• 0 Posts
  • 266 Comments
Joined 6 months ago
cake
Cake day: June 9th, 2024

help-circle
  • AI model of that type is safe to deploy anywhere

    Yeah, I think you’ve made a mistake in thinking that this is going to be usable as generative AI.

    I’d bet $5 this is just a fancy machine learning algorithm that takes a submitted image, does machine learning nonsense with it, and returns a ‘there is a high probability this is an illicit image of a child’, and not something you could use to actually generate CSAM with.

    You want something that’s capable of assessing the similarities between a submitted image and a group of known bad images, but that doesn’t mean the dataset is in any way usable for anything other than that one specific task - AI/ML in use cases like this is super broad and has been a thing for decades before the whole ‘AI == generative AI’ thing became what everyone is thinking.

    But, in any case: the PhotoDNA database is in one place and access to it is scaled by the merit of uh, lots of money?

    And of course, any ‘unscrupulous engineer’ that may have any plans for doing anything with this is probably not a complete idiot, even if a pedo: they’re going to have shockingly good access controls and logging and well, if you’re in the US, if the dude takes this database and generates a couple of CSAM images using it, the penalty is, for most people, spending the rest of their life in prison.

    Feds don’t fuck around with creation or distribution charges.


  • comparative scale of the content involved

    PhotoDNA is based on image hashes, as well as some magic that works on partial hashes: resizing the image, or changing the focus point, or fiddling with the color depth or whatever won’t break a PhotoDNA identification.

    But, of course, that means for PhotoDNA to be useful, the training set is literally ‘every CSAM image in existance’, so it’s not really like you’re training on a lot less data than an AI model would want or need.

    The big safeguard, such as it is, is that you basically only query an API with an image and it tells you if PhotoDNA has it in the database, so there’s no chance of the training data being shared.

    Of course, there’s also no reason you can’t do that with an AI model, either, and I’d be shocked if that’s not exactly how they’ve configured it.


  • first time law enforcement are sharing actual csam with a technology company

    It’s very much not: PhotoDNA, which is/was the gold standard for content identification, is a collaboration between a whole bunch of LEOs and Microsoft. The end user is only going to get a ‘yes/no idea’ result on a matched hash, but that database was built on real content working with Microsoft.

    Disclaimer: below is my experience dealing with this shit from ~2015-2020, so ymmv, take it with some salt, etc.

    Law enforcement is also rarely the first-responder to these issues, either: in the US, at least, reports will come to the hosting/service provider first for validation and THEN to NCMEC and LEOs, if the hosting provider confirms what the content is. Even reports that are sent from NCMEC to the provider aren’t being handled by law enforcement as the first step, usually.

    And as for validating reports, that’s done by looking at it without all the ‘access controls and safeguards’ you think there are, other than a very thin layer of CYA on the part of the company involved. You get a report, and once PhotoDNA says ‘no fucking clue, you figure it out’ (which, IME, was basically 90% of the time) a human is going to look at it and make a determination, and then file a report with NCMEC or whatever, if it turns out to be CSAM.

    Frankly, after having done that for far too fucking long, if this AI tool can reduce the amount of horrible shit someone doing the reviews has to look at, I’m 100% for it.

    CSAM is (grossly) a big business, and the ‘new content’ funnel is fucking enormous and is why an extremely delayed and reactive thing like PhotoDNA isn’t all that effective is that, well, there’s a fuckload of children being abused and a fuckload of abusers escaping being caught simply because there’s too much shit to look at and handle effectively and thus any response to anything is super super slow.

    This looks like a solution to make it so less people have to be involved in validation, and could be damn near instant in responding to suspected material that does need validation, which will do a good job of at least pushing the shit out of easy (ier?) availability and out of more public spaces, which honestly, is probably the best thing that is going to be managed unless the countries producing this shit start caring and going after the producers which I’m not holding my breath on.




  • That’s a wee revisionist: Zen/Zen+/Zen2 were not especially performant and Intel still ran circles around them with Coffee Lake chips, though in fairness that was probably because Zen forced them to stuff more cores on them.

    Zen3 and newer, though, yeah, Intel has been firmly in 2nd place or 1st place with asterisks.

    But the last 18 months has them fucking up in such a way that if you told me that they were doing it on purpose, I wouldn’t really doubt it.

    It’s not so much failing to execute well-conceived plans as it was shipping meltingly hot, sub-par performing chips that turned out to self-immolate, combined with also giving up on being their own fab, and THEN torching the relationship with TSMC before you launched your first products they’re fabbing.

    You could write the story as a malicious evil CEO wanting to destroy the company and it’d read much the same as what’s actually happening (not that I think Patty G is doing that, mind you) right now.


  • Yeah but it’s priced the same as a cheap laptop and/or desktop, which of course doesn’t then require you to pay monthly to actually use the stupid thing.

    It feels like another ‘Microsoft asked Microsoft what Microsoft management would buy, and came up with this’ product, and less one that actually has a substantial market, especially when you’re trying to sell a $350 box that costs you $x a month to actually use as a ‘business solution’.

    This would probably be a cool product at $0 with-a-required-contract-with-Azure, but at $350… meh, I suspect it’s a hard sale given the VDI stuff on Azure isn’t cheap.








  • I’m going to roll my eyes: if you read the change it’s literally ‘Instead of cmd-clicking, you need to hit ‘okay cool’ in the control panel’, not YOU CANT RUN UNSIGNED SOFTWAER!!@11!!111

    The reason for this change was, shockingly, because malicious asshats were putting up malware pages telling people ‘oh you have to cmd-click to install totally legit thing here!’ and this puts a nice warning up in front of less-educated people in the hopes of preventing the spread of malware.

    I’m 100% for this change since it literally adds 3 seconds of clicking a single time for an app, and makes it where my family members are less likely to get totally screwed over.




  • I’m not sure I buy that: Trump is a cult, and his cultists are going to have an absolute riotous fit if someone tries to depose him.

    Short of him dying or doing something you just can’t ignore - like, say, he eats shit out of his diaper on national tv - he’s not going anywhere.

    Vance isn’t smart enough to 6D chess his way into the presidency without his nominal constituency rioting over it, so I’m doubtful that’s his play.

    He’s probably just going to pull the last-guy-in-the-room thing, since that’s the only person Trump listens to or remembers anyway which means you keep the cultists happy AND you get the figurehead to do what you want anyways without the mess.



  • Mastodon is, like, fine, but it has one gaping flaw that makes it utterly unusable for me.

    Basically, the issue is you cannot be assured that any particular instance contains the entire conversation thread/replies, because they’re not necessarily sent to every server participating in the conversation.

    Bluesky fixes that by the ‘firehose’ feeds federating out to the PDSes and providing complete reply chains, which just flat out makes it a better experience since you can actually see what everyone is saying, not just what people on servers you might be following already are saying.

    It’s a giant stupid flaw in Mastodon (since other AP based platforms such as, for example, Lemmy don’t have it) and really should be addressed since it makes the platform darn near useless since why am I following people to only get half of what might be a useful thread?