• 14 Posts
  • 63 Comments
Joined 1 year ago
Cake day: June 17th, 2023
  • kristoff@infosec.pubOPtocybersecurity@infosec.pubapps .. repo or not
    2·
    3 days ago

    Well, in principe I do not see that much different between ‘curl | bash’, ‘sudo apt-get install’ or installing an app on your phone. In the end, it all depends on trust.

    Considering how complex software has become and on how many libraries from all over the internet any application that does more then ‘hello world’ depend, I do not see how you can do if you are not prepared to put blind trust into some things.

    Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?

  • kristoff@infosec.pubOPtocybersecurity@infosec.pubapps .. repo or not
    1·
    3 days ago

    The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?

    And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)

  • kristoff@infosec.pubtoTechnology@lemmy.mlX to close operations in Brazil 'effective immediately'
    21·
    5 days ago

    One of the basic elements of a democracy are three branches. In fact, democracy is an inherent instable system where these three branches must keep eachother in check. A natural concequence thereof is that every one of these three branches has the right to conduct and lead investigations.

    That the courts can act proactive or reactive is more a cultural element then a core element of democracy. There are quite some countries where judges are part of the investigative process and can unilateral.

    As Brazil, as a number of other countries in Latin America, has been in the situation in the past that both the gouvernement and the parlement are controlled by people with a … euh … not so good reputation on their democratic values, a judicial branch that acts in a more proactive manner should not be that IMHO unexptected.

  • kristoff@infosec.pubtoTechnology@lemmy.mlX to close operations in Brazil 'effective immediately'English
    11·
    4 days ago

    Here there are two issues: free speech and the judicial system in Brasil. I’ll reply to the later in a different mail.

    The freedom of speech is the result of democracy. No democracy, no freedom of speech. It is also inherent part of the democractic process.

    On the other hand, it is not the only element of a democracy. and it can also be used against these other elements?

    My question to you: can you use a fundamental freedom, granted to you by the fact you line in a democracy, to attack democracy?

  • kristoff@infosec.pubOPtoLinux@lemmy.mlbasic UI programming in linuxEnglish
    2·
    7 days ago

    Hi,

    Just to put things into perspective.

    Well, this example dates from some years ago, before LLMs and ChatGPT. But I agree that the principle is the same. (an that was exactly my point).

    If you analyse this. The error the person made was that he assumed an arduino to be like a PC, … while it is not. An arduino is a microcontroller. The difference is that a microcontroller has resources that are limited: pins, hardware interrups, timers, … An addition, pins can be reconfigured for different functions (GPIO, UART, SPI, I2C, PWM, …) Also, a microcontroller of the arduino-class does not run a RTOS, so is coded in “baremetal”. And as there is no operating-system that does resource-management for you, you have to do it the application.

    And that was the problem: Although resource-management is responsability of the application-programmer, the arduino environment has largly pushed that off the libraries. The libraries configure the ports in the correct mode, set up timers and interrupts, configure I/O devices, …And in the end, this is where things went wrong. So, in essence, what happened is the programmer made assumption based on the illusion created by the libraries: writing application on arduino is just like using a library on a unix-box. (which is not correct)

    That is why I have become carefull to promote tools that make things to easy, that are to good at hiding the complexity of things. Unless they are really dummy-proof after years and decades of use, you have to be very carefull not to create assumptions that are simply not true.

    I am not saying LLMs are by definition bad. I am just careful about the assumptions they can create.

  • kristoff@infosec.pubOPtoLinux@lemmy.mlbasic UI programming in linuxEnglish
    4·
    10 days ago

    As a sidenote. This reminds me of a discussion I haver every so often on “tools that make things to easy”.

    There is something I call "the arduino effect:. People who write code for things, based on example-code they find left and right, and all kind of libraries they mix together. It all works … for as long as it works. The problem is what happens if things do not work.

    I once helped out somebody who had an issue with a simple project: he: “I don’t understand it. I have this sensor, and this library… and it works. Then I have this 433 MHz radio-module with that library and that also works. But when I use them together. It doesn’t work”| me: what have you tried? he: well, looked at the libraries. They all are all. Reinstalled all the software. It’s that neither me: could it be that these two boards use the same hardware interrupt or the same timer he: the what ???

    I see simular issues with other platforms. GNU Radio is a another nice example. People mix blocks without knowing what exactly they do.

    As said, this is all very nice, as long as it works

    I wonder if programming-code generated by LLMs will not result in the same kind of problems. people who do not have the background knowledge needed to troubleshoot issues once problems become more complex.

    (Just a thought / question … not an assumpion)

  • kristoff@infosec.pubOPtoLinux@lemmy.mlbasic UI programming in linuxEnglish
    3·
    10 days ago

    To be honest, I have no personal experience with LLM (kind of boring, if you ask me). I know do have two collegues at work who tried them. One -who has very basic coding skills (dixit himself) - is very happy. The other -who has much more coding experience- says that his test show they are only good at very basic problems. Once things become more complex, they fail very quickly.

    I just fear that, the result could be that -if LLMs can be used to provide same code of any project- open-source project will spend even less time writing documentation (“the boring work”)

  • kristoff@infosec.pubOPtoLinux@lemmy.mlbasic UI programming in linux
    7·
    10 days ago

    Wauw! So many answers in such a short time. Thanks all! 👍 (I will not spam the channel by sending a thank you to all but this is really greatly apriciated)

    Concerning ncurses. I did hear of it but never looked at it myself. What is not completely clear for me. I know you can use it for ‘low-level’ things, but does it also include ‘high-level’ concepts like windows, input fields and so?

    The blog mentioned in one of the other posts only shows low-level things.