HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lightdot

no profile record

comments

lightdot
·2 mesi fa·discuss
Even if that would be so, the person who approved it certainly is.
lightdot
·2 mesi fa·discuss
> There was no ill intent by evil corporation, but rather a desire to support functionality that some customers expect of VS Code w.r.t. AI-generated code.

What metric did Microsoft use to assess that VS Code users "expect" their commits to have unsolicited messages added to them?

> Obviously, it should not be on when disableAIFeatures is on and it should not be reporting changes that were not done by AI.

Did you discuss adding these messages with your legal department?

What is Microsoft's position on adding such authorship statements to the code Microsoft did not author?

Or is Microsoft stating that using LLM assistants makes Microsoft a co-author of the code?

Does Microsoft have copyright claims on the code if LLM assistants are used at any time during its creation?
lightdot
·3 mesi fa·discuss
Librewolf: "This project is a custom and independent version of Firefox, with the primary goals of privacy, security and user freedom."

"Tor Browser is based on Mozilla Firefox ESR (Extended Support Release) but has been heavily modified for use with the Tor network."

Those are direct quotes from their respective web pages. Neither of them has anything to do with Chromium.
lightdot
·anno scorso·discuss
Even if it is mandatory in some form, there is plenty of nuance in the actual meaning before we come to calling "forced", isn't it?
lightdot
·anno scorso·discuss
Of course one can and should read the script before running it, but the instructions promote just the opposite.

Even if we skip a step ahead and consider that this script then installs a binary blob... the situation doesn't get any better, does it?

If you find any of this as something normal and acceptable, I can only strongly disagree. Such bad practices should be discouraged.

On the other hand, using a distro's package manager and a set of community approved packages is a far better choice when installing software, security vise. I really don't see how you could compare the two without plainly seeing the difference, from a security perspective.

As an alternative, if the software is not available through a distro's package manager, one should inspect and compile the code. This project provides the instructions to do so, they are just not promoted as a first choice.

I can't help coming to a conclusion, that you've largely made my point about bad practices and having a wrong mindset when it comes to software security.
lightdot
·anno scorso·discuss
From the Github page: "curl -sL https://plandex.ai/install.sh | bash"

Enticing users to blindly run remote 3rd party code on their machines is IMHO not a proper thing to do.

This approach creates a dangerous mindset when it comes to security and good practices in general.
lightdot
·anno scorso·discuss
Did you mean to post a "subscriber link" that enables public access to articles at LWN? As it is now, it's members only until 20th of March...
lightdot
·2 anni fa·discuss
Every time one sees something "bizarre" such as this, one should assume its made so on purpose and ask oneself hat purpose does it serve.

In this case, its painfully obvious.

Then assumptions such as "it's Signal's mission to provide private messaging in the face of government overreach" suddenly become very dubious.