• 0 Posts
  • 459 Comments
Joined 3 years ago
cake
Cake day: June 30th, 2023

help-circle
  • Fwiw, just because a dumb phone doesn’t give you access to “smart” features doesn’t mean the capabilities aren’t present on the phone. It’s just a matter of what could be hidden on the circuit board (lots can be hidden in chips), and what can be hidden in usual expected traffic (if bandwidth requirements are low, even timing of packets could be used to encode hidden data that would never show up in any logs).

    Plus the simple tracking of cellphones is necessary for them to function at all.


  • A robot can theoretically drive better than a human because emotions and boredom don’t have to be involved. But we aren’t there yet and Teslas are trying to solve the hard mode of pure vision without range finding.

    Also, I suspect that the ones we have are set up purely as NNs where everything is determined by the training, which likely means there’s some random-ass behaviour for rare edge cases where it “thinks” slamming on the accelerator is as good an option as anything else but since it’s a black box no one really understands, there’s no way to tell until someone ends up in that position.

    The tech still belongs in universities, not on public roads as a commercial product/service. Certainly not by the type of people who would at any point say, “fuck it, good enough, ship it like that”, which seems to be most of the tech industry these days.


  • 4k high framerate! But the compression algorithm and settings optimize that down to something between 720p and 1080p. With a half second of input latency when factors line up well.

    But don’t worry, soon there will be AI input prediction so that the game can predict what you’ll do and render that before you even do it.

    Fast forward 10 years and there’s a generation of kids who think that the difference between a video game and a movie/tv show is that video games let you push buttons to look at other things if you get curious while watching. Or that would be the difference, but it’s actually that you can look around accurately in VGs while it’s more of a “let’s see what the AI spits out if I look this way during this scene… Bahahaha, another dickbutt!”



  • I’m disappointed that it took seeing that ad for so many people to realize what should have been obvious: ring, along with teslas, and any voice assistant listening devices, or any other cloud-based tech that monitors video, audio, or even other data, can be used to set up an unprecedented surveillance network. Phones are a part of it, too, at the very least as tracking beacons, assuming the mics and cameras aren’t being tapped more often than that little activity dot indicates.

    There’s a reason why the venn diagram of people who really understand tech and people who are enthusiastic about most new tech in the last decade and a bit aren’t the same circle. The Snowden revelations weren’t surprising on the “what they are capable of” side of things, though there had been hope before they came out that they weren’t crossing the lines that tech would have easily allowed them to. Just like when zuck bragged about the information fb users just gave him, that wasn’t all new but there was an unspoken (and perhaps naive) rule that admins should respect their users’ privacy.

    When I was on the webteam for a gaming community, it would have been trivial to set up the login page to also store all user/password/email combos in a location none of the other team would be likely to notice. We hashed the password in the db, but I could change the source code to do whatever. Even if it was hashed on the client, I could have added a temporary unhashed field and get all the plaintext credentials to check who uses the same password for their email. I didn’t because I respected our users, but from then on just assumed that any site admin could see my credentials and never reuse passwords.

    That also applies to Lemmy, btw. At the very least, you shouldn’t use the same password for you email and anything else (though also be aware emails are just sent as plaintext to a bunch of servers while being routed to your email provider).







  • Yeah, windows came from a different era where if you’re seeing a new exe, it’s because you put a disk in the drive and explicitly navigated to it. Speaking of which, this isn’t even the first time that convenience ended up opening up a wide security hole because they handled CDs differently and added an autoplay feature that would check the disk for autorun.exe and just run it if autorun was enabled. I started disabling it after word about sony’s rootkits got out but have been appalled to see it enabled by default still ever since then.

    I was one of the few that appreciated UAC when it was there and kept it on one of the stricter settings. I’d rather my PC ask than assume, but people bitched about it so they weakened it and eventually just got rid of it entirely I think?

    Though a permissions setup would be even better. I didn’t like that UAC was an all or nothing prompt, plus it didn’t give any details about what a program wanted to do. Are you asking because this program is trying to create a new directory in program files or because it wants to replace system32 dlls with its own versions?

    It’s an area even Linux can improve in (though probably depends on flavour). I like the android permissions model, where there’s various actions and you can allow or deny categories (though GrapheneOS does it even better by also sandboxing everything). I’d love to see something like that for my desktop, where apps are free to save files but can’t touch files that aren’t their own unless an explicit share is set up, where I might want one app to have network access and no disk access and another to have the opposite. I’d love to be at a state where I could just run any executable from the internet because I know that my OS won’t let it fuck anything up other than its own address space. Hell, could even dedicate a core to monitoring apps to detect if one breaks out of its sandbox without my explicit permission (while the OS also doesn’t use that to enforce the desires of other developers over my own).



  • Can you elaborate a bit on how notepad following a link can result in running arbitrary code? Cause it sounds more like a second vulnerability is involved, because a text editor following a link still shouldn’t result in running whatever code is on the other side of the link.

    Though it is a privacy issue on its own, just like a tracking pixel or images in emails.

    I’m also curious what the actual use case is for having a link that notepad automatically follows on load in markdown. Or why they got rid of wordpad (their default rich text editor) and put it into notepad (their plain text editor), ruining one of the reliable things about notepad: it would just show you the actual bytes of the file, whether it was text or not, kinda like a poor man’s hex editor (just without the hex).

    Makes me wonder if eventually opening an html file in notepad will make it render it like a browser. “Back in my day, we edited html in notepad instead of browsed it!”






  • In a central banking system, the central bank can create and destroy money from nothing. All banks can do it, though banks that aren’t the central bank need to hold on to a reserve portion which iirc is 10%, so they can loan out (effectively creating) 90% of deposits, which compounds (ie, if you deposit $100, the bank can lend out $90 of that, and if that borrower puts that $90 in their account, then the bank can loan another $81, meaning for the original deposit of $100, now $271 exists, and that $81 can be loaned against, too).

    Congress can borrow money from the central bank or other banks. It’s also possible that they could seize the central bank and then just say they have the money and use that, though that’s how Germany ended up with stories of people using a wheelbarrow full of cash to buy a coffee or diners paying when they ordered because prices would have gone up by the time they finished eating.


  • My guess is the loud bass vibrates dust particles that might clog up pores loose, or maybe helps with nutrient flow inside the plant. Like it’s affected by sound not music.

    Though music might be generally better than most loud sounds because it’s one of the few cases where sound can be loud but isn’t also associated with something that adds more dust to the air, which might even give a net negative result.