starchturrets's recent activity
-
Comment on Computer savvy people of Tildes, do you have any advice re setting up a new MS Windows personal computer? in ~tech
-
Comment on Computer savvy people of Tildes, do you have any advice re setting up a new MS Windows personal computer? in ~tech
starchturrets Will it be on Windows Home or Pro?Will it be on Windows Home or Pro?
-
Comment on Should I use third party firewall or antivirus on Windows (or elsewhere)? Which one? in ~tech
starchturrets No. Stick to common sense + downloading stuff from winget, which as I understand it has a lower chance of having outright malware slip into it (compared to search engine results which have been...Should I use 3rd party firewall or antivirus on Windows (or elsewhere)? Which one?
No. Stick to common sense + downloading stuff from winget, which as I understand it has a lower chance of having outright malware slip into it (compared to search engine results which have been gamed in the past). Also, don't click on weird files and consider using security features such as smart app control or windows sandbox.
-
Comment on Messaging programs: which is better privacy - browser versions or dedicated apps? in ~tech
starchturrets It's a tradeoff. Webapps tend to be better sandboxed than their native equivalents on desktop, and you also don't need to worry about falling back on electron/chromium versions. On the other hand,...It's a tradeoff. Webapps tend to be better sandboxed than their native equivalents on desktop, and you also don't need to worry about falling back on electron/chromium versions.
On the other hand, it does lead to issues with end to end encryption where the server could serve you (as in you specifically) backdoored JS, whereas with a native app it would have to be sent to all users, increasing the likelihood of detection. I believe this is also the reason why Signal does not have a webapp, though their own desktop app has issues like disabling the electron sandbox entirely.
Ironically, Meta has deployed mitigations for this, and their windows app is one of the few to actually work within the currently supported app sandboxing.
-
Comment on It looks like Facebook will be forcing me to switch to Messenger. What are my options? in ~tech
starchturrets Technically I think you can send messages through mbasic.facebook.com but that’ll be a pain at best.Technically I think you can send messages through mbasic.facebook.com but that’ll be a pain at best.
-
Comment on Many temptations of an open-source browser extension developer in ~tech
starchturrets ...And this is why I only have Ublock Origin Lite installed, with site access granted only to sites that really need it (like Youtube)....And this is why I only have Ublock Origin Lite installed, with site access granted only to sites that really need it (like Youtube).
-
Comment on Google seems to be running OCR on photos in my Gmail. Is this happening to you too? in ~tech
starchturrets Respect privacy? If it weren’t enabled, Google would still have your unencrypted photos anyways. I don’t see how it would change anything.Respect privacy? If it weren’t enabled, Google would still have your unencrypted photos anyways. I don’t see how it would change anything.
-
Comment on New motherboard likely has corrupted BIOS, USBs have no power in ~tech
starchturrets This would not be the first time a BIOS update has bricked HP machines. You might wanna look into getting one of those clip on BIOS flashers, if all else fails.This would not be the first time a BIOS update has bricked HP machines. You might wanna look into getting one of those clip on BIOS flashers, if all else fails.
-
Comment on What are the benefits of using Linux for the less computer competent? in ~comp
starchturrets That, I can agree with. Microsoft Support Forums are notorious for people writing eulogies to themselves without actually helping with the problem. For what it's worth, I did run into a similar...That, I can agree with. Microsoft Support Forums are notorious for people writing eulogies to themselves without actually helping with the problem. For what it's worth, I did run into a similar issue when I was dualbooting Windows 11 and Kubuntu, and was able to get past it by pulling the recovery key from my account.
-
Comment on What are the benefits of using Linux for the less computer competent? in ~comp
starchturrets Aren't the bitlocker recovery keys stored in her Microsoft Account? Unless she was using a local account, in which case I think it has to be manually enabled (not sure tho).Aren't the bitlocker recovery keys stored in her Microsoft Account? Unless she was using a local account, in which case I think it has to be manually enabled (not sure tho).
-
Comment on What are the benefits of using Linux for the less computer competent? in ~comp
starchturrets Not necessarily - Microsoft gave up on forcing microsoft store apps to be sandboxed as UWP apps, though it seems they're having another go at it with win32 app isolation. Your example of whatsapp...On windows, sandboxing only applies for apps installed via the MS store, which most don't even use, and even then not all apps are guaranteed to be sandboxed. If you take the whatsapp desktop app for example, it has the following permissions:
Not necessarily - Microsoft gave up on forcing microsoft store apps to be sandboxed as UWP apps, though it seems they're having another go at it with win32 app isolation. Your example of whatsapp isn't the best, because if I remember correctly, it's one of the few apps that does work with the native windows sandbox, and for which permissions can be controlled in the privacy settings. I don't know where you're reading that from, but a look at the MS Store doesn't seem to show it as having the "use all system resources" permission or that access all files permission you quoted.
-
Comment on Microsoft wants to move Windows fully to the cloud in ~tech
starchturrets Microsoft has been getting more lenient about piracy with recent windows versions. Hell, there’s been an instance of Microsoft Support using a crack script.Microsoft has been getting more lenient about piracy with recent windows versions. Hell, there’s been an instance of Microsoft Support using a crack script.
-
Comment on Boring Report: An app that aims to remove sensationalism from the news and make it boring to read, by utilizing the power of advanced AI language models in ~tech
starchturrets This sounds like it would be a ripe target for prompt injection attacks.This sounds like it would be a ripe target for prompt injection attacks.
-
Comment on All five people on Titan sub dead after 'catastrophic implosion' in ~transport
starchturrets It has its share of issues and certainly isn't perfect, but I've personally found wikipedia to be a decent source to read up on such events.As a new user to the site, I've been trying to follow ongoing developments of the Greece boat tragedy. The submarine story has so completely dominated news cycles I've been really struggling to find places to follow it.
It has its share of issues and certainly isn't perfect, but I've personally found wikipedia to be a decent source to read up on such events.
-
Comment on All five people on Titan sub dead after 'catastrophic implosion' in ~transport
starchturrets You could have been thinking of the Kursk Submarine Disaster.You could have been thinking of the Kursk Submarine Disaster.
-
Comment on Megathread for news/updates/discussion of ChatGPT and other AI chatbots in ~tech
starchturrets I don't have an OpenAI account, but I have been keeping up with ChatGPT by following the discussion about it on HackerNews/Reddit. I'm aware of its tendency to "hallucinate" sources when it's...I don't have an OpenAI account, but I have been keeping up with ChatGPT by following the discussion about it on HackerNews/Reddit. I'm aware of its tendency to "hallucinate" sources when it's wrong, so I was hoping this could be mitigated by Bing's new AI mode. Unfortunately, in my testing it's been very hit-and-miss. Asking it for news can get it to talk about current events (with links to the specific articles!), but it's also mixed in with suspiciously old sounding stories citing links such as https://edition.cnn.com/world. This isn't very helpful for determining if it's making stuff up or not. I also tried to use it as a way to discover new fanfics, but it keeps getting things subtly wrong. For example, I asked it to suggest similar stories to a crossover fanfic I gave it, and out of three suggestions, two of them weren't crossovers. Which would be fine if it didn't try to claim they were, and in one case it linked to a Mass Effect story claiming it contained characters from Halo as well. It also got things such as the rating wrong, and the chapter and word counts were slightly off.
I tried to use it for research, and asked it to tell me (excluding what Apple has published on their website) the effects of turning on lockdown mode. This was because I wanted to see if it could come across anything that Apple didn't officially document. It gave me a list including gems such as "You can't install or update apps from the App Store." and "You can only use Safari to browse websites that are verified by Apple." (This linked to a support.apple.com page for some reason). It was all very plausible sounding, but also completely wrong.
So while LLMs appear good for generating boilerplate, the billion dollar question in my opinion would be if OpenAI can get them to stop "being wrong". Clearly just hooking them up to Bing is no guarantee of correctness (and I suspect a lot of it is due to the blogspam present on the Internet), and while they may be very good at (say) explaining something to me in plain language, it's gonna be worse than useless if it ends up being wrong in some way I can't distinguish because I'm not a Subject Matter Expert. And if I were - why would I need it to explain it to me?
-
Comment on <deleted topic> in ~tech
starchturrets Yes. For example, the Onion Browser (which is officially recommended for iOS by the tor project) has had many issues over the years due to being forced to rely on webkit, chief among them being an...Yes. For example, the Onion Browser (which is officially recommended for iOS by the tor project) has had many issues over the years due to being forced to rely on webkit, chief among them being an unavoidable IP leak.
-
Comment on Upgraded to Windows 10, what do I need to do to optimize? in ~comp
starchturrets I would recommend using winget to uninstall stuff you consider to be bloatware, as it's officially provided by microsoft.I would recommend using winget to uninstall stuff you consider to be bloatware, as it's officially provided by microsoft.
-
Comment on Have you ever been hacked? in ~tech
starchturrets Just one or two months ago. I keep an old Lenovo android tablet (released 2017ish) to read ebooks/textbooks and play pirated Exiled Kingdoms. Despite it's age, its battery life is still fairly...Just one or two months ago. I keep an old Lenovo android tablet (released 2017ish) to read ebooks/textbooks and play pirated Exiled Kingdoms. Despite it's age, its battery life is still fairly decent. To mitigate the risk of using such an outdated device I only transferred files onto it via cable and kept it permanently in airplane mode. It was a bit of a hassle, so I then had its speed set to 0 in router settings (effectively cutting it off from the wider internet); this still let me use KDE Connect to transfer files over the local network. While KDE Connect is fabulous at being knockoff AirDrop for Windows/Android/iOS, it still requires having a local network to connect to. I wanted to test if I could get it to work without that, so I fiddled around with bluetooth pairing it with my iPhone, setting it to connect to its mobile hotspot, and connecting to a network without actually logging in to its captive portal (none of them worked). Unfortunately I was being stupid and doing all this in a library. Before I knew it I'd been force paired with some device I didn't recognize and some weird mobile game got installed onto my homescreen.
Impact? Truth be told, not very much. I deliberately didn't put anything sensitive on it. So I just restarted in safe mode and uninstalled the app. I probably should clean install the stock ROM but I'm guessing it was probably a script kiddie so they can't really do anything without accessing the internet, plus pretty much everything else I use is up to date so I'm not really worried.
Lesson learned: don't turn on bluetooth and/or Wi-Fi when in public areas if you have don't have the latest security patches. Fortunately, Google is adding the Bluetooth modules to Project Mainline (the Wi-Fi module is already part of it AFAIK) in Android 13 so this will be less of an issue over time.
-
Comment on A vast majority of people in the US and Canada suspect their smart speakers can eavesdrop on their conversations, and just over two-thirds think they’ve gotten ads based on that snooping in ~tech
starchturrets (edited )LinkAlright so this thread has gone somewhat off topic into a discussion about surveillance in general and not just with smart speakers. I've seen some arguments here along the lines of Meta/etc not...Alright so this thread has gone somewhat off topic into a discussion about surveillance in general and not just with smart speakers. I've seen some arguments here along the lines of Meta/etc not doing mass microphone/camera surveillance because it's not profitable for them to do so, and because they already can target ads effectively enough without them. I agree with that, but I'd also like to add one thing - current mobile operating systems are extremely robust at application sandboxing. Deny Messenger, TikTok, or Instagram microphone permissions? They're not getting it. This is true for both current versions of Android and iOS. Even if you did grant them microphone permissions, there is an extremely obvious indicator when it is being accessed that even non tech savvy users would pick up on. iOS is also notorious for killing apps in the background (though there is a bug on recent versions that reverses this for some reason), so I doubt that spying apps could run constantly without destroying the battery life or resorting to things such as using the API made available to maps apps (which is something that I doubt would even get past app store review, and also has an extremely obvious indicator anyways). Someone else in this thread mentioned BLE being used as tracking, and a look at iOS app developer documentation also makes it clear that it's supposed to run in the foreground only. Even if apps could run willy nilly in the background (iOS has the aforementioned bug, and I'm not sure how restrictive Android 13 is with them since I don't use it), both Android and iOS have introduced sections in the privacy settings that allow you to see what apps have accessed what permissions at what time. So I'm somewhat confused by all these stories of people suspecting apps of listening to them and not checking the app privacy report or dashboard.
Pro gives you some nice features like the group policy editor and bitlocker. Home does have device encryption which is basically bitlocker tied to a Microsoft account, but enabling it without being logged in has issues.
Anyways, if you do choose to bypass the MS account requirement make sure to go to System > Settings > Notifications > Additional Settings and untick all the checkboxes there. Since OEMs generally bundle in tons of nonsense on their installs you might wanna do a clean install to make sure you only have to put up with Microsoft nonsense.
Security wise, default Defender and firewall are ok enough. Don't forget to enable memory integrity in Windows Security settings (under core isolation) if it's not on already. Consider turning on Smart App Control if it doesn't break any apps you use. IMO it's a fairly good mitigation and cuts off a good chunk of the low hanging fruit with regards to malware.
For debloating/installing/upgrading apps winget is pretty handy, and it comes preinstalled on Windows 11 so no need to download anything extra.