- Someday the mcdonalds kiosk will want to be your friend. It will remember who you are and ask you how your kids are doing. It will recommend new specials and maybe even give you "specials friend" deals. And I'll just tell it to shut the fuck up and queue me an order for the egg mcmuffin combo with a coffee and the fried potato patty because this bullshit is fucking obnoxious.
- >it's just victim blaming
Victim-blaming is when a girl gets raped and you tell her that it's her fault for dressing like a skank and getting drunk at a college fraternity party. Telling the bank they should have put the money in a vault instead of leaving it in an unlocked drawer next to the cash register is not victim-blaming. Telling the CIA that they shouldn't have given Osama Bin-Laden guns and money to fight the soviets in afghanistan is not victim-blaming. Telling president Roosevelt it was a poor decision to park the entire Pacific fleet in a poorly-defended naval base adjacent to an expansionist empire which is already at war with most of America's allies is not victim-blaming. *Telling a well-funded corporation to not download and execute third-party code with privileges is not victim blaming, especially as their customers are often the ones who are actually being targeted.*
>I bet the commenter also has installed pip or npm packages without reading its full code
I think i did use pip at some point about a decade ago but i can't remember what for. In general though you lose that bet because I don't use either of these programs.
> it just feels cool to tell other people they are dumb
it does, yes.
>and it's their own fault for not reading all the code beforehand or for using a package manager, when every single person does the same.
I don't suppose you've ever played an old video game called "Lemmings"?
>Some just are unlucky.
Lol.
>The whole ecosystem is broken, the expectations of trust are not compatible with the current amount of attacks.
that's kind of my point, except it doesn't mitigate responsibility for participating in that ecosystem.
- I'm speaking to the concept of automatic updates in general, which package managers either enable by default or implicitly allow through lack of security measures.
One obvious solution is to host your own repositories so that nothing gets updated without having been signed off by a trusted employee. Another is to check the cryptographic hash of all packages so it cannot change without the knowledge and consent of your employees.
You're right in that this does not completely eliminate the possibility of trojan horses being sneaked in through open-source dependencies but it would at the very least require some degree of finesse on the part of the person making the trojan horse so that they have to manipulate the system into doing something it was not designed to do.
One thing I really hate about the modern cybersecurity obsession is that there's a large contingent of people who aggressively advocate against anything which might present a problem if misused (rust, encryption on everything no matter how inconsequential, deprecating FTP, UEFI secure boot, timing side-channels, etc) yet at the same time there's a massive community of high-level software developers who appear to be under the impression that extremely basic vulnerabilities (trojan package managers, cross-site scripting, letting my cell phone provider steal my identity because my entire life is authenticated by a SIM card, literally just concatenating strings received over the internet into an SQL statement, etc) are unsolved problems which just has to be tolerated for now until somebody figures out a way to not download and execute non-vetted third-party code. Somehow the two groups never seem to cross swords.
TL;DR: Reading HN i feel like im constantly getting criticized for using C because I might fuck up and let a ROP through yet so many of the most severe modern security breaches are coming from people who think turning off automatic updates is like being asked to prove the rieman zeta hypothesis.
- How enforceable is GDPR against foreigners anyways? FANGs are motivated to comply because any sufficiently large corporation will inevitably have assets that the EU can freeze, but otherwise it's just a limp-dick attempt at exerting sovereignty well beyond their borders which will get laughed out of any court.
- >Running npm install is not negligence. Installing dependencies is not a security failure. The security failure is in an ecosystem that allows packages to run arbitrary code silently.
No, your security failure is that you use a package manager that allows third-parties push arbitrary code into your product with no oversight. You only have "secutity" to the extent that you can trust the people who control those packages to act both competently and in good faith ad infinitum.
Also the OP seemingly implies credentials are stored on-filesystem in plaintext but I might be extrapolating too much there.
- password-protect your key (preferably with a good password that is not the same password you use to log in to your account). If you use a password it's encrypted; otherwise its stored on plaintext and anybody who manages to get a hold of your laptop can steal the private key.
- Shai Hulud is the god that lives inside the sandworms in Dune.
- >it doesn't really matter - to quote one of Neil DeGrasse Tyson's best turns of phrase: "the universe is under no obligation to make sense to you"
Right back at you, brochacho. I'm not the one making a positive claim here. You're the one who insists that it must work in a specific way because you can't conceive of any alternatives. I have never seen ANY evidence or study linking any existent AI or computer system to human cognition.
>There's no need or benefit for searching for unnecessarily complicated alternative interpretations.
Thanks, if it's alright with you I might borrow this argument next time somebody tries to tell me the world isn't flat.
>It simply doesn't look
That's one of those phrases you use when you're REALLY confident that you know what you're talking about.
> like we need anything more, in principle, to fully explain the nature of biological intelligence, and consciousness, and how brains work.
Please fully explain the nature of intelligence, consciousness, and how brains work.
>Mind as interdimensional radios, mystical souls and spirits, quantum tubules, none of that stuff has any basis in a ruthlessly rational and scientific review of the science of cognition.
well i definitely never said anything even remotely similar to that. If i didn't know any better i might call this argument a "hallucination".
- Surprisingly enough the hardest part about gentoo is actually not the kernel but the userspace. Every package has these "use flags" and "keyword flags" which can control compile-time options and that seems fine enough on its own until you get to the point where you have multiple packages all sharing a dependency with mutually-exclusive USE flags and it's entirely up to you to figure out how to untangle this mess in a way that every package's dependencies are satisfied.
- >Equivalent statements could be made about how human brains are not magic, just biology - yet I think we still think.
They're not equivalent at all because the AI is by no means biological. "It's just maths" could maybe be applied to humans but this is backed entirely by supposition and would ultimately just be an assumption of its own conclusion - that human brains work on the same underlying principles as AI because it is assumed that they're based on the same underlying principles as AI.
- Well I'm sure bob mueller would know a thing or two about disinformation given how he participated in the worst hoax in recent US history.
>As director Tennant has pointed out, secretary Powell presented evidence last week that Baghdad has failed to disarm its weapons of mass destruction, and willfully attempting to evade and deceive the international community. Our particular concern is that Saddam Hussein may supply terrorists with biological, chemical, or radiological material
https://www.youtube.com/watch?v=uTDO-kuOGTQ
Anyways I might care more about Seth Rich "conspiracy theories" if anybody had bothered to investigate what happened to him instead of chalking it up as a "robbery gone wrong" (in which nothing of value was stolen) and calling it a day. In about six more months it will have gone unsolved for an entire decade.
- Julian Assange wrote an excellent book on this topic called "when Google met wikileaks" about a decade ago which i found to be eye-opening. The backdrop is the "arab spring" uprisings of the early 10s, which were widely touted by leaders in both silicon Valley and Washington as an example of the positive impacts of social media, a mere five years before this opinion was suddenly reversed when some of these positive effects came home.
The titular event is an account of when one of Google's executives came to britain to meet him in person (at this point he's fighting extradition to the United States but has not yet sequestered himself inside the Ecuadorian embassy). From the conversation Assange gets the impression that the Google exec is acting as an unofficial envoy of the US state department in hopes of convincing him to "play ball" by publishing more and more information which will advance the arab spring narrative. The rest of the book is his own personal investigation into the incestuous links between US foreign policy, social media corporations and the so-called "arab spring".
- For anything involved in the I/O stack this would be a complete non-starter because having a cache implies the existence of a filesystem which in turn implies the existence of all underlying modules. PCI, network stack, USB, etc can all be necessary prerequisites for that so it's a non-starter for anything involved with them too; at this point we've already ruled out most of the computer.
Also for embedded systems there often isn't a writable filesystem, and that is a huge part of linux's userbase.
- Why the fuck does anybody care? Also is there no way to view these documents in the font of you choice????
The OP successfully included excerpts from the order without changing to times new roman so CLEARLY this is not insurmountable for anybody who actually notices irrelevant details such as this.
- maybe not on an SSD but it definitely helps a lot on HDD by virtue of having far less disk traffic. The kernel's method for figuring out which modules to load is effectively to load every single module that might be compatible with a given device in series and then ask the module for its opinion before unloading it, and then once it has a list of all (self-reported) compatible modules for a given device it picks one and reloads it.
- IDK; at the time i was using gentoo, in which it's natural not to have more modules than necessary because part of the installation process involves generating your own kernel configuration.
Even though it's not the normal way to install debian there ought to be some sort of way to build your own custom kernels and modules without interferance from the package manager (or you can just run it all manually and hope that you dont end up in a conflict with apt). Gentoo is the only distro where it's mandatory but im pretty sure this is supported on just about every distribution since it would be necessary for maintainers.
- >For general computer usage, SSDs really were a once in a generation "holy shit, this upgrade makes a real difference" thing.
I only ever noticed it on my windows partition. IIRC on my linux partition it was hardly noticeable because Linux is far better at caching disk contents than windows and also linux in general can boot surprisingly fast even on HDDs if you only install modules you actually need so that the autoconfiguration doesn't waste time probing dozens of modules in search of the best one.
- AI witch-hunts are definitely a problem. The only tell you can actually rely on is when the AI says something so incredibly stupid that it not only fails to understand what it is talking about but the very meaning of words themselves.
Eg,metaphors that make no sense or fail to contribute any meaningful insight or extrenely cliched phrases ("it was a dark and stormy night...") used seriously rather than for self-deprecating humor.
My favorite example of an AI tell was a youtube video about serial killers i was listening to for background noise which started one of its sentences with "but what at first seemed to be an innocent night of harmless serial murder quickly turned to something sinister."
- This whole thing pisses me off so much. I would be fine with an absolute anarchy in which copyright and patents no longer exist but these same dickheads have been terrorizing the entire planet with lawsuits and DRM for downloading Metallica CDs for the last 30 years and even now they don't actually want to reform the copyright system, just grant themselves a special exception because everything is supposed to unconditionally work in their favor regardless of circumstances.
With recent AI advancements, an orwellian hell is all but inevitable. If you (by which i mean the powers that be not you specifically) don't build it then some competing faction will and they'll be in control of it. Its the classic prisoner dilemma.