From the blog post referenced:

We do not provide evidence that:

AI systems do not currently speed up many or most software developers

Seems the article should be titled “16 AI coders think they’re 20% faster — but they’re actually 19% slower” - though I guess making us think it was intended to be a statistically relevant finding was the point.

That all said, this was genuinely interesting and is in-line with my understanding of the human psychology that’s at play. It would be nice to see this at a wider scale, broken down across different methodologies / toolsets and models.

I’d recommend Colemak Mod-DH, personally - it seems ergonomically superior and switching later is a bit of a pain.

According to https://www.nextdiffusion.ai/blogs/hidream-the-new-top-open-source-image-generator it’s an uncensored image generation model developed by Vivago. In the benchmarks they highlighted - DPG-Bench, GenEval, and HPSv2.1 - it was ranked number 1. It’s said to be very good at following complex prompts.

The above post says it has support for Ollama, so I don’t think this is the case… but the instructions in the Readme do make it seem like it’s dependent on OpenAI.

If they do the form correctly, then it’s just an extra step for you to confirm. One flow I’ve seen that would accomplish this is:

1. You enter your address into a form that can be auto-filled
2. You submit the address
3. If the address validates, the site saves the form and shows you the address in a more readable format. You can click Edit to make changes.
4. If the address doesn’t validate, the site displays a modal asking you to confirm the address. If another address they were able to look up looks similar, it suggests you use that instead. It’s one click to continue editing, to use the suggested address, or to use what you originally entered.

That said, if you’re regularly seeing the wrong address pop up it may be worth submitting a request to get your address added to the database they use. That process will differ depending on your location and the address verification service(s) used by the sites that are causing issues. If you’re in the US, a first step is to confirm that the USPS database has your address listed correctly, as their database is used by some downstream address verification services like “Melissa.” I believe that requires a visit to your local post office, but you may be able to fix it by calling your region’s USPS Address Management System office.

Where did I contest your point?

The president won [the] popular vote

Only if you ignore the huge amounts of voter suppression. If you don’t, then he lost the popular vote and the electoral vote - netting 45.8% of the popular vote to Kamala’s 52.7%, and he earned at most (and probably less than) 252 electoral votes to Kamala’s 286.

Even with an HOA, you can still end up needing to pay tens of thousands for surprise repairs in the forms of special assessments, especially if the HOA is poorly managed.

Do you mean like a FOSS version of https://soundiiz.com/transfer-playlist-and-favorites?

Or at a song/album level, a FOSS version of https://odesli.co/?

Why specifically do you want to be a trans man online?

• Is it because you’re fetishizing the idea of being a trans man?
• Because you’re actually trans (aka an egg) and you just haven’t come to terms with it irl?
• Both?

I attended a 1-on-1 meeting that a billionaire scheduled with me but that they themselves did not attend.

It’s okay, the author of the article didn’t actually read (or understand) the Copyright Office’s recommendations. They are:

Based on an analysis of copyright law and policy, informed by the many thoughtful comments in response to our NOI, the Office makes the following conclusions and recommendations:

• Questions of copyrightability and AI can be resolved pursuant to existing law, without the need for legislative change.
• The use of AI tools to assist rather than stand in for human creativity does not affect the availability of copyright protection for the output.
• Copyright protects the original expression in a work created by a human author, even if the work also includes AI-generated material.
• Copyright does not extend to purely AI-generated material, or material where there is insufficient human control over the expressive elements.
• Whether human contributions to AI-generated outputs are sufficient to constitute authorship must be analyzed on a case-by-case basis.
• Based on the functioning of current generally available technology, prompts do not alone provide sufficient control.
• Human authors are entitled to copyright in their works of authorship that are perceptible in AI-generated outputs, as well as the creative selection, coordination, or arrangement of material in the outputs, or creative modifications of the outputs.
• The case has not been made for additional copyright or sui generis protection for AI- generated content.

Pretty much everything the article’s author stated is contradicted by the above.

Clearly they’re cosplaying as a Canonical engineer whose internal explanation and pleas for them to not take this approach fell upon deaf ears /j

you’re the only one with your SSL keys. As part of authentication, you are identified. All the information about your device is transmitted. Then you stop identifying yourself in future messages, but your SSL keys tie your messages together. They are discarded once the message is decrypted by the server, so your messages should in theory be anonymised in the case of a leak to a third party. That seems to be what sealed sender is designed for, but it isn’t what I’m concerned about.

Why do you think that Signal uses SSL client keys or that it transmits unique information about your device? Do you have a source for that or is it just an assumption?

If you’re a C developer who doesn’t know Rust, no.

And it’s I who should take a course in encryption and cybersecurity.

Yes. I was trying to be nice, but you’re clearly completely ignorant and misinformed when it comes to information security. Given that you self described as a “cryptography nerd,” it’s honestly embarrassing.

But since you’ve doubled down on being rude, just because I pointed out that you don’t know what you’re talking about, it’s unlikely you’ll ever learn enough about the topic to have a productive conversation, anyway.

Have fun protecting your ignorance.

Nice try FBI.

Wouldn’t “NSA” or “CIA” be more appropriate here?

Well, if my pin is four numbers, that’ll make it so hard to crack. /s

If you’re using a 4 number PIN then that’s on you. The blog post I shared covers that explicitly: “However, there’s a limit to how slow things can get without affecting legitimate client performance, and some user-chosen passwords may be so weak that no feasible amount of “key-stretching” will prevent brute force attacks” and later, “However, it would allow an attacker with access to the service to run an “offline” brute force attack. Users with a BIP39 passphrase (as above) would be safe against such a brute force, but even with an expensive KDF like Argon2, users who prefer a more memorable passphrase might not be, depending on the amount of money the attacker wants to spend on the attack.”

If you can’t show hard evidence that everything is offline locally, no keys stored in the cloud, then it’s just not secure.

If you can’t share a reputable source backing up that claim, along with a definition of what “secure” means, then your claim that “it’s just not secure” isn’t worth the bits taken to store the text in your comment.

You haven’t even specified your threat model.

BTW, “keys” when talking about encryption is the keys used to encrypt and decrypt,

Are you being earnest here? First, even if we were just talking about encryption, the question of what’s being encrypted is relevant. Secondly, we weren’t just talking about encryption. Here’s your complete comment, for reference:

I have read that it is self hostable (but I haven’t digged into it) but as it’s not a federating service so not better than other alternative out there.

Also read that the keys are stored locally but also somehow stored in the cloud (??), which makes it all completely worthless if it is true.

That said, the three letter agencies can probably get in any android/apple phones if they want to, like I’m not forgetting the oh so convenient “bug” heartbleed…

Just so you know, “keys” are used for a number of purposes in Signal (and for software applications in general) and not all of those purposes involve encryption. Many keys are used for verification/authentication.

Assuming you were being earnest: I recommend that you take some courses on encryption and cybersecurity, because you have some clear misconceptions. Specifically, I recommend that you start with Cryptography I (by Stanford, hosted on Coursera. See also Stanford’s page for the course, which contains a link to the free textbook). Its follow-up, Crypto II, isn’t available on Coursera, but I believe that this 8 hour long Youtube video contains several of the lectures from it. Alternatively, Berkeley’s Zero Knowledge Proofs course would be a good follow-up, and basically everything (excepting the quizzes) appears to be freely available online.

it wouldn’t be very interesting to encrypt them, because now you have another set of keys you have to deal with.

The link I shared with you has 6 keys (stretched_key, auth_key, c1, c2, master_key, and application_key) in a single code block. By encrypting the master key (used to derive application keys such as the one that encrypts social graph information) with a user-derived, stretched key, Signal can offer an optional feature: the ability to recover that encrypted information if their device is lost, stolen, wiped, etc., though of course message history is out of scope.

Full disk encryption also uses multiple keys in a similar way. Take LUKS, for example. Your drive is encrypted with a master key. You derive the master key by decrypting one of the access keys using its corresponding pass phrase. (Source: section 4.3 in the LUKS1 On-Disk Format Specification (I don’t believe this basic behavior was changed in LUKS2).)

Its impossible to verify what code their server is running.

Signal has posted multiple times about their use of SGX Secure Enclaves and how you can use Remote Attestation techniques to verify a subset of the code that’s running on their server, which directly contradicts your claim. (It doesn’t contradict the claim that you cannot verify all the code their server is running, though.) Have you looked into that? What issues did you find with it?

I posted a comment here going into more detail about it, but I haven’t personally confirmed myself that it’s feasible.

Both of the reasons you’ve provided are nonsensical:

• It isn’t performed automatically if you disable it, and they did (and explained why)
• They said they don’t believe capitalization aids with clarity. They didn’t express the same opinion about punctuation and paragraph breaks.

I can’t use signal.

Why? Do you not have a phone number? Is it blocked in your country? Are you legally prohibited from using software with end to end encryption?