orclev

orclev , 13 hours ago

Which shouldn’t even matter because passwords are salted and hashed before storing them, so you’re not actually saving anything. At least they better be. If you’re not hashing passwords you’ve got a much bigger problem than low complexity passwords.

orclev , 12 hours ago

Hashing passwords isn’t even best practice at this point, it’s the minimally acceptable standard.

orclev , 5 hours ago

That’s a pepper not a salt. A constant value added to the password that’s the same for every user is a pepper and prevents rainbow table attacks. A per-user value added is a salt and prevents a number of things, but the big one is being able to overwrite a users password entry with another known users password (perhaps with a SQL injection).

orclev , 5 hours ago

A KDF is not reversible so it’s not encryption (a bad one can be brute forced or have a collision, but that’s different from decrypting it even if the outcome is effectively the same). As long as you’re salting (and ideally peppering) your passwords and the iteration count is sufficiently high, any sufficiently long password will be effectively unrecoverable via any known means (barring a flaw being found in the KDF).

The defining characteristic that separates hashing from encryption is that for hashing there is no inverse function that can take the output and one or more extra parameters (secrets, salts, etc.) and produce the original input, unlike with encryption.

orclev , 2 days ago

https://lemmy.world/pictrs/image/171f0d8b-b939-49bc-98c6-99e9aae2f63f.jpeg

I mean, it’s about time, and I’m glad they’re finally realizing the thing they should have realized like… half a century ago, but this really shouldn’t be a new idea for them.

orclev , 3 days ago

Putin would be very angry and threaten to use nukes… so basically just another Tuesday.

orclev , 8 days ago

This is the most blindingly stupid conspiracy theory yet. How the hell do you even rig a debate? Trump got his ass handed to him because he’s a moron, so unless they’re accusing ABC of feeding Trump lead paint chips a couple decades ago there’s no way to claim ABC rigged this.

orclev , 10 days ago

Little of both. Ronald Reagan tilled the soil, and the later Republicans fertilized it. Why wouldn’t foreign disinformation groups sow seeds in such perfect fields?

A big chunk of the problem in US politics is the two party system enforced by first past the post. Very few people actually agree with 100% of either party’s policies, so the deciding factor for most people becomes either which party do I agree with more of their policies, or in some cases which policies do I feel are most critical and therefore drive the overall decision. This has been made even worse by Republicans strategically picking policies to try to drive a wedge in between them and Democrats particularly around certain hot button issues like abortion, gun control, and religion.

orclev , 10 days ago

He was very popular which made him that much more dangerous. His trickle down economics lie has done more to destroy the US economy than just about anything else. To this day there’s still people who feel it’s a viable model despite nearly half a century now of showing it doesn’t work. He and Nancy Reagan are also responsible for continuing the culture war against minorities that Nixon started.

orclev , 10 days ago

Ah yes, it’s…

checks notes

the US fault that Russia invaded Ukraine. Right, makes perfect sense, carry on.

The only involvement the US or even most of the NATO countries have had in this complete shitshow has been to sell obsolete military hardware to Ukraine at a steep discount. It was probably cheaper to ship the stuff in bulk to Ukraine than it would cost to properly decommission it so might even have saved some money doing that.

Russia desperately wants to make this a fight with NATO or even better the US so they look like less of a laughing stock for losing this badly.

orclev , 10 days ago

This is why the GOP has been working hard for decades to destroy public education in the US. They want to make sure that only the rich are educated because the uneducated can be easily tricked into voting against their own interests. Unfortunately it’s working.

It’s mandatory in a functioning democracy for the public to be educated and well informed or it doesn’t work. Unfortunately it’s highly debatable whether the US still qualifies as educated, and the likes of Fox News and Sinclair are hard at work destroying the informed part.

All that said the ease with which misinformation spreads these days does need some kind of counter, otherwise we open ourselves up to Soviet style disinformation campaigns where the goal isn’t so much to drive a particular narrative as it is to sow confusion and make people distrust all information. They drown the signal in noise, so everyone just makes decisions based on their gut instead of facts. Social media has given a false equivalence where any random person on Facebook is treated as just as reliable a source of news and information as actual reporters are. This is incredibly dangerous.

orclev , 13 days ago

Great, now do the Senate and President as well. FPTP needs to die.

orclev , 19 days ago

They tried making subscription turn signals but nobody bought them. /s

orclev , 20 days ago

Hilarious alternative response, allow them to play technically, but every single team now mysteriously has 1 trans member. Oh, so sorry, looks like we have no teams you’re eligible to play against, it’s an automatic loss, better luck next season.

orclev , 19 days ago

I uh… hmm… I got nothing, you’re probably right unfortunately.

orclev , 21 days ago

They’ve got to wait long enough for Trump to finish dumping all his stock. Sure he may face a court case about it down the line, but that’s nothing new, he’ll have already laundered the money by that point and stashed it away somewhere.

orclev , 22 days ago

Honestly the article is bullshit. It’s right, but for all the wrong reasons. Intel isn’t failing because it failed to buy OpenAI or partner with Apple. Intel is failing because they’ve made shit design decisions on their chips, sat on their laurels when they were riding high and just raised prices (giving up the engineering lead to AMD and TSMC), and then utterly fumbled the responses to multiple public failures when things started to go down hill.

orclev , 22 days ago

CEOs have very little to do with the failure or success of most large companies. If they work very hard they can pull a company out of a death spiral, or start it down one, but failure or success takes years if not decades of steady improvement or decline. All the examples of “failures” given in the article are terrible and don’t demonstrate at all that those CEOs were bad.

One of the worst problems with businesses in the US currently is this culture of fetishizing CEOs. They’re paid far too much for what they actually bring to companies, and people grossly exaggerate how much of an impact CEOs have on companies. If you want proof of his just take a look at literally any company Elon Musk is a CEO of. The fact that none of those companies (particularly Twitter) have filed for bankruptcy yet shows exactly how little a truly terrible CEO actually impacts things.

orclev , 22 days ago

There was only one Chinese “influencer” I had any respect for, and then she stopped making videos after putting up a video explaining how she got grabbed by the police and warned to be more careful what she says. Absolutely nobody actually living in China can be trusted at all, they’re basically all hostages.

orclev , 24 days ago

China would just wait until it’s over and then pick through the remains of Russia. Probably try to claim a big chunk of southern Russia using some excuse or another.

orclev , 24 days ago

I seem to recall a big kerfuffle around a decade and a half back about Russia not actually knowing what became of a whole bunch of nuclear weapons in the aftermath of the USSR collapsing. There were also rumors of Soviet nukes being sold off to various unsavory groups. It really wouldn’t surprise me to find out there was some truth to that.

I have also heard that ICBMs and the like require regular expensive and specialized maintenance in order to remain functional. Knowing what we now know about Russia what do you figure the odds are that some general or other decided those maintenance funds would be better used to line their pockets since the odds of actually using those nukes were so low?

orclev , 25 days ago

LLMs are basically just really fancy search engines. The reason the initial code is garbage is that it’s cut and pasted together from random crap the LLM found on the net under various keywords. It gets more performant when you ask because then the LLM is running a different search. The first search was “assemble some pieces of code to accomplish X”, while the second search was “given this sample of code find parts of it that could be optimized”, two completely different queries.

As noted in another comment the true fatal flaw of LLMs is that they don’t really have a threshold for just saying " I don’t know that" as they are inherently probabilistic in nature. When asked something they can’t find an answer for they assemble a lexically probable response from similar search results even in cases where it’s wildly wrong. The more uncommon and niche your search is the more likely this is to happen. In other words they work well for finding very common information, and increasingly worse the less common that information is.

orclev , 28 days ago

They appear to be a propaganda outfit. They’d fit right in with InfoWars.

orclev , 1 month ago

I really hope he sues them and establishes case law that companies are 100% responsible for all AI generated content. If we let them get away with this it’s only going to get worse from here.

orclev , 1 month ago

Why? What possible downside is there in holding companies accountable for what they produce?

orclev , 1 month ago

Existing law already covers that. Libel/slander only applies in cases that it appears you’re making a statement of fact. I can for instance say Trump gargles Putin’s balls once a month and as long as it’s clear from the context that this isn’t intended to be a statement of fact then it doesn’t qualify as defamation. Companies should be liable for what their AI outputs in the exact same way they’re liable for what their employees produce. If they want to not be held liable then they need to make sure their customers are properly informed that what they’re viewing might be complete bullshit. This means prominent notifications not a single line buried in paragraph 84 of their EULA.

orclev , 1 month ago

But not really. The Settings menu has never been as useful as Control Panel and there’s still a ton of functionality that can only be accessed from the Control Panel. This and many other moves by MS recently are why Windows 10 is the last version of Windows I’ll be using. With the work Valve has done to support SteamDeck I can finally go 100% Linux.

orclev , 1 month ago

For now. If enough of the market shifts to Linux those companies will support Linux. Particularly since the CrowdStrike fiasco has spurred Microsoft to crack down on kernel level access which means the days of anti-cheat rootkits are numbered. It’s not going to be long before there’s no functional difference between gaming on Windows and gaming on Linux.

orclev , 1 month ago

SteamOS is based on Arch with customization by Valve to make it immutable and a few other tweaks. In theory Valve will release SteamOS Holo (the version used on SteamDeck) for usage on Desktop at some point, but that hasn’t happened yet. In the meantime you can achieve very similar results to SteamOS a variety of ways. Depending on if you care about immutability or not there’s a number of non-Arch distros and even a install script (astOS) that can install Arch configured in an immutable fashion similar to what SteamOS does. There’s also a number of non-immutable gaming focused distros the most prominent of them being Manjaro. Any of them once you install Steam will function very similar to each other and SteamOS.

orclev , 1 month ago

It’s debatable if D-Wave is actually a quantum computer at least in the sense most people use the term. There’s a lot of unanswered questions still on exactly how to use and design a quantum computer and we’re not likely to get those answers until we can reliably produce and run systems with at least 8 qubits. Maybe DARPA and the military/CIA has such systems, but I don’t think anyone else does.

Quantum computers are still mostly theoretical. We have some of the building blocks of one, but there’s still a few critical pieces missing. Quantum computers are in about the same place as fusion reactors are. Theoretically possible but not currently producible in a form that’s useful without a few more technological breakthroughs.

orclev , 1 month ago

I’ve learned how powerful the unelected bureaucracy is. You have to win in November … you have to dismantle the leftist state … they are devious, they are ruthless and they are out to get you.

Those are called voters.

orclev , 1 month ago

Further reason, the physical button isn’t always in a location that’s convenient to push. Sure it’s usually accessible, but sometimes it’s under a desk or behind a monitor or some other awkward location. Mouse and keyboard by their nature are always located in a conveniently accessible location.

orclev , 1 month ago

Just wait. At the rate they’re going it won’t be long before you’re forced to sit through a 30 second full screen ad in order to even open the start menu.

orclev , 1 month ago

Topre, for when chocolate keycaps are too mainstream and you want even fewer choices. Seriously though, that’s the tradeoff with a super niche format. Anything besides cherry and you’re going to have a hard time finding cap options.

orclev , 1 month ago

That sounds like the only acceptable use of that sub to me.

orclev , 1 month ago

I’m sure in his wet dreams Reddit is no longer a community site but a thinly veiled astroturfing platform that’s paid billions by large corporations to get their adsposts in front of users.

orclev , 1 month ago

What piece of tech is this story about?

orclev , 1 month ago

That’s not really it though. If this was a story about social media in Asia sure, maybe a study or something, but it’s not (and even then I’d argue that’s not really tech, it’s more under the umbrella of sociology). The fact he has a YouTube channel is really more of just an interesting fact about him. It hasn’t been proven that he’s popular because of his YouTube channel, just that he is and has one. I don’t know if he has a dog, but if he did you could just as easily write an article about how voters want a dog owner as their next president and it would be just as accurate as this story.

orclev , 1 month ago

Have they not gone bankrupt yet? I just kind of assumed they had once their “prototypes” turned into a complete laughing-stock and having not heard anything from them in years.

orclev , 1 month ago

Yeah, that was the laughingstock I mentioned. It’s basically a really terrible highway underground that’s worse in just about every possible way from a normal highway. If I recall it’s a 2 lane road and the top speed was only like 35 mph or something. It’s a complete joke.

orclev , 1 month ago

Lets see what Biden’s plan to deal with them is. He’s promised to do some kind of SCOTUS reform act before the end of his term.

orclev , 2 months ago

Many Chinese manufacturers don’t have close ties to the government,

Citation severely needed. Any company operating in China has close ties to the government, it’s literally a requirement to get a business license there.

and any non Chinese phone that you can buy also has backdoors, and quite frankly, for average Joe, their local government may be scarier than the chinese gorvernment.

Maybe, but it really shouldn’t and if it does that’s a problem. It’s a question of non-Chinese phone might have a backdoor, vs. Chinese phone that definitely has a backdoor. Either way saying “other options are just as bad” doesn’t make it a good option.

Also, your data is being used by the Googles, Microsofts, Apples, etc… in vast quantities daily. We are the product generally.

Yes, and that’s a major problem. It’s why there are various replacement firmwares to de-google your phone as well as other techniques to block or disable collection. Once again though, this doesn’t excuse Chinese phones doing this.

Also, remember that most brands manufacture in China, and there are ways to substitute components where the brand would be unsuspecting of the switch.

Sure, supply chain attacks are a thing. In theory there are ways to combat that but it’s a tricky problem. If a Chinese manufacturer got caught doing that though it would be a major international incident. Yet again though just because that might be a risk with any phone doesn’t mean you should just accept and use a phone that’s known to have a backdoor.

orclev , 2 months ago

I do follow release notes which is how I knew to disable it, but the point is that I shouldn’t need to. The reason Mozilla didn’t ask before enabling this “feature” is because they know most people would disable it. That should be a pretty big clue that this isn’t something their users want.

orclev , 2 months ago

They can certainly try (and many already do with the anti-adblocking attempts) but I’ve yet to see one succeed. It’s trivially easy to evade nearly all attempts at browser identification, and even trying to detect ad blocking is hard to accomplish.

orclev , 2 months ago

Maybe, but I’m not seeing anything that suggests that would be possible.

Here is the technical documentation for how this feature works. The short version is that it exposes some new JS functions that sites can invoke to register various ad related activities. That data in turn gets forwarded by the browser to a 3rd party using a protocol called DAP which can be considered out of band for the purposes of website interactions. I see no evidence at all that uBlock would be able to block the DAP calls, and limited evidence it could effectively block the JS functions.

uBlock works primarily by blocking network requests using a series of rules. Here is the syntax supported by uBlock for defining its blocking rules. It primarily works by inspecting hostnames, although there is some capability to match on things like HTTP headers, or raw text. There is the capability of blocking an entire script element if it matches specific text E.G. navigator.privateAttribution, however doing so is likely to break sites quite drastically. There is very limited ability to surgically remove such things. Maybe if you injected some JS into each page that overwrites the navigator.privateAttribution namespace with stub functions that do nothing (I believe this is actually what the browser does when you opt-out of that feature), but I’m not sure if that’s even possible or if the browser would simply ignore attempts to write to that namespace.

It’s possible Firefox is being “smart” and if it sees you have uBlock or similar ad blocking extensions loaded it disables this feature. It’s possible that there’s some extra tricks uBlock or other extensions can pull to block this at a more fundamental level that just aren’t obvious from looking at their documentation. But nothing in the documentation for this feature seems to guarantee any of that, and it’s frustratingly vague in several areas. Regardless none of that changes the fact that this should have been opt-in from the start instead of opt-out. Mozilla argues that they made this opt-out because they wanted to insure a large enough user base to anonymize the collected data, but that alone suggests there might be privacy problems with this entire thing. This wouldn’t be the first time that a supposedly anonymized data set could be at least partially de-anonymized.

orclev , 2 months ago

Assuming both the ad and the JS to track said ad are served from a 3rd party (or at least a different domain) that would hold at least so far as recording impressions goes. On the other hand there’s still the conversions part of this to consider, although without recordings of impressions the utility of that (and privacy risk) is debatable.

Ultimately I don’t like being opted into anything that collects data, theoretically anonymized or not. I don’t like that this DAP process is running in the background and randomly sending data to some 3rd party (once I figure out that hostname it’s absolutely getting blackholed at the network level).

Ads are a plague, you give them even an inch and they’ll eventually take everything. It started with broadcast TV, then ads overran it. So they introduced cable. Sure it was expensive, but no ads! Then ads started creeping in and before you knew it cable was a complete ad infested shitshow. Then along comes streaming, a breath of fresh air. Watch what you want, we you want, and best of all no ads. Where are we now? The ads are slowly creeping back in and before long it will be just as bad as cable, 40 minutes of ads in every hour of video.

For a while we’ve been winning the war on the internet, able with some effort to hold back the tide, and Firefox was one of the last bastions that seemed to be working with us instead of against us. This though looks like a crack in the armor. It’s the first step along a path we don’t want to go down. I don’t want Mozilla wasting development time pandering to ad companies, I want them improving the browser for us the users. The only ad related content I want to see from Mozilla is improved ad blocking.

orclev , 2 months ago

I’m willing to work with websites to find a way to pay for them. I’m not willing to work with ad companies. Websites that want my business either come up with a way to make money that doesn’t rely on ads or they put up with ad blocking. That’s it, those are the only two options.