Most people here dislike AI, more specifically LLM generated content, for reasons such as environmental impact, stealing people's work, etc. Despite that, is there anything that you enjoy?

I've been listening to this artist's music for a while. It's mostly video game music "re-imagined by AI" into City Pop and other styles. Artist says they use AI to generate samples, then do the rest of the work like any producer would. I have no idea if it's true or not, but I gotta admit that most of it is really good.

Today I also watched some "AI ASMR" videos out of curiosity. It's stupid, I know. But watching a knife cut glass can be so damn satisfying. I'm sorry, planet.

Noted smoked meats enthusiast Mark Zuckerberg has recently been running around collecting ML experts for a project involving an organization called Meta Superintelligence Labs, which is set to feature compute clusters with names like "Prometheus" and "Hyperion", and which will attempt to "deliver" superintelligence.

Isn't this sort of behavior on the list of things people are absolutely not to be allowed to do? Or has something changed and we now feel it's safe for Mark Zuckerberg to be allowed control of a piece of equipment that can outsmart all his enemies and also Mark Zuckerberg? Are we all safely convinced he will fail?

If it cannot be permitted, who is responsible for not permitting it?

Presumably, my understanding of Cloudflare is too simple, too rudimentary, or even entirely lacking in some aspects.

As far as I understand it, the main feature is just faster and more reliable access to sites, right?

If I host a website on a server in New York, and someone tries to look at it in Tokyo ... that's a long distance and a lot of potential hops to retrieve the file(s) directly from the NY machine. Cloudflare provides closer-location mirrors of websites so there is less lag time, plus having multiple copies makes my website more readily/reliably available.

That's good, I get that, especially for big, professional business-critical-type sites/services.

But it's not actually essential, is it? Anyone, anywhere on Earth could still visit my NY website w/o the existence of Cloudflare.

Is there more to Cloudflare than this? I realize they are getting into a variety of 2ndary "value-added"-type features, like their own "are you a robot" tests and probably a bunch of other stuff I don't know about ... but fundamentally, are they actually necessary for the Internet?

Why is Cloudflare such a big deal?

I'm starting to use AI increasingly, and am getting some value out of it. I'm curious if paying for paid tiers of the big players (in particular, ChatGPT and Claude) provides significantly better responses.

I'm aware that the paid tiers offer more features and benefits than just higher response quality. For me, those are just nice-to-haves, and not my primary concern.

My main uses of AI are software development and foreign language learning. So far, I've used the free versions of ChatGPT and Claude, as well as "proxies," including Github Copilot and Duck.ai. For both my use cases, I've found the responses usually good and helpful. I just maintain a healthy skepticism about the correctness of the answers, and challenge, test, and double check where needed (especially testing suggested code when developing software).

Have you found response quality to be noticeably and significantly better with paid tiers? I was just randomly thinking, and it occurred to me that the cost of an AI subscription is in the same ballpark as a subscription to a language learning service like Duolingo. So, if I can get value from AI that approaches what I'd get from a dedicated language learning service (even if it doesn't quite match or exceed it), then also getting the value of general AI in the same subscription should make things quite valuable and worth it. Not to mention possibly getting better software development assistance in the same package.

They aren't a startup anymore, but it seems the current CEO, Tony Stubblebine, got it right, according to his latest (long) blogpost.

Although Medium is in a healthy path now, they burnt goodwill so many times in the past that my trust on the business is absent. I wonder how other people perceive them…

I don't have a lot to say myself, yet. I signed up for the beta mostly because people talk so positively of what Digg was like in the past. I never experienced that, as Digg was already on it's way out when I discovered it.

I'd love to hear from those who remember the golden age of Digg, as well as those just curious about the reboot themselves... What are you thoughts, expectations, hopes and concerns?

My last dashcam was a total dud and wasn't even operational for 6 hours. I'm hoping to get some community recommendations on reliable units with good image quality. If you would also share the approx. length of time you've had/used it that would be a huge help as well. Thanks in advance!

I love reading but lately I've found myself having to sit in front of my 2k monitor to read PDFs because they're technical documents and render poorly on my Kindle, even with using various tools to optimize.

I've been considering getting a tablet primarily for this purpose. My main requirement is that I really don't want Android or iOS devices, leaving me with either purpose built Linux tablets or Windows tablets that I can replace with Linux. I really don't need much -

• Fast enough that there's no significant lag between page turns/scrolls
• 8"+ screen size
• Video watching isn't necessary but a nice bonus
• Wifi isn't absolutely necessary as long as there is an easy way of getting files on the device (USB transfer, SD card, external adapter, etc)
• SD card storage would be nice but I can also make due with just internal flash
• Keyboard is also optional - I wouldn't mind being able to run an IDE and connect to my gitlab instance for some simple coding on the fly or SSH into my homelab
• Cameras are largely unnecessary
• Decent battery life or the ability to upgrade down the road
• Looking for something around 500$ CAD (362-ish USD, 312€, 269£)

I've been eyeing the PineTab2 as it meets most of the requirements but reviews seem to be mixed on its usability. So I thought I would ask here if anybody has had similar requirements and found something that works for them. Or if the PineTab2 software has significantly improved - this reddit post seems to indicate that it is in a decent state now.

If nothing like this exists, I suppose I could settle for an Android device provided it can easily take a custom ROM and be de-googled. I would just prefer Linux as I know it quite well and I much prefer the freedom of it. I've also used a touch screen monitor with Plasma on my Arch laptop and been pleasantly surprised at the experience - the hardware is just a bit too clunky to reliably read with.

Main constraint: The space it needs to fit in is 7¾ in (19.7 cm) high. Width and length aren't a concern.

Primary use: Gaming. Doesn't need to be top of the line or cutting edge. Most of what I play isn't very demanding, though I would like the option to play newer stuff if I find something that interests me.

Budget: Ideally less than $1500, but I do realize that I might have to pay out a bit more because I want something both pre-built and compact. $2000 is the hard limit.

Important: I am NOT interested in building my own PC. (Yes, I have done it before, including one that was in a compact case that was HELL to get right.)

Me being uninformed: This might be a silly question, but can I lay desktop towers down on their side? Any traditional tower isn't going to fit, but some of them are thin enough that, if put in landscape instead of portrait, they would. I've read conflicting things about this online, particularly regarding liquid cooling and airflow.

If anyone has any recommendations, I'd appreciate it!

I have changed my email more than once, just as part of customizing my online identity and all that.

and that obviously required me to login into any accounts I had and updating the email associated with them.

the most common workflow I have found is
login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

and most people don't have 2FA so that would effectively give me control of their account.
Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

even then, that's also susceptible to the situation I described above if the user is always logged into their email.

I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

So I am finally starting the process of designing a personal website that can help manage and organize my finances for me.

So obviously, the security of such data is paramount and for the heck of it, I want to design a webapp where it doesn't operate by the rules of "trust me bro" even though I will be the one designing it and most likely will be the only one ever to use it. Just want that experience of proper encryption setup.

Also, even if I am the one operating it, I'd like to set it up so that even if the database is compromised, none of my information is.

skip to bottom if you want to just see my 2 question

Did some reading online, between reading when StandardNotes does encryption as well as how it does it and some basic reading into encryption

• https://www.baeldung.com/java-aes-encryption-decryption
• https://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

and the importance of not having a local unencrypted database like Joplin does

So all that got me curious how Google encrypts the user data it has and would up reading

• https://security.stackexchange.com/questions/269341/how-does-googles-on-device-encryption-work
• https://developers.google.com/workspace/cse/guides/encrypt-and-decrypt-data

and the basic take-aways seem to be:

• utilize encryption on a field before storing it in a database so that even if the machine gets compromised, the data won't be
• if you want to go even further, take the approach of StandardNotes, where it seems even the web server itself never touched unencrypted data it seems? Looks like all the encrypting and decrypting happens locally and only encrypted data is sent to the server

1. But that got me curious. It can't be argued that Google is not secure. they have the best minds working there to ensure just that. and yet its also well known that their respect for user privacy is non-existent. Which means that they've made sure to protect the data [email, google searches, google docs, google maps history] from hackers but they can themselves decrypt at least some user data for the purpose of data collection and selling ads.
   But if Google can decrypt the data and that implies they store the keys on a server from what I can tell from my reading, how it is protected if someone malicious gains access to the database? If that person got access to the database and the keys that Google uses to decrypt the data, wouldn't that compromise the data?

2. if I decide to design my webapp so that all the encrypting and decrypting happens locally, that means that if I were to decide to create a REST API for my application, that would also have to be taking in data in encrypted format, no? Cause if that takes it in plaintext, that means that my webserver would have to be responsible for encryption, which it needs the keys to do that with and if it can encrypt with keys it has access to, then it can decrypt too, no? or are websites that deal with encrypted databases and have REST APIs that can take in plain text information generally coded to be using asymmetric encryption? meaning its different keys being used for encryption and decryption? Or is API Token the key in an encrypted format? or have I misunderstood the whole thing?