nightsky @ nightsky @awful.systems Posts 0Comments 104Joined 8 mo. ago
and its usage will result in your immediate death
This all-or-nothing approach, where compromises are never allowed, is my biggest annoyance with some privacy/security advocates, and also it unfortunately influences many software design choices. Since this is a nice thread for ranting, here's a few examples:
- LibreWolf enables by default "resist fingerprinting". That's nice. However, that setting also hard-enables "smooth scrolling", because apparently having non-smooth scrolling can be fingerprinted (that being possible is IMO reason alone to burn down the modern web altogether). Too bad that smooth scrolling sometimes makes me feel dizzy, and then I have to disable it. So I don't get to have "resist fingerprinting". Cool.
- Some of the modern Linux software distribution formats like Snap or Flatpak, which are so super secure that some things just don't work. After all, the safest software is the one you can't even run.
- Locking down permissions on desktop operating systems, because I, the sole user and owner of the machine, should not simply be allowed to do things. Things like using a scanner or a serial port. Which is of course only for my own protection. Also, I should constantly have to prove my identity to the machine by entering credentials, because what if someone broke into my home and was able to type "dmesg" without sudo to view my machine's kernel log without proving that they are me, that would be horrible. Every desktop machine must be locked down to the highest extent as if it was a high security server.
- Enforcement of strong password complexity rules in local only devices or services which will never be exposed to potential attackers unless they gain physical access to my home
- Possibly controversial, but I'll say it: web browsers being so annoying about self-signed certificates. Please at least give me a checkbox to allow it for hosts with rfc1918 addresses. Doesn't have to be on by default, but why can't that be a setting.
- The entire reality of secure boot on most platforms. The idea is of course great, I want it. But implementations are typically very user-hostile. If you want to have some fun, figure out how to set up a PC with a Linux where you use your own certificate for signing. (I haven't done it yet, I looked at the documentation and decided there are nicer things in this world.)
This has gotten pretty long already, I will stop now. To be clear, this is not a rant against security... I treat security of my devices seriously. But I'm annoyed that I am forced to have protections in place against threat models that are irrelevant, or at least sufficiently negligible, for my personal use cases. (IMO one root cause is that too much software these days is written for the needs of enterprise IT environments, because that's where the real money is, but that's a different rant altogether.)
On the left side within the text box there's a sparkle emoji... so I guess that means AI slop machine confirmed
More seriously though, Google Translate had odd and weird translation hiccups for a long time, even before the LLM hype. Very possible though that these days they have verschlimmbessert1 it with LLMs.
1 Just tried it, google translate doesn't have a useful translation for the word, neither does DeepL. Disappointing. Luckily, there are always good old human-created dictionaries.
I also really don't enjoy AI boom.
GPT-3 is a large language model that was released in 2020 by OpenAI and is capable of generating high-quality human-like text. [...] An upgraded version called GPT-3.5 was used in ChatGPT, which later garnered attention for its detailed responses and articulate answers across many domains of knowledge.
Who wrote this? OpenAI marketing?
Do these people realise that it's a self-fulfilling prophecy? Social media posts are in the training data, so the more they write their spicy autocorrect fanfics, the higher the chances that such replies are generated by the slop machine.
He can’t seriously expert anyone to believe this at this point.
I've been wondering about this for a while. Do they really believe in this stuff or are they just so thoroughly out of ideas for "the next thing that results in exponentially growing profit" that they just cling to it, while deep down knowing it's not actually real?
It doesn't say anywhere in the article whether the memo also mentions why the workers would want that...
Also,
“60 hours a week is the sweet spot of productivity,”
The fuck? That statement is so disconnected from my perceived reality that I have to wonder whether "productivity" even means the same thing to these people as what it means to me.
Yep, the clarification doesn't really clarify anything. If they're unable to write their terms of service in a way that a layperson in legal matters can understand the intended meaning, that's a problem. And it's impossible for me to know whether their "clarification" is true or not. Sorry, Mozilla, you've made too many bad decisions already in the recent years, I don't simply trust your word anymore. And, why didn't they clarify it in the terms of service text itself?
That they published the ToS like that and nobody vetoed it internally, that's a big problem too. I mean, did they expect people to not be shocked by what it says? Or did they expect nobody would read it?
Anyway, switching to LibreWolf on all machines now.
Sigh. Not long ago I switched from Vivaldi back to Firefox because it has better privacy-related add-ons. Since a while ago, on one machine as a test, I've been using LibreWolf, after I went down the rabbit hole of "how do I configure Firefox for privacy, including that it doesn't send stuff to Mozilla" and was appalled how difficult that is. Now with this latest bullshit from Mozilla... guess I'll switch everything over to LibreWolf now, or go back to Vivaldi...
Really hope they'll leave Thunderbird alone with such crap...
I often wish I could just give up on web browsers entirely, but unfortunately that's not practical.
What kind of total vampire would finance this .... oh, it's YC. Yeah, makes sense.
The AI guys are really playing with the exact same cheat every time, aren't they? Thanks to pivot-to-ai for continuing to shine a light on this... I hope the wider press eventually learns about it, too.
Yeah, that's also something I found oddly missing (i.e. that replacing crypto systems world wide, if it becomes necessary, will take a very long time).
Some people act as if “I can’t run it now therefore it’s garbage” which is just such a nonsense approach to any kind of theoretical work.
Agreed -- and I hope my parent post, where I said the presentation is interesting, was not interpreted as thinking that way. In a sibling post I pointed out the theme in there which I found insightful, but I certainly didn't want to imply that theoretical work, even when purely theoretical, is bad or worthless.
Before clicking the link I thought you were going for aluminium, i.e. a variation of
Wow this is some real science, they even have graphs.
Thank you!
Oh wow, thank you for taking the time! :)
Just one question:
None of the other assorted proposals (loop quantum gravity, asymptotic safety, …) got lucky like that.
Is this because the alternate proposals appeared unpromising, or have they simply not been explored enough yet?
Thanks for adding the extra context! As I said, I don't have the necessary level of knowledge in physics (and also in cryptography) to have an informed opinion on these matters, so this is helpful. (I've wanted to get deeper in both topics for a long time, but life and everything has so far not allowed for it.)
About your last paragraph, do you by chance have any interesting links on "criticism of the criticism of string theory"? I wonder, because I have heard the argument "string theory is non-falsifiable and weird, but it's pushed over competing theories by entrenched people" several times already over the years. Now I wonder, is that actually a serious position or just conspiracy/crank stuff?
Comparing quantum computing to time machines or faster-than-light travel is unfair.
I didn't interpret the slides as an attack on quantum computing per se, but rather an attack on over-enthusiastic assertions of its near-future implications. If the likelihood of near-future QC breaking real-world cryptography is so extremely low, it's IMO okay to make a point by comparing it to things which are (probably) impossible. It's an exaggeration of course, and as you point out the analogy isn't correct in that way, but I still think it makes a good point.
What I find insightful about the comparison is that it puts the finger on a particular brain worm of the tech world: the unshakeable belief that every technical development will grow exponentially in its capabilities. So as soon as the most basic version of something is possible, it is believed that the most advanced forms of it will follow soon after. I think this belief was created because it's what actually happened with semiconductors, and of course the bold (in its day) prediction that was Moore's law, and then later again, the growth of the internet.
And now this thinking is applied to everything all the time, including quantum computers (and, as I pointed to in my earlier post, AI), driven by hype, by FOMO, by the fear of "this time I don't want to be among those who didn't recognize it early". But there is no inherent reason why a development should necessarily follow such a trajectory. That doesn't mean of course that it's impossible or won't get there eventually, just that it may take much more time.
So in that line of thought, I think it's ok to say "hey look everyone, we have very real actual problems in cryptography that need solving right now, and on the other hand here's the actual state and development of QC which you're all worrying about, but that stuff is so far away you might just as well worry about time machines, so please let's focus more on the actual problems of today." (that's at least how I interpret the presentation).
Interesting slides: Peter Gutmann - Why Quantum Cryptanalysis is Bollocks
Since quantum computers are far outside my expertise, I didn't realize how far-fetched it currently is to factor large numbers with quantum computers. I already knew it's not near-future stuff for practical attacks on e.g. real-world RSA keys, but I didn't know it's still that theoretical. (Although of course I lack the knowledge to assess whether that presentation is correct in its claims.)
But also, while reading it, I kept thinking how many of the broader points it makes also apply to the AI hype... (for example, the unfounded belief that game-changing breakthroughs will happen soon).