Mikina

This made me wonder - is there any active Best Of community on any instance? This would be a perfect candidate.

For anyone wondering - why would I need it? I'm already signed in to github, the commit is commited using my ssh-key, Github knows it's me. Why would I need another verification?

Here's why. https://dev.to/martiliones/how-i-got-linus-torvalds-in-my-contributors-on-github-3k4g . If someone commits with your email (or github noreply email, which is public), it will get attributed to you. I was just trying it with colleauges account, and so far I haven't found any way how to tell that it really wasn't him.

If it has my username, on GitHub, you’re confident it’s my commit.

Apparently, that's not true: https://dev.to/martiliones/how-i-got-linus-torvalds-in-my-contributors-on-github-3k4g

However, it's a pretty old article - maybe it's already fixed? I'll have to try that.

EDIT: It still works, and you can just use the github noreply address, which is ID+username@users.noreply.github.com . The commit gets linked to their profile, and is shown on their profile page, has their username and profile picture. I haven't figured out any difference between legit and impersonated commit so far, but maybe it's hidden somwhere in the repo administration.

So, there you have it. That's what PGP signing is for.

I use comment signing as some kind of a multifactor.

I have my signing key saved on YubiKey, so it's pretty difficult that an attacker could gain access to it.

However, you can still commit through git web browser, and usually have a session for it open when working. If I slipped up and someone got to my PC while I have github open (or managed to steal my session cookies somehow - i.e a rubber ducky driveby), his options are:

• Commit without signing through SSH. I have ssh key password in my password manager that auto-locks after a minute, so that shouldn't happen, plus the commit wouldn't be signed since I have the key with me.
• Commit something though the browser - he can't sign it.
• Add SSH or a new signing key through the browser - I get immediately notified.

So, the end result should be that thanks to the signing mechanism, I should immediately know that something is wrong. Is it neccessary? Probably not, but I still think it's worth it, at least for me.

Now I'm wondering whether it wouldn't be better to have the ssh key on the Yubikey instead. Hmm. I did only discover commit signing later, and didn't have ybikey before, so it never occured to me.

You are probably right, it wasn't really a great example. I think that's probably because Russia is already deep into dictatorship and indoctrination, so the fear-inspired loyalty is deep enough for them to not really need an AI autonomous weapons to do whatever evil they need.

But the point I was trying to make is that with AI weapons, it's definitely easier in a more stable and democratic army to get there and cause massive amount of damages, stage a coup or just do domestic terrorism, because you don't need to convince large amount of people to fight for you. You just need a few who can operate the swarm, and getting loyalty of few people is way easier than convincing an entire army.

The same can be said about weapons of mass destruction, but most of them are also really difficult to get, and pretty hard to operate - or you can be easily stopped. If you unleash a swarm of murderous autonomous drones, it will not be pretty. And that's why I hope they will get treated with the same level of respect as nukes do, and not used as a part of common conventional warfare.

That is true, and not exactly what I was getting at. I was more talking about stuff like coups or domestic terrorism, where you can cause a way more wast amount of damage if you have autonomous AI weapons.

Also, there was that one time in the cold war (I think) where the Russian guy refused to launch a nuke, and it turned out it was a false alarm, which has probably saved the world.

Should i.e. Putin decide to hold onto his power at all costs and started leveling cities in Russia, where most people don't agree with him, you'd probably get a lot of people in the army who wouldn't be OK with that. Maybe, I don't know. But should he have an army of autonomous AI weapons, all he needs is a few guys who do, and know how to launch it.

I disagree with this. There is one glaring issue with AI-powered weapons, in comparison to other traditional ones - the skill ceiling required to make massive damages at scale.

Sure, you can probably level a whole town if you get your hands on some kind of advanced artillery. But it's still vastly more complex machine, that probably requires extensive training just to operate. You need an army for that, and army is made of people who will hopefully tell you "No, we're not doing that", if your request is not reasonable. And if you somehow try to do it yourself, good luck getting more than a few shots out before someone notices and tries to stop you.

If you have an army of hundreds or thousands of AI powered suicide drones, where you just slap an explosive on them, set a target and the whole fleet will start running, you only need one person with a computer. And once you send the fleet, it's vastly more difficult to stop it. Hell, you probably don't event need to physically get to the drones, if you can hack into the system that controls them.

And that's the biggest issue with any AI-powered weapon, and a reason why they shouldn't exist.

I've had this conversation so many times with my partner. She's on an older laptop in a room that's directly through a pretty thick wall from the router, but its still a short distance to bring an Ethernet over, and she's always using her laptop only at her desk there anyway.

She's always yelling at me (who have my desk right next to the router, and everything I use has Ethernet ) that the internet is down again and that she really needs it right now, because work.

But no, getting angry at me that I should do something about it is fine, but that something apparently shouldn't mean the most feasible solution.

I'm not dealing with a WiFi extender for a spot that's literally like 8 meters from the router, for her 100mbs WiFi card.

But it's her loss, at least I have the remaining 900mbps for myself from our plan...

Unfortunately, NVIDIA. I was buying a new PC half a year ago, and only started even considering to make the switch to Linux few months after that, so I am at a pretty unlucky point where I just had recently spent a lot of money for new-gen PC, but without knowing that I should really go for AMD.

I will make the switch to AMD as soon as it's justifiable, but I'm too lazy to deal with second-hand resale and it's hard to justify a new GPU when I still have the current gen, but from wrong manufacturer.

I've just had to switch back to X11 from Wayland on Nobara, because I couldn't get Sunshine to work no matter what I tried, my windows were occasionally flickering black, and my taskbar kept freezing. So I guess I'll wait a little bit more.

I haven't really looked into it too much, but... Aren't they actually right in this case?

Sure, reading "we can't protect your privacy because you're using privacy-centric extension..." feels like bullshit, but from how I understand it based on the screenshot, the issue is that you have blocked the cookie permissions pop-up, whose main reason is to give you an option to opt-out of any tracking cookies, thus protecting your privacy. While also being required by law.

However, this depends on how exactly is the law formulated. How does it deals with a case where you don't accept, nor decline any cookies, and just ignore it? Are they not allowed to save any cookie until you accept it and specify what exactly can they save? Or should they not let you use the site until you accept it?

I vaguely remember that it used to be enough to just have a OK-able warning that this site is using cookies, but then it changed to include a choice to opt-out. Which could indicate that unless you opt-out, which they are required to give you a chance to, they can use whatever tracking cookies they want. And if that is the case, this message is actually correct.

Oh, I see. I guess that means there's basically no-one who can sue him, if there aren't any investors.

As long as he can repay any loans and stuff, then I suppose he can do whatever he wants with the company. If, however, he bancrupts it to the point of not being able to pay back anything the company owes, then he should be in trouble. I hope.