Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

dsemy

@dsemy@lemm.ee

This profile is from a federated server and may be incomplete. Browse more on the original instance.

dsemy ,

Using niche browser forks is often not a good idea. These are extremely fast moving projects that need to constantly be updated to stay secure.

This is especially true for Firefox forks, as Firefox allows you to customize it to the point that it is almost the same as many of these forks.

There are exceptions to this - for example, LibreWolf has a fairly good track record and Mullvad Browser needs to fork Firefox to (try) ensure all users have the same fingerprint.

dsemy ,

There's also 4get (metasearch engine; https://4get.ca is the developer's instance).

dsemy ,

Doesn't seem to.

dsemy ,

This is like the modern equivalent of the encyclopedia that added wrong "facts" to prove the makers of Trivial Pursuit infringed on their copyright.

dsemy ,

There's a 5th type - those of us who understand that the technology itself isn't a scam and has valid uses (even if many "AI" startups actually are scams), but think there isn't that much potential left with current methods due to the extreme amount of data and energy required (which seems to be supported by some research lately, but only time will tell).

dsemy ,

You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?

What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.

If you care about "secure" payments that much, why not use cash?

dsemy ,

Literally never happened before, but same way they know a credit charge is fraudulent, I tell them.

The reason I brought this up is because I read a story of a European guy who had someone pay for something in Brazil using his card, through GPay. He didn't get his money back, as the bank didn't believe him (as GPay is supposed to be secure). Take this with a grain of salt though, as I can't find this story now.

Also if someone found a 0-day in GPay I wouldn't be the only one complaining of fraudulent charges, they'd be flooded with complaints.

Not necessarily. Maybe a company like Pegasus is already exploiting a 0-day to see the purchase history of people, but they're smart enough to not attract attention by stealing.

dsemy ,

A much larger problem is that the energy consumption is several orders of magnitude larger than that of our brain. I’m not convinced that we have enough energy to make a standalone “AI”.

This is a major issue I have with basically anyone who talks about current "AI" systems - they're clearly not even close to AI, as they require an extreme amount of energy and data to perform tasks which would be trivial to an actual brain. They seem to lack any ability to comprehend their input, only mimicking it through brute force, which is only feasible since computers got fast enough and we can currently keep up with the energy demands.

dsemy ,

Obviously I'm not referring to that, but to what large tech companies call AI. And they are in fact trying to convince people these AI systems they are developing will soon be clever enough to be considered general AI.

dsemy ,

Telegram secret chats are e2e encrypted though

dsemy ,

I don't mind in-house encryption (the Signal protocol didn't just appear out of nowhere either), however the latter part is worrying.

In any case, I personally don't trust Signal or Telegram.

dsemy ,

Molly still depends on Signal's centralized servers.

Best solution I know of currently is SimpleX, though Veilid (and VeilidChat by extension) also seem promising, though it might take a while for those to be usable.

dsemy ,

This is so dumb, they're hyping up a new version of their chatbot like it's a video game.

dsemy ,

Read the article, Sam Altman literally tweeted "im-a-good-gpt2-chatbot" the day before these chatbots started appearing.

dsemy ,

They also state their opinion that the issue “should have been prioritized for a faster fix… Don’t you think as a community-powered, open-source project, it should be possible to attend to a long-standing bug, as serious as this one?”

It's crazy how every single entity who has any issue with any free software project always seems to assume their needs should be prioritized.

dsemy ,

I'm sure an affected website could have paid a web developer to find a solution to this issue in the past 7 years if it was that important to them.

dsemy ,

Why should they? The users of a free software project aren't entitled to anything.

If users want to dictate priorities they should become developers, and if they can't/won't at least try to support them financially.

dsemy ,

If they don't want to pay to fix it, they can just block the user agent (or just fix their website, this issue is affecting them so much mainly because they don't cache).

Relying on the competence of unaffiliated developers is not a good way to run a business.

dsemy ,

The reason (IMO) this has languished as much as it has, is that most sites handle this fine; though I agree that it should have been fixed by now.

[Thread, post or comment was deleted by the author]

    •
    dsemy , (edited )

    This happened 13 years ago at this point, and with all that "immense harm" desktop Linux is more popular than ever.

    I don't use Gnome, and it really wouldn't matter much to me if the project ceased operations tomorrow (as long as stuff like GTK is still around), but remember that normal people like you and me work on that project, people who are passionate about making a free system to benefit everyone; and you're calling their work "extremely harmful" when the worst thing they did was radically change the UX.

    dsemy ,

    I don’t get why this comment is so unpopular.

    • You made baseless claims:

    when Gnome changed to Gnome Shell Linux marketshare clearly declined. That Linux has begun to rise again, is definitely not because of Gnome Shell but more despite of it.

    I'm assuming you don't actually have data on this or you'd share it.

    • You keep insulting Gnome developers. You say you love how developers can do their own thing and then call the Gnome team arrogant for doing just that, in the very next sentence. They don't have to accept criticism, they don't have to accept contributions (think about this logically, would you want your favorite project to accept any criticism and any contributions?).
    • You say they hurt the ability to run Gnome apps on other desktops with Gnome 3, but both from research and personal experience I can't figure out what you mean (I use and have used Gnome 3 apps outside of Gnome), and you don't give any examples (despite your comment being pretty long).
    dsemy ,

    Who would've thought an evil company would mistreat its employees. They literally work for a corporation whose main business involves violating your human rights, if they really care they wouldn't have worked there in the first place.

    dsemy ,

    Check out the Ladybird browser (by the same people making SerenityOS), it's a new browser with its own engine. It's already functional enough for me to use it to post this comment (though it is still in very early development).

    dsemy , (edited )

    They're building their own memory safe language, Jakt, but it's not mature enough to be used by Ladybird yet. Dismissing it at such an early point for this reason is pretty dumb IMO, especially considering this is by far the most complete alternative browser engine, and it's getting better at a very rapid pace.

    You're right about Discord though...

    edit: BTW, I'd wager the complexity of Chrome's code base is still largely responsiblefor the introduction of bugs, even if most are of a certain type. Ladybird is extremely simple in comparison.

    Breakthrough promises secure and private quantum computing at home (www.physics.ox.ac.uk)

    The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies thanks to a breakthrough by scientists at Oxford’s Department of Physics guaranteeing security and privacy. The advance promises to unlock the transformative potential of cloud-based quantum computing and is...

    dsemy ,

    However, delegating quantum computations to a server carries the same privacy and security concerns that bedevil classical cloud computing. Users are currently unable to hide their work from the server or to independently verify their results in the regime where classical simulations become intractable. Remarkably, the same phenomena that enable quantum computing can leave the server “blind” in a way that conceals the client’s input, output, and algorithm [6–8]; because quantum information cannot be copied and measurements irreversibly change the quantum state, information stored in these systems can be protected with information-theoretic security, and incorrect operation of the server or attempted attacks can be detected—a surprising possibility which has no equivalent in classical computing.

    From the paper the article talks about

    dsemy , (edited )

    That said, cloud-based quantum cryptography has a big hole in it: the connection to the cloud.

    Read the article, the whole point is making the connection to the cloud actually secure.

    dsemy ,

    My point is that the article is about making cloud quantum computing secure; the article doesn't even mention quantum encryption.

    dsemy ,

    From the article:

    Using blind quantum computing, clients can access remote quantum computers to process confidential data with secret algorithms and even verify the results are correct, without revealing any useful information

    This is a breakthrough because this level of security is impossible currently (as you allude to in your comment).

    Availability will still be an issue, of course.

    dsemy ,

    This is an article about a dumb argument between two random people, not to mention the title is misleading anyway (the Rivian driver only assumes cops were called). Why post it here?

    dsemy ,

    E2E encryption means only the sender and recipient should be able to access a message.

    dsemy ,

    Yeah, that's why the comment you initially replied to cast doubt on whether the chats are actually E2E encrypted.

    dsemy ,

    That's probably why he wrote "expensive" and not "more".

    dsemy ,

    Idk I immediately understood what he meant, no need to be so rude about it

    Fake Photos, Real Harm: AOC and the Fight Against AI Porn (www.rollingstone.com)

    In 2023, more deepfake abuse videos were shared than in every other year in history combined, according to an analysis by independent researcher Genevieve Oh. What used to take skillful, tech-savvy experts hours to Photoshop can now be whipped up at a moment’s notice with the help of an app. Some deepfake websites even offer...

    dsemy ,

    It's too late at this point IMO, you can make AI generated porn on your PC... How exactly are they going to stop it?

    dsemy ,

    I read the article... amending a law doesn't make the problem go away.

    Maybe if more attention was given to the politicians talking about this half a decade ago (instead of focusing on AOC, which honestly realized this issue way too late), something more meaningful could have been done.

    dsemy ,

    IDK why people are downvoting you, you're absolutely right.

    Android is Linux (with SELinux enabled and integrated) + a userspace designed to run sandboxed applications securely. The result is much more secure than probably any Linux distro (other than stuff like Qubes).

    Sandboxes employed by Flatpak and Snap are extremely weak in comparison.

    dsemy ,

    Graphene is not a very ordinary AOSP fork, why don't you do some research before making incorrect claims.

    dsemy , (edited )

    If you are so qualified to talk about this, why don't you provide any details at all, instead of repeating yourself?

    Edit: btw why would they even do "marketing"? It's a non-profit free software project.

    dsemy , (edited )

    All I see is a bunch of drama. Daniel Micay is also no longer the head of GrapheneOS.

    IDK maybe beyond the wall of text there is some actual technical criticism, but I'm not going to sift through a bunch of unrelated pictures to find it.

    GrapheneOS very recently reported two CVEs affecting Android, with one not affecting GrapheneOS due to their mitigations.

    GrapheneOS has many features which are clearly visible to users and don't really exist elsewhere - eSIM without Google Play, sandboxed Google Play, additional "Sensors" permission just to name a few.

    Edit: I watched the Louis Rossmann video, https://www.youtube.com/watch?v=4To-F6W1NT0, and he also only talks about drama related to Daniel Micay (while clearly not saying anything negative about the project on a technical level).

    dsemy ,

    This argument is going nowhere.

    https://grapheneos.org/features lists features of GrapheneOS which differentiate it from AOSP. Are you claiming this is all fake?

    Most of the security measures are something you can take with lots of Android devices, and is nothing exclusive to Pixel/Graphene fairy tales.

    Is the Pixel 8 not the first device to support MTE? Is hardened_malloc pointless? And I literally listed 3 more features exclusive to GrapheneOS in my last comment.

    dsemy ,

    hardened_malloc is a replacement for the libc function malloc. It is not part of Linux.

    MTE is hardware-based, and is in fact restricted to Pixels currently (8+) AFAIK.

    As I said in my first comment to you, do more research.

    dsemy ,

    They are not buzzwords. I do agree that the project and its members could improve in many ways, but this is unfortunately true for many security focused projects.

    dsemy ,

    You also made incorrect claims, bordering on lies honestly, as you didn't seem to be familiar with hardened_malloc and MTE at all, and then doubled-down and called them buzzwords and then deflected in this very comment by claiming you meant "the ultimate result is not much more than buzzwords". Then you proceeded to personally insult them.

    Your behavior is much less extreme but not so different to the kind of behavior you're criticizing. But at least Daniel Micay and his "minions" are working very hard to enhance the security and user experience of their users, even if you believe their efforts amount to minor improvements at best. So why should I trust you over them?

    dsemy ,

    No. Even iOS (even with lockdown mode) can definitely still be hacked.

    Anyone who tells you otherwise doesn't know what he's talking about.

    If you're being targeted by someone with access to Pegasus-style spyware, you need more than consumer-level protection.

    dsemy ,

    I didn't say it wasn't worth enabling (FWIW I used lockdown mode in the past and now use GrapheneOS); just don't expect it to protect you from these kinds of threats. You might get lucky, but you can't rely on it (and it still might be worth it to you just based on that).

    A big part of security is understanding what you're protecting against, and weighing the effect of increasing the security of your system on its usability.

    dsemy ,

    Corporations shouldn't get to decide if you're a sane driver.

    dsemy ,

    Words mean whatever you want them to mean.

    dsemy ,

    Did someone not understand what the original comment's poster meant with "enshittification"?
    It's not like he used a completely unrelated term.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • random
  • meta
  • All magazines
    •