overview for drspod

OpenAI releases o1, its first model with ‘reasoning’ abilities in c/technology@lemmy.world

[–] drspod@lemmy.ml 14 points 3 hours ago (2 children)

Can't wait to read about it telling someone to put glue on pizza.

This Hacker Can HEAR YOUR MEMORY?! by Low Level Learning (YouTube) in c/technology@beehaw.org

[–] drspod@lemmy.ml 2 points 12 hours ago

It's not reading the contents of RAM via EM emanations, it's using the EM emanations caused by certain memory access patterns as a side channel to exfiltrate data. Of course, that data could be anything, including whatever is in RAM, but the point is that you need to be running the code that generates the necessary memory access patterns to transmit the bits of data. This is not like TEMPEST where you can reconstruct a video display just using the emanations.

Just browsing my photos from 10 years ago. I was amused when I browsed the university library computer science artificial intelligence shelf. ...I sometimes wish AI had stayed at this level. in c/programmer_humor@programming.dev

[–] drspod@lemmy.ml 15 points 2 days ago

Thanks! I was racking my brain trying to think of where I knew it from, and after seeing the page that you linked I'm almost certain that it's After Burner that is causing my brain to trigger the 80s association.

Just browsing my photos from 10 years ago. I was amused when I browsed the university library computer science artificial intelligence shelf. ...I sometimes wish AI had stayed at this level. in c/programmer_humor@programming.dev

[–] drspod@lemmy.ml 32 points 2 days ago (3 children)

You can tell just from the font that this book is from the 80s

Queen behavior rule in c/196@lemmy.blahaj.zone

[–] drspod@lemmy.ml 200 points 2 days ago (9 children)

She's a great chess player but she's never been a World Champion. There's no need to embelish her story. She's currently training to become a surgeon at University of Missouri School of Medicine.

Hyprland 0.43.0 released in c/linux@programming.dev

[–] drspod@lemmy.ml 12 points 3 days ago (1 children)

Is there something significant about this release, or are we just going to have a post every time every piece of software releases a new version?

Research perhaps with real information about aliens abducting and exploiting people. Picture in post perhaps also prove these aliens are real. More info with a text document and other files in links. in c/space@lemmy.world

[–] drspod@lemmy.ml 3 points 4 days ago

perhaps

Magical equation unites quantum physics, general relativity in a first in c/science@beehaw.org

[–] drspod@lemmy.ml 23 points 5 days ago

If it was plausible this would be bigger news. There's a claim like this every couple of months and none have held up to scrutiny so far.

35

[python] Revival Hijack supply-chain attack threatens 22,000 PyPI packages (www.bleepingcomputer.com)

submitted 1 week ago* (last edited 1 week ago) by drspod@lemmy.ml to c/programming@programming.dev

1 comments fedilink

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.

The technique "could be used to hijack 22K existing PyPI packages and subsequently lead to hundreds of thousands of malicious package downloads," the researchers say.

If you ever install python software or libraries using pip install then you need to be aware of this. Since PyPI is allowing re-use of project names when a project is deleted, any python project that isn't being actively maintained could potentially have fallen victim to this issue, if it happened to depend on a package that was later deleted by its author.

This means installing legacy python code is no longer safe. You will need to check every single dependency manually to verify that it is safe.

Hopefully, actively maintained projects will notice if this happens to them, but it still isn't guaranteed. This makes me feel very uneasy installing software from PyPI, and it's not the first time this repository has been used for distributing malicious packages.

It feels completely insane to me that a software repository would allow re-use of names of deleted projects - there is so much that can go wrong with this, and very little reason to justify allowing it.

Firefox 130.0 Release Notes in c/firefox@lemmy.world

[–] drspod@lemmy.ml 20 points 1 week ago (1 children)

I love that the local translation feature is getting regular small updates to make it more useable. It's a great feature.

We’ve Got Depression All Wrong. It’s Trying to Save Us. in c/science@lemmy.world

[–] drspod@lemmy.ml 27 points 1 week ago (3 children)

Porges believes

This is an interesting article and yet you've chosen to quote the most speculative unscientific part of it from the final paragraph.

"Have you tried going outside" is not a scientific cure for depression.

any django programmer here ??? help please in c/programming@programming.dev

[–] drspod@lemmy.ml 5 points 1 week ago (1 children)

Note to readers: Don't install python dependencies for random python projects of unknown provenance. PyPI is regularly being used as a vector for distributing malware. See recent news stories here: https://www.bleepingcomputer.com/tag/pypi/

You should manually check every package listed in requirements.txt and verify that it is a trustworthy python library.

Starmer inspires the public with message that things can never get better in c/europe@lemmy.ml

[–] drspod@lemmy.ml 0 points 1 week ago

Sorry but your satire isn't funny enough for me to continue reading when the page gets gradually darker as I scroll down so that it can show me a popup asking me to subscribe to your newsletter or whatever the fuck.

367

have you ever had a rule (lemmy.ml)

submitted 2 weeks ago by drspod@lemmy.ml to c/196@lemmy.blahaj.zone

30 comments fedilink

1

Vladimir Kramnik admits to VIOLATING Fair Play Policy (www.youtube.com)

submitted 5 months ago by drspod@lemmy.ml to c/chess@lemmy.ml

0 comments fedilink

Description: "Featured is a playthrough of a blitz chess game between Rodrigo Vasquez and Vladimir Kramnik from an Early Titled Tuesday event which was held on October 17th, 2023. Kramnik recently admitted, via a YouTube comment on this topic of fair play surrounding him, that he played several tournaments under someone else’s chess.com account. This act violates chess.com’s Fair Play Policy. Kramnik played under Denis Khismatullin’s account, “Krakozia”. I share reasons why this is a violation of fair play policy, how a player can be negatively impacted because of it, and provide Kramnik’s YouTube comments where he attempts to explain it all."

0

Malicious Google Search Ads can now fake the displayed URL to push malware downloads (www.bleepingcomputer.com)

submitted 1 year ago by drspod@lemmy.ml to c/technology@lemmy.ml

1 comments fedilink

Most people know at this point that when searching for a popular software package to download, you should be very careful to avoid clicking on any of the search ads that appear, as this has become an extremely common vector for distributing malware to unsuspecting users.

If you thought that you could identify these malicious ads by checking the URL below the ad to see if it directs to the legitimate site, think again! Malware advertisers have found a way to use Google's Ad platform to fake the URL shown with the ad to make it appear like a legitimate ad for the product when in fact, clicking the ad will redirect to an attacker controlled site serving malware.

Don't click on search ads or, even better, use an ad-blocker so that you never see them in the first place!

0

Free Download Manager site redirected Linux users to malware for years (www.bleepingcomputer.com)

submitted 1 year ago by drspod@lemmy.ml to c/linux@lemmy.ml

13 comments fedilink

A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

0

[SOLVED] My previous post does not appear in the (local) community that I posted it to (lemmy.ml)

submitted 1 year ago* (last edited 1 year ago) by drspod@lemmy.ml to c/lemmy_support@lemmy.ml

5 comments fedilink

[SOLVED]: The issue was caused by having "Show read posts" unticked in Settings. This will hide your own posts from you!

I recently made a post^[1]^ to this community about a bug that I experienced and reported.

The post does not appear in the New feed for /c/lemmy_support nor does it appear in my user profile under Posts ^[2]^.

However the post does have 3 replies (from users on multiple different instances) which means that other users can see it across the fediverse, so it's not a federation issue. (Also, my account and the community are both hosted on the same instance - lemmy.ml).

I was not subscribed to /c/lemmy_support at the time I made that post, but I am subscribed now to see if that affects my visibility of this post.

Is this a bug, or am I misunderstanding how lemmy works?

Interestingly, if I view my profile while logged out, it does show the posts that I made, but when logged in it shows zero posts in my profile.

[1] https://lemmy.ml/post/1394597

[2]