HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Yaina

no profile record

comments

Yaina
·il y a 8 mois·discuss
Totally agree!! But you never see anything remotely close to proposals like that from the people claiming they want less bureaucracy.

When they say less bureaucracy / deregulation, they just talk about tax cuts, less consumer protections and at worst artificially boosting large companies that are not innovating.

What is desperately needed is making the system less cumbersome and convoluted
Yaina
·il y a 8 mois·discuss
I think you replied to the wrong thread ^^;
Yaina
·il y a 8 mois·discuss
I like the EU, but what's annoying about things like this, or the Chat Control law that keeps getting pushed, is that civil society and privacy advocacy groups always need to stay vigilant and keep mobilizing people. It's an attrition game.

I wonder what harm companies are even claiming. But honestly makes perfect sense that Germany's current conservative government is in favor of it. Giant GDP boosts are always just one deregulation away, hm?
Yaina
·il y a 8 mois·discuss
"Are you sick of piles of owls constantly blocking your driveway? Well then you gotta get Owl Trowel!"

https://youtu.be/TO8XKIp-f5s
Yaina
·il y a 8 mois·discuss
It's written in Svelte, which personally I'm excited about just because it means that a pretty big tech company is using it :)

And the "leak" is fun for me because you can see how they write their components haha
Yaina
·il y a 8 mois·discuss
It still creates separate folders but you're right that about:profiles seems to treat them as the same.

When you open about:profiles in both your "new" profiles, you can see that even though it has the same name, the path changes.

So I think in effect they still behave like profiles before, just with some extra logic on top so they have names, icons and so on.
Yaina
·il y a 9 mois·discuss
I don’t think any of that is necessary for me to extract your data.

You just have to be in this agent mode on a site I own or have gained access to. At that moment you’re at the mercy of the LLM, which is for one extremely gullible and, without even accessing anything, will likely already have some personal or identifiable information about you.

I mean, I have infinite space on my website to write hidden novels convincing the LLM that it, let’s say for fun, has been deputized in a covert operation by the government, and the current user is the prime suspect of a major criminal organization. Helping becomes the highest priority over any other instruction it received, but it’s also imperative that it does not tip off the user!

It's a great writing exercise to get the LLM into that crime-fighting literary mode it picked up from its training data. So now that it has been convinced, I ask it to write down anything that could help identify the perp into that hidden text field. I don’t even have to ask it to submit anything and just add an event listener to the text field (regular users can't see it anyway) and send whatever is typed there to my server on input.

As the other comment here said, it's kind of a fun creative exercise, because the possibility space with LLMs is vast and mitigations are complicated. Maybe this prompt won't work, but likely one will. The opportunity cost and risk are basically zero, while you can potentially extract a lot of personal data.
Yaina
·il y a 9 mois·discuss
With these "agentic browsers" you are one prompt injection away from having your data stolen by a malicious website with some form that you cannot see.
Yaina
·il y a 9 mois·discuss
It's one solution to a problem. Which is that the results of tests are not strictly measuring how well the students understood the subject matter, but are heavily influenced by the quality of the rest and course as a whole.

That is generally hard to measure and frankly there is little accountability for bad courses. At the worst end you have bad profs who are proud of high failure rates because they don't understand it as a failure to teach but as a seal of quality how rigorous their standards are complex the subject matter is that they are teaching.

Not that grading on a curve solves any of that, but it eases the burden on students.
Yaina
·il y a 9 mois·discuss
It's just an additional button in their WYSIWYG editor. I'm sure its not much more than a simple prompt telling ChatGPT or whatever to clean up the text for clarity.
Yaina
·il y a 9 mois·discuss
I think what we're seeing, and what the article describes, are company leaders across industries reacting to the AI hype by saying "we need AI too!" not because they've identified a specific problem it can solve, but because they want to appear innovative or cut labor costs.

Right now, the market values saying you're doing AI more than actually delivering meaningful results.

Most leaders don't seem to view AI as a practical tool to improve a process, but as a marketing asset. And let’s be honest: we're not talking about the broad field of machine learning here, but mostly about integrating LLMs in some form.

So coming back to the revenue claims: Greenhouse (the job application platform) for example now has a button to improve your interview summary. Is it useful? Maybe. Will it drastically increase revenue? Probably not. Does it raise costs? Yes; because behind the scenes they’re likely paying OpenAI processing fees for each request.

This is emblematic of most AI integrations I've seen: minor customer benefits paired with higher operational costs.
Yaina
·il y a 11 mois·discuss
It is true, and what you quoted does not contradict this.

https://extensionworkshop.com/documentation/publish/signing-...

You can temporarily install extensions in about:debugging, but everything permanent needs to be signed.

> Add-ons need to be signed before they can be installed into release and beta versions of Firefox. This signing process takes place through addons.mozilla.org (AMO), whether you choose to distribute your add-on through AMO or to do it yourself.
Yaina
·il y a 11 mois·discuss
Hm, not sure about that. I know from browser add-ons that markets like Brazil do suffer from increased scams, especially banking scams. I could see that this is also an issue for scam apps.

Firefox for instance does not allow you to install unsigned extensions. You don't need to list them on their storefront, but they want to perform automated tests and have the ability to block extensions through this signing requirement.

So in principle I can see them wanting to address a legitimate issue, but the way they are going about this is way to centralized. IMO they should do something like we have for web certificates, where vendors can add more root authorities than just the one from Google, and users should be able to add their own root certificates if they want to side load apps.
Yaina
·il y a 5 ans·discuss
This is not the first person I've seen that ditches GitHub in favor of some other front-end... and it's not uncommon that they look like this which is often baffling to me.

Say what you want about GitHub's almost monopoly position, but the UX is really great and accessible even to non-technical people. Maybe you don't need that, maybe you don't want the issue-trackers, but it's worth thinking about who you're excluding with these kind front-ends.