And it still cleans up once the ownership model indicates it can be cleaned up. That does not ensure memory is never leaked, but it is equivalent to destructors running automatically when using unique ptr or shared ptr without cycles in C++, which avoids at least a portion of possible memory leaks.

I feel like that comparison is a bit skewed, given that the original house (sudo, without the rs) was never torn down.

Furthermore, rather than something easily replaceable or shallow, the language used is pretty integral to the software. Rather than paint, it would be like the building is made with untreated timber for framing. There might be termites that threaten the integrity of the building.

If the building is unimportant you may not bother with the cost. But if it is somewhat important, reconstructing with better materials could be worth it even if new mistakes could be made during construction.

That difference is so large, they must be quoting different numbers. Something like DOJ is looking at Advertising providers or search providers alone, while Google quotes a number for percentage of all websites visited or something.

Yeah, even if it is the law, companies do tend to fall short of adhering to said law. For example, a lab that does cancer screening got hacked and pretty much messed up their entire response.

I recognize that issue. Firefox doesn’t forward to an app by default, prompting you instead. However, they often immediately forward you to the play store instead when it does not work immediately (not letting you accept the prompt).

Settings > (Advanced) > Open Links in App (set to always), would make it work (at the cost of every other website also doing so…)

As someone who uses iDEAL with Firefox all the time, I have never had it break. You might need to check whether there isn’t an extension that causes issues or looking into disabling Enhanced privacy mode for iDEAL.

Beyond trying a different browser: try the chrome mask extension for Firefox, some websites that refuse to work only do so because they are hardcoded to.

• wasnt broke dont fix

Sadly, security issues are still being found in sudo, so wasn’t broke isn’t entirely true. Though, whether or not Rust prevents a given security issue is strongly dependent on the kind of issue. Security issues arising from logical errors usually don’t get caught, there is only a guarantee for memory management issues.

• missing some configuration features of base sudo

One of the things sudo-rs does is implement only a subset of features to decrease the attack surface. A recent security issue did not affect sudo-rs because they simply did not implement the feature that had the (logic) bug. As with many things this is a trade-off.

Also ImageTragick was a thing, there are definitely security implications to adding dependencies to implement a feature in this way (especially on a shared instance). The API at the very least needs to handle auth, so that your images and videos don’t get rotated by others.

Then you have UX, you may want to show to the user that things have rotated (otherwise button will be deemed non-functional, even if it uses this one-liner behind the scenes), but probably don’t want to transfer the entire video multiple times to show this (too slow, costs data).

Yeah, it is one thing to add a one liner, but another to make a well implemented feature.

At least the EU is somewhat privacy friendly here (excluding the Google tie in) compared to whatever data sharing and privacy mess the UK has obligated people to do with sharing ID pictures or selfies.

Proving you are 18+ through zero knowledge proof (i.e. other party gets no more information than being 18+) where the proof is generated on your own device locally based on a government signed date of birth (government only issues an ID, doesn’t see what you do exactly) is probably the least privacy intrusive way to do this, barring not checking anything at all.

Robot Operating System maybe? Might be an acronym for something else too, though.

Wouldn’t the algorithm that creates these models in the first place fit the bill? Given that it takes a bunch of text data, and manages to organize this in such a fashion that the resulting model can combine knowledge from pieces of text, I would argue so.

What is understanding knowledge anyways? Wouldn’t humans not fit the bill either, given that for most of our knowledge we do not know why it is the way it is, or even had rules that were - in hindsight - incorrect?

If a model is more capable of solving a problem than an average human being, isn’t it, in its own way, some form of intelligent? And, to take things to the utter extreme, wouldn’t evolution itself be intelligent, given that it causes intelligent behavior to emerge, for example, viruses adapting to external threats? What about an (iterative) optimization algorithm that finds solutions that no human would be able to find?

Intellegence has a very clear definition.

I would disagree, it is probably one of the most hard to define things out there, which has changed greatly with time, and is core to the study of philosophy. Every time a being or thing fits a definition of intelligent, the definition often altered to exclude, as has been done many times.

Yes, true, but that is assuming:

1. Any potential future improvement solely comes from ingesting more useful data.
2. That the amount of data produced is not ever increasing (even excluding AI slop).
3. No (new) techniques that makes it more efficient in terms of data required to train are published or engineered.
4. No (new) techniques that improve reliability are used, e.g. by specializing it for code auditing specifically.

What the author of the blogpost has shown is that it can find useful issues even now. If you apply this to a codebase, have a human categorize issues by real / fake, and train the thing to make it more likely to generate real issues and less likely to generate false positives, it could still be improved specifically for this application. That does not require nearly as much data as general improvements.

While I agree that improvements are not a given, I wouldn’t assume that it could never happen anymore. Despite these companies effectively exhausting all of the text on the internet, currently improvements are still being made left-right-and-center. If the many billions they are spending improve these models such that we have a fancy new tool for ensuring our software is more safe and secure: great! If it ends up being an endless money pit, and nothing ever comes from it, oh well. I’ll just wait-and-see which of the two will be the case.

Not quite, though. In the blogpost the pentester notes that it found a similar issue (that he overlooked) that occurred elsewhere, in the logoff handler, which the pentester noted and verified when spitting through a number of the reports it generated. Additionally, the pentester noted that the fix it supplied accounted for (and documented) a issue that it accounted for, that his own suggested fix for the issue was (still) susceptible to. This shows that it could be(come) a new tool that allows us to identify issues that are not found with techniques like fuzzing and can even be overlooked by a pentester actively searching for them, never mind a kernel programmer.

Now, these models generate a ton of false positives, which make the signal-to-noise ratio still much higher than what would be preferred. But the fact that a language model can locate and identify these issues at all, even if sporadically, is already orders of magnitude more than what I would have expected initially. I would have expected it to only hallucinate issues, not finding anything that is remotely like an actual security issue. Much like the spam the curl project is experiencing.

The key point that is being made is that it you are doing de facto copyright infringement of plagiarism by creating a copy, it shouldn’t matter whether that copy was made though copy paste, re-compressing the same image, or by using AI model. The product being the copy paste operation, the image editor or the AI model here, not the (copyrighted) image itself. You can still sell computers with copy paste (despite some attempts from large copyright holders with DRM), and you can still sell image editors.

However, unlike copy paste and the image editor, the AI model could memorize and emit training data, without the input data implying the copyrighted work. (exclude the case where the image was provided itself, or a highly detailed description describing the work was provided, as in this case it would clearly be the user that is at fault, and intending for this to happen)

At the same time, it should be noted that exact replication of training data isn’t exactly desirable in any case, and online services for image generation could include a image similarity check against training data, and many probably do this already.

Also, the user experience is also bound to be much better when a manufacturer provides a tested and supported operating system, especially for “non-experts” for whom a terminal is an arcane inscription tablet.

Add binary compatibility issues to that list: https://jangafx.com/insights/linux-binary-compatibility The moment you need software that is not packaged by your distro you either need to be lucky that whomever compiled it accounted for your setup, or compile it from scratch yourself (if open source and publicly available). Especially with closed source software (like most games) the latter isn’t even an option.

Mattermost does have an Github Repository with a choice of three licenses: MIT (if using versions compiled by them), AGPLv3 (if compiled by you) or an Enterprise license. I would count that as open source.

A more general business management application like Odoo could work?

Don’t forget Minecraft either.