Skip to content

Firefox is fine. The people running it are not

Technology
205 106 16
  • 47 Stimmen
    4 Beiträge
    11 Aufrufe
    T
    Very interesting paper, and grade A irony to begin the title with “delving” while finding that “delve” is one of the top excess words/markers of LLM writing. Moreover, the authors highlight a few excerpts that “illustrate the LLM-style flowery language” including By meticulously delving into the intricate web connecting […] and […], this comprehensive chapter takes a deep dive into their involvement as significant risk factors for […]. …and then they clearly intentionally conclude the discussion section thus We hope that future work will meticulously delve into tracking LLM usage more accurately and assess which policy changes are crucial to tackle the intricate challenges posed by the rise of LLMs in scientific publishing. Great work.
  • Canadian telecom hacked by suspected China state group

    Technology technology
    3
    1
    57 Stimmen
    3 Beiträge
    20 Aufrufe
    M
    While this news is both expected and unsettling, I'm pretty keen on how our gov has this info available to the public. And the site itself - such a vast resource for security info, tools, etc. Not all of our gov nor all departments are something to behold, but our cyber teams are top notch. And holy shit: https://github.com/CybercentreCanada
  • 0 Stimmen
    1 Beiträge
    9 Aufrufe
    Niemand hat geantwortet
  • Is Matrix cooked?

    Technology technology
    54
    100 Stimmen
    54 Beiträge
    177 Aufrufe
    W
    Didn't know it only applied to UWP apps on Windows. That does seem like a pretty big problem then. it is mostly for compatibility reasons. no win32 programs are equipped to handle such granular permissions and sandboxing, they are all made with the assumption that they have access to whatever they need (other than other users' resources and things that require elevation). if Microsoft would have made that limitation to every kind of software, that Windows version would have probably been a failure in popularity because lots of software would have broken. I think S editions of windows is how they tried to go in that direction, with a more drastic way of simply just dropping support for 3rd party win32 programs. I don't still have a Mac readily available to test with but afaik it is any application that uses Apple's packaging format. ok, so if you run linux or windows utils in a compatibility layer, they still have less of a limited access? by which I mean graphical utilities. just tried with firefox, for macos it wanted to give me an .iso file (???) if so, it seems apple is doing roughly the same as microsoft with uwp and the appx format, and linux with flatpak: it's a choice for the user
  • 61 Stimmen
    11 Beiträge
    46 Aufrufe
    K
    If you use LLMs like they should be, i.e. as autocomplete, they're helpful. Classic autocomplete can't see me type "import" and correctly guess that I want to import a file that I just created, but Copilot can. You shouldn't expect it to understand code, but it can type more quickly than you and plug the right things in more often than not.
  • How Social Media Brings Out the Worst in Us

    Technology technology
    14
    1
    120 Stimmen
    14 Beiträge
    58 Aufrufe
    sturgist@lemmy.caS
    Suffering from asthma? 9/10 Doctors recommend menthol cigarettes! Peppermint fresh puts the pep in your step!
  • 38 Stimmen
    7 Beiträge
    37 Aufrufe
    D
    Not easy but not hard actually really simple if you had the right energy. Just ignore this so I don't scare you.
  • 1 Stimmen
    8 Beiträge
    37 Aufrufe
    L
    I think the principle could be applied to scan outside of the machine. It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack. There's no reason it can't make requests to 10.10.10.1:{port} as well. Of course you'd need to guess the netmask of the network address range first, but this isn't that hard. In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range. If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers. From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on. I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.