Sure, in Firefox itself it wasn’t a severe vulnerability. It’s way worse on standalone PDF readers, though:

In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.

Huh? What do you mean “if”? Such a PDF vulnerability literally did happen a few months ago; fixed in Firefox v.126: https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/.

There’s no real need for pirate ai when better free alternatives exist.

There’s plenty of open-source models, but they very much aren’t better, I’m afraid to say. Even if you have a powerful workstation GPU and can afford to run the serious 70B opensource models at low quantization, you’ll still get results significantly worse than the cutting-edge cloud models. Both because the most advanced models are proprietary, and because they are big and would require hundreds of gigabytes of VRAM to run, which you can trivially rent from a cloud service but can’t easily get in your own PC.

The same goes for image generation - compare results from proprietary services like midjourney to the ones you can get with local models like SD3.5. I’ve seen some clever hacks in image generation workflows - for example, using image segmentation to detect a generated image’s face and hands and then a secondary model to do a second pass over these regions to make sure they are fine. But AFAIK, these are hacks that modern proprietary models don’t need, because they have gotten over those problems and just do faces and hands correctly the first time.

This isn’t to say that running transformers locally is always a bad idea; you can get great results this way - but people saying it’s better than the nonfree ones is mostly cope.

Incredibly weird that this thread was up for two days without anyone posting a link to the actual answer to OP’s question, which is g4f.

I haven’t, actually, since I normally use an adblocker (and also don’t use that tracker). Looks like they’re all VPN advertisements right now, which is at least a somewhat non-mainstream ad segment.

Damn, I didn’t know things were so bad there in Canada.

Even in the detailed info? If so that’s weird; probably something along the lines of “the seller messed up the weight, fixed it, but for some insane reason the site doesn’t recalculate the price”.

Accounts are already mostly portable (you can easily export all your settings and import into your new account), you just don’t retain posting history.

To retain that… I guess there could be a separate fediverse service that does nothing but allow registering accounts that let you prove that other fediverse accounts all belong to the same person, and then a PR can be made to Lemmy and the other platforms to honor these links when showing posting history. It’d be quite a messy system.

The answer is obvious: we must forever be completely advertiser-unfriendly and absolutely unmarketable. With every piece of porn, every post on digital piracy, every swearword, we do our part to protect the fediverse’s independence.

What happened there? These are presumably calculated automatically, so does the second item has its mass listed as 2kg?

Run for office? With what money?

Day ???/??? of downvoting every post with advertiser-friendly censorship in it.

From what I know Element is a safer bet (similarly encrypted, but also decentralized), but Signal is the best one out of the messengers that don’t require any technical knowledge.

You should explain what “stuff” is “coming out”, then, instead of vagueposting.

The thing I said I did? Yes; here’s the processed image:

If you mean the math in the post, I can’t read it in this picture but it’s probably just some boring body-of-rotation-related integrals, so basically the same thing as I did but breaking apart the vase’s visible shape into analytically simple parts, whereas I got the shape from the image directly.

This roughly checks out. I’m getting 66%, based on the methodology of cutting out the jug’s shape from the picture and numerically integrating the filled and empty volume (e.g. if a row is d pixels wide, it contributes d^2 to the volume, either filled or empty depending on whether it’s above or below the water level).

Security as in cybersecurity, yes. Security as in not getting caught violating government bans, not so much - if you’re in a country where getting repressed by your government is a real possibility, it helps a lot for it to not be possible to see exactly what sites you visit. Reminder: even over HTTPS, the domain name (like lemmy.world) is normally not encrypted. Encrypted Client Hello can solve this, but it has only started being commonly used a year ago or so, and more importantly requires the host to support it.

I wouldn’t generally require people to “compile their findings into a report”, but in this case the messages are weirdly devoid of any checkable information and then the reddit user in question mysteriously lost a laptop full of findings, so, yeah, these claims are not compelling. I don’t think the reverse engineer in question was lying, per se, but I do think they were very wrong at first by random chance, the story gained traction, and then they were too embarrassed to admit they fucked up.

Note that openai’s original whisper models are pretty slow; in my experience the distil-whisper project (via a tool like whisperx) is more than 10x faster.

Really? This is the opposite of my experience with (distil-)whisper - I use it to generate subtitles for stuff like podcasts and was stunned at first by how high-quality the results are. I typically use distil-whisper/distil-large-v3, locally. Was it among the models you tried?