Didn’t something similar happen in Turkey with Erdogan a few years back? Pretty sure he was accused of being behind it himself too; don’t know what the final verdict was though.

I think it’s a pretty common accusation, just like when a politician is attacked, someone will invariably suggest that they staged it in order to get more support.

I read every single word of it, twice, and I was laughing all the way through. I’m sorry you don’t like it, but it seems strange that you immediately assume that I haven’t read it just because I don’t agree with you.

This is such a fun and insightful piece. Unfortunately, the people who really need to read it never will.

I get notifications for calls (obviously), SMS messages (of which I receive an average of 1 per month) and IMs from my immediate family. Everything else I check up on when I actually feel like I have the time for it. This has dramatically reduced the number of emails and other things I forget to reply to/act on, because I see them when I want to and when I have the time to actually deal with them; not when some random notification pops up when I’m doing something else, gets half-noticed and swiped away because I’ll deal with it later.

Cloud Saves may be difficult to deal with, depending on what games you play.

The headline is supposedly CISA urging users to either update or delete Chrome — it’s not Chrome/Google itself. However, I’m having trouble finding the actual CISA alert. It’s not linked in the article as far as I can tell.

Fair enough, and thanks for the offer. I found a demo on YouTube. It does indeed look a lot more reasonable than having an LLM actually write the code.

I’m one of the people that don’t use IntelliSense, so it’s probably not for me, but I can definitely see why people find that particular implementation useful. Thanks for catching and correcting my misunderstanding. :)

I’m closing in on 30 years too, started just around '95, and I have yet to see an LLM spit out anything useful that I would actually feel comfortable committing to a project. Usually you end up having to spend as much time—if not more—double-checking and correcting the LLM’s output as you would writing the code yourself. (Full disclosure: I haven’t tried Copilot, so it’s possible that it’s different from Bard/Gemini, ChatGPT and what-have-you, but I’d be surprised if it was that different.)

Here’s a good example of how an LLM doesn’t really understand code in context and thus finds a “bug” that’s literally mitigated in the line before the one where it spots the potential bug: https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ (see “Exhibit B”, which links to: https://hackerone.com/reports/2298307, which is the actual HackerOne report).

LLMs don’t understand code. It’s literally your “helpful”, non-programmer friend—on stereoids—cobbling together bits and pieces from searches on SO, Reddit, DevShed, etc. and hoping the answer will make you impressed with him. Reading the study from TFA (https://dl.acm.org/doi/pdf/10.1145/3613904.3642596, §§5.1-5.2 in particular) only cements this position further for me.

And that’s not even touching upon the other issues (like copyright, licensing, etc.) with LLM-generated code that led to NetBSD simply forbidding it in their commit guidelines: https://mastodon.sdf.org/@netbsd/112446618914747900

Edit: Spelling

I wouldn’t trust an LLM to produce any kind of programming answer. If you’re skilled enough to know it’s wrong, then you should do it yourself, if you’re not, then you shouldn’t be using it.

I’ve seen plenty of examples of specific, clear, simple prompts that an LLM absolutely butchered by using libraries, functions, classes, and APIs that don’t exist. Likewise with code analysis where it invented bugs that literally did not exist in the actual code.

LLMs don’t have a holistic understanding of anything—they’re your non-programming, but over-confident, friend that’s trying to convey the results of a Google search on low-level memory management in C++.

Nowhere does he say that he doesn’t believe in Wunterslash, so I’m cool with him.

I don’t think anyone should fear for their lives because of their opinions regardless of how stupid they are.

Edit: It’s pretty fucked up that this is somehow controversial…

Ah, cool. I do have WSL installed on every Windows box I use regularly, but it’s good to know for when I run into a more locked down machine.

Seems a bit excessive to install WSL just to get an SSH client.

Using a password manager I’d have to copy-paste or remember each password. Not all have a web interface.

Then pick one that has a web interface or a CLI, Bitwarden has both and is free. KeePass databases can be hosted on your NAS and accessed to CLI tools. There are plenty of options. Or use passphrases (which are just as good as—or better than—complex passwords) and just type them? I use Bitwarden for literally each and every password/lock code/PIN that I have, and I have plenty of Pis and other things that don’t let me easily log into Bitwarden, but finding “Excentric4-Waxing-Adopted-Giraffe” on one device, and typing it in another really isn’t much of a hassle. (Also, why not just SSH into your Pis? Then you only need to worry about accessing a password manager on the machine you’re opening the SSH connection from.)

From the comments on this post it seems that you’re mostly looking for validation of the idea you originally had rather than actual feedback on how secure that idea is. You’re obviously free to manage your passwords exactly as you want, but this idea of a “base password” is objectively less secure than the alternative put forward by many people in these comments, namely to use the Yubikey to log into a good password manager that then handles all the different (completely unique) passwords.

There are always instances where doing things the best and most secure way is more cumbersome, and it’s up to you to decide if you want all of your passwords to be poor (and difficult to change, in this case) just because you occasionally need to log into something that doesn’t neatly integrate with a password manager.

Why not use the Yubikey for the master password on a KeePass DB (or another password manager) and then use actual different passwords—not just prefixed ones—saved in said password manager for your logins?

It doesn’t matter if your base password is a 255 character high-entropy annoying-to-type-manually-on-a-phone-keyboard or a 16 character string of alphanumeric characters if you reuse it in a slightly predictable manner. For it to be somewhat secure, the prefix would have to be completely random, which kinda defeats the idea of you being able to remember them. A “base password” is, to be frank, only one small step up from using the same password everywhere.

And as someone else pointed out, it makes it very difficult to change passwords, which also should be a huge red flag.

Take a look at the leaks on Have I Been Pwned and see how many of them include either clear text passwords or extremely weakly hashed (perhaps even unsalted) passwords. If you show up in just one or two of those, then you’re in a significantly worse position than you would be had you just used different passwords.

What are you missing on Linux?

Edit: Kinda weird to downvote for asking an honest question, but sure, knock yourselves out.

It’s not an Android phone tho. It’s a feature phone, so it’ll probably be running KaiOS like the other Nokia feature phones.

Why can’t you use ±aliases in Git, Mastodon, etc.?

Edit: git config --local user.email "something+someotherstuff@example.com" shouldn’t cause any issues.

LibreWolf is a very decent Firefox fork. Open Source is great because bad CEOs can’t really threaten the source code.

Not saying this one is bad though — I have no idea. The last one was raking in $7 million/year which is less than ideal for an open source project.

That makes sense, thanks. I wasn’t sure whether they included animals in the goal.