Matches my experience completely. It's pretty good at coming up with small/one-off scripts or single-page web apps, OK at working in large existing code bases, but an absolute beast at finding bugs given a detailed description of symptoms and a few pointers.
Not all OSes allow trusting self-signed certs only for a particular set of hostnames, and if they don't, the associated private key becomes incredibly risky (since anyone getting it would be able to pose as google.com etc. to you as well).
Some OSes don't even have a system-wide trust store at all!
Logged in to my Spotify account on the web once when traveling to update my card, and now the web interface, while logged in with my account they know the country/language for perfectly well, is persistently in a language I don’t speak, even after returning.
So the model powering “GPT-5” in the UI (modulo “routing to the thinking model”) is called “gpt-5-chat” in the API, while the one powering “GPT-5 Thinking” is called “gpt-5”?
Speaking of that, did your explorations of using the FIDO "backend API" on macOS in CLI tools lead anywhere, or does that still require some browser-only code signing entitlement?
It's slightly different from a smart card in that the key inevitably is revealed to the host computer with the PRF extension, but for applications that only use the smartcard for key (un)wrapping it's effectively equivalent.
I don’t think being a majority holder of voting shares allows you to make decisions that disadvantage minority shareholders. (Otherwise, people would vote for things like “don’t pay any more dividends to these 49% of shareholders” all the time.)
Excuse me but deluding myself into thinking I saved everyone some time by monologuing at an intern who didn’t ask any question whatsoever isn’t novelty, that’s a core part of my professional identity
Identity documents supporting interactive cryptographic authentication have been around for decades now (e.g. ICAO 9303 "biometric passports"), and I wouldn't be surprised if some government had a stockpile of a few hundred million ICs that can only do ECDSA and/or RSA as a result 😬
Yeah, sending stuff back to their servers would be really unfortunate, especially when newer phones are basically fast enough to just summarize locally.
It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...
Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).
It’s not really summarization. You can tag “Meta AI” into any chat, which is just a regular server-side LLM and as such obviously not end-to-end encrypted. This is somewhat explained in a pop up at first use, but obviously people don’t read that.
