And despite security recommendations, too many IT depts still force password resets every 90 days…

It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.

So yeah, the reason behind this might not be just plain incompetence.

All the while they uphold objectively-racist comments despite several reports. Fucking weird.

I mentally checked out of reddit when I got a comment deleted and a 3-day sitewide ban for saying:

“It is always OK to punch a Nazi.”

It was a literal comment, not figurative, nothing was being compared, etc. Just a straight statement about actual past and present-day Nazis. Ban.

The 3rd-party app fiasco happened a couple of weeks later, and that was the second sign that I needed to GTFO.

Well you see, finding a way to reliably deliver ads via the API would have taken far too much developer brainpower for a company that can’t make a functional video player or a mobile app

It honestly wouldn’t be that hard at all. You deliver ads via the API alongside actual posts, as if they are an actual post, and forbid altering them in the developer ToS. If you want to be anal about enforcement, run popular 3rd-party apps in an emulator to verify that the JSON returned by the site is unaltered when it’s rendered in the app. You could put this together in a weekend.

Which really just speaks to quality of talent at reddit, or the management at reddit suppressing that talent. Or both.

His mind’s gonna be blown when he finds out about Mode averages.

Yep. I’m not making a proclamation, just stating an opinion. I don’t have a problem with what they’re doing, and if other people do, that’s fine. Some people like their cucumbers pickled, let them have their pickle.

I actually wouldn’t be surprised to see it go open source in the future, Microsoft has been doing that a lot recently, like VScode and the whole of .NET and friends like PowerShell. Pretty much the only things worthwhile from Microsoft are already open source, except Copilot.

My feelings on the subject is that they don’t live nearly long enough to not give them a simple pleasure like sleeping with their people.

Even when he wakes me up at 4am because his paws must be licked for 20 minutes.

Or when he wakes me up at 5am whining to get under the covers.

Or when he sleeps like this, which is all the time:

My feelings on the subject is that they don’t live nearly long enough to not give them a simple pleasure like sleeping with their people.

Even when he wakes me up at 4am because his paws must be licked for 20 minutes.

Or when he wakes me up at 5am whining to get under the covers.

Or when he sleeps like this, which is all the time:

Future incidents probably will still happen

It’s not a question of if, but when. The only secure computer is one that’s a mile underground, encased in concrete, and with no network connection.

And even then, it’s still not a 100% safe bet.

Copilot was trained on copylefted code while itself being closed. What was brought to attention by @[email protected] isn’t efficacy, but Microsoft’s lack of ethics and social responsibility when it comes to their bottom line.

I honestly don’t have a problem with that. Everything that it was trained on is publicly-available/open-source code, and I’m not aware of any license that requires you to distribute your modifications if you don’t make modified binaries publicly available, not even GPL. And even then, you’re only required to make available the code that was modified, not related code. And I don’t even think that situation would apply in this case, since nothing was modified, it was just ingested as training data. Copilot read a book, it didn’t steal a book from the library and sell it with its name pasted over the original author’s.

This isn’t really any different of a situation than a closed-source Android app using openssl or libcurl or whatever. Just because those open-source libraries were employed in the making of the app doesn’t mean that the developer must release the source for that app, and it doesn’t make them a bad person for trying to make money from selling that app. Even Stallman is on board with selling software.

And even if you take all that off the table, you’re free to do the exact same thing and make a competitor. Microsoft didn’t make their own language model, they’re using a commercially-available model developed by OpenAI. There’s literally nothing stopping anyone else from doing this as well and making a competing service called “Programming Pal” and making their code open-source. In fact, it’s already been done with FauxPilot and CodeGeex and the like.

So yeah, I really don’t have a problem with it. This ended up a lot longer than I had originally thought it would, sorry for the novel.

Because we have some contracts that stipulate any data related to the project, including secrets/credentials, must remain on-site, and in some cases, on an air-gapped network. Doesn’t make sense to spin up something else to manage those secrets when Bitwarden can do it all and satisfy the requirements of those contracts.

Github Copilot is worth the money. I’ve had it finish out functions for me after just a few lines. There’s usually an error or two, but the consistency with which it can predict what I’m doing or trying to do is pretty impressive.

I pay for it just because it’s cheap and to support them

I did this too when it first came out, and then the product became robust enough that I recommended we implement it at work because secrets management was non-existent. We have a bunch of licenses on the Enterprise plan now and it just keeps getting better each update.

My only complaint is that migrating the data to a new server is a pain in the ass and never works correctly, even when following the migration instructions to the letter. Always have to open a ticket with them for that. Not enough of a pain to move to another product, though.

I also still pay for my personal plan. It really is a fantastic product.

We’ve known about the principle since 1856, and have known about its possible impact since 1896.

I think that this line of reasoning becomes less and less tenable when things like Swagger exist.

I just wished the Lemmy API docs were better lol.

Finnegans Wake makes more sense than Lemmy API docs. Even calling it “documentation” is a stretch.

I literally had to clone the Lemmy git repo and read the source code to find the implementation of an API endpoint and see how it worked for a script that I was writing.

👍

Fantastic list, thanks.

Is this really that useful though?

It’s very useful if you don’t use a password manager and/or reuse passwords.

The most useful part about it to me is the API. You can tie it in to Active Directory to blacklist all hashes that appear in any breach, plus expire/force a password change if any user on your domain uses a password that has been in a breach. It completely eliminates that vector from threat actors immediately.

So yeah, I would call this intensely useful.

I still use reddit for researching problems at work, but that’s it.

Man I loved Encarta. I would spend hours in that shit just going through random stuff.