Conscientious spectre making a home in the threadiverse.

I also toot as @tojikomori.

  • 1 Post
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 1st, 2023

help-circle

  • Apparently not in Windows settings:

    If the BIOS says it supports Modern Standby, Windows takes it at its word and completely disables the ability to enter S3 sleep (classic standby). There’s no official or documented option for disabling Modern Standby through Windows, which is incredibly annoying.

    Side note: for a while, there was actually a registry setting you could change to disable Modern Standby on the Windows side. Unfortunately, Microsoft removed it, and to my knowledge, has never added it back.

    I’m not a Windows user, so I can’t confirm one way or the other, but toward the end of the end of the article the author gives vendor-specific instructions for disabling the S0 Low Power Idle capability from BIOS.







  • Yes but note the specific details of that assumption and their reasoning: it’s based on reddit’s announcement of the security incident a few months ago which starts:

    Based on our investigation so far, Reddit user passwords and accounts are safe…

    Now, look again at what BlackCat has promised in this leak:

    Instead, BlackCat is teasing such revelations as “all the statistics they track about their users,” and data concerning how Reddit “silently censors users.”

    80 GB of “statistics and data” about Reddit’s users is a lot. It may not contain raw IP addresses, but we know that IP matching is one of the ways Reddit catches sock puppets, so there may at least be a hash that could be used to identify accounts held by the same users.

    Am I going too far worrying about PMs and other details? Maybe. It really depends on the honesty and competence of BlackCat and Reddit, and the article author’s assumptions based on their statements.


  • I’ve seen a few sites welcome the news with glee, as though Reddit’s leadership is going to be strongly affected. That’s childish and myopic. This is bad news for everyone.

    Whether or not Reddit pays, we should assume the data will make its way into the hands of people who (further) weaponize it against Reddit’s users, e.g. people who’ve posted risque photos of themselves or shared compromising details through throwaway accounts can be doxxed or matched to their normal accounts via their IP or other common details. PMs and other private account details might contain mailing addresses and other private or compromising information, too. (Edit: as Phoeniqz points out in replies, the article author assumes this is not the case based on Reddit’s and BlackCat’s statements about the leak.)

    If Reddit knew about the breach earlier and didn’t do their due diligence to alert users, then that’s further condemnation of their leadership and priorities, but it doesn’t undo the damage this might cause users.

    If Reddit were to pay BlackCat, then it would further enrich, reward, and encourage them. If, as is more likely, it doesn’t, then the blowback it receives (especially from any high profile consequences of the leak) might encourage other companies to pay up in future.


  • This reply’s interesting:

    How can data licensed under the CC-BY-SA licenses (that SO content is licensed under) be “misused”? The license explictly allows others to do essentially anything they want with the data as long as attribution is given, in particular profit off of it.

    When SO content is applied as parametric knowledge I’d expect the outcome to fail both the “BY” and the “SA” clauses, since model interpreters can’t provide attribution for it and their output won’t share the license. That’s true even if output is considered public domain: CC-BY-SA content can’t be moved into a public domain equivalent license. It seems practically indistinguishable from using any other in-copyright content as training material.

    None of that’s to say SO is right to stop data dumps. It feels like they’re trying to find a technical solution to a legal problem, perhaps even one that rises to criminality on the part of Open AI and others?





  • I agree with your parenthetical strongly enough to rule out a typo.

    This announcement lists things that Reddit will humor, for now, and as a way of cheaply outsourcing niche and difficult problems. It clarifies that everyday third party apps were never intended to have a future with the platform. They’re simply an obstacle for Reddit’s most convincing path to revenue.

    I might even have forgiven Reddit if it had said so up front, but the story they’ve been trying to spin – with prices that just happen to be orders of magnitude in excess of anything devs might afford – is outrageously insulting. I’ve never had my trust in a brand demolished so thoroughly so quickly.