dgmib
@dgmib@lemmy.world
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 month ago:
You wouldn’t be able to MITM a plaintext connection inside a corporate network with this attack by itself. You could only MITM something that the attacker can access without your VPN.
Any corporate network that has an unsecure, publicly accessible endpoint that prompts for credentials is begging to be hacked with or without this attack.
Now you could spoof an login screen with this attack if you had detailed info on the corporate network you’re targeting. But it would need to be a login page that doesn’t use HTTPS (any corporations, dumb enough to do that this day and age are begging to be hacked), or you’d need the user to ignore the browser warning about it not being secure, which that is possible.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 month ago:
I can’t see routing traffic to some kind of local presence and then routing back to the target machine to route out through the tunnel adapter without a successful compromise of at least one other vulnerability.
That’s not to say there’s nothing you could do… I could see some kind of social engineering attack maybe… leaked traffic redirects to a local web server that presents a fake authentication screen that phishes credentials , or something like that. I could only see that working in a very targeted situation… would have to be something more than just a some rouge public wi-fi. They’d have to have some prior knowledge of the private network the target was connecting to.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 month ago:
As I mentioned in my other comment, this wouldn’t let an attacker eavesdrop on traffic on a VPN to a private corporate network by itself. It has to be traffic that is routable without the VPN.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 month ago:
Not all VPN traffic. Only traffic that would be routable without a VPN.
This works by tricking the computer into routing traffic to the attacker’s gateway instead of the VPN’s gateway. It doesn’t give the attacker access to the VPN gateway.
So traffic intended for a private network that is only accessible via VPN (like if you were connecting to a corporate network for example) wouldn’t be compromised. You simply wouldn’t be able to connect through the attacker’s gateway to the private network, and there wouldn’t be traffic to intercept.
This attack doesn’t break TLS encryption either. Anything you access over https (which is the vast majority of the internet these days) would still be just as encrypted as if you weren’t using a VPN.
For most people, in most scenarios, this amount to a small invasion of privacy. Our hypothetical malicious coffee shop could tell the ip addresses of websites you’re visiting, but probably not what you’re doing on those websites, unless it was an insecure website to begin with. Which is the case with or with VPN.
For some people or some situations that is a MASSIVE concern. People who use VPNs to hide what they’re doing from state level actors come to mind.
But for the average person who’s just using a VPN because they’re privacy conscious, or because they’re location spoofing. This is not going to represent a significant risk.
- Comment on Novel attack against virtually all VPN apps neuters their entire purpose 1 month ago:
So for this attack to work, the attacker needs to be able to run a malicious DHCP server on the target machine’s network.
Meaning they need to have already compromised your local network either physically in person or by compromising a device on that network. If you’ve gotten that far you can already do a lot of damage without this attack.
For the average person this is yet another non-issue. But if you regularly use a VPN over untrusted networks like a hotel or coffee shop wifi then, in theory, an attacker could get your traffic to route outside the VPN tunnel.
- Comment on Tesla’s Autopilot and Full Self-Driving linked to hundreds of crashes, dozens of deaths 2 months ago:
This is the part that bothers me.
l’d defend Tesla when FSD gets into accidents, even fatal ones, IF they showed that FSD caused fewer accidents than the average human driver.
They claim that’s true, but if it is why not release data that proves it?
- Comment on Microsoft's Collapse in the Web Server Space Continued This Month 2 months ago:
Who cares? Because I assure you, Microsoft doesn’t.
20-25% of those webservers are running on Microsoft Azure hardware. Microsoft is the #2 cloud provider and has been slowly but closing their gap behind AWS in recent years. All of that is in large part due to them embracing Linux and open source support on their platform.
Software isn’t the battleground, and hasn’t been for a decade. The people behind Apache and Nginx aren’t making bank on their web server dominance. Microsoft and AWS still rake in money hand over fist regardless of what software runs on their servers.
The author of this article’s apparent attitude that this is some kind of indicator of Microsoft’s market failure is one of the most ridiculous conclusions I’ve heard in a while.
- Comment on OpenAI’s GPT Is a Recruiter’s Dream Tool. Tests Show There’s Racial Bias 3 months ago:
Job seekers next ChatGPT prompt:
Here’s a job posting and my resume, can you tell me what to change to make me sound like a perfect fit for the role?
ChatGPT:
- Change name from “Latifa Tshabalala“ to “Kevin Smith” …
- Comment on [deleted] 3 months ago:
That could get really awkward if some of the neopronouns become common.
“… tell him or her or zim or xyr or thon that he or she or ze or xe or thon can leave a message… “
- Comment on A 7,000-Pound Car Smashed Through a Guardrail. That’s Bad News for All of Us. 3 months ago:
Trucks and SUVs are getting heavier to skirt emissions controls.
In 2010 the Obama administration passed laws tightening emissions control requirements for new vehicles. But the laws were written to allow emissions as a factor of vehicle size, larger vehicles were allowed to have more emissions.
Unfortunately, the plan backfired. Instead of reducing emissions, vehicle manufacturers just started making vehicles bigger.
It isn’t primarily the fragile egos that are driving sales of these vehicular monstrosities. It’s corporate profits and greed. Manufacturers aren’t making smaller models because they don’t make as much money on them, not because there isn’t a market for them.
- Comment on Biden Administration Is Said to Slow Early Stage of Shift to Electric Cars 4 months ago:
Not judging, just genuinely curious, why do you not want an EV as a daily driver?
- Comment on Reddit Signs AI Content Licensing Deal Ahead of IPO 4 months ago:
If it was just about monetizing scraping for AI models, they could have easily had different pricing for AI uses than they did for 3rd party apps.
If it was about the lost revenue from the lack of ads on third party apps, they only needed to give existing 3rd party apps a longer period of time to transition their business models. 3rd party app users would have been paying way more than Reddit was losing from the lack of ads.
No Reddit wanted to kill off the third party apps. They used the AI scraping as an excuse to shut them down. They wanted to force people onto their shitty app.
I don’t know what their actual reasoning for that is, but there’re basically two possibilities I can think of:
-
Their executive team and board of directors is ridiculously incompetent.
-
Their shitty 1st party app is harvesting significantly more data about you than the 3rd party apps did, and they can sell that data for more than the $2-5 per user per month they would be getting if they gave the 3rd party apps time to transition to a paid business model.
-
- Comment on Reddit started doing what they always wanted to do, sell user content to AI. 4 months ago:
When was the last time anyone read the T&Cs of a social media website?
They basically all have a clause to the effect that you grant them a permanent, irrevocable license do whatever they want with anything you post.
You might still own the copyright to any content you produce, but by posting you’re granting them permission to do basically anything with it, including reselling it.
- Comment on The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes 4 months ago:
Don’t need to involve a blockchain to make cryptographically provable authenticity. Just a digital signature.
The only thing a hash in a blockchain would add is proof the video existed at the time the hash was added to the blockchain. I can think of cases where that would be beneficial too, but it wouldn’t make sense to put a hash of every video on a public blockchain.
- Comment on Just 137 crypto miners use 2.3% of total U.S. power — government now requiring commercial miners to report energy consumption 4 months ago:
And you get CAIP now, which, for most Canadians, especially lower income Canadians, CAIP is greater than the additional cost you pay for goods and services due to the carbon tax.
The carbon tax is quite literally a tax on the rich that gets given to the poor, while at the same time making high carbon intensity products more expensive incentivizing choices that lower carbon emissions.
Only the very rich lose.
The people who speak out against it, are either rich, or they are useful idiots, people who are ignorantly shilling to scrap the tax to their own detriment because they were told by their rich tribe leader it’s bad.
Which one are you?
- Comment on Over 2 percent of the US’s electricity generation now goes to bitcoin 4 months ago:
The economics of Bitcoin mining are a bit weird in that it impossible to make it more energy efficient.
The system auto adjusts the computational complexity of mining bitcoin so that it always costs a little less than one bitcoin to mine a bitcoin, and at scale the only variable expense is electricity so as the price of bitcoin goes up, so does the amount of money that must be spent on electricity.
Current 6.25 Bitcoin are mined every 10 minutes. So globally about $2 million must be spent on electricity every hour.
In a little over 2 months the block reward cuts in half to only 3.125 bitcoin every 10 minutes. That will have the side effect of reducing the money spent on electricity for mining bitcoin so long as the price of bitcoin remains the same.
- Comment on Ubisoft Exec Says Gamers Need to Get 'Comfortable' Not Owning Their Games for Subscriptions to Take Off 5 months ago:
People don’t have a problem with subscriptions, they have a problem with companies like Ubisoft charging ridiculous sums to play low quality games.
Subscriptions would take off just fine if they were reasonable and fair, and not trying to exploit their customers.
- Comment on Fuck the balloon police 5 months ago:
For the record, yes you need a pilot’s license to fly a hot air balloon.
And yes the “balloon police” (aka the FAA in the United States) or their equivalent governing body in other countries will stop you, and fine you.
- Comment on Tesla drivers had highest accident rate, BMW drivers highest DUI rate, study finds 6 months ago:
I’m not intending to defend Musk or Tesla here, but this study is literally just insurance incidents by brand and makes no distinction between Teslas on autopilot and under human control.
Teslas tend to attract a certain kind of driver that likes their performance characteristics who are not typically known for being the safest drivers.
There’s no doubt that a lot of Tesla drivers abuse the autopilot capabilities, and the Elon Musk hype machine is at least partially to blame for that, possibly more.
But this isn’t evidence one way or the other about the safety of Tesla’s FSD.
- Comment on If someone pleads not guilty in court and is then found guilty of the crime anyway, does perjury get added to the list of crimes as well? 6 months ago:
Exactly.
Your choice is “Guilty” or “Not Guilty” not “Guilty” or “Innocent”.
(And for the pedantic out there yes, there are more things you can plead than just guilty or not guilty)
“Not guilty” doesn’t mean innocent, it just means you take the stance that prosecutors are unable to prove their version of events beyond reasonable doubt.
- Comment on Nuclear energy is more expensive than renewables, CSIRO report finds 6 months ago:
Both China and Russia have built operational SMRs. (Not to mention the fact that the nuclear reactors we’ve had for decades in military submarines and ship are SMRs). They exist.
We don’t have enough data about the economics or SMRs to say for sure, most (but not all) economic models put LCOE for SMRs at half the cost of traditional PWR nuclear reactors.
It’s hard to judge from the current smr projects what the costs will be. The largest cost in building nuclear power is all the regulatory oversight. Every PWR plant is different and needs to go through the entire process from scratch. But once we have some successful and proven SMR designs. They can be mass produced from the same vetted and approved designs without needing to go through the massively expensive design process again.
SMRs are simpler too. Which makes them cheaper. They don’t need as many layers of redundant safety systems like traditional reactors do. Even in the worst case scenario, an SMR can meltdown and a person living next door would be perfectly safe.
All of that adds up to the a lot of potential cost savings if we mass produce them.
If we can build enough solar or other renewable power to replace fossil fuels with nuclear, great.
But most people have no idea just how much it’s going to take. We need to not only replace all the fossil fuels on the grid today. Plus have extra capacity to charge storage for use when its night and cover the added demand of all the electric cars, trucks, furnaces, everything else that needs to become electric.
We need to be building nuclear too. We can’t build enough solar and wind fast enough.
- Comment on 1.8 Million Barrels of Oil a Day Avoided from Electric Vehicles 6 months ago:
It’s helpful to remember too that the problem isn’t using petroleum, the problem is burning it.
As long as it’s properly disposed of using petroleum based lubricants doesn’t cause climate change.
- Comment on UK proposes selfie-based, AI age verification system for porn sites 6 months ago:
‘cause if there’s one demographic that couldn’t possibly have the aptitude, resourcefulness or motivation needed to defeat a scheme like this it’s horny teenagers.
- Comment on What happens of you use the gas from the exhaust pipe to inflate a tire? 6 months ago:
The exhaust from a typical ICE wouldn’t have enough pressure to inflate a tire, so you’d need a compressor. Of course if you had a compressor you’d just use clean air.
If for some reason you used a compressor to compress exhaust gases to fill a tire, it would mostly be the same as filling with air at first.
Exhaust gas is mostly a mix of carbon dioxide and and water vapour, with small amounts of oil residue, and other organic compounds. The water vapour will condense as it cools likely leaving some liquid water in the tire, which won’t cause immediate issues but will cause vibrations which will accelerate wear not just on the tire but possibly the entire suspension.
The organic compounds will cause the rubber to break down over time and the tire will wear out sooner.
- Comment on Microsoft now thirstily injects a poll when you download Google Chrome 8 months ago:
Where’s the option for: “I don’t want to use edge because it shoves polls in my face”
- Comment on Godfather of AI tells '60 Minutes' he fears the technology could one day take over humanity 8 months ago:
All the AI we have today is, at its core, just pattern recognition.
ChatGPT can answer questions because it’s been shown a VERY large list of questions and their right answers. ChatGPT has no idea what the question is or what the answer means. It just has an algorithm that knows that a particular answer fits the pattern of “a correct answer” for that question better than any other answer.
It can’t “reason“ or “think” in any way. It’s not going to become self aware or set its own objectives. And so far we don’t have anything close to true general AI, we don’t even know if it’s possible.
There’re still risks from the current AI though. AI will sometimes find unanticipated and undesirable solutions that technically meet the goal it was given. A “Terminator” style future is unlikely without artificial general intelligence, but it’s not completely unreasonable to think of a scenario like “I, Robot” where a “dumb” AI subjugates humanity as a solution to a more altruistic goal like ending war or famine, because it’s a solution that matches the pattern it was told to look for.