![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
My specific point here was about how this friend doesn’t trust the results AND still goes to Google/others to verify, so he’s effectively doubled his workload for every search.
My specific point here was about how this friend doesn’t trust the results AND still goes to Google/others to verify, so he’s effectively doubled his workload for every search.
I’ve had this argument with friends a lot recently.
Them: it’s so cool that I can just ask chatgpt to summarise something and I can get a concise answer rather than googling a lot for the same thing.
Me: But it gets things wrong all the time.
Them: Oh I know so I Google it anyway.
Doesn’t make sense to me.
Again, this existed before AI. Typo squatting, supply chain attacks, automated package uploads, CI pipeline infection, they’re all known attack vectors. That’s not to say this isn’t a concern, just that it’s a known risk and the addition of “AI” doesn’t, to my eyes, increase that risk. If your SSH keys don’t require a password, you have taken the decision to make those keys less secure but more convenient to use. That’s pretty much always the tradeoff in security.
The risk here is slightly overblown or misrepresented. Just because a fork exists doesn’t mean that anyone has even read it, let alone run it on their system. For this to be a real threat they would have to publish packages with identical or similar names (ie typo-squatting) to public package repositories which this article didn’t have any information on but which is a known problem long before AI. The level of obfuscation and number of repos affected is impressive but ultimately unlikely to have widespread impact to anyone besides GitHub.
Personally I rename them to something meaningful and they get merged if there are no other references. PayPal is especially bad for completely meaningless rubbish in the payee field and they tend to be ad-hoc purchases so I don’t fiddle with them much. The category is the most relevant bit for me.
Yes I was wrong to say that this an implementation detail rather than a protocol problem as the OpenSSH release notes to prevent this vulnerability include extensions to the SSH Transport Protocol, however I still believe that the headline is sensationalist at best since it can and has been protected against by patching ssh clients and servers. It would be entirely unreasonable in the majority of cases to simply stop using SSH on the basis of this vulnerability and that’s why I think the headline exaggerates the problem. The Register has a much more measured take on this including comments from the paper’s authors that people shouldn’t panic and try to fix immediately.
Bit of an alarmist headline here. The vulnerability has been patched in the most common clients (openssh) and it was because the protocol wasn’t being implemented correctly. To say that the SSH protocol “just got a lot weaker” is just not true.
I disagree with the $ per hour framing (it’s more about the value the entertainment provides than the amount of time it takes to consume) but yes you should pay for your entertainment. I got far too used to paying nothing or close to nothing as a student that it took me a while to readjust.
Another commenter said this but the last two prime ministers were only chosen by the conservative party membership, not by general election. So about 30,000 people have decided the ruler of the country for the past couple of years. You can argue about PMs before then but First Past the Post voting also has a lot to answer for.
Why are people weaving social media and the internet into a single thread? The internet is so vast, social media makes up a tiny sliver of it.
Because to most people outside Lemmy the “internet” (by which they mean the world wide web but that’s me being a pedant) IS social media. There might as well not be anything outside the walled gardens of social media to them because they’ve been conditioned to only stay on one, maybe two platforms for years at this point. The old “what’s a browser?” question these days gets answered with “I don’t need a browser I have Facebook”. Completely nonsensical to us but to them it’s totally natural. Not being derogatory about them or anything but the 60k lemmy users and however many million on Reddit are not the majority. Facebook with it’s 3 billion (with a b) users, IS the majority of the internet.
My friend and I are looking to make a game and the general consensus has been that perforce is still better than git LFS, so we’re setting up a perforce server. What is it about SVN and perforce that you miss? I’ve only ever used git professionally for VCS so I’m finding perforce’s always-online and exclusive-checkouts model just very strange (though I understand the need for it when working with binary files).
I like it and have been using it for something like 6 months. I had an issue where I really liked the application and how simple it was but I didn’t really want to “budget”, just keep an eye on where my money was going. That was fine, just keep zero-ing the numbers every month, slightly tedious though. Now they’ve got a “report” style behind an experimental flag and that’s made it pretty perfect for me.
I set up some family members with the electron app after they had spent 3 days to do in a spreadsheet what I had done in 3 hours in actual. There was resistance initially due to sunk cost fallacy but now they’re loving it.
Other options like ynab and firefly were just too bloated and complex for our simple use case.
Why is it surprising that you had a pocket knife confiscated at a bar?
I’ve heard the argument as a positive of learning vim and while it did finally force me to touch type I can’t say that it had any impact on my programming speed.
I agree with those saying mailing lists are intimidating. I don’t know if others are using dedicated tools or something but I find web based mailing list UIs just incomprehensibly bad and difficult to navigate.
“Too slow to be viable” is a bit strong. I’ve had a fairphone 4 for at least a year now and I’ve had no issues.
I did the same with manjaro, though I split it so I technically can get back to macos if I really want to. Annoyingly that now means I need to keep an eye on the disk usage.
I’ve spent entirely too long in the last week or so researching this. You either go cheap but DIY, or expensive but prebuilt. That’s not to say that a DIY is always cheaper than a prebuilt, you can go absolutely nuts if you want, but the performance and spec will always be better for the money going DIY. Hot swap drawers are over-rated as you’ll maybe use them once a year if that. I can’t recommend any specific prebuilt because I haven’t used any and am waiting for parts for my DIY build.
Yeah this is definitely a downside to using spare gear over purposeful purchases. I think it makes sense to use what I have and optimise later. I’ve got an old intel i5 and mobo I’m planning on using for the NAS. Need to find another use for my old Ryzen 5 2600X.
Literally just bought what I believe to be last generation’s X13 on ebay for half the price of the new one. It’s been great so far, especially with the power efficiency of Ryzen CPUs. My one complaint is the soldered RAM, which judging by the new lineup is getting phased out, thankfully.