This article buries the lede so much that many readers probably miss it completely: the important takeaway here, which is clearer in The Register's version of the story, is that ChatGPT cannot actually play chess:

“Despite being given a baseline board layout to identify pieces, ChatGPT confused rooks for bishops, missed pawn forks, and repeatedly lost track of where pieces were."

To actually use an LLM as a chess engine without the kind of manual intervention that this person did, you would need to combine it with some other software to automate continuing to ask it for a different next move every time it suggests an invalid one. And, if you did that, it would still mostly lose, even to much older chess engines than Atari's Video Chess.

edit: i see now that numerous people have done this; you can find many websites where you can "play chess against chatgpt" (which actually means: with chatgpt and also some other mechanism to enforce the rules). and if you know how to play chess you should easily win :)

The Russian trolls are working overtime to justify military action against American people at the objection of the governor and mayor.

For sure, the American people could never be ignorant xenophobic bigots like that on their own, it must be foreigners influencing them and/or posting those comments!

https://en.wikipedia.org/wiki/Buffalo_buffalo_Buffalo_buffalo_buffalo_buffalo_Buffalo_buffalo

see also https://en.wikipedia.org/wiki/James_while_John_had_had_had_had_had_had_had_had_had_had_had_a_better_effect_on_the_teacher

this is a tweet from 2020: https://xcancel.com/CianMW/status/1267890378276876288

but, the organization which operates that hotline is still active: https://girightshotline.org/

https://en.wikipedia.org/wiki/GI_Rights_Network

Teknolust (2002)

CW: y2k aesthetic, Tilda Swinton in multiple roles.

Do not read wikipedia's synopsis of it first unless you want to spoil it. you can find it here on archive.org.

it's not a particularly long post; if you're really confident in the veracity of the narrative you're familiar with then you shouldn't need to be afraid to read something that contradicts it.

(and btw, neither of the two posts i linked claims nothing happened there.)

https://fridayeveryday.com/how-psy-ops-warriors-fooled-me-about-tiananmen-square-a-warning/

https://www.qiaocollective.com/articles/a-note-on-the-tiananmen-protests/

incredible self-own from ArduPilot co-creator Jason Short:

Not in a million years would I have predicted this outcome. I just wanted to make flying robots.

🤡

(of course, in reality, many people were discussing weaponization even on the day diydrones was announced...)

Due to the Norwegian language conflict there have been various competing forms of written Norwegian over time, two of which have been officially recognized as equally valid by the Norwegian parliament since 1885. Both apparently changed their spelling of "slut" to "sludd" in the 21st century, Bokmål in 2005 and Nynorsk in 2012, presumably in an effort to encourage English speakers to make jokes about Swedes and Danes instead of them.

also "you may not remove or obscure any functionality in the software related to payment to the Licensor in any copy you distribute to others." 🤡

FUTO's license meets neither the free software definition nor the open source definition.

Btw, DeadDrop was the original name of Aaron Swartz' software which later became SecureDrop.

it’s zero-knowledge encryption. That means even I, the creator, can’t decrypt or access the files.

I'm sorry to say... this is not quite true. You (or your web host, or a MITM adversary in possession of certificate authority key) can replace the source code at any time - and can do so on a per-user basis, targeting specific IP addresses - to make it exfiltrate the secret key from the uploader or downloader.

Anyone can audit the code you've published, but it is very difficult to be sure that the code one has audited is the same as the code that is being run each time one is using someone else's website.

This website has a rather harsh description of the problem: https://www.devever.net/~hl/webcrypto ... which concludes that all web-based cryptography like this is fundamentally snake oil.

Aside from the entire paradigm of doing end-to-end encryption using javascript that is re-delivered by a webserver at each use being fundamentally flawed, there are a few other problems with your design:

• allowing users to choose a password and using it as the key means that most users' keys can be easily brute-forced. (Since users need to copy+paste a URL anyway, it would make more sense to require them to transmit a high-entropy key along with it.)
• the filenames are visible to the server
• downloaders send the filename to the server prior to the server sending them the javascript which prompts for the password and decrypts the file. this means you have the ability to target maliciously modified versions of the javascript not only by IP but also by filename.

There are many similar browser-based things which still have the problem of being browser-based but which do not have these three problems: they store the file under a random identifier (or a hash of the ciphertext), and include a high-entropy key in the "fragment" part of the URL (the part after the # symbol) which is by default not sent to the server but is readable by the javascript. (Note that the javascript still can send the fragment to the server, however... it's just that by default the browser does not.)

I hope this assessment is not too discouraging, and I wish you well on your programming journey!

i'm not a chess expert but i think one of the pieces is at the wrong angle?

a bit of context:

• I Still Know What You Visited Last Summer
• https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_selectors/Privacy_and_the_visited_selector
• https://www.theregister.com/2025/04/07/chrome_135_history_sniffing/

this guy knuths how units work

When it’s libre software, we’re not banned from fixing it.

Signal is a company and a network service and a protocol and some libre software.

Anyone can modify the client software (though you can't actually distribute modified versions via Apple's iOS App Store, for reasons explained below) but if a 3rd party actually "fixed" the problems I've been talking about here then it really wouldn't make any sense to call that Signal anymore because it would be a different (and incompatible) protocol.

Only Signal (the company) can approve of changes to Signal (the protocol and service).

Downvoted as you let them bait you. Escaping WhatsApp and Discord, anti-libre software, is more important.

I don't know what you mean by "bait" here, but...

Escaping to a phone-number-requiring, centralized-on-Amazon, closed-source-server-having, marketed-to-activists, built-with-funding-from-Radio-Free-Asia (for the specific purpose of being used by people opposing governments which the US considers adversaries) service which makes downright dishonest claims of having a cryptographically-ensured inability to collect metadata? No thanks.

(fuck whatsapp and discord too, of course.)

it’s being answered in the github thread you linked

The answers there are only about the fact that it can be turned off and that by default clients will silently fall back to "unsealed sender".

That does not say anything about the question of what attacks it is actually meant to prevent (assuming a user does "enable sealed sender indicators").

This can be separated into two different questions:

1. For an adversary who does not control the server, does sealed sender prevent any attacks? (which?)
2. For an adversary who does control the server, how does sealed sender prevent that adversary from identifying the sender (via the fact that they must identify themselves to receive messages, and do so from the same IP address)?

The strongest possibly-true statement i can imagine about sealed sender's utility is something like this:

For users who enable sealed sender indicators AND who are connecting to the internet from the same IP address as some other Signal users, from the perspective of an an adversary who controls the server, sealed sender increases the size of the set of possible senders for a given message from one to the number of other Signal users who were online from behind the same NAT gateway at the time the message was sent.

This is a vastly weaker claim than saying that "by design" Signal has no possibility of collecting any information at all besides the famous "date of registration and last time user was seen online" which Signal proponents often tout.