⠠⠵ avuko on nostr

Recent Notes

Uhhh also this tool is designed for proprietary, corpo, cloud-hosted models. Dunno about y'all but my forensic evidence can't leave the lab in any form without chain-of-custody procedures. What are we...

⠠⠵ avuko @⠠⠵ avuko 1776341052

@nprofile1q...

Can these children please move to a playground so the adults can work? Thanks!

Neil Brown · 5w

I am amazed that LinkedIn is not great for privacy. Shocked, I tell you.

⠠⠵ avuko @⠠⠵ avuko 1775250457

@nprofile1q... Can someone or some cooperation please step in?

All we need is a Fediverse server like mastodon on a domain, with the stated idea you'll be in that part of the network as your work self.

Maybe suggest/ enforce the rel=me link trick, for verification at or shortly after on-boarding.

We could even run multiple servers with different flavors on a subdomain, so people know they are all in their work-avatar-space.

Anyway, let's destroy that network effect from the inside out.

Wolf480pl · 5w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvf0qv9ak4qjfdr2q4r8zrh9h738s6yxel5ugq0459lkkkp8jvyds9ygd52 what I'm more concnerned about is anyone with (bought or enforced) access to Telegram ...

⠠⠵ avuko @⠠⠵ avuko 1775230058

@nprofile1q... that is certainly an option.

Although, if you already have access to the servers to bypass validation etc., I'm sure there would be easier ways to compromise Telegram endpoints.

Or did this presumed RCE include privesc/sandbox escape?

Wolf480pl · 6w

Looks like there's a bit more info on the zero-click Telegram RCE and holy shit this looks bad: > This vulnerability allows an attacker to execute arbitrary code on a victim's device simply by sendin...

⠠⠵ avuko @⠠⠵ avuko 1775225607

@nprofile1q...

From my translation:

"The vendor states that each sticker loaded on the platform undergoes a mandatory validation procedure on its servers before being deployed to client applications. According to this official location, the centralized filtering process prevents the use of corrupt stickers as an attack vector, making it technically impossible to execute malicious code via that method."

Just a gentle reminder, by their own admission, that everything you say or send on Telegram goes trough their servers in plain text.

This means that anyone with (bought or enforced) access to Telegram servers can read anything you say or send to anyone.

Wolf480pl · 5w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvf0qv9ak4qjfdr2q4r8zrh9h738s6yxel5ugq0459lkkkp8jvyds9ygd52 AFAIU that validation is when uploading a new sticker, not when using an already-defined one. > everything you say or send on Telegram goes trough their servers in plain text where di...

BleepingComputer · 6w

Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. https://www.bleepingcomputer.com/ne...

⠠⠵ avuko @⠠⠵ avuko 1775025825

@nprofile1q...

if:

Files get synced externally,

And/or get changed in bulk,

And/or get deleted in bulk.

Stop transactions, contact owner, re-authenticate, and provide rollback from archive.

And Google, with the freaking BEST telemetry in the world, decided to throw in AI?!

What. The. Fuck.

Google used to employ engineers. People capable of solving problems. I can see why those all left.

Gina · 6w

Happy Transgender Day of Visibility! :BlobhajTransPrideHeart: #TDoV https://cdn.fosstodon.org/media_attachments/files/116/325/070/437/875/505/original/c9fea8a15fae7a36.jpg

⠠⠵ avuko @⠠⠵ avuko 1774979994

@nprofile1q... we’re gonna need another cyber sticker groupbuy, don’t we? 😉

Gina · 6w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvf0qv9ak4qjfdr2q4r8zrh9h738s6yxel5ugq0459lkkkp8jvyds9ygd52 lol always a fan of stickers. https://cdn.fosstodon.org/media_attachments/files/116/325/096/605/086/578/original/af79d7bd8baaaca1.jpg

David Chisnall (*Now with 50% more sarcasm!*) · 6w

⠠⠵ avuko @⠠⠵ avuko 1774948668

@nprofile1q...

I did mean to imply at least partial intent.

I’m sure people better equipped than me have been studying this and probably have better explanations, but the response of developers to the use of LLMs in software development reminds me of the attitude of guild members of old.

Sharing is caring my friends, and the democratisation of development is a good thing.

Not that I think LLMs are in any way contributing to that democratisation; I’d say genAI is just breaking the dependency on developers, to be replaced with an even worse dependency on big tech, with cognitive decline as a bonus.

⠠⠵ avuko

@⠠⠵ avuko 1774904111

Instead of using an LLM to write me some boilerplate and basic functionality, frontend etc, why isn’t there a library where I can find all of these?

You know, something structured and shared, again, like a library, for specific purposes, and specific languages, with educational hints from development pros on the best way to do things and maybe some constructive feedback and improvements from other people?

And why were we left to deal with stackoverflow instead?

Could this have been, dare I say it: gatekeeping?

David Chisnall (*Now with 50% more sarcasm!*) · 6w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqvf0qv9ak4qjfdr2q4r8zrh9h738s6yxel5ugq0459lkkkp8jvyds9ygd52 Gatekeeping implies intent. I am far more willing to attribute this to incompetence, combined with a lack of good examples for younger people to learn from. Every single one of the good...

J. R. DePriest :verified_trans: :donor: :Moopsy: :EA DATA. SF: · 6w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqe7rqcsp5pypj3ac5wxnvgnwxmdl5the60wggwlqytaxm9kql0cdstw3qha I work at a bank and FS-ISAC's Spring Summit at the beginning of the month was in Fl...

⠠⠵ avuko @⠠⠵ avuko 1774624943

@nprofile1q... @nprofile1q...

"It is not a problem for me, so it is not a problem."

Lather, rinse, repeat.

Steve Herman · 7w

Politico says it has launched a security review after a private telephone conversation between one of its reporters and an EU official about issues connected to Hungary and Ukraine was apparently inte...

⠠⠵ avuko @⠠⠵ avuko 1774480366

@nprofile1q...

Define "private".

If they were calling over normal telephone networks, that's only private as long as no one bothers to listen in.

If they were calling over Signal, someone has bothered quite a lot to listen in, and from one of the used devices.

If POLITICO confirms this was a Signal call, at least one end of the call was targeted.

If it was a regular phone call, anyone anywhere in between could have done this with a little effort. Side note: being a non-democratic state does reduce the amount of effort significantly.

That's a lot of "if"s, so I hope there will be follow-up from POLITICO.