HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sakisv

no profile record

comments

sakisv
·11 дней назад·discuss
Depends on the software.

In this case, the companies that make and provide AI models that are increasingly used to interact with me on critical things (banks, public sector services) then yes.

Abso-fucking-lutely they should be regulated like crazy.

In fact I'm really surprised by the amount of people that are not worried by how many parts of their lives are being handed over to be managed by a probabilistic system that is controlled by a private company with next to zero oversight.

There must be a greater liability than "oops, you're right to push back"
sakisv
·в прошлом месяце·discuss
Mac
sakisv
·в прошлом месяце·discuss
This is not true. I'm a Firefox user and it works perfectly fine in Firefox.
sakisv
·3 месяца назад·discuss
I wanted to draw the distinction between something that destroys lives over a longer period of time (smoking) VS something like gambling where you could lose your life's savings in seconds.

The alcohol mentioned in a sibling comment also ticks the box.

For the sugar, I'd say yes, no, no, yes and "not too much, but I'm keeping an eye out".
sakisv
·3 месяца назад·discuss
Not the original person you replied to, but as far as I'm concerned there are a few questions that could very easily indicate which side of the line is something.

E.g.

- Is it addictive?

- Does it have the potential to destroy lives?

- Does it have the potential to destroy lives in seconds?

- Does it have a strong lobbying mechanism behind it? (n.b. things that are good and nice rarely need someone to bribe people to accept them)

or simply:

- Would you be worried if your child did it?

I think the number of "yes" that you get draws a very clear line.
sakisv
·3 месяца назад·discuss
This feels like a good idea in principle, but I can't shake the feeling that it just moves the goalposts one step away:

Now your app doesn't have direct access to your stripe/github/aws/whatever keys (which is good!) but you still need to have _some_ authentication against your proxy.

If you have a per-app authentication, then if your app's key leaks, then whoever uses it will be able to reach all the external services your app can, i.e. with one key you lose everything. On the other hand, if you have per-endpoint authentication, then you didn't really solve anything, you still have to manage X secrets.

Even worse, from the perspective of the team who owns and runs the proxy, chances are you are going to use per-app AND per-endpoint authentication, because this will allow you to revoke bad keys without breaking everyone else, etc.

What this really solves is subscription management for (big?) organisations. Now that you have a proxy, you only need a single key to talk to <external-service>, no need to have to manage subscriptions, user onboarding and offboarding, etc. You just need to negotiate ratelimits.
sakisv
·4 месяца назад·discuss
While I agree in principle, I have to remind you (and to myself) that Australia is part of the Five Eyes: https://en.wikipedia.org/wiki/Five_Eyes
sakisv
·6 месяцев назад·discuss
For me it's quite simple: It works and it stays out of my way.

I've owned a macbook since 2010, with a short break during the touchbar era when I got myself an XPS with windows which I dual-booted with ubuntu and later a system76 that comes with their own flavour of Ubuntu, called Pop! Os.

The situation in windows (windows 10 at the time) was abysmal. Completely incoherent UI, settings spread across different menus, ads in start menu, slow and broken search, constant nagging to update windows, to update the drivers, to tell me that the drivers have been updated, to install or update my antivirus, etc. These were not things that I installed myself, these were included with Dell's setup of the machine.

On the system76 laptop things were different. Things were calm, I could configure everything as I wanted and things worked. Until at some point I installed a new version of something, which had nothing to do with sound, but it broke sound, just as I was preparing to join a meeting, and just as we were going into the second phase of lockdowns in late 2020 so online meetings were here to stay.

My macbooks are reliable. I've got the M1 as soon as it came out and I never got a single issue with it. I've upgraded twice (I think) across major versions and everything worked. I don't have to worry about it leaving me hanging when I need it.

(And that's not taking into account things like build quality, touchpad quality, battery life, silence, etc)

In the end of the day, I do a lot of debugging as part of my work. When I don't work, I want to choose what I will be debugging, not have it forced on me.

And don't get me wrong: I see where Apple is going, I know that they're a greedy company that want to maintain their iron grip and have the final say on what we can and cannot do on our machines.

However, for me for the time being it's the least bad option.
sakisv
·6 месяцев назад·discuss
Ah, that's a fair point. In that case then yes, I have been bothered by the borrow checker very much indeed lol.
sakisv
·6 месяцев назад·discuss
As someone who's only did a couple of small toy-projects in rust I was never annoyed by the borrow checker. I find it nothing but a small mental shift and I kinda like it.

What I _do_ find annoying though and I cannot wrap my head around are lifetimes. Every time I think I understand it, I end up getting it wrong.
sakisv
·7 месяцев назад·discuss
Given that a lot of places that deal with money use them, I find your comment quite interesting and would like to learn more :)
sakisv
·8 месяцев назад·discuss
The way I solve the plain text problem is through a combination of direnv[1] and pass[2].

For a given project, I have a `./creds` directory which is managed with pass and it contains all the access tokens and api keys that are relevant for that project, one per file, for example, `./creds/cloudflare/api_token`. Pass encrypts all these files via gpg, for which I use a key stored on a Yubikey.

Next to the `./creds` directory, I have an `.envrc` which includes some lines that read the encrypted files and store their values in environment variables, like so: `export CLOUDFLARE_API_TOKEN=$(pass creds/cloudflare/api_token)`.

Every time that I `cd` into that project's directory, direnv reads and executes that file (just once) and all these are stored as environment variables, but only for that terminal/session.

This solves the problem of plain-text files, but of course the values remain in ENV and something malicious could look for some well known variable names to extract from there. Personally I try to install things in a new termux tab every time which is less than ideal.

I'd like to see if and how other people solve this problem

[1]: https://direnv.net/ [2]: https://www.passwordstore.org/
sakisv
·8 месяцев назад·discuss
I would be tempted to put it on my CV :D
sakisv
·8 месяцев назад·discuss
Well, you can never be sure that he didn't:

https://www.fastly.com/blog/summary-of-june-8-outage
sakisv
·9 месяцев назад·discuss
I think I agree with what I think you're trying to say.

However I don't agree with the repercussions of this, which are the same ones that make all reasonable people, security experts included, oppose EU's ChatControl or the UK's backdoor requests: There is no way to ensure and protect the people that need protection, as there is no way to ensure that only "the good guys" have it.

We tend to bullshit ourselves into believing that because spyware software like Predator are weapons, meaning that only countries would be allowed to buy them and use them (same way that Jeff Bezos cannot buy and use an F-35 for example). We see though, that certain individuals _can_ get their hands on these things and use them however they want.

For example, 3 years ago someone adjacent to the greek government bought and used Predator against MEPs, journalists, army generals, mafia bosses, MPs of opposing parties and even MPs of their own, ruling, party. The greek government of course denied that they did it, and they said that this individual did not act under the instructions of the government (though they then changed the law to prevent anyone for learning details about it, but that's a different story).

So, apart from adopting the same approach as with ChatControl and encryption backdoors, i.e. banning them, I don't know how we could protect ourselves against them.
sakisv
·10 месяцев назад·discuss
So, this is Google Now but instead of one company having access to the data on their systems, now you're giving access to your data from different companies/sources to OpenAI.

(I do miss Google Now, it really did feel like the future)