I don’t know why, but my guess would be. Everyone involved knows it is bullshit, the people working there, management, etc… but it gives a good loophole to fire anyone that is starting to stir up something, “oh, he/she failed the polygraph.”
The people working there knows it, so they are more likely to stay in line so they can “pass” their annual test.
In his defense, polygraph is just pseudo-science bullshit. You “fail” or “pass” depending on what the one doing it wants you to do. It is just made up.
If they have, then good. Wasn’t sure it was doable with current google’s signing process. Highly unlikely someone hasn’t tampered with them then (far easier to target the site displaying the “correct” fingerprint).
However, my original point still stands. Just because it is open source doesn’t in itself mean that a bad actor can’t tamper with it.
And Signal is open source so, if it did anything weird with private keys, everyone would know
Well, no. At least not by default as you are running a compiled version of it. Someone could inject code you don’t know anything about before compilation that for example leaked your keys.
One way to be more confident no one has, would be to have predictable builds that you can recreate and then compare the file fingerprints. But I do not think that is possible, at least on android, as google holds they signature keys to apps.
And no comments, unless you use a non-standard parser. But then you might as well use anorher format.
Get you hooked to the extreme convenience, much like a drug addict, and then pump up the price or flood every prompt with ads.
There is a big difference between “normal” SaaS and LLM.
In a normal SaaS you get a lot of benefit of being at scale. Going from 1000 to 10000 users is not that much harder than going from 10000 to 1000000. Once you have your scaling set up you can just add more servers and/or data centers. But most importantly, the cost per user goes waaay down.
With AI it just doesn’t scale at all, the 500000th user will most likely cost as much as the 5th. So doing a netflix/spotify/etc, I don’t think is going to work unless they can somehow make it a lot cheaper per user. OpenAI fails to turn a profit even on their most expensive tiers.
Edit: to clarify, obviously you get some small benefits from being at scale. Better negotiations and already having server racks, etc. But those same benefits a traditionsl SaaS gets as well, and so much more that LLM doesn’t, because the cost per user doesn’t drop.
Yes, you have to pick your battles. Save it for when it is really needed.
Andersson - Swedish
I would say it is a tie between Andersson and Svensson.
There are even companies selling lists of IPs for all sort of behaviour and characteristics. Just adding one of those is trivial.
Though google has a lot more data and engineers so they could just create a better one themselves.
It is a constant cat and mouse game between VPN providers and other actors. A few IPs get on a list, they try to find others, repeat
Maybe he started the install at 02:30? And included a coffee break
Yes. Writting down a complex password helps against most attacks, except one where the bad guy has physical access to your note. Based on the normal users use case that is probably a very good trade off. Most hacks are done over the internet without access to your note.
Ideally everyone should use a password manager, but that is highly unlikely any time soon.
I know this is a meme, but security is not binary. It is not you either have 100% or 0%, it is always a sliding scale, and usually on the opposite side is convenience.
Encrypting your drive protects against someone stealing your computer or breaning into youe house while the computer is off/locked.
People like to trash people that write down their passwords on a post-it note and keep next to their computer. It is not ideal, but having a somewhat complex password written down protects a lot more against attacks over the internet than having “password”. However, if others have physical access to the note then it is obviously very bad. Like for example in an office.
In their defense a very tiny percentage of users even open options and of those an even smaller actually change stuff.
Maybe slighlty different for Firefox as probably more power user use it than other random programs. But basically if something is not enabled by default, it doesn’t exist.
Testing doesn’t get security updates as quickly as unstable, or even stable sometimes.
For desktop I run debian sid (unstable), despite the name it very rarely breaks. And once in a blue moon when it does it gets fixed in a few hours/a day. Usually it is just some package that doesn’t play nicely with something else, so not like it is unusable during that time.
The unstable part is that they do not guarantee that it will work, it is still more stable than most other distros and you get new packages.
Great, but they should donate some of the saved money to open source projects they are using to make sure they stay updated.
There are lots of companies selling data, just one of them is a list of known VPN IP addresses. Updated every X days. Just plug that into your service and it gets a lot harder, but still not impossible, to use with a VPN.
It will just be a few approved sites that you are allowed to visit, and just by chance those sites are the ones that pay the goverment the most! Those sites will have records in the approved DNS, that you can not change. Other DNS requests are blocked, along with everything else that isn’t approved.
I am kinda turned off by how awful and hacky it is, but sadly it is used everywhere. And the Facebook ties is another big minus.
Just run unstable, especially on desktop. It is just unstable in name. Debian’s unstable is probably 100x more stable than some other distros stable line.