Terrible news: the worst person I know just made a banger post.
this post was submitted on 27 Jan 2025
1 points (100.0% liked)
TechTakes
1580 readers
13 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 2 years ago
MODERATORS
Screenshot of an insta post of a screenshot of a tweet 
Tweet:
I can’t believe ChatGPT lost its job to AI
Looks like Ziz remains on the lam again.
Neo-Nazi nutcase having a normal one.
It's so great that this isn't falsifiable. The model has been downloading 10 million times at this point. Somehow, the diamanoid bacteria has not killed us all yet. So yes, we have found out the Yud was wrong. The basilisk is haunting my enemies, and she never misses.
Bonus sneer: "we are going to find out if Yud was right" Hey fuckhead, he suggested nuking data centers to prevent models better than gpt4 from spreading. R1 is better than GPT4, and it doesn't require a data center to run so if we had acted on Yud's geopolitical plans for nuclear holocaust, billions would have been for incinerated for absolutely NO REASON. How do you not look at this shit and go, yeah maybe don't listen to this bozo? I've been wrong before, but god damn, dawg, if we had followed Yud's advice the survivors would be starving in radioactive craters rn.
The advanced sinophobia where the Chinese are so much better at everything than the west that even when they make better and cheaper bullshit machines than the Americans do and hand them out for free, it has apocalyptic consequences.
It's wild that Yudkowsky saw a binary choice of "nuclear holocaust" and "superintelligence" and chose "nuclear holocaust" in the first place.
Like, even if I believed in FOOM, I'll take my chances with the stupid sexy basilisk 🐍 over radiation burns and it's not even fucking close.
I don't want to say with absolute confidence that there's no scenario I can imagine to which a nuclear apocalypse would be preferable (the real kind, not the Fallout kind). But I have yet to hear one.
The upcoming firestorms of climate change, while patrolling the Mohave desert almost make you wish for nuclear winter. Ow wait not like fallout you said
nuclear winter is not a thing that can possibly happen, from what i understand
sagan et al overstated amount of soot put in upper atmosphere over 10x, for no particular reason other than trying to make a point
notice how no one talked about it after desert storm? oilfield fires provided negative evidence
They still do nuclear war climate modelling. Its still bad.
Another dream shattered. Not sure if the oilfield fires were big enough. Volcanoes can cause some cooling right? pokes old yeller
yellowstone caldera erupting during Trump II would be fitting somehow
I’m not going to link Andy Ngo but random rationalist transwomen are being accused of terror sympathy…and Aella is doing this ‘leopards ate my face’ dance.
tbh I don't understand this post at all. aella isn't trans so why would she be a target for leopards? I must be misinterpreting
thats just me trying to use an unfamiliar meme (and just trying to narrate what I'm seeing on twitter that maybe isn't worth a link). she was actually complaining that people had gone to Ngo.
oh I see! she's annoyed about a different gang of fascists flexing on hers
Ok you brought aella up so now I can post this:
Heard this song for the first time the other day and it reminded me of aella.
side note: what’s a good way to post links to music that isn’t youtube?
I've used this before: https://song.link/i/1169243537
oh this is brilliant, I’ve been looking for something like this
Goddammit why can't the murder cult story just stay morbidly fascinating? Now I've got to worry about implications and how the worst people are gonna use this as ammo.
i don't think it's the first time i see jessicata acting like a total piece of shit in her completely emotionless way and it's incredibly creepy. she doesn't even seem to be aware of the harm she can cause.
I was kinda picking up on that ugh.
Ngo is going on Newsmax tonight to do his thing in front of the masses.
Spent the last week playing with some security shit (thinking about a career change, since it looks like I will be mastering out of my PhD program) and fuck me everything about hardening your personal devices is exhausting. We are nowhere close to accessible privacy and security in our computers. The best solution right now may be "buy a Macbook and learn MacOS", which is so depressing.
Still deciding on a web browser. Used to be I could recommend Firefox because Righteous-Opposition-to-Google, but that doesn't really track anymore with Mozilla's behavior. Now I guess I would recommend Chrome, but it feels so gross (and I am unsure about things like Ungoogled-Chromium, for security reasons).
the basic laptop hardening
- Install Fedora Silverblue
- Be sure to set a good LUKS password
- Set a BIOS password and disable USB booting
- Rebase to secureblue
- Follow the Post Install Readme
- I personally couldn't figure out how to set the GRUB password. To what extent is all of this complexity just self-serving bullshit?
As far as passwords, the only password I have to memorize is the one to my Bitwarden vault. Everything else is stored in Bitwarden. The passwords (except for my phone PIN) are 16 characters if I ever need to type them in manually (e.g. LUKS password), whereas passwords that will always be copy-pasted are 128 characters. I am looking into integrating a yubikey, but am leaning towards "fuck that shit, why would anyone actually want to use this?" If anyone here has comments on this (am I missing an obvious pitfall? do yubikeys suck as much as it looks like they suck?) I would be happy to hear them.
- I personally couldn't figure out how to set the GRUB password. To what extent is all of this complexity just self-serving bullshit?
Anyway tl;dr is I spent the last week hardening all my devices and it sucks. In some cases it was a complete waste of time (my Steam Deck does not appear to have a way to set a password in the BIOS). In other cases (e.g. my Framework), it was probably worth it but a deeply terrible experience.
Last time I tried it, ungoogled chromium had some issues with yubikeys (see https://ungoogled-software.github.io/ungoogled-chromium-wiki/faq#how-to-get-fido-u2f-security-keys-to-work-in-google-sign-in) which I don’t think have been fixed yet. That was enough to be a deal breaker for me.
do yubikeys suck as much as it looks like they suck?
Without knowing why you think they suck, it’s hard to say. I like having unphishable uncopyable credentials, and it irritates me that they aren’t more widely supported. On my desktop or laptop, they’re less irritating than TOTP, for example, which is neither unphishable nor uncopyable but much more widely used.
whereas passwords that will always be copy-pasted are 128 characters
Whilst there isn’t really such a thing as “too secure”, it is the case that things like passwords are not infinitely scaleable. Something like yescrypt produces 256-bit hashes (iirc) so there’s simply no space to squish all that extra entropy you’re providing into the output… it might not be any more secure than a password a quarter of its length (or less!).
128 bits of entropy is already impractical to brute force, even if you ignore the fact that modern password hashes like yescrypt and argon2 are particularly challenging to attack even if your password has low entropy.
Without knowing why you think they suck, it’s hard to say. I like having unphishable uncopyable credentials, and it irritates me that they aren’t more widely supported. On my desktop or laptop, they’re less irritating than TOTP, for example, which is neither unphishable nor uncopyable but much more widely used.
I've come around a bit since posting yesterday (after looking into the various hardware key options, like OnlyKey). The biggest issue I have is that the firmware cannot be updated (which I realize is somewhat a matter of taste regarding your threat model). Other than that, it's the added complexity of "use this physical device" and the concern I had about recovering accounts if I lost the Yubikey. Their page on spare devices does not inspire confidence.
Whilst there isn’t really such a thing as “too secure”, it is the case that things like passwords are not infinitely scaleable. Something like yescrypt produces 256-bit hashes (iirc) so there’s simply no space to squish all that extra entropy you’re providing into the output… it might not be any more secure than a password a quarter of its length (or less!).
128 bits of entropy is already impractical to brute force, even if you ignore the fact that modern password hashes like yescrypt and argon2 are particularly challenging to attack even if your password has low entropy.
Fair point! I chose 128 because it's the maximum allowed in Bitwarden (if it's going to be copy-pasted anyway, who cares). Assuming I didn't fuck up basic math, the entropy of a passphrase of length n selected uniformly at random from characters in A is given by nlog|A|, so to reach 128 bits of entropy with 70 chars (lower + upper + digits + special) requires a passphrase of length 21.
The biggest issue I have is that the firmware cannot be updated (which I realize is somewhat a matter of taste regarding your threat model). Other than that, it’s the added complexity of “use this physical device” and the concern I had about recovering accounts if I lost the Yubikey.
The solokey v2 and the nitrokey v3 (I think) have some firmware upgradability, but they're not as capable as a yubikey (the last time I checked I couldn't use either of them to unlock a keepassxc password vault, for example). Whilst it would be a right hassle to deal with a lost device, I generally lock my accounts with a main key and two spares that get stored safely and make a note in my password database of which accounts can use which keys so there's little risk of locking myself out of anything, and I can get a list of sites to visit to revoke credentials from. In any case, the minor inconvenience is a good tradeoff for me, given the significant security guarantees the keys offer over other authentication mechanisms.
But also, "added complexity" is just a thing with two factor authentication, and most of my use of U2F keys involves less effort than unlocking my phone, then unlocking my TOTP application, then searching for the account and site I'm trying to unlock, then waiting for the timer to reset because I can't authenticate before the current code expires, etc.
Assuming I didn’t fuck up basic math,
Beats me! I just use off-the-shelf entropy calculators and hope they're right. They mostly seem to agree that ~128 bits of entropy from a 10-word (70-85-ish characters) passphrase from the EFF large wordlist, or ~24 characters from uppercase/lowercase/numeric. Both might be reasonably considered overkill, if you can be sure that the thing that's hashing the password is using a modern algorithm (which often you can't, sadly).
I also dislike unreasonably long passwords because more modestly-sized ones can be typed out manually when needs be, or even read over the phone in an emergency. I wouldn't fancy doing that with 128 character passwords! You may of course never need to do those things, but I've needed to do both, at work and otherwise.
The best solution right now may be “buy a Macbook and learn MacOS”, which is so depressing.
Depends on whether you include "my personal data is sent to the manufacturer of the computer against my wishes" in your threat model... Apple does many good things for security, and I wish PC hardware makers would take security-related things even just nearly as seriously as them. But I can't trust Apple anymore either.
(Explanation: the whole iCloud syncing stuff is such a buggy mess. I don't want it, I don't need it, so I want it off. But I guess Apple just doesn't test enough how well it works when you turn it off, maybe they can't imagine someone not wanting it. The problem is, iCloud sync settings don't stay off. Settings randomly turn themselves back on, e.g. during OS updates, and upload data before you even notice it. I'm not claiming that's intentional, I assume it's just bugs. But I've observed such bugs again and again in the past 9 years, and I've had enough. Still have a Macbook around, but I use it very rarely these days, only when I need some piece of software on MacOS that has no suitable Linux equivalent.)
While a PC+Linux setup can avoid the specific issue of "don't randomly upload my data somewhere", the setup of it all can be a mess, as you say. And then security is still limited by buggy hardware and BIOS/firmware that is frequently full of security holes. The state of computers is depressing indeed (in so many ways, security just being one of them)...
A note to the effect of:
You have basically no control over how Apple handles your data. When iOS users opted out of data collection, Apple still collected the data, they just didn't allow third-party access to it.
is a good idea if I ever do recommend a Mac.
I don't think I could ever recommend chromium-based browsers due to the MV3 switch. Does ungoogled-chromium do any patching to get around this? If not I think FF is the only sane option still.
I believe ungoogled-chromium does have MV2 support. Unfortunately, there are still real security concerns with Firefox. The good news is that Trivalent (a hardened version of Chromium developed by the Secureblue folks) has ad/content blocking built in. I am still mostly using Firefox, but the small amount that I have used Trivalent has been good.
you can get banned on facebook now for linking to distrowatch https://www.tomshardware.com/software/linux/facebook-flags-linux-topics-as-cybersecurity-threats-posts-and-users-being-blocked
but it's not as bad as you think, it's slightly worse. it's not only distrowatch and linux groups got banned too
And on a less downbeat and significantly more puerile note, Dan Fixes Coin Ops makes a nice analogy for companies integrating ai into their product.
that thread is a work of genius and answers what the next tech boom needs to be
~~dicks in mousetraps~~ I MEAN whatever wastes electricity most, preferably with Nvidia cards
I do actually have a mechanism for using the sharp edges of NVidia cards for ~~dick~~ mouse trapping purposes. And we could - hypothetically - use the extraneous power inputs to mine Bitcoin or something, maximizing efficiency!
Hey, did you know of you own an old forum full of interesting posts from back in the day when humans wrote stuff, you can just attach ai bots to dead accounts and have them post backdated slop for, uh, reasons?
this was mentioned in last week's thread
what I don't get is why the admins chose to both backdate the entries and re-use poster's handles. If they'd just tried to "close" open questions using GenAI with the current date and a robot user it would still be shit but not quite as deceptive
The whole thing is just weirdly incompetent. Maybe they just had everything configured wrong and accidentally deployed sone throwaway tests to production? I could almost see it as a way to poison scrapers, given that there are some odd visibility settings on the slop posts, though the owner’s shiftiness and dubious explanations suggest it wasn’t anything so worthy.
view more: next ›