FearTheCron

joined 1 year ago
sorted by: new top controversial old
Is it possible to safely check for certain characters in a password? in c/nostupidquestions@lemmy.world
[–] FearTheCron@lemmy.world 0 points 1 year ago (1 children)

When you are filling out the web form with your password it's stored plain text in the web browser and accessible via JavaScript. At that point, a JavaScript function checks the requirements like length and then does the salting/hashing/etc and sends the result to the server.

You could probably come up with a convoluted scheme to check requirements server side, but it would weaken the strength of the hash so I doubt anyone does it this way. The down side of the client side checking is that a tenacious user could bypass the password requirements by modifying the JavaScript. But they could also just choose a dumb password within the requirements so it doesn't matter much... "h4xor!h4xor!h4xor!" Fits most password requirements I have seen but is probably tried pretty quickly by password crackers.

Is it possible to safely check for certain characters in a password? in c/nostupidquestions@lemmy.world
[–] FearTheCron@lemmy.world 0 points 1 year ago (3 children)

Perhaps they validate the passwords client side before hashing. The user could bypass the restrictions pretty easily by modifying the JavaScript of the website, but the password would not be transmitted un-hashed.

It is worth pointing out that nearly any password restriction like this can be made ineffective by the user anyway. Most people who are asked to put a special character in the password just add a ! to the end. I think length is still a good validation though and it runs into the same issue @randombullet@lemmy.world is asking about

[META] Creating a new community is easy, but to get people on board, you need to create some content. in c/newcommunities@lemmy.world
[–] FearTheCron@lemmy.world 1 points 1 year ago

Yeah, automatic posts drive me away faster than anything. Good point on cross posting though, I just followed your advice. It's pretty much free if your post fits in multiple places and there are lots of nearly empty communities right now.

0
What is your opinion of the Large Language Model (LLM) argument made by Reddit? (lemmy.world)
 

cross-posted from: https://lemmy.world/post/76533

One of the arguments made for Reddit's API changes is that they are now the go to place for LLM training data (e.g. for ChatGPT).

https://www.reddit.com/r/reddit/comments/145bram/addressing_the_community_about_changes_to_our_api/jnk9izp/?context=3

I haven't seen a whole lot of discussion around this and would like to hear people's opinions. Are you concerned about your posts being used for LLM training? Do you not care? Do you prefer that your comments are available to train open source LLMs?

(I will post my personal opinion in a comment so it can be up/down voted separately)

What is your opinion of the Large Language Model (LLM) argument made by Reddit? in c/lemmyworld@lemmy.world
[–] FearTheCron@lemmy.world 0 points 1 year ago (1 children)

Yeah, I think a creative commons style license makes sense and that was always my intent when posting things. However, when you post creative commons content, you do get to decide the restrictions (e.g. commercial or noncommercial).

I think its currently an open question how this applies to generative AI and LLMs. Perhaps the output of generative AI should retain the license of the training data? Or perhaps that is overly restrictive? There are those who believe that training commercial generative AI on data under permissive licenses is a problem.

https://www.theregister.com/2023/05/12/github_microsoft_openai_copilot/

https://slate.com/technology/2022/12/lensas-a-i-avatars-the-uncomfortable-places-their-magic-comes-from.html

I am not really sure where I stand on the overall issue. But the worst case scenario in my opinion is one where open source generative AI is hobbled by regulation paving the way for corporate control. My biggest fear about the Reddit API changes prevent anyone except Google, Facebook, Microsoft, Amazon, etc from using user comments as a training set.

0
What is your opinion of the Large Language Model (LLM) argument made by Reddit? (lemmy.world)
 

One of the arguments made for Reddit's API changes is that they are now the go to place for LLM training data (e.g. for ChatGPT).

https://www.reddit.com/r/reddit/comments/145bram/addressing_the_community_about_changes_to_our_api/jnk9izp/?context=3

I haven't seen a whole lot of discussion around this and would like to hear people's opinions. Are you concerned about your posts being used for LLM training? Do you not care? Do you prefer that your comments are available to train open source LLMs?

(I will post my personal opinion in a comment so it can be up/down voted separately)

The subs are goin dark in c/reddit@lemmy.ml
[–] FearTheCron@lemmy.world 0 points 1 year ago (1 children)

There is an effort to backup all of reddit to archive.org. Perhaps you can use that to retrieve them?