Forgot your password?
typodupeerror

Comment A bug, is a bug, is a bug (Score 1) 17

We are at the point where every bug that can crash an application is treated as at least a DoS CVE of some kind, even if it has an extremely low rating. In that sense, LLMs finding these bugs, even if automating a fix is not possible, is still a good thing from a reliability improvement standpoint.

The sad part is when folks see all these reported bugs and decide to abandon the software altogether as a result, which is something we have been seeing with kernel drivers for old hardware which, quite frankly, could have been marked as post-production, carrying a taint flag of some kind if loaded. A mechanism needs to exist to flag these unloved drivers with known issues for a year or two and to maybe gate them off by default using a one-way sysctl, a kernel command line or something else which does not rely on blacklisting so we can have the best of both worlds..

Comment Suppression makes misinformation worse (Score 1) 134

We saw this stupidity in full action with COVID, and it created problems for people trying to do their bit to educate people. At the time of peak pandemic, if you used a search engine, you would only get NHS or WHO results unless you started adding specific academic keywords which most people would not use. If you used YouTube, the results were further manipulated to always favour specific content by a handful of creators unless you explicitly wanted nutty content. The result was a massive distrust by a public who wanted to find out actually useful information, not vague facts the government thought the public ought to know, as they could see everything was being manipulated by companies at the whims of our government without any transparency over what was deliberately censored and why.

It seems they have not learned their lesson since then and seem hell bent on making the public distrust them further by applying this same flawed principle to presumably every search relating to a trending topic of any national relevance. This is not just a bad look, it is a very bad idea, especially given a string of recent events where fast news cycles resulted in somewhat inaccurate commentary and glaring omissions of facts from reporters and journalists alike.

The true fix for this is to put an end to the attention economy, not to try to divert attention towards likes of Rupert Murdoch and co.

Comment Just refuse to help cloud providers (Score 1) 38

Stick to testing installable software only, that way if the maintainers decide not to pay out, immediately publishing a vuln with or without a PoC is still ethical as it gives sysadmins a chance to mitigate before anyone else finds it. When it comes to cloud hosted crap, you have no recourse, therefore, do not help them in the first place.

Comment Re:Oh dear, oh dear, oh dear (Score 1) 147

You asked for a citation, I gave you a citation which didn't represent one isolated incident but an ongoing chain of them which was considered serious enough for the government to use it as part of their justification to mandate the future scanning of every photo everyone ever takes with their smartphones from now on. Feel free to also gloss over the girls who abused the trust of boys without their consent in order to sell videos if that helps fit your narrative.

Regarding physical store transactions, you don't have to provide ID to buy alcohol in the UK unless you look under 25 (also known as Challenge 25) and nobody is required to record face in order to perform said verification, your purchases usually remain completely anonymous, as they should. Also, in England, we allow drinking alcohol in private from the age of 5 because the concept of underage drinking enforcement came about in response to drunk youths in the street causing trouble. So the sales restrictions aren't even there to stop children from consuming it, they exist to stop troublesome behaviour in public, which is a key differentiation you also seem to be glossing over. Regarding tobacco, the only reason people will now need to supply ID is to prove they were born before a certain year, since Starmer wants to ban smoking outright via raising the legal age by 1 year for every passing year in perpetuity.

If you want to equate how you want the Internet to work and match it up to how physical in-store transactions work, at least educate yourself on how those transactions actually work first, before calling people paranoid for pointing out the flaws, especially when you're conversing on a tech website where the EFF and others have already debunked the claims you're making.

Comment Re:Oh dear, oh dear, oh dear (Score 1) 147

See my other comment, complete with a trustworthy citation from mainstream investigative journalists which blew the lid off everything (included here for your convenience)

Banning children from every mainstream user-to-user service that falls under their definition of social media (almost every website except a handful of very specific exceptions) will only make them less equipped to deal with the real world. Everything from children losing the full multiplayer experience in video games through to restrictions being applied to open source software projects (alongside misinformation being spread around schools that's designed to vilify gifted and talented children) is going to deprive them of the same kinds of extra-curricular learning opportunities which led to the success of multiple generations of adults in their prime today.

Starmer himself can't even articulate, when questioned, how his new plans will actually resolve the problems his own party's previous cock-ups caused in the first place, he's only able to explain what they are and his reason why he's implementing them. Worse still, he has chosen to push for measures to actively prevent real victims from being able to locate unauthorised images of themselves by legislating to prevent new smartphones from being able to view them in the first place, while perpetrators will, as usual, be completely unimpacted. Ofcom can't even successfully block nor fine the likes of 4chan, a website where people literally upload originals to request "community creation" of realistic deepfakes. Let that sink in for a moment.

Do a bit of research into what's going on, and you'll find victims will only be further harmed by this, not helped. Government advisers understand the technical trade-off and have decided that making people more identifiable online long-term is, in their minds, more desirable than actually helping victims today by reversing course on a chain of terrible past decisions which all led to where we are today, starting off by encouraging people to make their own niche spaces again, instead of legislating them into oblivion.

Comment Re:This is validating my decision to stay on Debia (Score 4, Informative) 50

The difference between the AUR and Debian repositories is that there's a natural level of checking built into the process. For simplicity, I'm going to completely ignore Debian Stable and talk about Unstable, which ultimately gets far less scrutiny due to less security team involvement.

Each category (or group) of packages generally has a team of people who work together to commit changes to Unstable, aided by senior developers who have non-maintainer upload rights to dip in and help out if packages end up lacking named maintainers. There's no concept of a random person with no history of contributing immediately taking over orphaned packages, and while a package maintainer owns the responsibility of making sure changes work, folks definitely aren't alone when it comes to QA/QC.

Debian also splits out everything so that any potentially reusable dynamic libraries can be re-used by as many other packages as possible. If there's a new dependent library being introduced which no other package already makes use of, it needs to be added to the Debian archive as a brand new package, where the process is ultimately overseen by a separate team of people. Even if all that scrutiny doesn't pick up on something, Canonical engineers also use Debian's packages as the basis for Universe/Multiverse in Ubuntu and have to perform their own checks before syncing over new packages in from Debian Unstable when MOTU ("Masters Of The Universe" aka. community contributors mentored by Canonical) put in a request as part of maintaining the packages they look after.

The end result is potentially even better scrutinised than the packaging approach typical macOS and Windows apps receive, due to the number of separate individual maintainers taking responsibility for dependent libraries, as opposed to an independent or small team of developers taking responsibility for everything. However, it does also mean if one common library gets subverted in some way, especially by a compromise of the upstream project (as people saw with the xz backdoor attempt) then the net impact could be far wider than with vendored libraries (how packages work with macOS/Windows) where developers can choose to stick with older versions for their application for longer. Of course, that's somewhat mitigated by that thing I'm ignoring called Debian Stable... =]

Note: I'm not a Debian Developer (just someone who ends up reading way too much) so it's possible some of what I'm saying isn't as accurate as it could be, but I hope this gives you a general gist of the differences.

Comment Re:Oh dear, oh dear, oh dear (Score 1) 147

Your statement of "social media doesn't work if you can't log in" is demonstrably untrue. Millions of people watch pre-recorded YouTube videos, Twitch livestreams, Tiktok shorts, music tracks on Spotify/Soundcloud, microblogs on X/Bluesky and many other services without ever logging in to them. People don't have to post, comment nor create content in order to consume it, and there has always been, in aggregate, more silent consumers than contributors.

It's also important to understand how lawmakers define social media, relative to the old school definition of social networking, which is what a technical Internet user typically thinks of when it comes to social media. In Britain, if a service is capable of user-to-user communication, it is treated in law as if it is social media, and if you're able to access *any* content on the service, even without yourself sending any messages to users, you are still making use of a covered service. To ensure that the new, onerous legal requirements don't completely break the Internet, they carved out specific exceptions for email, SMS, RCS and private instant messaging services. They then followed this up by tabling a bill to mandate that smartphones analyse every picture or video ever taken to stop specific types of content from even being created (as part of the Children's Wellbeing and Schools Bill, which also, among other things, appears to be an attempt to implement a framework to implement watershed times in the future for unauthenticated access to online services).

This is why we're seeing companies like Microsoft disabling chat capabilities on video games like Minecraft on the client side, even when the connection is to a LAN-hosted server. It's still user-to-user communication (i.e. social media) and Microsoft's legal team clearly assessed that messing with the game client itself (as opposed to server side code) was the best way to comply. It's why Apple has started forcibly applying client-side filtering on iOS, subject to ID checks in order to allow users to disable them (suffice to say, I'm now using GrapheneOS as my daily driver, my iPhone is relegated to the role of banking).

Regarding what happened with OnlyFans, you'll see that in the UK, participating customers simply got refunded, the girls in question received counselling (not a punishment) and British parents/grandparents who allowed their IDs to be used (but where there was no evidence of stereotypical child abuse) did not get prosecuted either. OnlyFans guarantees their content is legal, so if there's illegal content which passes their initial manual checks, at that point it's no longer possible to claim the customer should have known. All liability in the equation was taken on by OnlyFans. Parliament even debated the issue, with the result being politicians pointing out that the fault was solely with the Government, not businesses performing the completely ineffective checks they were asked to perform.

Hopefully this explains the point a bit more clearly.

Comment Oh dear, oh dear, oh dear (Score 2) 147

People will continue to watch porn without proving their age. This is a fact. Folks will continue to be able to open a BitTorrent client, Tor Browser or anything else they want to have access to more porn than they can shake a stick at with zero age checks. Likewise for creating nude images of all kinds from otherwise innocent ones, since all the generative models needed to do this can and do run locally on consumer hardware. Anyone who believes otherwise simply doesn't know how modern computers work.

Worse still, ID checks for porn in Britain actually enabled underage British girls who were literally still in school to make money from OnlyFans (a British social media network) while taking advantage of a catch-22 in the law along with the customers who were legally indemnified when it came to their decisions due to the existence of said ID checks. It destroys the farcical child protection narrative when it's the ID checks which gave people fully legal access to what would normally have been illegal content. That's why there's been a big push to try and limit what smartphones can do with their cameras alongside all this, as a means to address the obvious elephant in the room, which again, can be defeated with some cheap LED strips...

If you think any of this is about children, or even about pornography, you're not engaging your brain enough. It's about controlling the free speech of the few people who don't want to engage with the machine, while falsely claiming to protect them from it. The UK government wants to know who is subverting whatever false narratives they put out there with the hopes they can shut them down in the event they find a way to break through the legally mandated censorship apparatus being applied to mainstream services.

Comment Re:Windows is crumbling (Score 2) 35

Microsoft tried to ditch the technical debt twice, and it almost cost them their business each time.

WinRT, along with the mandate that all applications be UWP, was meant to be the foundation of that. Once migrated, the legacy plumbing could have been ripped out from underneath, but doing so took away the entire point of using Windows in the first place, and so consumers rejected it. Forcing it any further would have resulted in a mass exodus to anything that isn't completely crippled in terms of application availability. It's also what inspired Valve to start supporting Linux for gaming, as there was a sense of existential dread that they might not have a PC platform to sell to which didn't involve Microsoft as a gatekeeper and adverse competitor.

The second attempt was with MSIX packaging and the use of AppContainer technology, with the idea that if developers could be corralled into using a subset of modern APIs, that Microsoft could once again rip out all of the legacy plumbing, this time without upsetting everyone, who would now have plenty of time to adapt slowly to all the changes. But, instead of choosing Microsoft Windows APIs, developers simply chose cross platform technologies instead, and this put Microsoft in an even worse position than with UWP, as there was no going back. Not wanting to look irrelevant to shareholders, Microsoft threw their hat in the ring and pushed for technologies like React and competed with Electron using WebView2, only to make the problem worse.

Which brings us to where we are today, with Microsoft having to support three modern application development stacks that nobody wants to use, and several dead legacy ones, where ABI compatibility and developer familiarity with legacy APIs being the only thing preventing everyone from leaving. So, it's not like they didn't try, they just tried and failed too many times...

Comment Service providers can't even enforce this (Score 1) 120

On a technical level, LED strips with opposing hues either side of the subject throws off the frontier models involved in nudity detection. You can see this in effect on YouTube daily, where sexual content bypasses filters for weeks or months at a time until some prude actually reports it, at which point, a stricter check is performed. Said stricter checks cannot occur on the client side on mobile platforms in practice (no reporting mechanisms in the first place) and the models on a resource constrained smartphone have to respect battery life and avoid tanking performance by design.

Then on a regulatory level, politicians are pretending that the people producing sexually explicit content aren't doing so knowingly and that the consumers of it aren't knowingly wanting to view it. The language of treating viewers as victims means that there's naturally zero penalty for young people discovering loopholes to exploit and share explicit content anyway. We saw this in effect with OnlyFans when people who were underage sidestepped ID checks to make money while attending school. Nobody got prosecuted as a result, and nobody could be because everyone got to claim they were a victim, including the parents who admitted to knowing what was going on. British teenagers willingly creating content, their British parents willingly allowing it to happen and the paying British viewers willingly funding it all had plausible deniability on their side, and all of them blamed OnlyFans who actually did all the necessary reasonable checks which were asked of them.

Everyone involved on all extremes of the ensuing debate became an absolute laughing stock, especially the politicians, and now everyone who isn't involved is being punished for it, without a single person actually being protected in any way from any actual harm. Business as usual...

Comment Re:And how will that help? (Score 1) 24

This is basically what proper commercial Linux distributions (RHEL, SLE) do for their paying customers. They cherry pick fixes most months and then on a timed schedule, release actual version bumps after they've been community-tested in upstream distributions. It guarantees that someone out there will pick up on the problems before they strike without making things too stale. The catch is that developers need to stick to well known, vetted stuff that's older, a habit most offshore devs just can't seem to get into...

Slashdot Top Deals

The only perfect science is hind-sight.

Working...