Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)G

GamingChairModel

@ GamingChairModel @lemmy.world

Posts
3
Comments
905
Joined
3 yr. ago

  • Where the Goblins Came From - OpenAI explains why it has to suppress the tendency of its models to talk about goblins

    Jump

  • As a large goblin model, all goblin king gifs are relevant to me.

  • Where the Goblins Came From - OpenAI explains why it has to suppress the tendency of its models to talk about goblins

    Jump

  • This is fascinating.

    1. The feedback loop they describe sounds a lot like model collapse. They can play whack a mole with the trends they can see, but what about the more subtle forms?
    2. They're now filtering goblin-related training data, which also tells me that maybe we can use lots of goblin references as a way to opt out of our written content being used to train their models, in our writing and in our code.

  • The perfect language

    Jump

  • His legal templates are all in Latin, his production code is all in COBOL, etc.

  • Why aren’t there more PC-first gamepads? Valve don’t know, but they "did see an opportunity" for the new Steam Controller

    Jump

  • Oh there are highlight reels online. The competitors are crazy good.

  • Phone bans are spreading across the US workplace

    Jump

  • Nope. My work phone and my personal phone are two different devices, and I am not logged into any work-related accounts on my personal phone or any personal accounts on my work phone. I don't even let my work phone onto my home wifi.

  • Why aren’t there more PC-first gamepads? Valve don’t know, but they "did see an opportunity" for the new Steam Controller

    Jump

  • Serious Linux vulnerability affecting nearly every system. Patch your systems.

    Jump

  • Ah yeah. Plus apparently Android's default SELinux configuration blocks this separately, as well.

  • Serious Linux vulnerability affecting nearly every system. Patch your systems.

    Jump

  • Android doesn't have su, which this proof of concept exploit requires. Although rooted Android does, so in theory malware written for rooted Android could escalate to root privileges.

    Also, the underlying vulnerabilities might be exploitable without su but I don't fully understand the AF_ALG and authencesn bug limits things, or what other executables can escalate privileges.

  • How I Won a Championship That Doesn’t Exist Or How I Learned To Poison The LLM Supply Chain

    Jump

  • I'm not terrified because there's nothing to be afraid of. but there are dumb, evil little men creating these issues.

    Drunk drivers on the highway are terrifying, precisely because they're so bad at what they're doing, and are behind the controls of dangerous machines they shouldn't have been trusted with.

    The AI tech execs can hurt us, so it is concerning.

  • How I Won a Championship That Doesn’t Exist Or How I Learned To Poison The LLM Supply Chain

    Jump

  • AI avatar man wants you to be afraid: "sleeper agents"! "backdoors"! "poisoned documents"! Terrifying!

    It is terrifying. People in positions of power have placed entirely too much trust in these machines that are this easily fooled. I'd argue that we shouldn't trust these machines as much as they are, but I don't think the rest of the world is listening enough to these warnings.

    I also worry about how broken search result rankings have gotten. For someone like me who doesn't use these AI products, it concerns me that actual search engines (which I do use) continue to get worse.

    Sure, there are lessons here for those who build and maintain LLMs, but everyone else should still be terrified at how the world is moving towards, rather than away, this nonsense.

  • A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down

    Jump

  • It's really important for people to understand that E2EE cannot protect the message portions that aren't between the ends themselves. The best encryption in the world can't help you if the person you're talking to is an undercover cop, because that "end" can do with the plaintext whatever they want, including record/store/forward the plaintext of any messages they then encrypt and send, or any messages they receive and then decrypt.

    That's not a flaw of the E2EE protocol itself, but is a limit to the scope of protection that E2EE provides.

  • A federal agent said WhatsApp's encryption is a lie. Then the investigation was shut down

    Jump

  • Here's the original reporting, instead of another website's summary of Bloomberg's actual report:

    https://www.bloomberg.com/news/articles/2026-04-28/us-ends-investigation-into-claims-whatsapp-chats-aren-t-private

    https://archive.is/sGE3e

    So it sounds like the agent was investigating allegations, from content moderation contractors, that Meta could access the contents of WhatsApp messages, and came to the conclusion that yes, Meta could.

    There are a few possibilities here.

    1. Meta does have full plain text access to all Whatsapp messages, but guards that access very closely. Although the clients seem to generate E2EE keys for each session, somehow they're leaking those keys to Meta's servers somewhere, and the closed source code sufficiently hides that so that there's no whistleblower or security researcher able to detect this definitively.
    2. Meta has a secret wiretap functionality where they can compromise the E2EE keys somehow, but uses it only for narrow cases. This helps keep the functionality secret, because security researchers and other reviewers may never see the functionality in action.
    3. Meta allows users to report objectionable content in the threads they're already part of. The reporting function either forwards the E2EE key itself, or all the plaintext data, that gives content moderators access to the underlying message contents. The contractor whistleblowers and the federal agent investigating these allegations simply got it wrong, and misunderstood the technical process of how the plaintext messages end up in the content moderator's possession.

    Meta claims that it's #3. They acknowledge they have plaintext access to messages when a party to the thread presses the report button.

    This unnamed federal agent believes it's #1, after 10 months of investigation, and sent out an email to other investigators that they should look into that possibility.

    I'm skeptical of #1, simply because I don't believe that conspiracies to keep that kind of stuff secret can be maintained. It's not just that there would be technically skilled whistleblowers who have actual access to the code (not the non-technical content moderator contractors who review the content), but a weakness in such an important and widely used protocol would attract all sorts of hackers, state sponsored or otherwise.

    But option #2 might explain everything we've seen so far. Full wiretap capability that is rarely used and very tightly controlled.

  • Asahi Linux Progress Report: Linux 7.0

    Jump

  • This is really, really cool. Makes you appreciate just how much this team does for reverse engineering what should be normally documented hardware.

  • Quantum Computers Are Not A Threat To 128-bit Symmetric Keys

    Jump

  • Anybody who believed that quantum computing posed a risk to symmetric encryption was fundamentally misunderstanding how encryption works and what quantum computing might be good at one day.

    Asymmetric cryptography is primarily used for the secure exchanging of symmetric keys: use a public/private key pair to exchange secure messages of what symmetric key to use for their session, and then both sides switch to the symmetric key for actual communication of a real payload.

    A public/private key pair is two keys that have some interesting mathematical relationship, such that it is easy to confirm that someone possesses the right private key using the public key or to encrypt something that only the correct private key can decrypt. And that mathematical relationship, relating to the product of two very large prime numbers, is at the core of modern asymmetric cryptography.

    Quantum computing may make number factorization much, much easier. So once a product of two large primes becomes possible to factor, the public/private key pairs might not be as secure anymore.

    But none of this has anything to do with symmetric encryption, or hash functions. Quantum doesn't move the needle on that particular math.

    The real risk, though, is for an adversary to eavesdrop on an encrypted key exchange (which uses asymmetric cryptography) and then the message itself (which uses symmetric cryptography) and then be able to take the two steps of getting the secret symmetric key from the intercepted key exchange over a compromised asymmetric protocol, and being able to decrypt the symmetric portion of the communication too.

  • Framework says it's selling more Linux laptops than Windows as new Laptop 13 Pro sells out first 7 batches

    Jump

  • Desktop Linux is seeing higher and higher market share, not just because Linux is growing but also because the desktop mode of computing is shrinking, especially for personal use. There are lots of people who used to own laptops/desktops but don't anymore.

  • I have fond memories of these days

    Jump

  • Progressive JPGs slowly blurring into focus

  • I have fond memories of these days

    Jump

  • I'm the right age to be in that venn diagram of having had an ICQ account in 1996 and a Snapchat account in 2014.

    Where one of my favorite things about the iPhone was that it finally put the nail in the coffin of Macromedia Adobe Flash.

  • Anthropic nuked a company's access to Claude, stopping 60 employees dead in their tracks — support via Google Form is the only recourse for vague usage policy violation

    Jump

  • This is actually a pretty common concern for businesses on dealing with whether and how to protect themselves when installing improvements, business-critical equipment, or other hard-to-move stuff on land or in a building without a long term lease in place.

    The tenant deals with it by either building out a portable infrastructure to where they can move their business quickly if need be, or by protecting themselves legally to where the landlord can't kick them out on a short notice, by negotiating a long term lease.

  • The zero-days are numbered | The Mozilla Blog - Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation [of Mythos Preview]

    Jump
  • Technology @lemmy.world
    GamingChairModel @lemmy.world

    Kaspersky/Securelist researchers detail zero-click iPhone exploit involving four distinct zero-day vulnerabilities, including undocumented hardware features in iPhone chips

    securelist.com /operation-triangulation-the-last-hardware-mystery/111669/
  • Photography @lemmy.world
    GamingChairModel @lemmy.world

    What's your setup for storing, using, sharing, and backing up your files?