8·
4 months agoFUTO is the greatest use of on-device LLM so far. It never gets anything wrong, even my thought markers “…”
- 0 Posts
- 62 Comments
Joined 1 year ago
Cake day: July 30th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
81·5 months agoI assume the problem is hardware. Matt’s hardware didn’t work well with LM, therefore Matt thinks LM sucks… I do wish there was better hardware support but it’s the reason apple went with 1 product = 1 OS = 1 general set of hardware. Sure not every iPhone has the same hardware, but that’s why they have the model numbers, and it’s so much easier to test 200 model mixes than 2,000,000 (Android). Windows gets all the debug info sent directly to them like the others but they also have a huge stack of hardware they can use or they can buy it to test.
That was supposed to be or, not of.
In turn it
compromises ssh authenticationallows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you’d expect. Full root code execution.There is also a killswitch hard-coded into it, so it doesn’t affect machines of whatever state actor developed it.
It’s pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn’t even in the code for ssh.
If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.
It’s not about anti-censorship (making your VPN traffic look like regular traffic) it’s about the IP address at the end of the VPN connection. They have a list of known VPN provider IP ranges and block those. If you run a proxy server or VPN on a your own private VPS for example, then it won’t be detected.
They started also blocking OLD.reddit.com this week. I made a comment a couple months ago alluding to old.reddit.com still working even though they were blocking tor and known VPNs on www.reddit.com. I’m sure about 10,000 other people figured it out at the same time as me, since it was such a simple bypass, and I’m surprised it took this long to fix.
There are still at least 2 other unpatched ways.
that’s ecstatic
See also: NSA PRISM
Member when all the companies listed released a PR statement within 24 hours of each other, all very basic and denied allowing the NSA direct access to their users?
I member.
Huh?
We’re just curious behind the causation for the tweet. Why won’t Apple and Microsoft allow them to update? Is it DRM? Security? Fear?
User asked why they never see &si= on their links on Android. @Synnr said they may be copying the link from the browser, which suggests they don’t even have the YouTube app installed, as it ‘never happens to them.’
As a google user, what… what am I doing
wrongright?Using a browser instead of the YouTube app?
Unless you’re talking about Google links then yes. Amazon too, along with many other services. There’s a ClearURLs Firefox add-on to remove them automatically.
But it’s insidious with YouTube because people are much more likely to share YouTube videos on a public forum, and they just randomly started doing it one day.
You know that ?si= at the end of the YouTube URL that is copied when you share a video from within the YouTube app?
That’s an individual tracking ID specific to you. So if you’ve ever shared a YouTube video on lemmy, reddit, Facebook, tiktok, or anywhere else without removing that code one time, anyone at Google with access to the ID system can now link you to that account with your real name, IP address and time accessed, device name, etc.
That… doesn’t look like a makeshift crack pipe to smoke DMT?
Maybe Vic and Garfield had more ethnobotany knowledge than the comic let on and they’re puffing changa. Maybe that’s why Garfield can talk.
Yup. It’s like an actor getting typecast as a tough guy who always kicks ass and never gets his ass kicked, makes tons of money from it, and then everyone complaining about him only ever playing a tough guy.
I’m sure a few names come to mind. But they’re rich and stuck in that role because most people subconsciously agreed they should be rich and stuck in that role (by liking those movies and going to see them).
You’re not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you’re spot on, it’s a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal’s encryption algorithms and code, I would suggest no one use it for anything sensitive.
Session does use the Oxen network which is the renamed Lokinet, unless they made a change I’m wholly unaware of.
I posted this down below in a comment thread but I’m afraid it won’t be seen and not enough people know about this.
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just… using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia’s 2018 bill…
The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.
Regarding the ‘vulnerability or cracking them later’ bit…
Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.
From Session’s own FAQ:
Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.
I wouldn’t touch it with a 12ft ladder.
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just… using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia’s 2018 bill…
The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.
Regarding the ‘vulnerability or cracking them later’ bit…
Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.
From Session’s own FAQ:
Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.
I wouldn’t touch it with a 12ft ladder.
I automatically read it as private key, good catch
I don’t know why but I’ve got this strange tingling feeling it might just be a human nature group thing.