dev_null

dev_null , 1 day ago

Which is his fault, but also this would never happen on Windows. The power and lack of hand-holding of Linux is a great advantage for power users, but with great power comes great responsibility, and many people don’t need the responsibility.

dev_null , 1 day ago

Yeah, I feel like Linux needs a the equivalent of Administrator accounts on Windows. Root is the equivalent of the System account on Windows, something even power users might never encounter, because it’s a level of power you shouldn’t ever need.

We need users to have permission to install software and do other administrative tasks, without having permission to do very destructive actions like uninstalling core system packages. Aunt Flo should be able to install Mahjong from her distros package manager GUI, without needing dangerous root access.

dev_null , 1 day ago

Yeah, but there is no separation between being able to do day to day administrative actions like installing software, and being able to do destructive actions no one should need to do unless in exceptional circumstances.

dev_null , 3 days ago

I’m sure Temu collects all information you put into the app and your behaviour in it, but this guy is making some very bold claims about things that just aren’t possible unless Temu is packing some serious 0-days.

For example he says the app is collecting your fingerprint data. How would that even happen? Apps don’t have access to fingerprint data, because the operating system just reports to the app “a valid fingerprint was scanned” or “an unknown fingerprint was scanned”, and the actual fingerprint never goes anywhere. Is Temu doing an undetected root/jailbreak, then installing custom drivers for the fingerprint sensor to change how it works?

And this is just one claim. It’s just full of bullshit. To do everything listed there it would have to do multiple major exploits that are on state-actor level and wouldn’t be wasted on such trivial purpose. Because now that’s it’s “revealed”, Google and Apple would patch them immediately.

But there is nothing to patch, because most of the claims here are just bullshit, with no technical proof whatsoever.

dev_null , 3 days ago

Yeah, it is. It’s such an extraordinary claim.

One requiring extraordinary evidence that wasn’t provided.

“It’s doing amazing hacks to access everything and it’s so good at it it’s undetectable!” Right, how convenient.

dev_null , 2 days ago

Yes, the phone does, but that data is protected in the hardware and never sent to the software, the hardware basically just sends ok / not ok. It’s not impossible to hack in theory, nothing is, but it would be a very major security exploit in itself that would deserve a bunch of articles on it’s own. And would likely be device specific vulnerability, not something an app just does wherever installed.

dev_null , 2 days ago

The analysis shows it’s spyware, which I don’t question. But it’s spyware in the bounds of Android security, doesn’t hack anything, doesn’t have access to anything it shouldn’t, and uses normal Android permissions that you have to grant for it to have access to the data.

For example the article mentions it’s making screenshots, but doesn’t mention that it’s only screenshots of itself. It can never see your other apps or access any of your data outside of it that you didn’t give it permission to access.

Don’t get me wrong, it’s very bad and seems to siphon off any data it can get it’s hands on. But it doesn’t bypass any security, and many claims in the article are sensational and don’t appear in the Grizzly report.

dev_null , 2 days ago

The reported found the app using permissions that are not covered by the manifest.

It didn’t found them using them, it’s an important distinction. It found code referring to permissions that are not covered by the Manifest file. If that code was ran, the app would crash, because Android won’t let an app request and use a permission not in the Manifest file. The Manifest file is not an informational overview, it’s the mechanism through which apps can declare permissions that they want Android to allow them to request. If it’s not in the Manifest, then it’s not possible to use. It’s not unusual to have a bunch of libraries in an app that have functionality you don’t use, and so don’t declare the required permissions in the Manifest, because you don’t use them.

It also found the app being capable to execute arbitrary code send by temu.

Yeah, which is shady, but again, there is nothing to indicate that code can go around any security and do any of the sensational things the article claims.

The Grizzly reports shows how the app tricks you into granting permissions that it shouldn’t need, very shady stuff. But it also shows they don’t have a magical way of going around the permissions. The user has to actually grant them.

dev_null , 3 days ago

Yeah, the illustration shows nothing, we don’t know which side is which anyway.

dev_null , 3 days ago

Internal documents on how the AI was trained were obviously not part of the training data, why would they be. So it doesn’t know how it was trained, and as this tech always does, it just hallucinates an English sounding answer. It’s not “lying”, it’s just glorified autocomplete. Saying things like “it’s lying” is overselling what it is. As much as any other thing that doesn’t work is not malicious, it just sucks.

dev_null , 3 days ago

Sure, then it’s Meta that’s lying. Saying the AI is lying is helping these corporations convince people that these models have any intent or agency in what they generate.

dev_null , 3 days ago

Yeah, and when you do, it’s because you don’t like things about the original, and here people are saying what they don’t like.

Nobody disagrees that you can choose something else, but that’s not a reason to be uncritical.

dev_null , 3 days ago

Most projects on GitHub don’t have a license, which means it’s not allowed.

dev_null , 3 days ago

Most GitHub repos don’t have a license, meaning you are not licensed to do anything with them. Rehosting them would be the same as rehosting an image you don’t have a license for.

dev_null , 4 days ago

You asked about beaches, so are you interested in how they form geologically, which ones are good for surfing, or just looking for a sunbathing destination?

The person you replied to was joking based on your typo.

dev_null , 4 days ago

What was even the purpose of that button? Surely if you get spam, you don’t report that to the spammer, you use the mechanism provided by your email service.

dev_null , 5 days ago

What do you mean a password manager that checks the domain? Isn’t the auto fill based on the domain? I can’t imagine how a password manager could fill a password without checking the domain, it wouldn’t know which password to fill after all. Do any actually exist?

dev_null , 5 days ago

I see, so you mean manually getting the password out of the manager instead of domain based autofill.

dev_null , 11 days ago

I love VR. So I use it for gaming maybe once a week, for 1-2 hours, usually as an activity with my SO so we can switch who’s playing each “round” depending on the game. That’s the maximum I find fun instead of tiring. I can’t see using it for long periods or for work, that sounds like a nightmare.

dev_null , 11 days ago

You are completely right that they want to get a cut and it’s bullshit.

But I don’t see anything wrong with paid mods, where all of the money goes to the mod author (which this situation isn’t). Some mods take months to develop and a massive amount of skill, and it’s sensible to expect payment for it.

It’s a false dichotomy between “corporations profiting” and “all mods need to be free”.

dev_null , 12 days ago

At least the “just walk out” was a genuine attempt at the tech, created long before the AI craze. Still failed, but they weren’t following a fad.

dev_null , 12 days ago

I wonder if the concept could still be useful. It fails if the goal is removing human workers, but the tech basically enables “cashiers” to work from home, and that’s a win for the cashiers who’d like that.

But no one is going to invest in a win for the cashiers, and if they did, then like we saw, it would be outsourcing the work to third world nations, rather than local people having the ability to work from home…

dev_null , 12 days ago

If I have to compare, giving people in underserved areas access to the Internet is a better reason than spy sats or satellite TV.

dev_null , 13 days ago

That’s only useful though if someone looking for this function also happens to be looking for a tiling window manager. I assume most people needing this don’t want a tiling window manager.

dev_null , 14 days ago

What tool would you recommend for that?

dev_null , 13 days ago

If you are comfortable with a cli you could use gnupg. Its man page is good.

If I have cloud storage mounted somewhere I need to be able to drag and drop directories in and out, see the files inside in an unencrypted form, and they should transparently be uploaded encrypted. This could very well be achieved by a bunch of scripts involving gnupg, but then that’s what’s I’m looking for, because gnupg by itself wouldn’t be productive to use unless as a one-off.

This seems promising: szymonkrajewski.pl/encrypted-cloud-drive-rclone/

dev_null , 16 days ago

Or, because Apple gets a free service that would cost an insane amount of money if they were to pay API fees or build their own data centers and models, and OpenAI gets free advertising by being included in millions of Apple devices. Seems pretty simple.

dev_null , 18 days ago

What’s wrong with them? I never used them (I don’t have an iPhone), but they seem useful.

dev_null , 18 days ago

I see, I was thinking from the the perspective of using them, not someone malicious dropping one on you, that’s definitely a problem.

At least your phone should inform you of it, unlike with the generic GPS trackers on Amazon.

dev_null , 20 days ago

What has trust go to do with anything. Apple cannot pay them due to sanctions. There is nothing to indicate they don’t want to pay them, they are just legally not allowed to do so.

dev_null , 24 days ago

I’ve been using Nvidia cards on Linux for many years and never had issues. I did have issues with the laptop cards (Optimus switching), but on the desktop it was always flawless for me.

dev_null , 24 days ago

When I was in the market for a new card 2 years ago I looked into AMD, but learned that they don’t work as well as Nvidia for GPU passthrough to VMs, which I need to work. I’d love to switch because Nvidia is a shit company, but AMD GPU’s just don’t work for my use case.

I’m curious though because I don’t know what I’m missing. What are the features in AMD drivers that make it more complete?

dev_null , 24 days ago

Do many distros use Wayland now? I use Kubuntu and it doesn’t, so that probably explains why I never ran into any issue with that. Gamescope looks like some Wayland tool too from what I see. I don’t have an HDR monitor either. Looks like good stuff, that I just never needed so never noticed it not working.

But to my knowledge, AMD GPUs pass through just fine to VMs? What was your problem with them?

I asked on the VFIO subreddit back then and was told AMD cards have a bug where you have to restart the PC to switch between host and VM (which makes it no better than dualbooting since you have to restart anyway), this was not the case on Nvidia.

So now that Nvidia has open source drivers and works on Wayland, what’s the difference? Just gamescope?

dev_null , 24 days ago

No, I’m on Kubuntu, it doesn’t use Wayland.

dev_null , 24 days ago

Oh yeah there is a button to switch on the login screen, but X11 is the default and I never saw a reason to switch the default.

dev_null , 23 days ago

Yes, it can, and by default it doesn’t use it.

dev_null , 24 days ago

What do you suggest would go wrong? I never even gave Steam my name, so how would they even know it’s different?

dev_null , 25 days ago (edited 24 days ago)

Do you have a source? First time I’m hearing about it

dev_null , 25 days ago (edited 24 days ago)

I develop software that has a Windows version, I need a Windows installation to test it.

dev_null , 25 days ago

I definitely used it 2 months ago, maybe it changed since then, or maybe it depends on something.

dev_null , 26 days ago

Given most of Russia is in Asia, isn’t Russia the Russia of Asia?

dev_null , 27 days ago

It does, you have a full screen scary warning when an app asks for these accessibility permissions. Clearly many people just give it to a random QR code reader app for some reason.

dev_null , 27 days ago

Yes, the app doesn’t steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.

dev_null , 27 days ago

According to the report, the app just displays a fake login page. I don’t see a good way to prevent this.

dev_null , 27 days ago

They actual report does say it just displays a fake login page. It’s just phishing.

dev_null , 1 month ago

By adding a free feature that doesn’t make anything worse?

dev_null , 1 month ago

Yeah, I think the meme is intended from the perspective of an observer on Earth.

dev_null , 1 month ago

Give one example (with a source)