very well said, and I have been rooting for the team big time!
if you have an alliance hub for discussions with those also building open infrastructure tooling, please let me know!
have already been in the Mozilla AI discord since last year and had a great time being one of the 2 external participants during the name brainstorming for renaming any-llm ^_^
Project Glasswing is already a thing, and the other labs have started their own initiatives too if they want to collaborate and work on securing closed-source software.
Still not addressed the moral clarity point being brought up, nor the ramifications of the Linux Foundation choosing which closed source projects to focus on and alienating their mission statement.
Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.
been cranking on this too but not just for snark but for spam/scam heuristics too.
it's something I feel is finally viable to combat at zero cost to the user.
This plus webmcp would allow it to serve as a form of automod too on websites that you authenticate with (imagine a world where your social media profile has an automod of its own powered locally. can use this to steer your feed or to mute/block/moderate as needbe). Even without WebMCP I have been working on making it autodetect html elements and extract UGC (comments/threads..etc) automatically to moderate (since my initial tests with a small group found some websites with frequent UI changes would break if hardcoded or if they did a lot of AB testing)
Even better, the concept would allow you to also use it to hide certain spoilers (imagine sports or new movies that just came out and you want to not have to hide away from all socials).
didn't find any contacts on your new HN account, but in a few weeks will be able to reach out to you with it fleshed out. :)
We have a community of nearly 14k that we will distribute this to
On a similar vein is the "argument from fallacy" aka fallacist's fallacy. [1]
Essentially if you dismiss someone's argument as false just because it may have had a fallacy within it, that reasoning is itself a fallacy.
Some fallacy-seeking people ironically ignore this and just dismiss anything when they have the "gotcha, you made a fallacy therefore everything you said can be concluded as false" moment.
It's explicitly called out as excluded in the blue info bubble they have there.
> Fast mode usage is billed directly to extra usage, even if you have remaining usage on your plan. This means fast mode tokens do not count against your plan’s included usage and are charged at the fast mode rate from the first token.
While it's commendable, the reality is they should have already "figured out" how to play the system and just farmed the reward points from credit cards and immediately pay them off without incurring any interest.
You get a good credit score and still live within your means while also getting additional points + bank covering any fraudulent activity if the card got stolen.
Of course this method probably won't work for people that feel they would rather just cut themselves off from temptation fully or those without access to banking systems, which I sympathise with.
Out of curiosity, do you have watch history enabled/disabled?
I found the feed with it enabled is much better than disabled and I have it finetuned to be more in line with the niches I care about.
I am also very proactive with marking channels or content I don't prefer with the "Not interested" or "Don't recommend channel" as well as going through and pruning any content I don't want from my watch history directly.
It's not perfect but it's orders of magnitude better than my logged out or watch history disabled account (though not sure if they have since updated it to not show anything at all)
sidenote: just a heads up that I tried emailing you recently to let you know that you might want to contact the HN mods to find out why all your comments get set to dead/hidden automatically.
Your account might have triggered some flag sometime back and relies on users vouching for your comments so they can become visible again.
I've been building in my spare time a spam/scam blocking extension and was also playing around with the experimental in-browser LLM feature for this (alongside Aho–Corasick, Naive Bayes and other classifiers)
It's great to see more people tackling this head on, kudos
> The Gell-Mann amnesia effect is a cognitive bias describing the tendency of individuals to critically assess media reports in a domain they are knowledgeable about, yet continue to trust reporting in other areas despite recognizing similar potential inaccuracies.
Interesting questions, I can later provide more links to more indepth security resources that go over similar points if you would be interested but currently on my phone so I will just jot down some quick surface level points.
> If a malicious website reads the clipboard, what good is knowing an arbitrary password with no other information?
Even if assuming unique username+url pairings, clipboard history can store multiple items including emails or usernames which could be linked to any data breach and service (or just shotgunned towards the most popular services).
It's not really a "no other information" scenario and you drastically reduce the effort required for an attacker regardless.
> If you're talking about a malicious desktop app running on the same system, it's game over anyway because it can read process memory, read keystrokes, etc.
The app does not have to be overtly malicious, AccuWeather (among others) was caught exfiltrating users' clipboard data for over 4 years to an analytics company who may or may not have gotten compromised. Even if the direct application you are using is non-malicious, you are left hoping wherever your data ends up isn't a giant treasure trove/honeypot waiting to be compromised by attackers.
The same reasoning can be used for pretty much anything really, why protect anything locally since they could just keylog you or intercept requests you make.
In that case it would be safer for everyone to run Qubes OS and stringently check any application added to their system.
In the end it's a balancing act between convenience and security with which striving for absolute perfection ends up being an enemy of good.
> Sidenote: Most password managers I've used automatically clear the clipboard 10-15s after you copy a credential.
That is true, good password managers took these steps precisely to reduce the clipboard attack surface.
Firefox also took steps in 2021 to also limit leaking secrets via the clipboard.
> I always have to manually copy/paste the credentials.
I really hope you clear your clipboard history entirely after doing your copy/paste method because your credentials would otherwise persist for any other application with clipboard perms to just exfiltrate (which has already been exploited in the wild before)
if you have an alliance hub for discussions with those also building open infrastructure tooling, please let me know!
have already been in the Mozilla AI discord since last year and had a great time being one of the 2 external participants during the name brainstorming for renaming any-llm ^_^