Skip to content
  • Hjem
  • Seneste
  • Etiketter
  • Populære
  • Verden
  • Bruger
  • Grupper
Temaer
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Kollaps
FARVEL BIG TECH
david_chisnall@infosec.exchangeD

david_chisnall@infosec.exchange

@david_chisnall@infosec.exchange
About
Indlæg
16
Emner
1
Fremhævelser
0
Grupper
0
Følgere
0
Følger
0

Vis Original

Indlæg

Seneste Bedste Controversial

  • Reminder: in 2025, the UN estimates that spending $93 B / year would be sufficient to end world hunger by 2030.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    Reminder: in 2025, the UN estimates that spending $93 B / year would be sufficient to end world hunger by 2030. This is roughly a third of the amount of money that companies have set on fire driving the AI bubble.

    Ikke-kategoriseret

  • This might be the funniest MS Office thing I have encountered yet:
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @aesthr

    I understand why, and if you don’t want to be traumatised, I suggest you stop reading now.

    A spreadsheet is not actually the document unit for Excel. Any open sheet can refer to cells in any other open sheet (hmm, I wonder if anyone has exploited that with sheets that fetch from external data sources to extract other information). By default, any cell reference is in the current sheet, but you can include other files by name and their cells will be used but only if they are open. This means that any editing operation may affect any other open sheets and so, logically, it follows that undo should apply to the document (all open sheets) and not simply one sheet.

    This is also why Excel does not let you open two sheets with the same file name at the same time. If you do, cross-sheet references would be ambiguous. Remember, they don’t refer to files as paths or some kind of unique document identifier, they reference other sheets by file name from the set of open files.

    Ikke-kategoriseret

  • So. If you are not following the Nigel Farage vs. Count Binface showdown in British politics then I recommend you start doing so.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @astronomerritt @Luke_Drury

    he’s a smart bloke under the bin

    ... and other completely normal endorsements of political candidates.

    Ikke-kategoriseret

  • Tips for ethical AI use:
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @Susan_calvin @belehaa

    There’s a lot of stuff in datacentres that’s toxic. You may want to apply the Ripley strategy to ensure that you are not breathing in the fumes. Again, not great for the environment though.

    Ikke-kategoriseret

  • This is a good thread.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @pelle @xgranade

    Signal has a weird blind spot for security usability. A year or so ago I wrote down a list of half a dozen simple things they could do to improve it. And none of these were particularly difficult things but they’ve never been a priority.

    Ikke-kategoriseret

  • Tips for ethical AI use:
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @belehaa

    It’s unfortunate that you have to seriously consider the environmental impact of my normal go-to strategy for this kind of technology: kill it with fire.

    Ikke-kategoriseret

  • To my northern neighbours suffering from the current heat wave.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @Remittancegirl

    1. Umbrellas aren't just for rain. They work for sun, too.

    Some do, but a lot are designed to be lightweight and let through a lot of sunlight. A year or so ago, I was given a modern parasol, which has a thick UV-proof layer and is white on top to reflect as much sun away as possible. It is much cooler when you go under it.

    Ikke-kategoriseret

  • From Dune and ... 🎯
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @Natasha_Jay

    This quote is why I hate the Kevin J Anderson and Brian Herbert prequels so much.

    The original Dune series has a lot of references to the Butlerian Jihad as a reaction to people living mechanically structured lives that removed their essential humanity and allowed other humans to control them. The prequels made it about evil killer robots with no sensible motivations.

    Ikke-kategoriseret

  • A court in Munich declared that Google is liable for their "AI summaries" and all its hallucinations.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @tforcworc @tante

    It's not really an arbitrary distinction. The relevant law treats software as a component. The liabilities apply to a final product. The product liability laws cover products delivered to customers. It's the responsibility of the product builder to ensure that components meet the requirements and to use contract law to enforce any liability that's necessary to propagate along the supply chain.

    The EU's CRA takes a similar view: an open-source project does not have any liability but a product that incorporates that project must do its own due diligence to ensure compliance.

    Ikke-kategoriseret

  • A court in Munich declared that Google is liable for their "AI summaries" and all its hallucinations.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @sabik @lymphomation @tante

    It's also not good. It turns out that existing ML models trained on x-ray data overfit on specific measurement errors for individual x-ray machines and produce surprisingly poor results when you try to use them on a different x-ray machine, of the same model in the same hospital, let alone a different model.

    There was a paper published near the start of the year debunking a load of the claims about ML in radiology.

    But that doesn't stop it being the go-to example for boosters.

    Ikke-kategoriseret

  • A court in Munich declared that Google is liable for their "AI summaries" and all its hallucinations.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @tforcworc @tante

    As I've said elsewhere today:

    There are strict legal limits on where you can limit liability. Your calculator can't have that disclaimer at all because (in both the EU and USA) there are very strict limits on disclaimers of liability for physical machines (which is an issue that comes up in open-source hardware quite often).

    Even in software, claiming in your marketing that your product does one thing and then having a disclaimer in the license that says that it does not, in fact, do that thing is generally a problem: you may not be liable for the damages from failing to do the thing, but there's a good chance that you're liable for fraud. A disclaimer of liability isn't a get out of jail free card, it's a statement of intent.

    Ikke-kategoriseret

  • A court in Munich declared that Google is liable for their "AI summaries" and all its hallucinations.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @edavies @tante

    No, they say that the product comes with no liabilities. That limitation of liability is not absolute and is restricted to the degree to which laws allow liability to be disclaimed. If you put something actively malicious in an open-source project, that license doesn't absolve you.

    If you make explicit claims about the product, then a license saying 'actually, does not do the things that we claimed it can do' will not protect you against fraud claims.

    Ikke-kategoriseret

  • A court in Munich declared that Google is liable for their "AI summaries" and all its hallucinations.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @tante

    Google's defence needs to be amplified by anyone talking to politicians about 'AI' regulation:

    Google is explicitly saying in their legal filing that the outputs from their LLM should not be trusted and that users should know that.

    That's one hell of an admission. Imagine saying that about any other category of product.

    Ikke-kategoriseret

  • This is a good thread.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @pelle @xgranade

    whatever #signal's reasons are for badgering users for a #PIN, it's clearly a design choice they made, because other secure messengers don't do this.

    The choice is either:

    • Periodically ask people to enter their PIN, or
    • Deal with people complaining that they forgot their PIN and are locked out (or, ideally not possible):
    • Provide an insecure way of recovering an account after you are locked out.

    The PIN entry UI looks nothing like an incoming message.

    Ikke-kategoriseret

  • This is a good thread.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @pelle @xgranade

    Without the phone number, you'd still need a mechanism for authenticating new devices, which would be a password or a PIN. With the phone number, the first step is there for you and the PIN is defence in depth, without it you still have the same problem.

    Ikke-kategoriseret

  • This is a good thread.
    david_chisnall@infosec.exchangeD david_chisnall@infosec.exchange

    @pelle @xgranade

    they've been training users to fall for re-register #scams by constantly prompting users to re-enter your #PIN (and the PIN is only necessary because phone numbers are used for sign-up).

    No, the PIN is required to reacquire the account if you lose all connected devices. If they used any other unique identifier as the account handle, the PINs would still be required.

    Ikke-kategoriseret
  • Log ind

  • Har du ikke en konto? Tilmeld

  • Login or register to search.
Powered by NodeBB Contributors
Graciously hosted by data.coop
  • First post
    Last post
0
  • Hjem
  • Seneste
  • Etiketter
  • Populære
  • Verden
  • Bruger
  • Grupper