Pup Biru

wreaks of “fuck you got mine”… so an invasive AI scan has scanned your content and deemed you 18+… gross… but at least you don’t have to upload ID (to a company that literally just had a major breach of their ID data)

but

now a new user joins. they don’t have that history of interaction, so what are they meant to do? either upload ID or not be part of their community

so… whistleblower

… that’s called a leak mate

it’s absolutely true actually… whatsapp are the key holders and there was a leak a few weeks ago that showed meta staff can access anyone’s messages: they just need to raise a ticket and they get access to an app that allows them to pull up any user they like

this is always the case unless you’re the keyholder. any app where you can “forgot password” and get your data back you aren’t the key-holder (though recovery phrases are legitimate), or login simply via phone number and an SMS MFA or similar

it’s also true for apple stuff - despite being similarly encrypted - but they’ve at least on the surface displayed a willingness to protect user data from external threats

yeah i think prusa really needs to lean much harder into open source… like thats kinda their biggest selling point against bamboo, but there only half-arsing it imo

like an AMS system… why have they not taken one of the open source projects and made it an offical prusa thing, provided financial backing, kits, and developed it?

IMO they could be years ahead of bamboo if they just took all the work the open source community is doing and ran with it, providing a kinda polished, easy version of the DIY side of 3d printing

heck even made their online print farm management system self-hostable and open so people could extend it… that’d absolutely crush bamboo for commercial operations

i think since bamboo entered the market everything changed and the entire industry kinda went warp speed :p

i’ve had a few printers, but until i got a bamboo i was “excited by the possibilities” more than actually doing things

now im printing loads, and have been since i got the printer a couple of years ago

detail resolution is amazing on 3d printers these days too!

the arachne wall generator is incredible for resolving fine details in things like text

Arachne settings allow the extruder to adjust its extrusion rate based on the model’s line width. This way, the extrusion rates change according to the model’s requirements, resulting in precise printing of the model’s varying shape.

You can choose this setting if you want to print thin features with more delicacy, and your print needs a smooth transition between wall counts.

https://orca-slicer.com/wiki/wall-generator-settings/

yeah it’s a very common feature among slicers these days

if it’s not multicolour then you can just make the printer leave indents for the letters (or print extra material to have it raised)

no need for post processing or extra equipment which slows down the process and adds extra work

i think the latest is that china has managed to create a GPU that’s ~7 years behind. i’m not sure that’s “a GPU from 7 years ago” or “it will take them 7 years, acknowledging that there’s a known path so will take less time”

AFAIK they’ll have to figure out EUV or some other method of lithography at that scale, which they’re trying really hard at but it’s one heck of a difficult thing to do which is why only TSMC currently actually has it working

given the complexity of doing in hardware, and the simplicity of doing it software, you’d hope yes (in which case perhaps there will be firmware hacks) but you can never truly account for the stupidity of hardware companies

new ones sure but there are a bunch of these broken machines out there now: far more than there otherwise would be, because microslop forced the upgrade for windows 11

i guesssss if they do it soon enough the existing models will still be in their support period and they’d kinda be forced to update, assume it’s a software or firmware fix

well that’s what they should have done but now what it’s implemented there are a lot more parties that need to come to the table to fix the mess… some hardware might not be able to fix the mess, but i’d be surprised if this shit show were implemented on hardware rather than firmware

since GDPR came in TBH i haven’t heard of any EU data leaks… like sure they happen in the US all the time, but where the fines actually happen

same with australia: we’ve had pretty good privacy laws since like the 90s, and really we haven’t had a whooooole lot of breaches. there have been some high profile ones, but security is never a 100% kinda thing yknow

well then they get massive fines for any data they leak

yeah… here we are: Europeans with right to be forgotten and opt out of data collection

saying Microsoft requires that you go out and obtain a signed certificate that proves your identity as a developer

clearly that’s not the case if this was exploitable… again, N++ has an auto update mechanism that they current use. if they used a microsoft signing key to sign a builds hash, this hijack would not be possible

thus they have an update mechanism that works around microsoft signing… how is irrelevant. that is the current state of the software

The update mechanism was successful hijacked because integrity checks and authentication checks were not properly in place

that part we definitely agree on

Notepad++ even said that they moved hosting providers after this happened to them

side note: doesn’t remotely solve the problem… software updates should be immune to this to start with. it’s a problem that the hosting provider was compromised, but honestly we’re talking about a state sponsored hack targeting other states: almost no hosting provider would include this in their risk assessment, let alone shared hosting providers

Can you point out an existing open source application that runs on Windows that only uses GPG signatures?

again, that’s irrelevant… the concept that we’re talking about isn’t even specific to GPG. signing a hash using a private key is basic crypto, and GPG is a specific out of the box implementation

if we remove microsoft signing as an option for whatever reason (which we have) then it’s still very possible, and very easy to implement signed updates into your own custom update mechanism

yes but as you yourself said

I think they want to, but Microsoft has made it expensive for open source developers who do this as a hobby and not as a job to sign their software. I know not too long ago, this particular dev was asking its users to install a root certificate on their PC so that they wouldn’t have to deal with Microsofts method of signing software, but that kind of backfired on them.

the part that we’re arguing against isn’t that a microsoft signing key would have fixed the problem, it’s

No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.

this update mechanism already exists: it’s the reason the hijack was possible. whatever the technical process behind the scenes is irrelevant… that is how it currently works; it’s not a “what if”

adding signing into that existing process without any 3rd party involvement is both free, and very very easy

which is why this is a solved (for free) problem on linux

Windows and MacOS do not use that method to verify the authenticity of developer’s certificates.

completely irrelevant… software authenticity doesn’t have to be provided by your OS… this is an update mechanism that’s built into the software itself. a GPG signature like this would have prevented the hack

The update mechanism works fine, but you will not be able to execute the binary on a Windows or MacOS system

that’s what we’re saying: this update mechanism already exists, and seems to install unsigned software. that’s the entire point of this hack… the technical how it works is irrelevant

there are more ways to do signing than paying microsoft boat loads of money… just check a gpg sig file ffs (probably using detached signatures: again, it’s already built into existing tools and it’s a well-known, easily solved problem)

what’s irrelevant is the argument about how the auto update mechanism would work because it already exists

that’s all completely irrelevant…, there is already an update mechanism built into NPP: that’s the entire point of the attack… it’s this update mechanism that got hijacked