If you're making something to come up with recipes, "is this ingredient likely to be unsuitable for human consumption" should probably be fairly high up your list of things to check.
Somehow, every time I see generic LLMs shoved into things that really do not benefit from an LLM, those kinds of basic safety things never really occurred to the person making it.
I do and I can confirm there are no requests (except for robots.txt and the odd /favicon.ico). Google sorta respects robots.txt. They do have a weird gotcha though: they still put the URLs in search, they just appear with an useless description. Their suggestion to avoid that can be summarized as: don't block us, let us crawl and just tell us not to use the result, just trust us! when they could very easily change that behavior to make more sense. Not a single damn person with Google blocked in robots.txt wants to be indexed, and their logic on password protecting kind of makes sense but my concern isn't security, it's that I don't like them (or Bing or Yandex).
Another gotcha I've seen linked is that their ad targeting bot for Google AdSense (different crawler) doesn't respect a * exclusion, but that kind of makes sense since it will only ever visit your site if you place AdSense ads on it.
And I suppose they'll train Bard on all data they scraped because of course. Probably no way to opt out of that without opting out of Google Search as well.
I guess a CEO opened the YouTube frontpage while logged out and went "what is this shit".
But seriously, this seems like it's a good thing overall. The "default"/empty history algorithm recommendations are truly, truly horrifying more often than not. It's almost entirely low-quality clickbait and I can't imagine many people actually appreciate it like that.
They were ~10% off in the winter & summer sales. These refurbs at full price are ~20% off compared to the regular ones. I wouldn't expect to see them discounted further unless Valve has difficulty selling them.
The attester here is really mostly Google's Android/Play Services/(ChromeOS) team, not Google's Chrome team. Chrome is really just responsible for passing it along and potentially adding some more information like what kind of extensions are in use, but the real validator is above Chrome entirely.
There will not really be a worthwhile key inside Chrome (there might be one that does nothing by itself); it'll be backed by the existing per-device-unique key living inside your phone's secure enclave. Extracting one key would just cause Google to ban it. That attestation covers the software in the secure enclave, your device's running OS, bootloader unlock state and a couple of other things along those lines; the OS, guaranteed to be unmodified by the hardware attestation layer, then adds extra stuff on top like the .apk hash of the browser. The browser, guaranteed to be unmodified by the OS layer, can add things like extension info if it wants to.
SafetyNet/Play Integrity have both software and hardware modes, but all Android+Google Services phones released in the previous 6? or so years have been required to have hardware backed attestation support, which has no known bypass. The existing "Universal SafetyNet Fix" pretends to be a phone without hardware support which Google begrudgingly accepts... for now. But the day where Google will just screw over older phones is getting increasingly closer, and they already have the power to force hardware backed attestation for device-specific features like NFC payments and DRM support.
On Apple devices, Apple has parallels via their secure enclaves in the form of App Attest/DeviceCheck. On Windows desktops, there could be a shoddy implementation with TPMs (fortunately they're not quite powerful enough to do this kind of attestation in a tamper-proof way; Microsoft's Pluton chips might have some secret sauce we haven't yet seen, though). On Linux desktops... nope, ain't no support for this coming anytime ever.
The report hints at it but doesn't really say it out loud: get rid of one particular server and there goes 99% of it, along with 90% or so of the overall Japanese userbase (as they were the first big Japanese instance and had a mostly-trusted locally relevant company behind it). But nearly every non-Japanese-orientated instance already either fully defederated from it or has something to strip media content from it. It's essentially its own thing not really related to Mastodon aside from the software in use.
Blink and WebKit completely diverged in 2013 after the fork. That document is virtually identical to its 2012 version and is marked as outdated in several places.
You do have to worry, because that part is essentially bullshit designed to soothe you while ignoring the actual problem. The attester (in practice the platform holder, so Google/Apple/Microsoft) is allowed to pick which apps can use the API. The criteria they are supposed to use (as well as the entire privacy section) is a "todo" in the actual spec, but even then, there is literally nothing stopping them from deviating from those criteria as the spec isn't legally binding. It is entirely plausible for Google to deny attestation capability to Firefox and other browsers capable of ad blocking.
Sure, they can request it. It doesn't mean that they will receive it, or that websites will be okay with the result. The "risk of websites using this functionality to exclude specific attesters or non-attestable browsers" is something not excluded by either the spec or the explainer; all it says is they "look forward to discussion on this topic". Google, Apple and Microsoft will be the ones in charge of deciding which browsers are non-attestable.
More importantly, if they allow modified web browsers, it is completely pointless for their very own stated goals. Doubly so because the attestation can't be meaningfully bound to the device (ie you can build a modified Chromium that does nothing but request attestation results and forward them to a bot running on a desktop and the website would be none the wiser).
Almost but not quite. A1 rating or a card that otherwise has 1500+ random read IOPS really helps with load times. Most fast cards should have it nowadays but not all do, especially older ones.
A2 rating looks nice on paper but needs special support the Deck seemingly doesn't have to reach its potential. Not worth paying a huge premium for, but should be more future-proof.
It's a mixture, mostly software but it can be bottlenecked by the hardware anyhow. The SD card reader in the Deck isn't awful but it's certainly not top-of-the-line either. The Linux kernel is supposed to have A2 support now (it didn't with the Deck's launch kernel) and in practice it doesn't seem like the Deck gained any real SD performance from that. Hard to do meaningful tests without having a wide array of SD cards though.
The original A2 announcement has some info under the "New features supporting A2 performance" section. This isn't widely known information, most charts like the one posted here don't have that tidbit in it.
A lot of smaller Masto/Pleroma/other "microblog" side of the verse admins signed FediPact. It's mostly smaller instances, but there's still a good amount of them and it's enough that Meta will at least face some struggles in wide federation.
Some users wonder if the dev will be charged for having it still up, others argue Reddit can't charge him without having signed a contract. Everyone is confused as to why the API change hasn't made it inoperable....
Nextcloud. Not too complex but I feel like it's getting heavier month by month and I'm scared of having it turn into full-fledged bloatware. It already has an autoplaying video in the about screen so the slope is getting ever so much slippier...
Forgejo, swapped from Gitea just a while ago. They're more or less identical but I have stronger trust in Codeberg
Nitter
Some half-assed nginx build with nginx-http-flv so I can stream stuff between friends. It works OK but it feels like there's newer better options, I just haven't cared to look into it
Weird half-assed email setup that does conform to all funky modern bells and whistles somehow despite being an unholy mixture of Postfix, rspamd, Dovecot and Maddy. I'm scared to touch any part of it. Not used for anything too overly serious
Headless qBittorrent but I don't think I've actually used it in years
A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the...
SF Conservancy analyzed this and found that it's probably legally OK, if very much on the edge of what's allowed. RH doesn't sue you for redistribution or anything, they 'just' terminate the contract and the GPL doesn't force anyone to deal with anyone. It's the same stupid model grsecurity applied some years ago.
But regardless of legality, morally, this is just completely and utterly wrong. I'm not totally surprised post-IBM Red Hat went in this direction, but I'm disappointed and angry anyway.
I did the same thing but it started to become impractical when quite literally all subs I regularly used added a minimum karma requirement. Even getting some low amount like 5 karma is hard if you can't post anywhere you care about.
I've been happy with Gandi but their future looks bleak. Gandi was bought by Total Webhosting Solutions/now your.online a couple of months back, which is pretty bad news. They've been purchasing Dutch companies and increasing prices while letting their services turn to shit for a while now. The raised prices came in a few weeks ago, we've yet to see the services turn to shit but I am extremely confident it will happen.
Gandi is just the first international purchase by TWS, so not many people know it, and there are few relevant references on the English-speaking web as most of this was localized to the Netherlands. You'd have to search on Dutch tech news sources like tweakers.net and use some translation tool to find anything meaningful.
You still get access to the sources if you get a binary at all, every subscription (even the free dev one) includes them, but if you redistribute the sources and Red Hat finds out, you're not allowed to be a customer anymore according to their agreement.
Scummy as hell but apparently OK, since you have all the GPL rights. This feels like something a newer copyleft license should probably address.... either way, scummy as hell, especially because one of the arguments used by Red Hat people to defend the CentOS Stream change was that you could still build from the source RPMs.
"I haven't even done anything in 6 months" is a really funny statement to make as mod. Apparently they never considered just... not being a mod for a place they don't care about?
Supermarket AI meal planner app suggests recipe that would create chlorine gas (www.theguardian.com)
Sites scramble to block ChatGPT web crawler after instructions emerge (arstechnica.com)
YouTube will soon require watch history to be enabled to show video suggestions (support.google.com)
On the flip side, this also means users have the option to have a cleaner, less cluttered interface....
Steam Deck™ Certified Refurbished (store.steampowered.com)
Your Computer Should Say What You Tell It To Say - Google is adding code to Chrome that will send tamper-proof information about your operating system and other software, and share it with websites (www.eff.org)
Summary...
Encryption-breaking, password-leaking bug in many AMD CPUs could take months to fix (arstechnica.com)
Analysis | Twitter rival Mastodon rife with child-abuse material, study finds (www.washingtonpost.com)
Google's trying to DRM the internet, and we have to make sure they fail (par1.iv.ggtyler.dev)
Google is working on essentially putting DRM on the web (github.com)
cross-posted from: beehaw.org/post/6738148...
What's the story behind your username?
And did you choose decent one this time or Rimjob_stew one?
[PSA] SD Cards Overview (feddit.de)
Useful information about SD cards.
If Meta federates with the Fediverse, do my Mastodon posts (e.g.) show up on FaceBook?
I do not want my posts from anywhere on the Fediverse on FaceBook....
3rd party app for Reddit, Boost, is still functioning well after July 1st (www.reddit.com)
Some users wonder if the dev will be charged for having it still up, others argue Reddit can't charge him without having signed a contract. Everyone is confused as to why the API change hasn't made it inoperable....
What are you self-hosting? (beehaw.org)
Thinking of self-hosting some basic tools; SearxNG, Bitwarden, Lemmy....
Scicomm.xyz admin explains why their Mastodon instance is proactively defederating from Meta's Threads (about.scicomm.xyz)
Red Hat strikes a crushing blow against RHEL downstreams | The Register (www.theregister.com)
A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the...
What other less-toxic system could work instead of karma?
Hey! Thanks to the whole Reddit mess, I’ve discovered the fediverse and its increidible wonders and I’m lovin’ it :D...
What do you use for a domain registrar?
Since Google Domains is shutting down, I am looking for a new place to transfer my domains. What are others using for domain registration?
Dear Red Hat: Are you dumb? | Jeff Geerling (www.jeffgeerling.com)
related article from RHEL: Furthering the evolution of CentOS Stream
Awkward the turtle ( 1000 sub reddit mod) banned and begging to get unbanned. (lemmy.world)