This is probably one of the most security ignorant takes on here.
People will ALWAYS fuck up. The world we craft for ourselves must take the "human factor" into account, otherwise we amplify the consequences of what are predictable outcomes. And ignoring predictable outcomes to take some high ground doesn't cary far.
The majority of industries that actually have immediate and potentially fatal consequences do exactly this, and have been for more than a generation now.
Damn near everything you interact with on a regular basis has been designed at some point in time with human psychology in mind. Built on the shoulders of decades of research and study results, that have matured to the point of becoming "standard practices".
I'm not sure if this is just a rhetorical question or a real one?
Because I didn't claim it isn't negligence. It is negligent, however, it is not a problem solvable by just pointing fingers. It's a problem that solvable through more strict regulation and compliance.
Cyber security is almost exactly the same as safety in other industries. It takes the same mindset, it manifests in the same ways under the same conditions, it tends to only be resolved and enforced through regulations....etc
And we all know that safety is not something solvable by pointing fingers, and saying "Well Joe Smo shouldn't have had his hand in there then". You develop processes to avoid predictable outcomes.
That's the key word here, predictable outcomes, these are predictable situations with predictable consequences.
The comment above mine is effectively victim blaming, it's just dismissing the problem entirely instead of looking at solutions for it. Just like an industry worker being harmed on the job because of the negligence of their job site, there are an incredibly large number of websites compromised due to the negligence of our industry.
Just like the job site worker who doesn't understand the complex mechanics of the machine they are using to perform their work, the website owner or maintainer does not understand the complex mechanics of the dependency chains their services or sites rely on.
Just like a job site worker may not have a good understanding of risk and risk mitigation, a software engineer does not have a good understanding of cybersecurity risk and risk mitigation.
In a job site this is up to a regulatory body to define, utilizing the expertise of many, and to enforce this in job sites. On job sites workers will go through regular training and exercises that educate them about safety on their site. For software engineers there is no regulatory body that performs enforcement. And for the most part software engineers do not go through regular training that informs them of cybersecurity safety.
It's not as easy to defeat as just changing the pixel....
CSAM detection often uses existing features for image matching such as PhotoDNA by Microsoft. Similarly both Facebook and Google also have image matching algorithms and software that is used for CSAM detection which.
These are all hash based image matching tools used for broad feature sets such as reverse image search in bing, and are not defeated by simply changing a pixel. Or even redrawing parts of the whole image itself.
You're not just throwing an md5 or an sha at an images binary. It's much more nuanced and complex than that, otherwise hash based image matching would be essentially useless for anything of consequence.
After a year online the free speech-focused instance 'Burggit' is shutting down. Among other motivations, the admins point to grievances with the Lemmy software as one of the main reasons for shutting down the instance. In a first post asking about migrating to Sharkey, one of the admins states:...
The language it's written in has very little, almost nothing, to do with how efficient larger applications are.
This is almost entirely up to the design and day-to-day decisions of the developers. These almost always outweigh the efficiencies of the underlying languages themselves (within reason).
A single location of poor data access patterns could negate the aggregate performance gains of your entire application, as an example. A framework that prevents you from making simple mistakes and drives you towards more efficient patterns goes much further than the language is written in.
Between Rust, C#, Java, and Go you're essentially even on performance for large applications (with C# pushing ahead of the pack). What you are not even on is engineering efficiency, it's going to take considerably longer to build the same set of features in rust than any of the others listed. And the performance is likely the same, potentially even worse depending on the maturity of the ecosystem.
Rust is a great systems design language and a great language to choose when developing high efficiency libraries & frameworks for I/O and data processing. It's not really a great choice for application development due to how slow it is to actually get things done in.
I fully expect to see alternate backends written in more operationally efficient languages over the next decade that will catch up to the official Lemmy codebase, and potentially even replace it. It actually sounds like a super fun project, funding is always a problem though.
My allergist mentioned these, and noted that this is likely to be ineffective for me. Insurance also didn't want to pay for it, though they shoveled out $4k for the serum for shots.
If I can't get shots here though, I'll try anything.
Yeah, I thought it sounded unhinged. But I'm desperate, and don't want to put myself at risk of a preventable death.
I've spent the greater part of my life as a shut in largely because I'm a sniffling, coughing, sneezing mess all day and night every day for 6-8 months of the year. And simply a sniffly mess for the rest.
I had one good summer last year and I can't believe what I'm missing. Being able to do activities like hiking, or biking, going to the grocery store without being treated like I have the plague. Actually being able to go out to a restaurant or public places. Making friends, and actually being able to join them. Going to the movies...etc Not having to carry a whole-ass box a Kleenex with me everywhere I go.
It made me into a desperate man, realizing how much life I'm missing.
The comments here are fantastic, and incredibly helpful.
I would pick up the dilute serum from the allergist and transport it myself. It's specifically created for just me (The exact serum), so it's not something attainable from the pharmacy.
Thank you so much for the knowledge! I'm going to take this and see what I can do. Thank you 🙏
French President Emmanuel Macron has dissolved the lower house of parliament and announced fresh elections after his party's poor performance in the EU elections. His party was defeated by the far-right National Rally....
A purported leak of 2,500 pages of internal documentation from Google sheds light on how Search, the most powerful arbiter of the internet, operates....
Taiwan's customs officials have issued a fine of NT$200,000 ($9,369) to a traveller for attempting to bring a lunch box containing pork into the country....
Just because it sucks at one-shotting programming problems doesn't mean it's not useful for programming.
Using AI tools as co-pilots to augment knowledge and break into areas of discipline that you're unfamiliar with is great.
Is it useful to kean on as if you were a junior developer? No, absolutely not. Is it a useful tool that can augment your knowledge and capabilities as a senior developer? Yes, very much so.
It's a bunch of propaganda aimed at people in these counties that shift their opinion one piece of propaganda at a time.
I've gotten so many flyers in the mail or put on my doorstep or stuffed in my door over the last 3-4 years about this it's unbelievable.
Someone with a significant amount of money is funding this, because the advertising isn't cheap.
And they all show the same misleading information on them to convince oregonians that the grass is greener on the other side. When it most definitely isn't.
It is society's responsibility to inform protect and educate those that are less capable in order to maintain the functioning of that society. Otherwise that society breaks down and falls apart. "A rising tide raises all ships"
My point here is that we as oregonians should be doing better. Instead of adopting nationalism and referring to each other as "The Other", we should be looking at the root cause and not attacking each other's throats while the true enemy just watches and laughs at us peons doing what peons do best: Ignorantly blaming each other.
We do not yet have effective and economical means of storing energy in grid scale quantities that are readily deployable near where that power is consumed.
It's a huge problem actually, the biggest one facing renewables like solar.
The problem with energy storage isn't a lack of incentives, it's a lack of solutions. There are currently no proven, grid scale, economical, and robust energy storage solutions.
There are lots of storage solutions that work within limited geographical areas (ie. Pumped hydro). But past that it's a crap shoot.
Batteries are absolutely nowhere near the capacity or longevity needed for grid scale storage.
The largest battery storage system in the world is primarily used for grid leveling and emergency power. And would be depleted in minutes under its maximum load.
You just completely switch the argument with a red herring.
It doesn't matter whether that person is a safe gun owner or not here. And a lost round of ammunition is such an armchair take it makes me question if you should even have an opinion on the subject...
A round of ammunition in your bag should not equate to years of prison, end of story.
I had a box of .22 rounds in my backpack that I was bringing back from the gun store. Lo and behold it was loose, and some had unknowingly fell into my bag. I didn't notice they were there for years until I did a deep clean of my backpack. No one counts throw-away ammunition.
Good to see that Lemmy is becoming as toxic A wasteland as Reddit ever was.
Armchairing ✅
Personal attacks instead of attacking the arguments ✅
Silent downvotes instead of actual discussion ✅
Misrepresenting an anecdote ✅
All I did was provide an anecdote to show how easy it is to lose a round of ammunition. No one is strictly inventorying their .22 ammunition, it literally comes in boxes of loose rounds. Holes in the corners easily cause some to be misplaced during transportation. It's not common but it happens, and when it does you're not going to know, because, again, no one is inventorying their loose rounds.
Despite me calling out the armchair opinion, you decide that doubling down on the armchairness was more appropriate, and used an anecdote as a way to personally attack me, instead of my argument.
You made no attempt to actually address the point I was making, and instead took the easy route which is just personal attacks...
Same. I have 5G off because it's just so bloody slow and unreliable.
Let's not even talk about the problems where periodically I can't make any outbound calls and no one can call me. Which has been a problem for at least the last 5 years, for both me and my wife.
Sort of thing. It's not going to be fun when your child understands that there is no school on weekends, you'll lose a lot of trust overnight with this.
They usually do yes however it's all about prioritization.
You may have hundreds or thousands or open requests and issues.
With tens of thousands of closed issues that were either not reproducible, not actually problems, or largely indecipherable.
There's usually a feature roadmap which is where most of the development money and time is spent. If it's an older business application then certain bugs might easily take weeks to find, fix, test, validate, go through user acceptance, A/B test, and then deploy. But fixing is expensive work, so if the bug isn't severe it's usually deprioritized next to higher priority work.
On Pixel phones you have the search bar at the bottom, which you cannot remove, replace, resize, or configure.
In the EU you can configure it to change your default search engine. In North America you cannot, and are forced to use Google.
And on Google forums anyone who complains gets attacked by a wave of simps saying "Then just don't buy a pixel then, go somewhere else if you don't like it".
Remember, this is not only the kind of shit that would get proposed but would be the kind of shit that would pass in a future Republican controlled state with Fuhrer Trump at the helm.
It sounds ridiculous and insane now, but remember, there are representatives that actually believe in this, and don't think it's rhetoric.
Their voter base as well would happily see "the other" carted off, in good fascist fashion.
The new open ecosystem of extensions on Firefox for Android launched in December with just over 400 extensions. Less than five months later we’ve surpassed 1,000 Firefox for Android extensions. That’s an impressive achievement by this developer community! It’s exciting to see so many developers embrace the opportunity to...
I mean, that's not surprising though is it? If a FOSS tool I made has an additional feature that requires my own backend to support, then there has to be a backend to support it.
The FE that uses it is still FOSS, and one could always build their own API to the specs outlined by the client.
They could OSS their server side code ofc, that'd be cool. But that also takes sometimes double the effort to do well, and keep custom tweaks and changes either separate and proprietary, or build out a complex way for them to be dynamically injected. So I don't really blame them on that one tbh.
As a little background, I didn't actively use Reddit for months following the blackout. I still barely stop in over there and if I do I'm never logged in our contributing to the communities there (where I was previously a daily poster/commenter)....
If you had a grain of rice that tasted unimaginably, unmitigably, good. The highest quality grain of rice ever seen in the world, in all of history.
It will not change the flavor of 30k bowls of rice.
We're talking an absolutely tiny amount of users here. And we shouldn't delude ourselves over it, circle jerking for being the "higher society". Reddit didn't change because we left, the number of users on Reddit change more on a daily basis than 5 Lemmy's.
That said, the smaller niche subs definitely saw some hits. I won't deny that. However, by definition, a small number of users leaving from small subs isn't a "gotcha" moment for what I've stated. That's is, almost by definition, what would be expected.
The discussions here are of higher quality for sure. But you'll still notice that in many threads it's almost indistinguishable from Reddit in many ways.
It's really disingenuous to mud sling people with a different view by implying they themselves don't exist/are astroturfing/are bots.
I'm a real human who decided to use their service for kicks and actually like some of the benefits and control over the results compared to other search engines.
Especially when I'm doing research, which is usually half of all my time searching anyways.
Enough that I decided to pay for the service. I'm happy with it and want to share that happiness with others.
Are you saying that because I liked a service that I can't seem to get anywhere else I'm now the bad guy? Because I like something and want to share it with others, that's bad?
Is the alternative that you might prefer to be corporate astroturfing instead of organic discussion and growth? Like, really, seriously, what's the alternative here if people talking about and sharing something they like is not acceptable?
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites ( sansec.io )
Archived link...
Rabbit data breach: all r1 responses ever given can be downloaded ( rabbitu.de )
Mozilla roll out first AI features in Firefox Nightly ( blog.mozilla.org )
So is Israel just going to completely overtake Palestine?
I saw an article about them attacking Lebanon now. So, where will it stop? Have the Israeli government ever spoken about this?
EU delays decision over scanning encrypted messages for CSAM ( www.engadget.com )
"Moderation tools are nonexistent on here. It also eats up storage like crazy [...] The software is downright frustrating to work with" - Can any other instance admins relate to this?
After a year online the free speech-focused instance 'Burggit' is shutting down. Among other motivations, the admins point to grievances with the Lemmy software as one of the main reasons for shutting down the instance. In a first post asking about migrating to Sharkey, one of the admins states:...
Firefox Browser Blocks Anti-Censorship Add-Ons at Russia’s Request ( theintercept.com )
Mozilla, the maker of the popular web browser Firefox, said it received government demands to block add-ons that circumvent censorship....
Advice Needed: How to get immunotherapy treatment in a rural area where the clinics do not administer the shots?
I have already seen an allergist, and was on ramp up. We had to move, and to my surprise none of the clinics here will administer allergy shots....
France's Macron dissolves parliament, calls new elections ( www.dw.com )
French President Emmanuel Macron has dissolved the lower house of parliament and announced fresh elections after his party's poor performance in the EU elections. His party was defeated by the far-right National Rally....
Google won’t comment on a potentially massive leak of its search algorithm documentation ( www.theverge.com )
A purported leak of 2,500 pages of internal documentation from Google sheds light on how Search, the most powerful arbiter of the internet, operates....
Visitor to Taiwan hit with $9,000 fine over 'roast chicken and pork combo' lunch box ( www.abc.net.au )
Taiwan's customs officials have issued a fine of NT$200,000 ($9,369) to a traveller for attempting to bring a lunch box containing pork into the country....
'Google Cast' is replacing the 'Chromecast built-in' brand ( 9to5google.com )
Well, at least they aren't outright throwing the functionality in the trash.
17 cringe-worthy Google AI answers demonstrate the problem with training on the entire web ( www.tomshardware.com )
These are 17 of the worst, most cringeworthy Google AI overview answers:...
Voters in 13 Oregon Counties Approve 'Greater Idaho' Measure Seeking to Secede From Liberal-Run State ( www.nysun.com )
Thirteen counties in Oregon have voted in favor of measures to begin negotiations on seceding from the state and joining neighboring Idaho....
Kyle Rittenhouse Tells Native Americans They Can ‘Leave’ If They Hate America ( newsone.com )
Germany has too many solar panels, and it's pushed energy prices into negative territory ( markets.businessinsider.com )
American arrested in Turks and Caicos over ammo found in bag gets suspended sentence of 52 weeks* ( www.cbsnews.com )
T-Mobile imposes $5 monthly price hike on customers using older plans ( arstechnica.com )
Lifehack ( file.coffee )
Absolute legend ( lemmy.today )
'Stop threatening Taiwan', its new president William Lai tells China ( www.bbc.com )
Taiwan's newly inaugurated president William Lai has called on China to stop threatening the island and accept the existence of its democracy....
Big Tech to EU: "Drop Dead" ( www.eff.org )
Apple limits third-party browser engine work to EU devices ( www.theregister.com )
cross-posted from: https://sopuli.xyz/post/12739856...
"Portal" Between Dublin and NYC Shut Down After OnlyFans Model Flashes It ( ca.news.yahoo.com )
GOP introduces bill that would send anyone convicted of unlawful activity on a campus since Oct. 7th, 2023 to Gaza. ( www.thedailybeast.com )
cross-posted from: https://lemmy.world/post/15286303...
1000+ Firefox for Android extensions now available – Mozilla Add-ons Community Blog ( blog.mozilla.org )
The new open ecosystem of extensions on Firefox for Android launched in December with just over 400 extensions. Less than five months later we’ve surpassed 1,000 Firefox for Android extensions. That’s an impressive achievement by this developer community! It’s exciting to see so many developers embrace the opportunity to...
If Reddit had a soul/conscience, I think it was us, and we're all on Lemmy now...
As a little background, I didn't actively use Reddit for months following the blackout. I still barely stop in over there and if I do I'm never logged in our contributing to the communities there (where I was previously a daily poster/commenter)....
Google employees question execs over 'decline in morale' after blowout earnings ( www.cnbc.com )
At an all-hands meeting last week, Google executives responded to employee questions about declining morale even with financial performance improving.
Kagi silently removed all references to Google's index from their website
Hi!...
Why data centers want to have their own nuclear reactors ( english.elpais.com )