• 0 Posts
  • 290 Comments
Joined 1 year ago
cake
Cake day: July 14th, 2023

help-circle
  • Thanks for clarifying! I’ve heard nothing but praise for Kagi from its users so that’s what I was assuming, but Searxng has also been great so I wouldn’t have been too surprised if you’d compared them and found its results to be on par or better.

    By the way, if you’re self hosting Searxng, you can use add your own index. Searxng supports YaCy, which is an actively developed, open source search index and crawler that can be operated standalone or as part of a decentralized (P2P) network. Here are the Searxng docs for that engine. I can’t speak to its quality as I still haven’t set it up, though.



    1. I was showing that my understanding of the word “asset” was based in fact. The 4th definition wasn’t relevant to that.
    2. I literally talked about the 4th definition in the next paragraph.

    If anyone’s operating in bad faith, it’s you. Are you drunk? You’re being an intentionally obtuse pedant and a liar (by your own definition). Try replying once you’ve sobered up, clown. Once you reread and realize how much of a dick you were, I’m sure you’ll apologize - unless I’m right about you being too much of a coward to admit when you’re wrong about something.



  • Before I reply to your comment, I’d like to share this link. It didn’t change any of my existing understanding because Linus’s comment already made it clear that this was out of their hands, but maybe it’ll help clarify something for you.

    I realize now that this comment on that post was made before this one (“What’s free about delisting maintainers based on their country of residence?”) by the same person. It’s disingenuous for someone to act like this is about “country of residence” when they already engaged with a post clarifying that it’s because of sanctions against specific companies.

    that you unironically think asset means property

    I unironically think that because it does mean that:

    1. assets plural

    a. the property of a deceased person subject by law to the payment of his or her debts and legacies

    b. the entire property of a person, association, corporation, or estate applicable or subject to the payment of debts

    1. ADVANTAGERESOURCE

    a. an item of value owned

    b. assets plural the items on a balance sheet showing the book value of property owned

    When I do a search for “state asset,” the results I get are all related to property, resources, etc., things that belong to and can be exploited by the state - for example https://www.epa.gov/dwcapacity/state-asset-management-initiatives-documents

    Searching for “asset” specifically I see a tertiary definition reading “A spy working in his or her own country and controlled by the enemy” as well as the wikipedia definition, but that still means “spy,” not “paid lobbyist.”

    just that incredibly obtuse

    I’d apologize for not being well versed enough in counter-intelligence lingo to properly interpret the comment, but even with a proper interpretation, the comment I replied to was still incoherent, so I’m not really sure what you expect here.

    It feels weird to say that it was incredibly obtuse of me to not spend more time trying to figure out what someone meant when they were, as far as I can tell just mad that Linus and other Linux maintainers didn’t ignore what their attorneys advised, regardless of what impact that might have had on them personally, and spouting a bunch of nonsense as a result.

    Maybe I’m wrong, though. If so, would you care to explain how this was a violation of the GPL and/or how all of the 4 freedoms I listed were violated?




  • Literally none of those freedoms were impacted. Everyone is still free to use the program as they wish, fork it, make changes, etc… Linux doesn’t have a new license that says “anyone but Russians” can use it.

    he then followed up by gloating about Russian maintainers

    How did he gloat? He explained the change. If your complaint is that he was abrasive, I feel like you’re not familiar with Linus.

    Ok, lots of Russian trolls out and about.
    
    It's entirely clear why the change was done, it's not getting
    reverted, and using multiple random anonymous accounts to try to
    "grass root" it by Russian troll factories isn't going to change
    anything.
    
    And FYI for the actual innocent bystanders who aren't troll farm
    accounts - the "various compliance requirements" are not just a US
    thing.
    
    If you haven't heard of Russian sanctions yet, you should try to read
    the news some day.  And by "news", I don't mean Russian
    state-sponsored spam.
    
    As to sending me a revert patch - please use whatever mush you call
    brains. I'm Finnish. Did you think I'd be *supporting* Russian
    aggression? Apparently it's not just lack of real news, it's lack of
    history knowledge too.
    

    Sounds a lot more like he’s frustrated than delighted to me.

    Calling your former volunteer contributors bots

    He didn’t call the contributors bots.

    He called the people submitting reverts and complaining about those maintainers, who weren’t contributors themselves, “troll farm accounts.”

    and state assets because of their home country

    When did he call anyone a state asset? To be clear, being a troll or a paid actor doesn’t make you someone’s property.

    He also explained that this was a legal matter:

    > Again -- are you under any sort of NDA not to even refer to a list of
    > these countries?
    
    No, but I'm not a lawyer, so I'm not going to go into the details that
    I - and other maintainers - were told by lawyers.
    
    I'm also not going to start discussing legal issues with random
    internet people who I seriously suspect are paid actors and/or have
    been riled up by them.
    

  • First, you’re acting like the decision was made by Linus or another member of the team and that they weren’t following the law.

    Second, even if that weren’t the case, it’s still completely free. Unless you can name one of the following freedoms that was impacted by those actions:

    • Freedom 0: The freedom to use the program for any purpose.
    • Freedom 1: The freedom to study how the program works, and change it to make it do what you wish.
    • Freedom 2: The freedom to redistribute and make copies so you can help your neighbor.
    • Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits.



  • Your Passkeys have to be stored in something, but you don’t have to store them all in the same thing.

    If you store them with Microsoft’s Windows Hello, Apple Keychain, or Google Password Manager, all of which are closed source, then you have to trust MS/Apple/Google. However, Keychain is end to end encrypted (according to Apple) and Windows Hello is currently not synced to the cloud, so if you trust those claims, you don’t need to trust that they won’t misuse your data. I don’t know if Google’s offering is end to end encrypted, but I wouldn’t trust it either way.

    You can also store Passkeys in a password manager. Bitwarden is open source (though they did recently introduce a proprietary, source available SDK), as is KeepassXC. 1Password isn’t open source but can store Passkeys as well.

    And finally, you can store Passkeys in a compatible security key, like the YubiKey 5 series keys, which can each store 100 Passkeys. This makes them basically immune to being stolen. Note that if your primary interest in Passkeys is in the phishing resistance (basically nearly perfect immunity to MitM attacks) then you can get that same benefit by using WebAuthn as a second factor. However, my experience has been that Passkey support is broader.

    Revoking keys involves logging into the particular service and revoking them, just like changing your password. There isn’t a centralized way to do it as far as I’m aware. Each Passkey is only used for a single service, after all. However, in the same way that some password managers will offer to automatically change your passwords, they might develop a similar for passkeys.








  • Synthetic media should be required to be watermarked at the source

    Bit late for that (even in 2023). Best we could do now is something like public key cryptography, with cameras having secret keys that images are signed with. However:

    • That would require people to purchase new cameras (though phones could likely do this without a new device, leveraging the secure enclaves to sign)
    • Depending on the implementation of the signing, even applying filters to images, color grading, or cropping an image could make it stop matching. If you remove something from the background or make other overt changes, it’s definitely not going to match.
      • Adobe has a system for handling changes and attesting that no AI was used. Optimally other major photo editing tools will do something similar. However, I don’t think it’s feasible to securely sign such an attestation history locally, so all such images would need to be uploaded to be signed remotely.
    • This won’t work for traditional art

    For artists and photographers with old school cameras (“old school” meaning “doesn’t compute and sign a perceptual hash of the image”), something similar could still be done. Each such person can generate a public / private key pair for themselves and sign the images they’ve created manually. This depends on you trusting that specific artist, though, as opposed to trusting the manufacturer of the camera used.


  • This isn’t true or how it works, but there is a law being proposed that would sorta make it so: https://arstechnica.com/information-technology/2024/08/senates-no-fakes-act-hopes-to-make-unauthorized-digital-replicas-illegal/

    (In the US), your likeness is protected under state laws and due to case law, rather than federal laws, and I don’t know of any such law that imposes a responsibility upon sites like Twitter to take down violations upon your report in the same way that the DMCA does. Rather, they allow you to sue the entity who used your likeness for damages in civil court. That isn’t very useful to Jane when her ex-boyfriend uploads revenge porn of her or to Kate when a random Twitter account deepfakes her face onto a nude.

    However, if a picture you have copyright to (like a selfie) is used as an input into an AI, arguably you do have partial copyright to it, as the AI elements are not copyrighted and it could not have been created without your input. As such, I think it would be reasonable to issue a DMCA takedown request if someone posted a nonconsensual deepfake of you, on the grounds that you have a good faith belief that you do have copyright to it. However, if you didn’t take the picture used as an input yourself, you don’t have copyright to it and therefore don’t have partial copyright to the output, either. If it’s a deepfake face swap, then whoever owns copyright of the original scene image/video would also have partial copyright, and they could also issue a DMCA takedown request.