ci" means change inside ""
ca" means change around ""
the " can be replaced with any of: ({[wspbt
For changing inside or around parentheses, curky brackets, square brackets, words, sentences, paragraphs, code blocks and HTML tags respectively.
So for example if you want to replace all parameters in a function call you just do ci(
But that's not all, the c is one of the possible operators, but not the only one.
di{ deletes the content of a block
ya[ copies the content of something inside square brackets
g~iw swaps the case of a word
guis makes a sentence lower case
gUip makes a paragraph upper case
And the most useless one:
g?at replaces the content of an HTML tag with its rot13
If you're on Android use grayjay, if you're on Linux use freetube. You can follow channels on both of those.
If using grayjay and you can afford it please do pay for the license; you're not technically required; it's based on the honor system, but it helps the developers at FUTO work on it and it helps them donate to other FOSS projects.
If you use freetube please donate to them, even a dollar, the developers will greatly appreciate it.
Weekly reminder that the best way to tell them off is to donate to the Lemmy developers, even 1 dollar is no doubt appreciated. Tell reddit off by using their competitor and paying for it.
that's a good point! I guess I've never personally experienced those extremes you have (I was born in the late 90s), I think my first internet connection was ISDN or maybe the early days of ADSL, because I remember the day my family got 7Mbit and we were mesmerized by how fast it was
It was encrypted and only decrypted on the user’s machine. It’s called TLS.
How is TLS relevant in this discussion? In this specific case TLS only solves MiTM, that's it.
Well of course I did - all you said was “use encryption” like that meant anything specific.
It was an offhand comment in a lemmy post, of course I'm not gonna go into details... but fair enough
[...] isn’t materially more secure than properly implementing WebAuthn or even requiring MFA.
This is a bit disingenuous, don't you think? To be clear I like WebAuthn, I think it's a great technology that I've been evangelizing about it to coworkers and friends for years, it's definitely the future of authentication, but that's only marginally relevant, in the case of sensitive data like this you want the data to be both encrypted at rest and during transmission, with a unique pre-generated key, otherwise a rogue employee or in general someone with access to the database can see everything, regardless of anything else.
I will tell you something that most people won't: you don't have to use those websites.
It doesn't matter how important you think they are, you can take a stand by not using them if they don't respect you.
Do you know the reasoning behind the common saying "the united states doesn't engage with terrorists"? Politics aside, it's because engaging with your enemy legitimizes or empowers them. By refusing to negotiate or engage with terrorists, the policy aims to avoid granting them recognition or validation for their methods.
You can take the same stance; when a website stops working with non-chromium browsers you stop using it. You IMMEDIATELY stop using it, even better if you pay them money, you should IMMEDIATELY cancel citing that they're stealing your intellectual freedom. If the US government does the same and you're required to use a chromium browser to fill out your taxes for example, do it on paper, give them a message that you'd rather not use technology than have guns pointed at you
To be clear I wasn't arguing that DARE is enough, you are absolutely correct that depending on the situation it isn't, but in my opinion in this specific case. if the data was DAREd, and sent to the user in its encrypted state and only decrypted on the user's machine with the user's key, that's not stored in any server, it would have completely fixed this specific issue. Naturally, however, to your point, with encryption there is no one-size-fits-all argument!
Wut? You mentioned “encryption” over and over (#encryptionplease) and now it “has nothing to do with that?”
I'm saying that the fact that they accessed the data through compromised accounts is irrelevant. If the data was properly encrypted and only decrypted on the user's machine with the key.
You’re expecting people to download a GPG encrypted file, handle key maintenance, and offline decrypt it for viewing? And not store the decrypted data on their drives? Almost nobody would be willing to do that. And it’s not necessary.
You made a lot of assumptions there.
I'm not really familiar with the entire process of how 23AndMe but based on what the service is I assume that they ship you a box with a vial or maybe a swab to collect saliva, then include a code, maybe a qr code or a redemption id that you can use to register on their website.
The packaging could very easily include a QR code with an RSA or EDCSA key, then the website could ask you to scan that QR code to login.
The website would then use that to calculate the public key based on that private key and make a request to the server for the data associated with that public key, then the user's browser would decrypt that data and display it
What exactly is the problem here? If anything it's simpler than username/password from a user standpoint.
And as for WebAuthn, yeah that would work and it's definitely better than a password, and would perhaps solve part of the issue, but as a user I would feel much safer with my implementation
Yeah, there is one way to make it better, but it won't happen until they're forced to change: force them to integrate with the matrix protocol
yes, I know that it's possible to use a bridge, and I do it, but it still requires a discord account, it would be great if discord rooms were just accessible with the matrix protocol
because I’m pretty sure they need some of that data to be unencryped; records of related customers can improve accuracy drastically
I don't even think this should be a feature, but, if it has to, then they can have two versions of it, one that they use for training and improving the results and a user can only access their data from a frontend by decryping it (locally) with their key
also this “hack” was done by just abusing built-in features (“dna relatives” system), not actually breaking any security.
irrelevant. if you had a key pair no amount of password guessing would get them there
that has nothing to do with it, you just give each user a private key, and in order to view the data you need the key, simple as that, in fact it's even simpler for a user, no passwords to remember
It's truly a shame that in this advanced age of technology, encryption remains a distant, unattainable dream! In this archaic age of ours, safeguarding customer data is just not possible yet because nobody has ever invented the concept of public private key pairs yet, and hackers are having a field day with our data. Clearly, we're still stuck in the digital dark ages where safeguarding sensitive information is just a pipe dream. 🙄
Seriously, how is it possible that they're still not using key pairs for encrypting this data? It would be so simple, you just include a flash drive, or a qr code, in the box with the key and accessing the website to view the data would require that key, how is that still not something they're doing?
I have thought about this for a long time, basically since the release of ChatGPT, and the problem in my opinion is that certain people have been fooled into believing that LLMs are actual intelligence.
The average person severely underestimates how complex human cognition, intelligence and consciousness are. They equate the ability of LLMs to generate coherent and contextually appropriate responses with true intelligence or understanding, when it's anything but.
In a hypothetical world where you had a dice with billions of sides, or a wheel with billions of slots, each shifting their weight with grains of sand, depending on the previous roll or spin, the outcome would closely resemble the output of an LLM. In essence LLMs operate by rapidly sifting through a vast array of pre-learned patterns and associations, much like the shifting sands in the analogy, to generate responses that seem intelligent and coherent.
In my case I'm my own server runner but hey I wouldn't mind a donation 😂