irotsoma

@irotsoma@piefed.blahaj.zone

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Nintendo sues to prevent Trump from dodging full tariff refunds⁩ ⁨⁨1⁩ ⁨hour⁩ ago⁩:
Yep, Americans pay more for products and then pay interest and court costs to companies. Those tariffs were such a genius idea, especially implementing them on a whim without knowing how tariffs work or how to legally implement them, right?
⁨Comment⁩ on ⁨Workers report watching Ray-Ban Meta-shot footage of people using the bathroom⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Yeah, devices like this really should be designed to do most work locally or on connected phones and only send data to the cloud when necessary. But then they wouldn’t be able to farm the data for tracking, advertising, and “AI” training, which is where they make their money on these kinds of devices.
⁨Comment⁩ on ⁨GrapheneOS Collaboration With Motorola Mobility⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
That’s awesome considering Pixel devices may not be viable for much longer as Google has been making more and more code proprietary. Hope it works out!
⁨Comment⁩ on ⁨Block ditches 4,000 staff, because AI can do their jobs⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Lots of companies are doing this. They invested in LLM tech. Most on the ground realized it doesn’t work except in very, very specific circumstances. Upper management either decides they’re lying to protect their jobs, or doesn’t care and just wants an excuse to reduce “human resource” costs and lays off the people they expected the AI to replace anyway. Short term profits rise while remaining employees are stuck doing double or more work to take up the slack, but with so many companies doing it, they can’t leave. Eventually, the bubble will burst anf companies will fail. Retirement funds will take tons of loss to prop up all of the “too big to fail” companies while their smaller competitors die off. Some new bubble will come along and repeat the process. Meanwhile consolidation makes products worse and increases inflation, fraud runs rampant, and crime spikes as more and more people can’t afford to live. End stage capitalism as predicted many times over the last few centuries. All we can do is try to survive at this point and keep showing the right wing masses the truth until they either stop following hate driven distractions to their own detriment or the whole system collapses.
⁨Comment⁩ on ⁨CIOs told: Prove your AI pays off – or pay the price⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Unfortunately, they first laid off all the employees they were promised would be made redundant by the AI. They should have verified that the AI was doing it’s promised job before that. Lol. At the company I work for they just gave early retirements to all of the people with all the knowledge as part of layoffs with AI as the reason given for the layoffs. We’re all screwed because AI has had zero positive effect in any projects I’ve seen, and I’m a software architect, so I see a lot.
⁨Comment⁩ on ⁨Ford is fighting against physics to build affordable EVs⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
It mentions things like reducing friction, enhancing aerodynamics, etc., which should have be applied to all cars long ago. There might be slight differences in what efficiencies apply since components are different, but a lot are shared like shape of the body shell, lots of components in the wheels, axles, transmissions, etc., that could have friction reduced, etc.
⁨Comment⁩ on ⁨Ford is fighting against physics to build affordable EVs⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Finally! Should have focused more on efficiencies ages ago, but the oil companies wanted more use, not less and looks were more important than gas mileage to customers in things like trucks. But since charging stations have been delayed to prop up oil profits, and so aren’t as ubiquitous as gas stations, and battery tech (including fast charging) had been gobbled up and killed off for the last nearly a century by oil companies before cell phones needed it, EVs need that efficiency.
⁨Comment⁩ on ⁨Windows 11 has a new Start menu — here's how to unlock it⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
The start menu became useless when it started getting difficult to find the full list of apps. I often don’t remember exactly what an app is called to search for it since the search requires the exact name and only displays a couple of option from the app list for partial whereas the rest are web searches, etc. I gave up on it long ago. Now my desktop has to be covered in icons, which I hate.
⁨Comment⁩ on ⁨Meet UpScrolled, the anti-censorship TikTok alternative⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Some censorship is good. Just like some regulation is good in any industry. Otherwise, the worst of the worst will destroy it with propaganda and hate. Censorship of things that are meant solely to hurt others or to spread misinformation are needed.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Nah LLMs aren’t true AI anymore than the simple scripts in games from decades ago are AI. They aren’t intelligent or thinking at all, they just mix and mimic combinations of words they were trained with. They don’t understand any of them.
⁨Comment⁩ on ⁨LG's new subscription program charges up to £277 per month to rent a TV⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Might be worth it if TV technology was actually still improving. But since they stopped innovating outside of more aggressive ads, I can’t see wanting to upgrade after just a couple of years.
⁨Comment⁩ on ⁨Google AI Overviews cite YouTube more than any medical site for health queries, study suggests⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
When healthcare can ruin you financially for even small issues, of course you’re going to look for help from any free source you can.
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Exactly, so it does that job because it requires an entirely different and complex skill-set to intercept sms messages and you have to do both things now if sms 2FA is in place. With the issue in the article you dont even need to intercept sms meant for a particular user to get access to random users’ accounts, thus totally different issue.

I asked, what is better for a second factor than SMS?
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I was talking about sms. All types of cryptographic code generation uses one or more keys. The sms type just uses one that only the sender holds, it’s never shared with anyone which can cause it to be more easily lost.

The sim cards and their cryptographic keys are just built into the phones, and the codes are swapped when you sign up, same concept as renovable sim cards.

And again, it doesn’t matter of a sms code is intercepted as much as the entire login method. If you dont have the username and password, what good does an sms code do for anything? The issue in the article is that there’s nothing else to know, just the current format of the set of codes being generated by the system. Then you can randomly guess a similar code and get access to a random person’s account. Much, much different from the use MFA which is worthless without ALL of the factors, not just a single one.
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:

I don’t understand what you mean by “keys” here. Nothing in encrypted. You generate codes by initiating the login process.

The way TOTP works is there is a key (usually in the form of a QR code) for TOTP apps. That key is stored in your TOTP app locally, but also often stored I’m the cloud of you use Google’s app. Codes are generated using that key and the current timestamp. Otherwise a valid code can’t be generated.

There is no encryption in SMS…

The messages aren’t encrypted at rest but, the connections are. You need a key in the physical sim card to intercept anything. You can’t just intercept and duplicate a sim card’s identifier like with 2G. No casual hacker is going to hack LTE or newer technologies, only professionals like governments and government backed spy agencies. Not saying it’s as secure as OT should be, but the effort and cost is not worth it most of the time.

And sim swap only works if you also have the person’s username and password for 2fa. For the issue mentioned in the article it does work because you dont need any knowledge or other factor other than the message itself to login. Single factor logins with not even needing to have a username, much less a password, are obviously going to be an issue, which is why I’m emphasizing, I’m interested in 2FA like a bank might use, not the issue mentioned in the article which is totally different.
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
That’s the thing though, with SMS 2FA you don’t have the keys at all, so you can’t generate codes, you only get the code you intercept. Same with email based, but with sms, the message has to be intercepted in a timely manner, which is much more difficult for SMS than if they already have your password that’s used for your email account. Plus the issues with SMS not being encrypted only really exists on 2G services which they really need to get rid of, or at least disable at the account level so 2G only works for emergency calls. 4G and up are significantly more secure (not perfect but requires much more complex hardware and knowledge of secrets from the cell company) and generally require the hacker to be masquerading as the user on the cellular network. Otherwise, hack the cell provider which is how a lot of the archived messages they mentioned are retrieved, because, yeah, they usually aren’t stored encrypted. But if the TTL of the TOTP code is 10-60minutes and single use as well as invalidated once a new code is sent like a bank or really any decent system should, archived message caches aren’t useful.

The issue mentioned in the article is totally separate. These are links that you can log in without needing to even know a username, much less a password, associated with that code. Guessing a random code generated for a specific account is much more difficult, not to mention needing the password. The article is more hypothetical in the actual security of the SMS messages going to a particular phone for a particular account and more about how bad the links being generated are since if you get one link from any insecure sms message you can access many random accounts as well as the one you intercepted and no other factor, even user id, is needed to use the links. So you can send one code just to your own account and then use that to hack others without even having to intercept anything nefariously.
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
SMS 2FA is TOTP, just the code is sent via SMS and the key is never shared with the user. But the issue with those apps seems to be even more problematic than SMS from the issues mentioned, e.g. changing phone numbers is not as common as changing phones or other catastrophic events that might cause the keys to get lost. And if you store passkeys or TOTP generating keys in the cloud, then the factor is no longer “something you have” because anyone can get the keys if they get the password to the thing storing the keys. SMS based TOTP leaves the keys only with the site you’re logging into and only the time sensitive TOTP codes are ever sent out. And although the lifetime period for sms TOTP has to be longer, they are additionally expired on single use (assuming it’s implemented properly).
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Problem is finding something that is universal that is a “something you have” is difficult to find that almost everyone has. Almost everyone has a cell phone these days, so it’s a good option to use as that kind of factor. Email is a second “something you know” factor (I.e. via the password to your email account) and could be the same something if you use the same password. And getting someone to carry yet another device even if it’s simple like a Yubikey or something like that can be difficult. And unless biometric devices become universal on computers as well as phones, the “something you are” factor is hard to accomplish universally as well.

So, what options do you think are better that can be a “something you have” for use as a second factor to a password or other type of “something you know” factor?
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
How so?

It’s a second factor. It’s “something you know”, “something you have”, and/or “something you are”. The username and password is the “something you know” and the sms message is “something you have” (I.e. the phone). There’s no need for the second factor to be secret as long as it is single use and time sensitive and is only used as a second factor, not the only factor.

This article was about single factor messages that are the entirety of the login flow, so not about 2FA, but I’m still interested in the concerns for second factor. It is still adding security over a password alone which is the only goal in the 2FA subject.
⁨Comment⁩ on ⁨Millions of people imperiled through sign-in links sent by SMS⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
2FA isn’t the issue. The issue is single factor logins with only text messages, no password and often no username. Those messages allow anyone who intercepts them to login, no username or password is involved at all.

2FA via SMS is a perfectly fine solution, though there are more secure options like yubikeys or TOTP generation apps.
⁨Comment⁩ on ⁨Spotify’s 3rd price hike in 2.5 years hints at potential new normal⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I have around 3500 liked songs on Spotify alone just from the last 5 years or so and just stuff that Spotify chooses to plat for me. I have about 9,000 tracks in my primary collection from old ripped CDs and purchased MP3s/FLACs. This is without stuff that I dont really like that much anymore or stuff that I would only listen to in specific circumstances, like Mozart or something. It’s over 100GB. There is definitely some overlap there, but definitely less than 1/3 of the Spotify likes I also own. So probably I’d end up somewhere in the 125-150GB range. If phones still had SD card slots I could do it, but that’s not that common anymore since they want you to buy streaming and backup services.

I could probably pare it down even more without missing out too much, but it would take a lot of time and it would be removing stuff I like to listen to. And I wouldn’t have room to add new stuff.

I listen to a pretty wide variety of genres and I listen on my phone often, pretty much anytime I’m driving or on a bus/train, and I dont like hearing the same songs repeated too much unless I’m just getting to know the song. I’ve thought about writing a script that automatically randomly replaces files when I’m on my home network to take a smaller set with me, but that’s a lot of work. The other alternative is creating playlists of a few hundred songs each and switching them out when I’m home, but again, lots of work.

Streaming just covers it well for my use case, if it was reasonably priced and did it’s job well to help discover new music, but seems that’s not what they’re selling anymore. I also don’t have a data cap anymore, or at least it’s a soft cap and not ridiculously low, but not sure how long that will be the case either.
⁨Comment⁩ on ⁨Spotify’s 3rd price hike in 2.5 years hints at potential new normal⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Radio only plays a few dozen songs or only “classic” stuff, so I never get to hear new stuff. Having streaming audio was always my way to find new music. That said, Spotify has started doing the same, just playing the sponsored songs and the themes they have generally only play stuff I’ve heard a million times. Rarely “b-sides” or new stuff based on my actual interests.

I miss the days of the original Pandora service with its database of music elements, and it would go across genres to find things with similar elements and didn’t have any influence from the recording industry sponsoring songs because they were actively destroying their own industry fighting to kill off streaming, instead. I found a bunch of new stuff I never would have heard otherwise. It totally changed my listening habits.

So with the streaming services consolidating and raising prices as a result, I likely won’t stick with it anymore. My music library is too large to store locally on my phone and I like variety rather than making playlists. I’m thinking of setting up my own streaming server, but music discovery is still an issue I need to solve.
⁨Comment⁩ on ⁨Many Top MAGA Trolls Aren’t Even in the U.S - Elon Musk’s new X feature has been very revealing.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Um…Koch Industries donated tons of money to politician to not retaliate against Russia when they invaded Ukraine, and they refused to pull out of Russia when lots of other companies were. And that’s just one small, recent example of their connections to Russia. Google can find lots of others. I mean go back far enough and their family had close connections to Stalin as well.
⁨Comment⁩ on ⁨Americans are holding onto devices longer than ever and it's costing the economy⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
There’s lots of things that could be innovated without faster processors. I mean if we’re just talking cell phones, adding a camera was an innovation, adding a touch screen and eventually touch keyboards that actually worked. These things were aided by faster processors, but not directly dependent on them. But these could be totally unrelated devices to phones or even computing at all. Innovation across the board including med-tech, business models, city planning, and tons of other industries have suffered from privatization, deregulation, and leading then to consolidation and thus little need to compete and thus little need to innovate.
⁨Comment⁩ on ⁨Booking.com cancelled woman's $4K hotel reservation, then offered her same rooms for $17K⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
It used to be useful when there was competition to actually provide good service and actually negotiate prices. Consolidation to basically one parent company ruined the whole thing like most late capitalism consolidation tends to do…
⁨Comment⁩ on ⁨Americans are holding onto devices longer than ever and it's costing the economy⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
“Companies aren’t innovating anymore and it’s costing the economy” is what it should say. When late stage capitalism leads to consolidation and cost cutting, stock buybacks, and other short term profit when competition is no longer necessary, that’s what kills the economy. That’s why monopolies and anticompetitive behaviors are bad.
⁨Comment⁩ on ⁨Many Top MAGA Trolls Aren’t Even in the U.S - Elon Musk’s new X feature has been very revealing.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
A lot of that was sexism and racism forcing less fascist loving conservatives over to Trump combined with a general sense of betrayal. The Democrats made a huge mistake forcing Biden down everyone’s throat by forcing other candidates not to run (which they do most years bit it was really obvious this time with the disapproval of how far right the party moved to even select Biden) and an even bigger mistake switching to Harris against the will of the (admittedly sham) vote.
⁨Comment⁩ on ⁨Press a button and this SSD will self-destruct with all your data⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
But charge the capacitor with what? That’s the point. If it doesn’t kill the data immediately upon pushing the button, even when unplugged, it’s useless unless some bumbling idiot thief/cop/agent plugs it in before just disarming the button.

And as for fully physical, do tests with what? Another computer? Its a memory storage device with only an I/O driver and basic firmware. There’s no CPU to separately run software to detect if the components are destroyed. And if there were, that would have to be physically/electrically separated from the short that is going to kill the device and then physically reconnected, which would mean some kind of mechanical device most likely. Now were getting into a huge device, not a flash drive. The device already has capabilities to read and write data. Very easy to add a chip to give that random data to write over the existing data and a lot less power than a processor and motorized components.

And again, it doesn’t solve the redundancy problem. Single point of failure is always going to go wrong at least one in some number of cases. Even top of the line components and the best quality control available can’t beat redundancy and it’s way, way cheaper.
⁨Comment⁩ on ⁨Press a button and this SSD will self-destruct with all your data⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Yeah, but again, that requires precise destruction in a cheap chip while making sure both not to do it accidentally and making sure it’s successful afterwards. With redundancy, if one thing fails, there’s something else to do the job. Most corporations have abandoned this idea in exchange for short term profit and planned obsolescence. But it’s actually super important in real security.
⁨Comment⁩ on ⁨Pornhub is urging tech giants to enact device-based age verification⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Exactly, so give parents the tools to filter and make it their responsibility to police their children. Don’t make everyone give up their privacy and sometimes, security, and safety to shitty corporations who will eventually leak all of their data. Which is exactly what both I and pornhub are saying.