- 19 Posts
- 641 Comments
Don’t ask to ask, just ask.
5·24 hours agoHeadline is wrong. “Quantum cryptography” does not mean the same thing as post-quantum cryptography (PQC) which is what the UK NCSC is recommending.
Naming things really is that hard?
Why is Cloudflare monitoring/recording our passwords on the sites they are supposed to be protecting?
It was a while ago that I compared them so this may have changed, but one of the main differences that I saw was that borg had to backup over ssh, while restic had a storage backend for many different storage methods and APIs.
I’m claiming that the article is wrong and you’re quoting the article at me? Yes I know what the article says because I read it, and then researched the vulnerability.
The CVE is: https://nvd.nist.gov/vuln/detail/CVE-2024-27564
Which was described in an issue in GitHub here: https://github.com/dirk1983/chatgpt/issues/114
Which relates to this GitHub repository: https://github.com/dirk1983/chatgpt/
Which is by github user dirk1983, and if you read (translate) the readme, you will see that it’s a ChatGPT front-end written by this user, not anything officially released by OpenAI.
The confusion comes from the fact that his repository (this front-end with the vulnerability) is just called “ChatGPT”, and neither the journalist nor you did this basic search to find that out.
281·3 days agoOn my instance (.ml) all of the images are fetched through the image proxy.
What version of lemmy is your instance running?
AFAICT this is not the OpenAI web interface, it’s just a third-party web interface for ChatGPT that calls the OpenAI API and the author of this web interface called it just “ChatGPT”.
Presumably the author of this article is incapable of actually doing the 2 minutes of research necessary to identify that this is not an official ChatGPT codebase that contains the vulnerability.
“hackread.com” ? Written by a hack, more like.
A mozilla root certificate that signs extensions just expired. You need to update to the latest version.
11·5 days agoapparently something in Firefox broke and disabled all my plugins because they can’t be verified
This sounds like the root certificate expiry that just happened. You need to update Firefox to get the updated root certificate.
What about murdering and dismembering a journalist in a foreign country, is that immoral?
return to gopher
3·6 days agoThey look like us now
13·6 days agoQuite quickly in the video Burch shared to TikTok, she explained that developer Guerilla had contacted her to claim that the “demo didn’t reflect anything that was actively in development”, and importantly didn’t use any of her vocal or facial performance. Even with that, Burch did still say she feels “worried”, not about “Guerrilla specifically, or Horizon, or my performance, or my career specifically, even. I feel worried about this art form. Game performance as an art form.”
As Burch points out, The Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) is still currently on strike, specifically because of concerns over AI being used to replace actors in the game development process, and that they’re asking for protections from its usage. This includes very reasonable things like requiring consent before making an AI version of the actor in question, fair compensation, and to be informed of how the AI dub is being used.
For Burch, her concern is a video like this coming out that is based on someone’s performance, and “the possibility that if we lose this fight, that person would have no recourse. They wouldn’t have any protections, any way to fight back. And that possibility… it makes me so sad. It hurts my heart. It scares me.”
I’ve been using it for just over 6 months and it’s perfectly fine as a desktop distribution. I’m enjoying that it’s based on Debian Sid and I get a more up to date GNOME release than I would have with Ubuntu or Debian. The update process is a bit slow but you can just leave it downloading in the background and then reboot when it’s ready. If you know that you want an immutable desktop distro based on Debian then I would definitely recommend it.
If you’re using it for development then it’s a bit more complicated as you’ll need to get used to working in a distrobox container and understanding when it can and can’t access the host system or communicate with programs running on the host system.
If you have the time and basic understanding to be able to switch your dev workflow to run inside a container, or if your dev environment never needs to interact with the base system that you’re running it on, then it’s perfectly usable for dev work - just a bit of a learning curve.
2·8 days agoThis video isn’t available anymoreEdit: it fixed itself after the third page reload
The original report: https://www.zimperium.com/blog/catch-me-if-you-can-rooting-tools-vs-the-mobile-security-industry/
This isn’t so much security research as it is marketing for the company’s mobile endpoint security tool.
Their stats on the surface are interesting. According to the data collected by Zimperium:
But then the paper doesn’t even speculate as to why that might be. The rest of the report is basically a sales pitch for their security software. Rooting is bad and you need to keep these devices off your corporate networks (by buying our software) is the only message they’re sending.
Off the top of my head, here are some hypotheses for the correlation, each of which has different implications for how to best mitigate the risks:
The implication of the paper seems to be that (5) or (6) is the case: “rooted devices are potentially much more vulnerable to threats than stock devices.” If the cause is (3) or (4) on the other hand, then there’s not much that can be done outside of user education, since these users are inherently more likely to increase the attack surface of their devices whether the device is rooted or not.
(1) or (2) however would imply that the whole research is bogus, as in the case of (1) the data would be completely unreliable and in the case of (2) the causation is actually the reverse of what the paper implies, which is to say that malware causes rooting of the device, not the other way around.
Interestingly then, the paper includes this illustration:
The infection with malware occurs 10 seconds after the installation of Magisk, the tool used to get root access to the device. It should be obvious to anyone that this was not a coincidental infection caused by the user rooting their device, but actually the malware was using the rooting tool as the first step in compromising the device. So in this case, malware caused rooting of the device, not the reverse.
The linked Hackread article essentially just regurgitates the points from the Zimperium report without any critical analysis of why or how rooted devices pose a threat. For users of rooted devices it would be helpful to know whether they are actually at more risk, and why, so that they can mitigate the risks. But this article is not about security research, it’s just a sales pitch.