Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)B

Buddahriffic

@ Buddahriffic @lemmy.world

Posts
0
Comments
2577
Joined
3 yr. ago

  • A remote code execution vulnerability has been found in Microslop Notepad

    Jump

  • Yeah, windows came from a different era where if you're seeing a new exe, it's because you put a disk in the drive and explicitly navigated to it. Speaking of which, this isn't even the first time that convenience ended up opening up a wide security hole because they handled CDs differently and added an autoplay feature that would check the disk for autorun.exe and just run it if autorun was enabled. I started disabling it after word about sony's rootkits got out but have been appalled to see it enabled by default still ever since then.

    I was one of the few that appreciated UAC when it was there and kept it on one of the stricter settings. I'd rather my PC ask than assume, but people bitched about it so they weakened it and eventually just got rid of it entirely I think?

    Though a permissions setup would be even better. I didn't like that UAC was an all or nothing prompt, plus it didn't give any details about what a program wanted to do. Are you asking because this program is trying to create a new directory in program files or because it wants to replace system32 dlls with its own versions?

    It's an area even Linux can improve in (though probably depends on flavour). I like the android permissions model, where there's various actions and you can allow or deny categories (though GrapheneOS does it even better by also sandboxing everything). I'd love to see something like that for my desktop, where apps are free to save files but can't touch files that aren't their own unless an explicit share is set up, where I might want one app to have network access and no disk access and another to have the opposite. I'd love to be at a state where I could just run any executable from the internet because I know that my OS won't let it fuck anything up other than its own address space. Hell, could even dedicate a core to monitoring apps to detect if one breaks out of its sandbox without my explicit permission (while the OS also doesn't use that to enforce the desires of other developers over my own).

  • DIY

    Jump

  • It might be sufficient if the case airflow is good. Not sure if you could avoid any heat throttling that way, but I'd guess it wouldn't need to shut down because of heat.

  • DIY

    Jump

  • This one is even worse than just removing the CPU cooler, because that cooler is now blocking the hot air from leaving the case via the rear fan.

  • DIY

    Jump

  • No, they pulled the cooler off thr CPU and decided to use it to block airflow entirely to the CPU case fan. Best guess is that they are trying to build an expensive smart oven.

  • DIY

    Jump

  • Back in the 00s, a story about CPUs getting so hot they'd start on fire went viral. In it was a video of someone removing the cooler while it was running and then a few seconds later a flame appears.

    On the one hand, obviously you shouldn't remove your CPU cooler while it was running.

    But on the other hand, fans and mounts can fail, so this was still a risk even for people who were smarter than removing the cooler entirely.

    It prompted CPU makers to add thermal protections that started out as "if CPU hits threshold, cut power", but over time more sophisticated heat management was integrated with more sophisticated performance and power management.

    So these days, if you aren't sufficiently cooling your CPU, it won't die much quicker, instead it will throttle performance to keep heat at safe levels. OP would have gotten better performance out of it after removing that plastic. Assuming it was CPU bottlenecked in the first place. Things like RAM choice and settings can make it a moot point because the RAM can't keep up with the CPU at 100% power anyways.

  • DIY

    Jump

  • That "we" isn't global. Some called it "the CPU", some called it "the hard drive", some made fun of those two groups for not knowing what they were talking about.

  • Is Windows FOSS now?

    Jump

  • I believe it was a product of the earlier conflict between copyright owners and AIs on the training side. The compromise was that they could train on copyright data but lose any copyright protections on the output of the AI.

  • TV remotes should have an easy-to-find (by touch) "volume toggle" button that toggles between two volume settings.

    Jump

  • If a director's vision involves either potentially disturbing neighbours or not being able to understand dialogue, fuck their vision. I'd much rather my devices be controlled by what I want, not anyone else's desires.

    And the existence of idiots doesn't mean everything needs to be limited so that the idiots won't screw themselves. We exist in an age where if you don't understand something, you can easily look up information about it. Enshittification might ruin that over time but it hasn't done so yet. And it can be designed in a way that can make it easier to figure out. Don't stick it deep in the settings, make it easy to find in "volume settings" or "audio settings" with preset options that cover common sound system setups. If such a system were common, then plenty of people will learn it and know what's up when grandma's TV only plays the music track very loudly (which actually might be kinda nice if you just have the TV playing for background noise).

  • A remote code execution vulnerability has been found in Microslop Notepad

    Jump

  • I can't think of any good reason why links opened via notepad should be treated as trusted. Or any remote exe being treated as trusted regardless of what program is trying to open it, including the windows app store. If anything, the default behavior should be to download the file or open a prompt. I'd call that the second flaw.

    Glad to be away from that platform.

  • Password123!

    Jump

  • On yeah, the little mouse puzzles. I always figured it wouldn't be that hard to give cursor movement a more natural curve, just give it an interpolation that clamps the first 3 derivatives of position and adds jitter and a little overshoot and correction or clamps the derivatives even harder at the end to mimic slowing down for precision.

  • Password123!

    Jump

  • I'd say countdown to programs that pretend to be webcams and display an AI video of the requested action has started but I bet at least someone has already done it. And then the arms race between actions to be requested and what AI can do will start until eventually passing the test will be a fail because the actions requested are either too difficult for humans to understand or too difficult for humans to perform, at which point AIs will be trained on knowing the physical limitations of humans.

    This will come in handy for when they get tired of our shit.

  • We've all met this DM

    Jump

  • Personally, one of the reasons I mostly play solo video games is so that if I feel like taking a break, I can do so without affecting anyone else or needing to wait until everyone is ready for a break. Sometimes I think I want to play a game and then am just not feeling it a few mins in. Or I'll be really into a game for months and then just drop it when that obsession passes.

    Playing together is a big commitment!

  • Let's take a moment to remember the time period when everyone had to adjust to using dual-joysticks on controllers.

    Jump

  • Ah so I might be able to do it with 3 just with what I have already but need a Wii and brawl, which is the one I'm missing from the three systems (have melee and the wii u one but not the wii smash bros lol).

    Thanks for taking the time to write that, it's a lot more info than I was expecting!

  • I Started Programming When I Was 7. I'm 50 Now and the Thing I Loved Has Changed

    Jump

  • I'm one of those the fits in both categories. I've been blown away by what these AI agents are capable of. I've "written" a bunch of scripts that involve parsing and generating code for another tool to consume and it's been able to take over the tedious parts, like writing a function to parse the parameters out of this code, then follow the code it goes into and extract the relationships between the parameters and recreate them another way. It's something I could write the code for, but that code will be mostly undocumented, will contain "quick version that I'll come back later and fix up (but I never get to it because if it works, there's other more productive things to do)", plus some debug code that I'm not sure if I'll need again so it's just there so I can uncomment it instead of writing it again. Not to mention all the typos and sloppy errors along the way that may or may not be easy to find later during compile and testing.

    I consider myself a competent coder. AI makes me better, more focused and less sloppy. But that said, my prompts reflect that. I understand that these models aren't really programmers but just correlation engines that have been trained on a ton of programming material. It can tell you the traveling salesman problem is NP but won't necessarily realize that the problem you've asked it to solve is equivalent to the traveling salesman problem. It will happily spit out an identical function to one it did before, just with name differences that are specific to the current thing it is doing rather than just calling the same function. It will pick the least efficient way to do some things. It's not a problem solver, it's a solution predictor, which sounds better but isn't.

    So I consider them more like force multipliers rather than adders. If you have the skills, I believe you could use an LLM to make anything (as a development cycle, not "spits out perfect implementation first try"), but if you don't have the skills, you'll struggle a lot even on fairly basic shit simply because you don't how to direct the LLM properly.

    But I still watch it produce code with a mixture of awe and fear. I don't think the above will be true forever. Maybe not even for the rest of the 20s.

  • Let's take a moment to remember the time period when everyone had to adjust to using dual-joysticks on controllers.

    Jump

  • Oh wow, just looked it up and the description is even better because it was intended to give the games mouse look controls, which IMO is superior to even dual stick for fps. Like set up a mouse and keyboard for a console fps that supports it and it's like easy mode because you can aim much more quickly.

    Guessing you need to bring your own ROMs (I wonder if I can rip my GCN discs with a blueray reader). Though to clarify, is this for the GCN versions or one of the other ports/remasters? I've got 1 and 2 for GCN and 3 for Wii.

  • a very tasty snack

    Jump

  • Oh is that why people say you wouldn't like hot dogs if you saw how they were made, because they are just spam in tube form?

  • Let's take a moment to remember the time period when everyone had to adjust to using dual-joysticks on controllers.

    Jump

  • No, I haven't tried that. How is it? As awkward as those controls were, they also feel like a core part of the game, so I'm feeling oddly both attracted and repulsed by the idea. But I'll look into it, thanks for making me aware if it!

  • a very tasty snack

    Jump

  • "If you're not a fan, bam! Drop a few used matches in that can and it will taste less like plain ol spam!"

  • A remote code execution vulnerability has been found in Microslop Notepad

    Jump

  • Can you elaborate a bit on how notepad following a link can result in running arbitrary code? Cause it sounds more like a second vulnerability is involved, because a text editor following a link still shouldn't result in running whatever code is on the other side of the link.

    Though it is a privacy issue on its own, just like a tracking pixel or images in emails.

    I'm also curious what the actual use case is for having a link that notepad automatically follows on load in markdown. Or why they got rid of wordpad (their default rich text editor) and put it into notepad (their plain text editor), ruining one of the reliable things about notepad: it would just show you the actual bytes of the file, whether it was text or not, kinda like a poor man's hex editor (just without the hex).

    Makes me wonder if eventually opening an html file in notepad will make it render it like a browser. "Back in my day, we edited html in notepad instead of browsed it!"