You may be able to find me on other platforms by the same name!
Mastodon: specialwall@woof.tech
Contact me on SimpleX or Signal!
Now, EPFL researchers… have released new software that allows users to download open-source AI models and use them locally, with no need for the cloud to answer questions or complete tasks.
It’s cool that they got LLMs running on local clusters of computers, but with the way it’s written, they make it sound like people have not already been using local LLMs for a long time (including GPT-OSS 120B).
It’s important to note that the Vivaldi browser is proprietary software
No, it does not. mysearchengine.co/homepage literally redirects to the domain that the user mentioned.
It’s possible that the domain for the search engine you were using got sold. You’ll have to find a new one.
Okay. Well, in this case it would probably be a good idea to at least have the update process also verify developer signatures, since otherwise it’s not only trust on first visit, but trust every update.
And yeah, I agree that a standalone package might be a good solution, as long as it is signed.
If the user trusts the server to serve safe JavaScript each time they connect with an empty cache (which is cleared often for privacy-conscious users), I’m not sure how this adopts a very different security posture from the Trust On First Use security model that’s used by many other apps, even if the app itself implements secure MITM mitigations using data from shared links.
When you have an app with dedicated updates, it is possible to verify that it is genuinely from the developer or maintainer. Web browsers’ certificate validation protects against connecting to a fake server, but it does not protect the user if the server is compromised when they first connect.
The most security-conscious users are going to end up hosting the JavaScript in a webserver on localhost, and at that point it might as well be a dedicated application.
Yeah, any authentication cookie will be unique to you, so if you do use one, Google will be able to track you across browsing sessions, which is likely what you’re trying to mitigate by clearing them.
There are extensions that let you encrypt/decrypt messages right in your Gmail inbox. I’m not sure whether that would let Google grab the decrypted messages using JavaScript, though.
It’s news to me that you can’t connect to a proxy over a VPN.
I don’t know why there’s a need to use outdated symbols here.
If you don’t use Tor: https://www.privacyguides.org/en/
De-Googled forks of Android would have just reversed that limitation
What specifically do you dislike about zsh?