Melody Fwygon

It occurs to me that adding a visual watermark might actually serve to obscure a visual watermarking scheme that is otherwise invisible by providing data that scrambles or breaks the watermark decoder itself.

Audio watermarks can be distorted in any number of ways; and it could be that some of the wildly poor audio quality in most cam-rips is probably the only way you can defeat the watermark; by using a LQ microphone and encoding the audio to a very limited bitrate and then re-upsampling; to defeat any subtle alterations a digital watermark might make to the audio waveform.

Watermarks are only an issue in-as-much as it is used to trace down which copy was leaked.

With modern digital projection systems; you don’t get a reel of film; you get a briefcase of [SS/HD]Ds containing the raw, encrypted, footage. The digital projection system will decrypt using provided keys. There’s no output except the standard ones for the theatre projectors and sound systems…so capturing the output is difficult.

If you do intercept the signal; the projection system might detect it; and refuse playback or wipe the decryption keys. Watermarking is also a danger; since your theater can get identified as the leak source and sued.

Now we wait for someone to build an absolutely wonderful chat app on top of this wonderful bit of PoC code…

I genuinely hope someone does. Imagine what this could do if this was routed over Tor using Private Services.

Run this over that; and you’d have a bullet-proof text chat. Wrap a nice GUI client around all of that and you have a proper secure, anonymous messenger with no problems. With a little more build-out; you could even implement the Matrix protocol over this wire-line and basically have full inter-federation and moderation over a secure wire protocol; allowing for complete privacy and client integration.

TL;DR: Matrix over PQChat over Tor. Think about it. A Post-Quantum Dark-Matrix web.

Can it? Maybe. It’s not impossible; but it isn’t practical and most ISPs limit their shenanigans to grabbing your unencrypted DNS requests.

Will it? Probably no; aside from the previously mentioned DNS redirections; they’re not interested in most people’s packets, only in how many they deliver.

Should you care? I won’t tell you not to take precaution, but I do urge you to consider your threat model carefully and consider the tradeoffs. When Security & Privacy goes up, Convenience and Functionality WILL go down. Balance your needs. Don’t put yourself in a state of Privacy fatigue.

Are there easy fixes? Maybe. I think a VPN or using Tor would solve your concerns here anyways; it’s not required that your modem be running OSS that you can control. If you can achieve it; that’s still good for you; but it’s not something to be sweating if your modem isn’t capable and your invasive ISP is the only effective option.

I’m not accounting for State laws; which may in fact be stricter. I’m talking about Federal Laws which might not explicitly forbid such things; so long as they’re done in an actually safe manner by professionals.

But, as I said before, if the DEA believes it has the power to stop that none-the-less; that’s what they will do, without respect to if the law is actually legally unclear or borderline. Unfortunately many pharmaceutical places don’t care to invite the wrath of the DEA; even if what they’re doing could be considered permissible; so long as they do not synthesize an exact drug that the Feds specifically name as a controlled substance.

Again; IANAL either. But I do think there’s a lot of room for small compounding pharmacies to synthesize various drugs to meet a patient’s needs quickly while waiting for proper shipments to arrive. There’s lots of compounds that are life-sustaining that do not fall under the DEA banner of authority.

I’ll just leave this here.

https://youtu.be/9xn0OHEZZ8Q

Depending on how Vyvanse is Scheduled; it might be legal to privately make. If it’s not scheduled like a standard amphetamine; the DEA is powerless.

I have a sneaking suspicion it’s not illegal to compound this stuff. But IANAL; and it doesn’t matter if the DEA thinks it is and will hassle anyone trying.

I firmly think this would be a boon for many people; owning one of these is likely a lifeline that even small town physicians could utilize to dispense drugs freely or cheaply to patients in need.

This is something that I think small-town pharmacies could use to create compounds in cases of drug shortages. I think tools and programs and small labs like what are discussed in the article are a positive force for good; and that they should be not only allowed, but encouraged, for many drugs that are expensive, unavailable to someone in need and can be readily synthesized safely with a basic college level of chemistry training by someone in a pharmacy.

I think the potential risks and downsides are small right now; and I think more of it should be encouraged gently so that we can find out quickly what the flaws and limitations are so that we can put regulatory guardrails around it so that people do not harm themselves.

It feels like this vulnerability isn’t notable for the majority of users who don’t typically include “Being compromised by a Nation-State-Level Actor.”

That being said; I do hope they get it fixed; and it looks like there’s already mitigations in place like protecting the authentication by another factor such as a PIN. That helps; for people who do have the rare threat model issue in play.

The complexity of the attack also seems clearly difficult to achieve in any time frame; and would require likely hundreds of man-hours of work to pull off.

If we assume they’re funded enough to park a van of specialty equipment close enough to you; steal your key and clone it; then return it before you notice…nothing you can do can defend against them.

(As if spoken by the King to Simba:)

Rust: Everything from the bottom of this cliff to the acacia tree there is ours. Make sure you ask permission before you take something, take nothing you are not permitted to take. We don’t go beyond that tree; and if you even think about the elephant graveyard beyond it; I’ll kill you myself.

C: Everything the sun touches is yours. I caution you to not venture into the shadows; but I will not stop you, for you are a king, and nothing a king can do is unnecessary if it is for his people.

I think there’s a problem with the ‘C only’ devs refusing to be accomodating to the Rust developers. Instead of being stubborn; why not provide them what is needed and help the Rust team learn how to maintain what is needed themselves?

None of the reasons I’ve seen mentioned are legitimate reasons for refusing to at least help them a few times, and helping them to learn how to do the onerous task themselves so they can keep it off the main plate for too long.

C devs do not need to learn Rust to provide critical information; they need only be present and cooperative with Rust devs to help them find, convert, and localize data structures for Rust use. They can stand to sit and pair code with their Rust Dev counterparts long enough to teach a Rust Dev counterpart how and what they need to look for in C code. It’s not that big of an ask, and it’s not something that really is a large ask. Provide the bindings for a short period of time, and work on training a team of Rust Devs to maintain the bindings.

That way both sides are stepping up to meet the others and the data isn’t being sat on by the C-only Devs.

I’m certainly concerned that now that this software has been covered in PopSci; that it will certainly suffer a needless onslaught of DMCA and other lawsuit-related shenanigans. >_>

No; Piracy won’t stop.

Analog loopholes still exist; and cannot be eliminated completely from the chain. Enterprising crackers will tinker and find weaknesses in systems. People will find bypasses, workarounds, and straight up just crack whole encryption schemes that were badly implemented.

Encryption was never intended to protect content. It was intended to protect people. In the short term; sure, DRM and encryption can protect profits. In the long term, it provably cannot and does not. Oftentimes it gets cracked or goes offline; and the costs associated with keeping authentication servers up for long enough to keep lawsuits off your back is provably large and difficult to scale. I would even assert that it costs more to run DRM than it saves anyone in ‘missed profits’.

Frequently companies also argue that it saves profits by recapturing “lost sales”; but that’s provably false. A consumer, deprived of any other viable choice, will in fact, just not buy the thing if they cannot buy it for what they deem as a fair price. It has also been proven; that if they can acquire the content freely; they will oftentimes become far more willing to buy whatever they acquired or even buy future titles. When a customer trusts; they may decide to purchase. But why should a customer trust a company that does not trust them?

To be clear; the Nintendo Switch tends to trade fluently in cryptographic certificates.

The MiG Switch has one of these certificates; one it’s creators likely copied from a legitimate Nintendo Switch game title. All games have such certificates and they are uniquely serialized; much like a GUID or UUID would be. These certificates are signed by the Game Dev studio, and then Nintendo in a typical certificate signing chain scheme; Nintendo signs the Game Dev Studio cert, which signs the Title certificate, which signs the unique cart or digital copy cert.

This banning is usually achieved by banning either the lowest certificate in the chain or the one directly above it; or even the Dev Cert if it was compromised.

So the MiG Switch carts are likely hardware banned. Your Nintendo Switch probably advertises to Nintendo which cart(s) were inserted into it recently by sharing the fingerprints of the certificates. Then Nintendo can basically kill the certificate assigned to your Switch system and prevent you from connecting online; as your Switch uses it’s own system cert to identify itself to Nintendo services.

In all cases this is un-evade-able when connecting to the internet; as Nintendo Switch system certs are burned into a PROM chip on the main board at manufacture. This chip is a WORM chip, which can only be written once and read many billions of times.

A critical part of the way they try and curb cheating in online play is checking the integrity of the runtime environment; which includes checking what titles were launched recently; and if that happens to include a certificate they’ve banned for being cloned by the MiG Switch; then you’ll quickly be banned by their anti-cheating hammer.

Most important is those checks typically don’t take place naturally; they only occur when you’re connecting to the EShop, or connecting to NN to play multiplayer online. The devil therein unfortunately lies in the details; and if you’ve ever purchased a Digital Title that means your Switch is regularly connecting to the EShop to renew Digital License Tickets needed. They tend to expire every 72 hours and must be renewed by presenting an expired Ticket, a valid Ticket Granting Ticket (given to your Switch when you buy the title) and contacting “Mommy Nintendo” and asking “Mommy, May I?”. Yeah. DRM sucks.

If all goes well; your Switch gets a shiny new set of tickets. Unfortunately Nintendo was paying attention to requests and will issue out regular waves of bans for systems detected cheating. You won’t know when this will happen, and it won’t prevent Nintendo from letting you play your games; you’ll just suddenly find your Switch banned from online play after such ban waves.

Like a Hydra; You cut one head off; and two grow in it’s place.

Yeah this seems like a non-issue to me as well; the source material for the models is probably the cause of this bias.

I also don’t think there’s a lot of sources for this manner of speaking. Let’s also not forget that there’s oftentimes instructions given to the LLM that ask it to avoid certain topics which it will in fact do.

Typically, using your own VPN should suffice. Depending on your situation you can do other things as well. If you are unable to download these tools on the school network in question; do not attempt to do so again. Use a public or other network connection elsewhere to obtain the tools you need to bypass their crap.

For example, NextDNS could be helpful. By running their client app; ( https://github.com/nextdns/nextdns/wiki/Windows ) you can make sure all your DNS requests are encrypted. Similarly you could simply set up a local DNS server that you point Windows at which can redirect those requests over DNS-Over-(HTTPS or TLS) to a DNS provider of your choosing.

What the fog is China smoking?

China is delusional here; literally drawing up lists of people it wishes it could kill.

Even weirder is the fact that they cannot accept Taiwan as a Sovereign Nation and keep playing these games with themselves.

Taiwan is not China. It never will be.

No. There’s no issue legally.

You might take a hit to your reputation with that company; but if they already were presenting enough red flags for you to back out of an interview; I wouldn’t consider that to be a problem.

If you cancel an interview it’s not a big deal. No money changed hands. No agreement was ever reached. Their emotional feelings are irrelevant; the whole point was to help both sides decide if you could work with the other.

I use an instance that does not display or parse downvotes or permit them locally.

So I don’t see the phenomenon. I don’t care about downvotes. I only see the upvotes; which are a far better indicator to me as to how useful a post I made is. If someone posts trash or extremist things; I block them. If they try to argue in bad faith or with far too extremist of a viewpoint, I block them.

The bot doesn’t always get the most upvotes but it does have it’s uses. As someone who has used the Ground News app in the past; I have a sense of their rating scale and I do find that it helps classify things; although you should always use your own discretion and not just blindly trust the bot.

But most people who downvote this bot, do so for completely wrong reasons. Usually they’re upset because they disagree with the assessment of the bot, or do not understand it’s scale. Maybe they don’t like their viewpoint’s position being laid bare for all to see.

Maybe that should be explained more; and there’s posts on Ground News’ website that EXPLAINS how their rating system works. Perhaps the bot should link them.