Pup Biru

it is not. meta controls the keys. that’s how they’re accessing the messages

the article says they can access any message, from any user, from any time period, even deleted, instantly

to make this a client-side exploit would mean that messages would need to be constantly sent in the clear (not targeted per user) for years now… and someone would have noticed that

we know meta holds the encryption keys: that’s a known fact… it’s much much easier for them to simply decrypt everything they store

simpler than that in most likelihood… meta is the key holder so login and password recovery is simpler (or at least that’s the excuse they give): you login, they send you your key, which they can also access (and decrypt your messages) whenever they like

this isn’t a client-side exploit. this is the fact that meta controls the encryption keys. the mention “widget”, but that’s not a widget on your device; they say it’s a widget on their workstation - whatever that means. i’m thinking it’s something akin to raising a ticket which triggers a workflow to remote install an app on a work device (a process common at large enterprises)

worker need only send a ‘task’ (i.e., request via Meta’s internal system) to a Meta engineer … the worker’s workstation will then have a new window or widget available that can pull up any WhatsApp user’s messages based on the user’s User ID number … Once the Meta worker has this access, they can read users’ messages by opening the widget; no separate decryption step is required

that’s incorrect. with whatsapp, your keys are stored on meta servers (the same as things like imessage). they can simply decrypt them whenever they like, just like being signed in as you. it’s completely invisible to your client

it’s not even that: they just hold the keys so can simply decrypt your messages with out your clients intervention any time they like

SIP used different signalling protocols amongst other things than WebRTC, and i imagine browser support is a hard requirement

plain text is probably the wrong phrasing, but apple does control all your keys

no matter who it is, the key holder can always read your data

sentiment yes but there are FOSS tools to store things in google/microsoft/apple drives or the various object stores (s3, backblaze, etc) that work just like the various drives, but with end to end encryption where you control the keys

in general just don’t let anyone else control your encryption keys… where you store things is almost beside the point

bonus: encryption means they can’t dedupe/compress so you get to waste their money

You can do all that with a CSS variable though…

and then people have to learn what it all means, where those variables are, how your mess of custom CSS hangs together, and probably what overrides what in your hierarchy

you end up with this soup of classes on every single element

it’s either than or a soup of stuff in CSS. the difference is largely academic in modern HTML because it’s all contained in components anyway

they have to be as short as possible, and so they can’t use font-size and font-weight.

they don’t have to be; they could easily use font size and font weight, but i much much prefer the -lg notation… it makes your flow so much quicker. it reduces cognitive load significantly

I still suspect you’re better off just using the effort you would need to learn the tailwind classes to instead learn plain flexbox.

i know flexbox and grid plenty well, and similar applies across the board for things like tailwind: containing everything together so that you don’t have to mess around switching between different places to define things, and using classes that kinda just represent what you want in shorthand literally makes my frontend development literally 10x quicker, and just feel smoother… even when i’m just doing personal projects

you don’t have to believe me; that’s fine… but i used to think similarly to you, had a couple of failed attempts and hated tailwind, and my most recent personal projects it just clicked and everything feels so nice. i’m a principal engineer, and have done plenty of work on all kinds of projects so it’s not like i’m inexperienced and just go with the latest fad. these small time savings really add up

i’m not a frontend engineer so don’t know the difference between text- and font- without looking but that’s another good example of why frameworks are great: 6px is an explicit size, where md, 2xl, etc are all relative… per project you can decide what those sizes are and everything just falls into place… you rarely really care what the size is in pixels; mostly you only care about sizes relative to other parts of the UI… so again, people joining on a project don’t need to memorise magic numbers, because they just know without needing to guess what the size suffixes are

i’ve only recently started to use tailwind (originally i saw no point, pretty much for the reasons you’re stating: why use classes like that when you can just use styles on the element and we know that’s bad) but since i embraced it i’ve started writing quality components much much faster… especially for layout like flexbox and grid it just flows really nicely, and i really don’t find that it feels like i’m repeating myself at all (partly because “repeating yourself” should be avoided by simply using components these days: CSS is an over-complicated and ill-fitting solution to the problem of styling in modern UIs)

(okay i looked up text- and font-: text is size, font is weight… which tracks with my understanding of the other parts of tailwind and the way type is handled in software generally… i think there are no good options here)

the same could be said for languages that aren’t binary: what does it save you! you still have to write stuff to get the program you want, and you still have to come up with the business rules

almost all software engineering tools just save you keystrokes, or save you from needing the knowledge to implement repeatable things… or for having a standardised way of doing things so new people can approach your project without having to learn as many details (eg rails, django, nextjs, etc: the terminology and layout of such projects are familiar; daos/views/etc all behave the same)

for css frameworks for example, perhaps you have a .rounded-corners class… sure you could just implement it yourself, but if you’re using a framework you save a few minutes, the outcome is likely the same, you don’t need to know about the border radius details (and likely css frameworks implement things like shims or accessibility correctly; freeing you from needing to have deep knowledge of some esoteric details), and if the framework is big (like tailwind etc) then if you employ someone new, they know exactly what .rounded-corners means

… obviously .rounded-corners is a pretty simple example, but you can imagine when these libraries fill out with many many tools the shorthand’s get much more complex

they might, but the point is the volume of data rather than the speed… CERN is obviously an outlier, but not by as much as you’d think. copious amounts of data is kinda par for the course in a lot of cases, and training data just doesn’t even come close to the volume of data that large data users produce (data warehouses/lakes in the order of PB and EB are not that uncommon)

honestly servers don’t need the latest hardware: just build using DDR4 (or even DDR3): it’s half the price per GB or less each step down, and honestly the biggest reason you want RAM in a server is for a ZFS cache, which is going to be bottlenecked on plenty of other things far before your RAM speed (IMO; i’ve done exactly 0 testing)

(though the max size of a DDR3 module is 8GB so on most consumer hardware that will limit you to 32GB total)

relative to the hard drive market in general, that seems like a drop in the bucket. research labs like CERN write TBs per SECOND

quality data sets don’t even come close

LLMs don’t have to be random AFAIK: if you turn down the temperature parameter and send the same seed every time you get the same result

https://dylancastillo.co/posts/seed-temperature-llms.html

for most people this isn’t exactly what you want because “temperature” is sometimes short-handed as “creativity”. it controls how out of left field the result can be

what kind of monster writes a script without a shebang?

right? a US friend of mine messaged me the other day “is VIC on fire?”… like… na, and actually this summer has been pretty mild so far lol. i haven’t even seen a single melting road!

i thought this too, and i just started actually working with it and DAMN is it fast… i agree that it’s kinda a technical “what the fuck are you doing?!?” but… yeah… i can’t even really explain why

absolutely! similar is true of node in v8 (though python imo is far more mature in this regard) and probably most other languages

exactly why things like numpy are so popular: yeah python is slow, but python is just the orchestrator