I’ve not built anything beyond simple scripts in rust but I’m looking at some of the cosmic codebase to see what I can do.
I’ve not built anything beyond simple scripts in rust but I’m looking at some of the cosmic codebase to see what I can do.
Literally just bought what I believe to be last generation’s X13 on ebay for half the price of the new one. It’s been great so far, especially with the power efficiency of Ryzen CPUs. My one complaint is the soldered RAM, which judging by the new lineup is getting phased out, thankfully.
My specific point here was about how this friend doesn’t trust the results AND still goes to Google/others to verify, so he’s effectively doubled his workload for every search.
I’ve had this argument with friends a lot recently.
Them: it’s so cool that I can just ask chatgpt to summarise something and I can get a concise answer rather than googling a lot for the same thing.
Me: But it gets things wrong all the time.
Them: Oh I know so I Google it anyway.
Doesn’t make sense to me.
Again, this existed before AI. Typo squatting, supply chain attacks, automated package uploads, CI pipeline infection, they’re all known attack vectors. That’s not to say this isn’t a concern, just that it’s a known risk and the addition of “AI” doesn’t, to my eyes, increase that risk. If your SSH keys don’t require a password, you have taken the decision to make those keys less secure but more convenient to use. That’s pretty much always the tradeoff in security.
The risk here is slightly overblown or misrepresented. Just because a fork exists doesn’t mean that anyone has even read it, let alone run it on their system. For this to be a real threat they would have to publish packages with identical or similar names (ie typo-squatting) to public package repositories which this article didn’t have any information on but which is a known problem long before AI. The level of obfuscation and number of repos affected is impressive but ultimately unlikely to have widespread impact to anyone besides GitHub.
Yes I was wrong to say that this an implementation detail rather than a protocol problem as the OpenSSH release notes to prevent this vulnerability include extensions to the SSH Transport Protocol, however I still believe that the headline is sensationalist at best since it can and has been protected against by patching ssh clients and servers. It would be entirely unreasonable in the majority of cases to simply stop using SSH on the basis of this vulnerability and that’s why I think the headline exaggerates the problem. The Register has a much more measured take on this including comments from the paper’s authors that people shouldn’t panic and try to fix immediately.
Bit of an alarmist headline here. The vulnerability has been patched in the most common clients (openssh) and it was because the protocol wasn’t being implemented correctly. To say that the SSH protocol “just got a lot weaker” is just not true.
I disagree with the $ per hour framing (it’s more about the value the entertainment provides than the amount of time it takes to consume) but yes you should pay for your entertainment. I got far too used to paying nothing or close to nothing as a student that it took me a while to readjust.
Why are people weaving social media and the internet into a single thread? The internet is so vast, social media makes up a tiny sliver of it.
Because to most people outside Lemmy the “internet” (by which they mean the world wide web but that’s me being a pedant) IS social media. There might as well not be anything outside the walled gardens of social media to them because they’ve been conditioned to only stay on one, maybe two platforms for years at this point. The old “what’s a browser?” question these days gets answered with “I don’t need a browser I have Facebook”. Completely nonsensical to us but to them it’s totally natural. Not being derogatory about them or anything but the 60k lemmy users and however many million on Reddit are not the majority. Facebook with it’s 3 billion (with a b) users, IS the majority of the internet.
I’ve heard the argument as a positive of learning vim and while it did finally force me to touch type I can’t say that it had any impact on my programming speed.
I agree with those saying mailing lists are intimidating. I don’t know if others are using dedicated tools or something but I find web based mailing list UIs just incomprehensibly bad and difficult to navigate.
I’ve spent entirely too long in the last week or so researching this. You either go cheap but DIY, or expensive but prebuilt. That’s not to say that a DIY is always cheaper than a prebuilt, you can go absolutely nuts if you want, but the performance and spec will always be better for the money going DIY. Hot swap drawers are over-rated as you’ll maybe use them once a year if that. I can’t recommend any specific prebuilt because I haven’t used any and am waiting for parts for my DIY build.
I believe it’s 1% for access to the “entire post-open ecosystem”, rather than 1% per project which would be unreasonable. So you could use one or thousands of projects under the Post-open banner, but still pay 1%.
It will take years to develop the post-open ecosystem to be something worth spending that much on.