SirHaxalot

@SirHaxalot@nord.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Self Hosting for Privacy - Importance of Owning your own Modem/Router?⁩ ⁨⁨15⁩ ⁨hours⁩ ago⁩:
While I would say sending MAC Addresses and Wi-Fi names is very far from tracking everything you do on the internet, this highlight another very important point: The routers that provided by ISPs are usually very cheap and crappy, and this in itself security implications.

Like this example of pulling a script from an unverified HTTP source and executing it as root 🤯.. Not to mention that firewalling and port forward configuration options may be pretty simplified and limited.
⁨Comment⁩ on ⁨Self Hosting for Privacy - Importance of Owning your own Modem/Router?⁩ ⁨⁨16⁩ ⁨hours⁩ ago⁩:
It’s extremely unlikely that they are going to do any kind of deep traffic inspection in the router/modem itself. Inspecting network traffic is very intensive though and gives very little value since almost all traffic is encrypted/HTTPS today, with all major browsers even showing scare warnings if’s regular unencrypted HTTP. Potentially they could track DNS queries, but you can mitigate this with DNS over TLS or DNS over HTTPS (For best privacy I would recommend Mullvad: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls)

And of course, make sure that anything you are self-hosting is encrypted and using proper HTTPS certificates. I would recommend setting up a reverse proxy like Nginx or Traefik that you expose. Then you can route to different internal services over the same port based on hostname. Also make sure you have a good certificate from Letsencrypt
⁨Comment⁩ on ⁨RIP Discord: Self-Hosted Discord Alternatives Tested (TeamSpeak, Stoat, Fluxer, Matrix, & More)⁩ ⁨⁨16⁩ ⁨hours⁩ ago⁩:
Imo the biggest problem with Teamspeak is that it still requires an active connection to the server at all time.. So unless your computer is on with the app opened 24/7 you may miss messages. That may or may not be an issue, but you may miss messages that your friends send to the group when you aren’t actively online.

Frankly the UI of TeamSpeak is ageing as well, and there is value in for instance being able to simply attach a screenshot directly in a Discord chat without having to upload it to some external service.
🦋🧈cdn.nord.pub ↗
Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ to ⁨[deleted]⁩ | ⁨9⁩ ⁨comments⁩
⁨Comment⁩ on ⁨The Myth That Wind Farms Are a Guillotine for Birds Is Being Debunked by Hard Data⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
It always sounded so ridiculously unlikely, and that I’ve only heard people who definitely is just grasping for arguments never helped either.

Good that there is some actual data on it now
⁨Comment⁩ on ⁨Docker Hub's trust signals are a lie — and Huntarr is just the latest proof⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’m like 90% sure that this post is AI Slop, and I just love the irony.

First of all, the writing style reads a lot like AI.. but that is not the biggest problem. None of the mitigations mentioned has anything to do with the Huntarr problem. Sure, they have their uses, but the problem with Huntarr was that it was a vibe coded piece of shit. Using immutable references, image signing or checking the Dockerfile would do fuck-all about the problem that the code itself was missing authentication on some important sensitive API Endpoints.

Also, Huntarr does not appear to be a Verified Publisher at all. Did their status get revoked, or was that a hallucination to begin with?

To be fair though the last paragraph does have a point,, but for a homelab I don’t think it’s feasible to fully review the source code of everything you install. It would rather come down to being careful with things that are new and doesn’t have an established reputation, which is especially a problem in the era of AI coding. Like the rest of the *arr stack is probably much safer because it’s open source projects that have been around for a long time and had had a lot of eyes on it.
⁨Comment⁩ on ⁨How do I access my services from outside?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
The free version is mainly just a number of user and device limit. Although the relaying service might be limited as well, but that should only matter if both of your clients have strict NAT, otherwise the Wireguard tunnels gets directly connected and no traffic goes through Netbirds managed servers.

You can also self-host the control plane with pretty much no limitations, and I believe you no longer need SSO (which increased the complexity a lot for homelab setups).
⁨Comment⁩ on ⁨Microsoft 365's buggy Copilot 'Chat' has been summarizing confidential emails for a month — yet another AI privacy nightmare⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That seems to be the terms for the personal edition of Microsoft 365 though? I’m pretty sure the enterprise edition that has the features like DLP and tagging content as confidential would have a separate agreement where they are not passing on the data.

Unless this boundary has actually been crossed in which case, yes. It’s very serious.
⁨Comment⁩ on ⁨Microsoft 365's buggy Copilot 'Chat' has been summarizing confidential emails for a month — yet another AI privacy nightmare⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That is kind of assuming the worst case scenario though. You wouldn’t assume that QA can read every email you send through their mail servers ”just because ”

This article sounds a bit like engagement bait based on the idea that any use of LLMs is inherently a privacy violation. I don’t see how pushing the text through a specific class of software is worse than storing confidential data in the mailbox though.

That is assuming that they don’t leak data for training but the article doesn’t mention that.
⁨Comment⁩ on ⁨What happens to a car when the company behind its software goes under?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
This article feels a bit like ragebait.

Yes, this happened once with a company that went bankrupt 2 years after launching their product. They seem to have designed an exceptionally poor product. How does this mean that the enormous engineering failures of this small startup applies to all other car brands?

Most cars have a very clear separation between core driving software and the infotainment, and the vast majority will never have any software updates so what works, will continue to work (or the other way around). At worst you’ll loose stuff like remote commands, wheatear info, list of charging points/map updates.. Things that are kind of dynamic and needs to be regularly updated.
⁨Comment⁩ on ⁨⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
They’re probably not going to use it…

… but if they do it’s going to be a hell of a good starting point in motivating people to leave Facebook
⁨Comment⁩ on ⁨A “QuitGPT” campaign is urging people to cancel their ChatGPT subscriptions— Backlash against ICE is fueling a broader movement against AI companies’ ties to President Trump.⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Honestly you pretty much don’t. Llama are insanely expensive to run as most of the model improvements will come from simply growing the model. It’s not realistic to run LLMs locally and compete with the hosted ones, it pretty much requires the economics of scale. Even if you invest in a 5090 you’re going to be behind the purpose made GPUs with 80GB VRAM.

Maybe it could work for some use cases but I rather just don’t use AI.
Am full of gascdn.nord.pub ↗
Submitted ⁨⁨4⁩ ⁨weeks⁩ ago⁩ to ⁨[deleted]⁩ | ⁨5⁩ ⁨comments⁩
⁨Comment⁩ on ⁨Google Translate is vulnerable to prompt injection⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Maybe i misunderstand what you mean but yes, you kind of can. The problem in this case is that the user sends two requests in the same input, and the LLM isn’t able to deal with conflicting commands in the system prompt and the input.

The post you replied to kind of seems to imply that the LLM can leak info to other users, but that is not really a thing. As I understand when you call the LLM it’s given your input and a lot of context that can be a hidden system prompt, perhaps your chat history, and other data that might be relevant for the service. If everything is properly implemented any information you give it will only stay in your context. Assuming that someone doesn’t do anything stupid like sharing context data between users.

What you need to watch out for though, especially with free online AI services is that they may use anything you input to train and evolve the process. This is a separate process but if you give personal to an AI assistant it might end up in the training dataset and parts of it end up in the next version of the model. This shouldn’t be an issue if you have a paid subscription or an Enterprise contract that would likely state that no input data can be used for training.
⁨Comment⁩ on ⁨VS Code for Linux may be secretly hoarding trashed files⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I can’t really tell if you’re joking or not but no, I’m saying that it’s a bug, and at no point anything is sent off your computer
⁨Comment⁩ on ⁨VS Code for Linux may be secretly hoarding trashed files⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I like that the article excerpt clearly says that it’s simply about files not being removed when the trash bin is emptied, and it’s a problem specific to the Canonical snap system.. Yet every single other comment in here rants about Microsoft spyware. Not many people read beyond the headline, lol.