Correct 👍

Speed and memory efficiency, mostly. If you ever have to grep for something in a large number of files ripgrep will be done while regular grep will only be reaching the 25% mark.

The modern man uses ripgrep 👍

Now’s the time to start saving for a discount GPU in approximately 12 months.

This is a, “it’s turtles all the way down!” problem. An application has to be able to store its encryption keys somewhere. You can encrypt your encryption keys but then where do you store that key? Ultimately any application will need access to the plaintext key in order to function.

On servers the best practice is to store the encryption keys somewhere that isn’t on the server itself. Such as a networked Hardware Security Module (HSM) but literally any location that isn’t physically on/in the server itself is good enough. Some Raspberry Pi attached to the network in the corner of the data center would be nearly as good because the attack you’re protecting against with this kind of encryption is someone walking out of the data center with your server (and then decrypting the data).

With a device like a phone you can’t use a networked HSM since your phone will be carried around with you everywhere. You could store your encryption keys out on the Internet somewhere but that actually increases the attack surface. As such, the encryption keys get stored on the phone itself.

Phone OSes include tools like encrypted storage locations for things like encryption keys but realistically they’re no more secure than storing the keys as plaintext in the application’s app-specific store (which is encrypted on Android by default; not sure about iOS). Only that app and the OS itself have access to that storage location so it’s basically exactly the same as the special “secure” storage features… Except easier to use and less likely to be targeted, exploited, and ultimately compromised because again, it’s a smaller attack surface.

If an attacker gets physical access to your device you must assume they’ll have access to everything on it unless the data is encrypted and the key for that isn’t on the phone itself (e.g. it uses a hash generated from your thumbprint or your PIN). In that case your effective encryption key is your thumb(s) and/or PIN. Because the Signal app’s encryption keys are already encrypted on the filesystem.

Going full circle: You can always further encrypt something or add an extra step to accessing encrypted data but that just adds inconvenience and doesn’t really buy you any more security (realistically). It’s turtles all the way down.

Hey now! This design met all the PM’s requirements 😤

I’m failing to see the problem. As long as one of the languages isn’t PHP they’re still probably better off 🤷

Docker containers aren’t running in a virtual machine. They’re running what amounts to a fancy chroot jail… It’s just an isolated environment that takes advantage of several kernel security features to make software running inside the environment think everything is normal despite being locked down.

This is a very important distinction because it means that docker containers are very light weight compared to a VM. They use but a fraction of the resources a VM would and can be brought up and down in milliseconds since there’s no hardware to emulate.

I remember when the web didn’t have JavaScript.

Honestly, though it was much worse back then. I prefer the variety and features of modern browsing over (mostly) plain text.

What I wish we could do away with on the web is videos. Let’s go back to just images and text, thanks. Animations are fine though 👍

^this. Even a $200 cheap ass printer can handle printing a knob like this and it’ll even keep your toast warm forever if you want 👍

It’ll also provide endless hours of fucking around learning a new hobby and limitless conversation options to get people to leave you alone at parties!

Assuming you’re in the northern hemisphere: For this winter it’s fine. It’ll gently heat your home while you game like it’s 1999. No worries 😁

However, once it starts to warm up you’ll want to send that motherboard+RAM+CPU to your local HAZMAT trash pickup/facility and get something newer. Might I suggest a nice 2020-ish desktop CPU? With a motherboard that supports Coreboot, of course!

https://doc.coreboot.org/mainboard/index.html

…and get yourself a nice Nvidia (sadly, because AMD and Intel are still far behind) GPU with at least 12GB of VRAM so you can have fun with the open source AI stuff (it’s a blast!). The more VRAM the better though so if you can pick up a 4060 Ti with 16GB cheap this spring that’ll be your best budget buy (endless uncensored fun) 👍

Seriously: If you haven’t got the hardware to run Stable Diffusion locally you’re missing out! It’s as fun and addicting as a really good game. Running it on some cloud service isn’t the same because at best they’ll be running stuff that’s weeks or months out of date (which is like a million years in AI time) and they don’t give you the same level of control/possibilities that you get when running your own stuff locally (run whatever models/LoRAs you want, whatever extensions you want, generating images without having to worry about overbearing censorship because it is that bad on public AI services–paid or not!).

No, don’t rip! Gently remove the bad RAM from the PC.

It may sound pendantic but that person is correct: It’s not stealing. Stealing involves taking a physical thing away from its owner. Once the thing is stolen the owner doesn’t have it anymore.

If you reproduce someone’s art exactly without permission that’s a copyright violation, not stealing. If you distribute a derivative work (like using img2img with Stable Diffusion) without permission that also is a (lesser) form of copyright violation. Again, not stealing/theft.

TL;DR: If you’re making copies (or close facsimiles) of something (without permission) that’s not stealing it’s violating copyright.

I mean… If it’s good or clever content do we really care?

What if I make my own videos with actors and/or voices are entirely imaginary? I don’t have the resources to hire a videographer let alone an actor but I can write a script and use AI (and program/script things).

If I make something cool it’d be sad if no one watched it just because it didn’t use real human actors and voices.

Simple example every Comcast customer suffers with: Comcast services (including VoIP and streaming TV) don’t count towards the monthly bandwidth cap. So if you watch 2 seasons of a show in 4k via Comcast’s streaming service that doesn’t count towards the cap but if you watch the very same show via Netflix it’ll put you over your bandwidth cap, resulting in additional fees.

It’s an egregious violation of network neutrality and, IMHO an abuse of their natural monopoly. Internet providers should not be allowed to also sell content/streaming services or own media companies! It’s a huge conflict of interest that will always disfavour the consumer.

Furthermore, when Comcast streams their own services they get priority over all other traffic; even traffic going to your neighbor’s Internet connections. So if your neighborhood is experiencing a bandwidth crunch and your neighbor decides to watch some 4k stream via Comcast’s service the back-end routers will prioritize that traffic over any and all other traffic which will interfere with everyone’s else’s Internet connections. So if your video stream suddenly drops to 480p for no reason (wired connection, no bad weather) it’s probably because someone in your neighborhood decided to watch something via Comcast’s streaming service.

My work says I’m a, “security architect II”. I believe he physical world manifestation of that would be… the guy that plans where the security guards should stand? Actually, I’m “II” so I’m probably more like the guy who gets escalated to when the guys that do do that need help 🤷

Never say never. AI is generating code from your code.

Yeah, that’ll get me the job but it’ll still have the same problem: Only getting paid to have knowledge of just one thing.

Companies don’t hire generalists that can get a lot of different work done. They hire specialists that are like cogs in a machine. That way they’re much easier to replace and a lot cheaper too.

a foundational understanding of how things work

Yeah! Kids these days are learning (in school) all about containers, service discovery, AWS, production deployment strategies, password vaulting solutions, cryptographic key/password management, and most importantly: politically defensive email practices.

Oh wait: No they aren’t, LOL.

I just interviewed dozens of fresh (CS) college grads a few months ago and only one of them even knew what SSH was let alone anything remotely resembling basic command line stuff, Linux skills, or any of the above mentioned things.

They sure could write a mean linked list though! 😁