implemented via DHCP spoofing / poisoning, unless you're on a malicious network

Natanael , 25 days ago (edited 25 days ago)

I'm tech support so I've seen some stuff, sooo many intranet sites on internal servers don't have HTTPS, almost only the stuff built to be accessible from the outside has it. Anything important with automatic login could be spoofed if the attacker knows the address and protocol (which is likely to leak as soon as the DHCP hijack is applied, as the browser continues to send requests to these intranet sites until it times out). Plaintext session cookies are also really easy to steal this way.

Chrome has a setting which I bet many orgs have a policy for;

https://chromeenterprise.google/policies/#OverrideSecurityRestrictionsOnInsecureOrigin

Of course they should set up TLS terminators in front of anything which doesn't support TLS directly, but they won't get that done for everything

Natanael , 28 days ago

Probing my drone

Natanael , 29 days ago

Yes, but it's also unauthenticated (it doesn't verify it comes from the real device, or even run an account belonging to a device owner)

You just need the app

Natanael , 29 days ago

With DMCA get uploader is supposed to get notified and get a chance to file a counter claim

Natanael , 29 days ago

That's not code and Texas Instruments already lost on that one

Natanael , 29 days ago

It doesn't matter if there's patches to make it work specifically, if they don't contain Nintendo's code. At most they could accuse whoever contributed the patch with piracy / breach of NDA or similar for having downloaded the ROM prior to release (couldn't have purchased it) but that doesn't impact the emulator itself

Natanael , 29 days ago

Something something legal precedence. This hasn't gone through court yet, has it?

Natanael , 1 month ago

Boring is a different Musk company