wreaks of “fuck you got mine”… so an invasive AI scan has scanned your content and deemed you 18+… gross… but at least you don’t have to upload ID (to a company that literally just had a major breach of their ID data)
but
now a new user joins. they don’t have that history of interaction, so what are they meant to do? either upload ID or not be part of their community
so… whistleblower
… that’s called a leak mate
it’s absolutely true actually… whatsapp are the key holders and there was a leak a few weeks ago that showed meta staff can access anyone’s messages: they just need to raise a ticket and they get access to an app that allows them to pull up any user they like
this is always the case unless you’re the keyholder. any app where you can “forgot password” and get your data back you aren’t the key-holder (though recovery phrases are legitimate), or login simply via phone number and an SMS MFA or similar
it’s also true for apple stuff - despite being similarly encrypted - but they’ve at least on the surface displayed a willingness to protect user data from external threats
yeah i think prusa really needs to lean much harder into open source… like thats kinda their biggest selling point against bamboo, but there only half-arsing it imo
like an AMS system… why have they not taken one of the open source projects and made it an offical prusa thing, provided financial backing, kits, and developed it?
IMO they could be years ahead of bamboo if they just took all the work the open source community is doing and ran with it, providing a kinda polished, easy version of the DIY side of 3d printing
heck even made their online print farm management system self-hostable and open so people could extend it… that’d absolutely crush bamboo for commercial operations
i think since bamboo entered the market everything changed and the entire industry kinda went warp speed :p
i’ve had a few printers, but until i got a bamboo i was “excited by the possibilities” more than actually doing things
now im printing loads, and have been since i got the printer a couple of years ago
detail resolution is amazing on 3d printers these days too!
the arachne wall generator is incredible for resolving fine details in things like text
Arachne settings allow the extruder to adjust its extrusion rate based on the model’s line width. This way, the extrusion rates change according to the model’s requirements, resulting in precise printing of the model’s varying shape.
You can choose this setting if you want to print thin features with more delicacy, and your print needs a smooth transition between wall counts.
yeah it’s a very common feature among slicers these days
if it’s not multicolour then you can just make the printer leave indents for the letters (or print extra material to have it raised)
no need for post processing or extra equipment which slows down the process and adds extra work
i think the latest is that china has managed to create a GPU that’s ~7 years behind. i’m not sure that’s “a GPU from 7 years ago” or “it will take them 7 years, acknowledging that there’s a known path so will take less time”
AFAIK they’ll have to figure out EUV or some other method of lithography at that scale, which they’re trying really hard at but it’s one heck of a difficult thing to do which is why only TSMC currently actually has it working
given the complexity of doing in hardware, and the simplicity of doing it software, you’d hope yes (in which case perhaps there will be firmware hacks) but you can never truly account for the stupidity of hardware companies
new ones sure but there are a bunch of these broken machines out there now: far more than there otherwise would be, because microslop forced the upgrade for windows 11
i guesssss if they do it soon enough the existing models will still be in their support period and they’d kinda be forced to update, assume it’s a software or firmware fix
well that’s what they should have done but now what it’s implemented there are a lot more parties that need to come to the table to fix the mess… some hardware might not be able to fix the mess, but i’d be surprised if this shit show were implemented on hardware rather than firmware
since GDPR came in TBH i haven’t heard of any EU data leaks… like sure they happen in the US all the time, but where the fines actually happen
same with australia: we’ve had pretty good privacy laws since like the 90s, and really we haven’t had a whooooole lot of breaches. there have been some high profile ones, but security is never a 100% kinda thing yknow
well then they get massive fines for any data they leak
yeah… here we are: Europeans with right to be forgotten and opt out of data collection
saying Microsoft requires that you go out and obtain a signed certificate that proves your identity as a developer
clearly that’s not the case if this was exploitable… again, N++ has an auto update mechanism that they current use. if they used a microsoft signing key to sign a builds hash, this hijack would not be possible
thus they have an update mechanism that works around microsoft signing… how is irrelevant. that is the current state of the software
The update mechanism was successful hijacked because integrity checks and authentication checks were not properly in place
that part we definitely agree on
Notepad++ even said that they moved hosting providers after this happened to them
side note: doesn’t remotely solve the problem… software updates should be immune to this to start with. it’s a problem that the hosting provider was compromised, but honestly we’re talking about a state sponsored hack targeting other states: almost no hosting provider would include this in their risk assessment, let alone shared hosting providers
Can you point out an existing open source application that runs on Windows that only uses GPG signatures?
again, that’s irrelevant… the concept that we’re talking about isn’t even specific to GPG. signing a hash using a private key is basic crypto, and GPG is a specific out of the box implementation
if we remove microsoft signing as an option for whatever reason (which we have) then it’s still very possible, and very easy to implement signed updates into your own custom update mechanism
yes but as you yourself said
I think they want to, but Microsoft has made it expensive for open source developers who do this as a hobby and not as a job to sign their software. I know not too long ago, this particular dev was asking its users to install a root certificate on their PC so that they wouldn’t have to deal with Microsofts method of signing software, but that kind of backfired on them.
the part that we’re arguing against isn’t that a microsoft signing key would have fixed the problem, it’s
No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.
this update mechanism already exists: it’s the reason the hijack was possible. whatever the technical process behind the scenes is irrelevant… that is how it currently works; it’s not a “what if”
adding signing into that existing process without any 3rd party involvement is both free, and very very easy
which is why this is a solved (for free) problem on linux
Windows and MacOS do not use that method to verify the authenticity of developer’s certificates.
completely irrelevant… software authenticity doesn’t have to be provided by your OS… this is an update mechanism that’s built into the software itself. a GPG signature like this would have prevented the hack
The update mechanism works fine, but you will not be able to execute the binary on a Windows or MacOS system
that’s what we’re saying: this update mechanism already exists, and seems to install unsigned software. that’s the entire point of this hack… the technical how it works is irrelevant
there are more ways to do signing than paying microsoft boat loads of money… just check a gpg sig file ffs (probably using detached signatures: again, it’s already built into existing tools and it’s a well-known, easily solved problem)
what’s irrelevant is the argument about how the auto update mechanism would work because it already exists
perhaps, but you still get feature fragmentation… things like custom emojis, stickers, what video codecs to support (heck i reckon they’d probably focus on chat first and video would only be available within the same app until some organisation effort happened), etc
you can see that a little bit on lemmy with the difference in how blocks work on lemmy vs piefed… piefed blocks on lemmy look like a shadow ban because lemmy doesn’t support the error style piefed uses… i think that’d it anyway
point being: just because software can exchange data and have the same problem domain and even in many cases use the same basic terminology, there can still be plenty of more advanced features that aren’t interoperable
re matrix, it can talk to anything… kinda… the matrix protocol has the idea of “bridges” built into it, so they should be able to translate between your client talking to the server via matrix protocol, and other things like XMPP, IRC, etc (at least in theory)