Sir Arthur V Quackington

Ingesting all the artwork you ever created by obtaining it illegally and feeding it into my plagarism remix machine is theft of your work, because I did not pay for it.

Separately, keeping a copy of this work so I can do this repeatedly is also stealing your work.

The judge ruled the first was okay but the second was not because the first is “transformative”, which sadly means to me that the judge despite best efforts does not understand how a weighted matrix of tokens works and that while they may have some prevention steps in place now, early models showed the tech for what it was as it regurgitated text with only minor differences in word choice here and there.

Current models have layers on top to try and prevent this user input, but escaping those safeguards is common, and it’s also only masking the fact that the entire model is built off of the theft of other’s work.

There is nothing intelligent about “AI” as we call it. It parrots based on probability. If you remove the randomness value from the model, it parrots the same thing every time based on it’s weights, and if the weights were trained on Harry Potter, it will consistently give you giant chunks of harry potter verbatim when prompted.

Most of the LLM services attempt to avoid this by adding arbitrary randomness values to churn the soup. But this is also inherently part of the cause of hallucinations, as the model cannot preserve a single correct response as always the right way to respond to a certain query.

LLMs are insanely “dumb”, they’re just lightspeed parrots. The fact that Meta and these other giant tech companies claim it’s not theft because they sprinkle in some randomness is just obscuring the reality and the fact that their models are derivative of the work of organizations like the BBC and Wikipedia, while also dependent on the works of tens of thousands of authors to develop their corpus of language.

In short, there was a ethical way to train these models. But that would have been slower. And the court just basically gave them a pass on theft. Facebook would have been entirely in the clear had it not stored the books in a dataset, which in itself is insane.

I wish I knew when I was younger that stealing is wrong, unless you steal at scale. Then it’s just clever business.

Terrible judgement.

Turn the K value down on the model and it reproduces text near verbatim.

I’m not worried about me. I can manage. But I had to intervene and make it a Project for my immediate family. Which is always unfun, because who wants to expose all their personal data that way, especially photos.

Crazy that Google just screwed over GrapheneOS like this.

Yes, but that shouldn’t explicitly opt in, and they shouldn’t marry that product to Gmail and Google Drive if they are going to push it to enable by default.

Again, it’s really insidious. They push it so aggressively I had to disable it on my personal device twice, and I can’t just not use Google Photos app because it’s tied to the camera itself on pixel phones.

The absolutely criminal dark patterns that they pull on people via Google photos auto backup is insane.

Just in my own orbit 2 of my friends wives, my parents, and my in-laws all wound up paying Google because they thought they had to or lose all their photos. We helped most of them disconnect the autobackup (that they didn’t even know was activated) and move it to offline safely. But that was the most downright evil shit Google has ever done and literally a fire in me for manipulating the elderly and less tech savvy so blatantly.

Extremely cool. I would love this if it had some persistence. Letting users host workspaces could be great.

True, in a broad sense. I am speaking moreso to enshittification and the degradation of both experience and control.

If this was just “now everything has Siri, it’s private and it works 100x better than before” it would be amazing. That would be like cars vs horses. A change, but a perceived value and advantage.

But it’s not. Not right now anyways. Right now it’s like replacing a car with a pod that runs on direct wind. If there is any wind over say, 3mph it works, and steers 95% as well as existing cars. But 5% of the time it’s uncontrollable and the steering or brakes won’t respond. And when there is no wind over 3mph it just doesn’t work.

In this hypothetical, the product is a clear innovation, offers potential benefits long term in terms of emissions and fuel, but it doesn’t do the core task well, and sometimes it just fucks it up.

The television, cars, social media, all fulfilled a very real niche. But nearly everyone using AI, even those using it as a tool for coding (arguably its best use case) often don’t want to use it in search or in many of these other “forced” applications because of how unreliable it is. Hence why companies have tried (and failed at great expense) to replace their customer service teams with LLMs.

This push is much more top down.

Now drink your New Coke and Crystal Pepsi.

Tech companies don’t really give a damn what customers want anymore. They have decided this is the path of the future because it gives them the most control of your data, your purchasing habits and your online behavior. Since they control the back end, the software, the tech stack, the hardware, all of it, they just decided this is how it shall be. And frankly, there’s nothing you can do to resist it, aside from just eschewing using a phone at all. and divorcing yourself from all modern technology, which isn’t really reasonable for most people. That or legislation, but LOL United States.

Linux Distro made to accommodate Windows Users by being as similar as is reasonable in UI and organization: AnduinOS.

If you try it, use 1.3, as you are not an enterprise use case.

I’m a fan of DDG still for now. But would love to hear your final decision and the logic behind it when you decide.

This is incredibly true. The ease of use I will admit got me to use other password managers in the past before I rethought my approach maybe 7 years ago. And any manager is better than the spreadsheet users will implement if we dont give them tools.

Absolutely. Like I said: it’s great software and they are doing all they can to mitigate the inherent risk it faces because it is one of their biggest attack surfaces. They do great work.

I’m saying I would just rather decouple passwords, and online sync, into two entirely separate sandboxes. For my purposes, I don’t need to centrally assign or manage my users passwords from the top down, the manager is a tool for them to use as they like, and they can store PID in there as well, so I shouldn’t have access in principle. I can reset the accounts I control, but I cannot unlock or recover their vault.

For a web managed service, through no fault of their own, there is a high likelihood Bitwarden will one day be vulnerable to a browser engine based zeroday at one point or another. And I have no doubt they will rapidly patch this. But it’s a matter of time. And bad actors will be constantly attempting to break this quietly.

My only point is, even if onedrive, or GDrive, syncthing, etc, were vulnerable to a similar zeroday, it’s not enough to compromise an encrypted vault file because even if an exploit grants access to the file, the KeePass vault management is still entirely separate from all online portions of the interaction, and an entirely different and separate exploit would be needed to exploit the database file if it was obtained, as the vault is not managed in browser.

So there is a much greater chance for me to be notified of a onedrive or syncthing vulnerability, and have time to update the services in my vault contents just in case, well before a brute force attack could (potentially) open it.

This has its own drawbacks, as if they do exfiltrate the file, they can use infinite brute force attacks to break any vault with low enough entropy, but a vulnerability in Bitwarden could expose similar if a bad actor managed to dump the contents.

There is no perfect solution, period. I just wager it’s less likely for two zero day exploits to overlap perfectly like that on both my enterprise file sync software and my publically unlisted, undocumented, and otherwise undetectable KeePass Vault file stored in an arbitrary location with an arbitrary name and extension.

Oh certainly. I just mean that in an extremely broad sense, Bitwarden adds 1 more threat vector by being an online service. As a metaphor, if presented with a safety deposit box in a bank, and a safety deposit box in a train station with CCTV, even if the latter is incredibly well defended it still carries more intrinsic risk by being accessible.

That’s all really. Bitwarden is great software. It being an online platform just has that inherent factor that a non-web solution doesn’t.

Aka, if there is a massive breach in webview or a critical fault in SSL cryptography, this can be exploited. And Bitwarden itself is an attack surface to exploit. But in an offline solution, the attack surface of a vault can only be exploited when you get back online, and somehow actively choose to expose this or have a breach. The reason I use onedrive for the work sync (privately I use syncthing) is it would take two massive simultaneous failures to have an exposure this way. The sync service would have to somehow expose the file to a bad actor, and the file itself would have to have an exploitable cryptographic flaw at the same time.

You can access it offline.

I do not mean to imply the One Drive is offline. It’s the syncing backend.

But if your internet is out, you can still open your vault and look up a router password, for example, because the vault is a file on your local machine.

I don’t understand the extreme love for Bitwarden. I understand it’s useful, but I want as few things with a webui and server instance as possible, especially passwords, the thing that should be most secure.

KeePass, vault saved into the user’s One Drive synced folder is sufficient. It’s secure, offline, and automatically makes backups. And migrates to the new system just by logging into One Drive.

Bitwarden and others worry me because they have a lot of exposed attack surface, comparatively, and require much more maintenance to keep secure imo. I don’t want to expose any of that to a portal or anything.

That said, I don’t hate Bitwarden, the bitwarden/vault warden software is incredibly solid for what it is.

Did you follow a guide, or know one you could link? I’m thinking this is the path for me and my friends too.

People have to eat.

Fundamentally the US is broken, and people don’t have themselves to support themselves very long.

Medical debt can wipe out your meager gains incredibly fast. The stock market tanking erases your only real savings you may have had.

Under those circumstances, it’s hard to take action when your hustling to survive.

I didn’t even know raccoon existed.

But I love that Lemmy has so many options.

Hilarious that this is being promoted on Xbox. Absolutely ridiculous Sony didn’t keep this team going.