creesch's recent activity

  1. Comment on Folding bike recommendations in ~transport

    creesch
    Link Parent
    Fair enough, certainly for the public transport role folding bikes are excellent. Bringing it back to the US is also pretty valid. One last thing I'd like to raise is "why not both?". Of course,...

    Fair enough, certainly for the public transport role folding bikes are excellent. Bringing it back to the US is also pretty valid.

    One last thing I'd like to raise is "why not both?". Of course, this entirely depends on your budget and living arrangements. It might even be my Dutch bias here, but most people here with a folding bike also have a regular bike. Simply because a regular city bike is much more convent for grocery shopping, chaining to something when you can't bring it inside, etc.

    You'd also be surprised how easy it is to just take the bike for slightly longer distances and just skip public transport entirely. Again, this might be just my Dutch bias shining through again. Basically, for in city travel, a lot of us just use bikes.

    I am not familiar with the French second hand bike prices, but I can't imagine that a decent second hand city bike will cost more than 100 euros.

  2. Comment on Zilog discontinues production of original Z80 processor after 48 years in ~tech

  3. Comment on Folding bike recommendations in ~transport

    creesch
    Link
    I am sure you gave it some proper consideration. But, just as a sanity check, why a folding bike specifically? Folding bikes can be great if you use a lot of public transport where the last mile...

    I am considering buying myself a folding bike for my time there.

    I am sure you gave it some proper consideration. But, just as a sanity check, why a folding bike specifically? Folding bikes can be great if you use a lot of public transport where the last mile is not covered. But, in general as bikes, they kind of suck.

    So if you are intending to generally get around on a bike (it looks like Bordeaux has pretty decent biking infrastructure) I'd go for a regular bike. And by regular bike, I mean something along the lines of what we in the Netherlands call city bikes.

    1 vote
  4. Comment on Asking neighbors to turn down noise in ~life

    creesch
    Link
    I am thinking that you are overthinking it ;) As others said, you handled it absolutely fine and reasonable. In addition to that, birthday or not after 12 you can expect neighbors to want to...

    Thinking maybe I should have let it slide regardless of whether it was their birthday or not

    I am thinking that you are overthinking it ;) As others said, you handled it absolutely fine and reasonable.

    In addition to that, birthday or not after 12 you can expect neighbors to want to sleep. Most municipalities in my country even have specific noise ordinances that dictate until what time you reasonably can still make noise. Needless to say that after midnight is well after the cutoff time most of them use.

    5 votes
  5. Comment on Ugly characters in video games in ~games

    creesch
    (edited )
    Link
    I am not quite sure if this is actually something new or even a large enough group of people to warrant giving that much attention. As long as I can remember (20+ years) there have been people...

    I am not quite sure if this is actually something new or even a large enough group of people to warrant giving that much attention. As long as I can remember (20+ years) there have been people with socially stunted misogynistic traits complaining about female characters in video games. They can be very vocal, but generally speaking also seem to be a minority.

    Having said that, calling out that sort of bullshit is fine. So nothing against the video in that regard.

    11 votes
  6. Comment on When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate in ~comp

    creesch
    Link Parent
    That's not really what I was trying to convey though. I am saying that it isn't all that surprising that a LLM can get pretty far in this area as long as the training data contains enough...

    That's not really what I was trying to convey though. I am saying that it isn't all that surprising that a LLM can get pretty far in this area as long as the training data contains enough information about the exploits. This being a generic model (multiple actually if you read the paper), is probably what actually allows it to be successful. Because the internet is full of information about CVEs and how to exploit them. So this is only news worthy, imho, if a LLM managed to do this on CVEs beyond their training data cutoff.

    It isn't all that far removed from other technical tasks they are already being used in.
    So when you say that they amplify the capabilities of your average script kiddy. Yes, but that was already the case and this paper potentially doesn't point out anything new.

    and who knows what it could do for state/corporate actors.

    Not much? I highly recommend you at least check out paragraph 5.3 from the paper :)

    6 votes
  7. Comment on When provided with CVE descriptions of 15 different vulnerabilities and a set of tools useful for exploitation, GPT-4 was capable of autonomously exploiting 13 of which, yielding an 87% success rate in ~comp

    creesch
    Link
    Potentially interesting, but potentially also not interesting at all. I didn't read the entire paper so I might have missed it while skimming. I don't see training data and cutoff dates for the...

    Potentially interesting, but potentially also not interesting at all. I didn't read the entire paper so I might have missed it while skimming. I don't see training data and cutoff dates for the LLMs being taken into account. Similarly, I don't see them taking into account how old the CVEs are, how much information is available on the internet about exploiting them, etc.

    Looking at paragraph 5.3 where they remove the CVE descriptions, I get a strong sense that part of the success is how much information about the CVEs was present in the set of training data for the models.

    12 votes
  8. Comment on Chrome/Firefox Plugin to locally scrape data from multiple URLs in ~tech

    creesch
    (edited )
    Link
    edit: What are you using this for? I might be reading too much into this, but your only other interaction on Tildes so far has been one highly specific other question, which you seem to have...

    edit: What are you using this for? I might be reading too much into this, but your only other interaction on Tildes so far has been one highly specific other question, which you seem to have scrubbed clean of your comments and contents yesterday. Combined with the subject and that you seem to be scraping phone numbers (based on your example) does make me question the involved motives.


    What sort of scraping are you looking for? I assume you are looking at something that only fetches specific information from specific bits of a page, not just the entire website?

    Looking at scrapy.org, it seems to do what is minimally needed there, defining what css selectors to use and what data to fetch. I haven't looked at the other offerings, but I am guessing they over a nice GUI type thing for that aspect, as you didn't mention it. Which actually is one of the more important requirements if I had to guess.

    It also severely limits your options, tooling offering this sort of GUI likely is service based. Not only does it require quite a bit of extra work to implement such a GUI, they also need to account for a variety of other things like banners in the way, etc. And, to be frank, most other people go for the slightly more technical approach as there is no lack of options there. Scrapy is highly specific, but any test framework can also be used for scrapping. Often you see people using playwright for this or selenium webdriver for their favorite language.

    All of this is basically a long-winded way of me saying that you are likely stuck with service/cloud based offerings. Unless you put in a bit of extra time and effort in learning the very basics of css, html and a tiny bit of python (for scrapy).

    tl;dr Can't have your cake and eat too. Your options are basically paying for a low friction non-technical solution or put in the time and effort and do it for free.

    13 votes
  9. Comment on FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price in ~tech

    creesch
    (edited )
    Link Parent
    I wasn't referring to discord as shady. I was saying that I don't think discord being indexed is necessarily a bad thing, if it was done by a different company than the shady one mentioned in the...

    I wasn't referring to discord as shady. I was saying that I don't think discord being indexed is necessarily a bad thing, if it was done by a different company than the shady one mentioned in the article.

    The rest of what you said I think is a bit more complex than just saying it comes down to UI and such. A venture capital backed service can offer a lot for "free" to undercut what is already there.

    edit: I also want to make it clear that I believe this in the context of discord servers that are effectively publicly accessible anyway. Not ones that are actually intended to be private.

    15 votes
  10. Comment on FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price in ~tech

    creesch
    (edited )
    Link
    Maybe a bit of a hot take, they are very likely not the first ones to do so just the most public ones. Moving on to an actual hot take, for a lot of the forum style discords I just wish the...

    Maybe a bit of a hot take, they are very likely not the first ones to do so just the most public ones. Moving on to an actual hot take, for a lot of the forum style discords I just wish the indexing wasn't done by such a shady company. When we are just talking chat I can sort of reason it out that there is no need to have that show up in google results or always be public. IRC wasn't and the same has generally been true for most chat type media.

    But now Discord has moved into forum style channels, I do believe it to be harmful for an open internet where you can find information more easily.

    16 votes
  11. Comment on Help me re-learn how to write, understand the nuances of writing, be a good writer in ~creative

    creesch
    Link Parent
    I guess by starting to read the literature on this ;) More broadly speaking: When reading text of others, do it not only with the intent of reading the message. Try to also be really aware of how...

    How do you think should I approach this?

    I guess by starting to read the literature on this ;) More broadly speaking:

    • When reading text of others, do it not only with the intent of reading the message. Try to also be really aware of how they write, what that does to how you might perceive the message.
    • Experiment with different styles of writing. Write something with the same information in different styles to see what the effect is. For example, write how you normally would and then rewrite it to be really informal.
    • Determine before you start writing who your audience is. Focus on things like their pre-existing knowledge on the subject you are writing about, their expected reading level in general, etc.
    • Find a variety of ways to get feedback on what you write. Tildes might be an okay place to gather feedback. There likely are also other communities out there that can help you gather feedback.
    2 votes
  12. Comment on Help me re-learn how to write, understand the nuances of writing, be a good writer in ~creative

    creesch
    Link Parent
    When you do explore reading the writing of other writing, you might want to focus on different writing styles as well. Not just the difference, but being aware of the audience they are targeting....

    When you do explore reading the writing of other writing, you might want to focus on different writing styles as well. Not just the difference, but being aware of the audience they are targeting.

    Being able to adjust and even switch writing styles also does make you a stronger writer in general.

    For example, your English as written here is quite good and articulated. It is also a bit on the formal side, and you clearly enjoy putting your lexicon to work. Which in itself isn't really an issue in this specific context of this post. But it might be an issue if you are actually targeting a wider audience. A simple example would be when interacting in a different context on Tildes, but also when writing an article for certain audiences.

    On more addition, a book I have seen people recommend a few times is On Writing Well which goes into a lot of this in more detail. I have to be honest there, I haven't read it myself.

    2 votes
  13. Comment on Can noise canceling headphones be effective against non continuous noise such as music? in ~tech

    creesch
    Link Parent
    Fair enough, this might indeed be personal as I'd say my experience is different. If I have to reason it out a bit more, I'd say that, to me, it comes down to ANC letting some things through...

    Fair enough, this might indeed be personal as I'd say my experience is different. If I have to reason it out a bit more, I'd say that, to me, it comes down to ANC letting some things through fairly loudly. Where with passive noise-cancelling even if it can't remove the sound entirely, at the very least it will be reduced greatly.

    1 vote
  14. Comment on What actually-useful questions should someone ask when hiring a cybersecurity professional? in ~comp

    creesch
    Link
    I am going to guess that you aren't hiring into a vacuum. Meaning that the company already has technical people on their payroll. Sysadmins, developers, etc. While they aren't security experts,...

    I am going to guess that you aren't hiring into a vacuum. Meaning that the company already has technical people on their payroll. Sysadmins, developers, etc. While they aren't security experts, their knowledge does overlap in quite a few areas. More so than yours as a manager. So even if you are provided with good questions to ask here, you very likely still lack the experience needed to validate the answers.

    So my advice would be to involve a few people from technical roles. Either in an active role where they also ask questions or in a more passive role where they sit in to validate the answers.

    This post actually serves as a concrete example. Specifically the way you introduced it, because "a technical cybersecurity job" is about as broad as it gets. So you are also going to get very broad and general suggestions here or very specific advice based on the assumptions people made. If the job description people respond to is as a non-specific as well you likely are going to be dealing with a similar issue. In fact, it increases the changes of attracting people who are smooth talkers (I guess social engineering is security related...) but lack on the technical side.

    So, to even take a step back, I'd also first work on making the job requirements more specific. Ideally, by involving various technical people already on the company payroll.

    • Are you looking for someone responsible for overall security in IT related processes?
    • Are you looking for someone actively looking for vulnerabilities in your IT infrastructure?

    Both are cybersecurity experts, but require different kinds of people.

    11 votes
  15. Comment on AI and the end of writing in ~tech

    creesch
    Link Parent
    That does highly depend on the subject and the sort of questions you do ask them. But, in the context of complex tasks, you are probably right. I still think LLM's are really great tools. I use...

    I get the impression that these things give bad information >90% of the time.

    That does highly depend on the subject and the sort of questions you do ask them. But, in the context of complex tasks, you are probably right.

    I still think LLM's are really great tools. I use ChatGPT and the OpenAI api on a daily basis. But mostly as a tool in my tool belt where I am fully aware of the limitation and make sure to only ask it for things I have enough domain knowledge myself to validate the outcome. More detailed comment I wrote a while ago about it.

  16. Comment on Can noise canceling headphones be effective against non continuous noise such as music? in ~tech

    creesch
    (edited )
    Link
    Active noise-cancelling headphones can work quite well to reduce noise. Specifically, Sony and Bose do quite well there (personally, I can only vouch for Sony). Having said that, they work best...

    Active noise-cancelling headphones can work quite well to reduce noise. Specifically, Sony and Bose do quite well there (personally, I can only vouch for Sony).

    Having said that, they work best filtering out continuous noise. As far as music goes, it really depends on the sort of music, proximity, etc. For example, continuous bass through walls they might be able to filter out quite well. While more dynamic music in the same room provides some issues.

    The same with talking, a mass of people talking gets filtered, no problem. Then the one person with a loud, distinct voice in that same mass of people might not be filtered at all, making them stand out more.
    I have had instances in public transport where I turned off active noise-cancelling because of this.

    One thing that stood out to me in your post

    I already have the best ear muffers money can buy in my country

    Active noise-cancelling is never going to be better than very good passive noise-cancelling. I also know from personal experience with much milder tinnitus that when it does flair up (mine is not always the same) I tend to be less able to ignore sounds that distract/annoy me more.

    The way active noise-cancelling works also means there is sort of a "pressure" on your ears. In some headsets, sometimes even a very faint "hiss".
    This can, for me, make prolonged use of active noise-cancelling a bit fatiguing.

    8 votes
  17. Comment on Can noise canceling headphones be effective against non continuous noise such as music? in ~tech

    creesch
    Link Parent
    It should be noted that these are in-ears, so likely do not work due to OPs requirement. Having said that, the noise-cancelling on Sony products is indeed very good.

    It should be noted that these are in-ears, so likely do not work due to OPs requirement. Having said that, the noise-cancelling on Sony products is indeed very good.

    5 votes
  18. Comment on Texas is replacing thousands of human exam graders with AI in ~tech

    creesch
    Link Parent
    Sure, that might work. It also isn't how it is being employed here.

    Sure, that might work. It also isn't how it is being employed here.

  19. Comment on Creating an official politics group? in ~tildes

    creesch
    (edited )
    Link Parent
    Hah, that would be the rarest of occurrences. :D

    Hah, that would be the rarest of occurrences. :D

    2 votes