Readit Newsbuzer commented on Windows drive letters are not limited to A-Z ryanliptak.com/blog/windo... · Posted by u/LorenDB
I understand your point; but I'm struggling to see how this could be weaponized. Keep in mind, that these Dos compatible drive letters need to map to a real NT path endpoint (e.g. a drive/volume); so it isn't clear how the malware could both have a difficult to scan Dos tree while also not exposing that same area elsewhere for trivial scanning.
The recovery partition might work if it exists.
buzer commented on 250MWh 'Sand Battery' to start construction in Finland energy-storage.news/250mw... · Posted by u/doener
> The southernmost spot in Finland is too far north, and the scramble that happened in EU at the loss of Russian energy supplies made it crystal clear that we can not trust any other country to help in times of need.
That's the failure of European union
Note that even if Central Europe did have sufficient energy for export it wouldn't really help during crisis. To get the energy to Finland it would need to either go thru the Baltic Sea via undersea cables or via Northern Sweden. We have seen that it's not necessarily good idea to rely on the former during the crisis as those lines can easily be cut, they have been multiple times in just past year or so by certain commercial ships "accidentally" dropping their anchors.
As for latter Sweden, doesn't currently have capacity for it and I don't think they have been very interested in increasing it, currently Finland often benefits from the fact that there isn't enough transport capacity between Southern and Northern Sweden electric grids so Finland gets some cheap electricity from there.
buzer commented on EU Council approves Chat Control mandate for negotiation with Parliament techradar.com/vpn/vpn-pri... · Posted by u/mseri
The trick is that because they could not pass the proposal that enforces message scanning, now this proposal defines "high risk activities" and in the case of high risk activity, the national authorities can force someone to comply (i.e. start to scan messages, block, stop activity).
Here is the actual text: https://data.consilium.europa.eu/doc/document/ST-15318-2025-...
High risk classification is at the end of the text.
Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:
- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.
- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)
- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)
- The platforms’ storage functionalities and/or the legal framework of the country of storage do not allow sharing information with law enforcement authorities.
- The platform lacks functionalities to limit the number of downloads per user to reduce the dissemination of harmful content.
- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
Also, a lot of these points do not sound like they are about the safety of children
- Platforms lack a premoderation system, allowing potentially harmful content to be posted without oversight or moderation
- Frequent use of anonymous accounts
- Frequent Pseudonymous behavior
- Frequent creation of temporary accounts:
- Lack of identity verification tools
Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.
> - Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.
Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.
Wow, didn't know there were talks about relaxing GDPR. Can you share a few links? Many thanks.
https://news.ycombinator.com/item?id=45980117
Some more details:
https://noyb.eu/en/eu-commission-about-wreck-core-principles... Textual analysis of the changes from the original leaked draft (especially "Overview Table of the Draft & Comments by noyb")
https://noyb.eu/en/digital-omnibus-first-legal-analysis Video about the proposed changes (there are some changes compared to the leaked draft)
buzer commented on Europe is scaling back GDPR and relaxing AI laws theverge.com/news/823750/... · Posted by u/ksec
Anonymization unfortunately is completely broken under GDPR. In principle it providesa clean path for personal data to become usable outside of the restrictions of GDPR, but in practice it turns out to be impossible based on current definitions.
The key issue is that anonymization under GDPR requires that a link to a real person can never be re-established even considering the person doing the anonymization. Consider a clincial study on 100 patients and their some diagnostic parameter such as creatinine or H1bc which was legally collected using consent and everything. Lets assume we would like to share only the 100 values of the diagnostic without any personal data. It would seem quite anonymous, but GDPR would put a simple test if anybody using reasonable efforts could re-establish an identity. And sure the original researcher can because s/he has a master file containing the mapping. So the data isn't anonymous and actually can never be anonymous.
You should probably look into pseudononymization in your case, not actual anonymization. Look into C‑413/23 P in more detail to see if it's applicable in your situation, it's essentially the first case law around it. You probably do need some extra controls (like contract that the data is not shared) just in case to avoid the data coming in hands of someone else who could identify the people depending on how detailed the data is.
buzer commented on Europe is scaling back GDPR and relaxing AI laws theverge.com/news/823750/... · Posted by u/ksec
I think you don't understand the GDPR. The GDPR does not disallow the processing of personal data, nor does it disallow the sharing of personal data with suppliers or other entities in the supply chain. For example, if you run a merch store, it's perfectly OK to share the buyer's address with DHL or whoever does the shipping.
What the GDPR requires is that the user is informed about the processing and the suppliers used, and in some cases, provides consent to the processing.
The new proposal which suggests that pseudonymized data is not always PII is a different thing. It actually opens the door to a lot of new problems in my opinion. For example, with this new interpretation, big tech might question whether IP addresses are still personal data (which is something EU top courts had previously established)? What about cryptographically hashed values of your social security number (easy to break)?
> The new proposal which suggests that pseudonymized data is not always PII is a different thing.
This actually is already the case, see the recent CJEU C‑413/23 P. Currently the main question is if the recipient has a way to unmask the user. In case of IP address the answer is almost always yes since the recipient could ask competent authority to unmask the IP address if there is crime involved. That was the exact reasoning provided in the Breyer case.
In C‑413/23 P the recipient didn't have any reasonable way to map the opinion to real person so it was determined that it's not PII from recipient's POV but it was from the data controller's.
One of the issues in the new proposal is that it lowers the standard quite a bit compared to C‑413/23 P.
buzer commented on Fizz Buzz without conditionals or booleans evanhahn.com/fizz-buzz-wi... · Posted by u/ingve
A loop either never halts or has a conditional. I guess a compiler could elide a “while True:” to a branch-less jump instruction.
One hack would be to use recursion and let stack exhaustion stop you.
Other would be to use goto (though Python doesn't have it) & introduce something that will panic/throw exception, like creating variable with value 1/(max-i).
I mean, it absolutely worked for effectively sinking the GDPR, where pretty much everyone now equates that law with obnoxious 'cookie banners', to the point that these regulations are being relaxed, despite never requiring these banners in any way, shape or form in the first place.
But, yeah, despite that, I'd say they'll get away with this as well...
I don't think DMCA has anything to do with that though I did wish everyone hated it. You probably meant GDPR.