There’s a manual release that can be used to open the hood from the outside even if the vehicle has no power.

It’s a safety feature for first responders, as also under the hood is a loop of wire that can be cut to permanently disable the high voltage curcuts prior cutting open the car with saws.

There is a manual door release that works without power, but only from the inside. She had just loaded the child in their car seat, shut the door then went to the driver door to get in and couldn’t open it.

The doors are on the 12V side of the system, you can use jumper cables to connect an external battery from another vehicle (including ICE vehicles) to power the door under normal circumstances. But with a kid trapped in the car in AZ, I wouldn’t wait for that either.

It a pretty rare combinations of circumstances, but there’s something to be said for manual keys still used on other vehicles with keyless entry.

Most large corporations’ tech leaders don’t actually have any idea how tech works. They are being told that if they don’t have an AI plan their company will be obsoleted by their competitors that do; often by AI “experts” that also don’t have the slightest understanding of how LLMs actually work. And without that understanding companies are rushing to use AI to solve problems that AI can’t solve.

AI is not smart, it’s not magic, it can’t “think”, it can’t “reason” (despite what Open AI marketing claims) it’s just math that measures how well something fits the pattern of the examples it was trained on. Generative AIs like ChatGPT work by simply considering every possible word that could come next and ranking them by which one best matches the pattern.

If the input doesn’t resemble a pattern it was trained on, the best ranked response might be complete nonsense. ChatGPT was trained on enough examples that for anything you ask it there was probably something similar in its training dataset so it seems smarter than it is, but at the end of the day, it’s still just pattern matching.

If a company’s AI strategy is based on the assumption that AI can do what its marketing claims. We’re going to keep seeing these kinds of humorous failures.

AI (for now at least) can’t replace a human in any role that requires any degree of cognitive thinking skills… Of course we might be surprised at how few jobs actually require cognitive thinking skills. Given the current AI hypewagon, apparently CTO is one of those jobs that doesn’t require cognitive thinking skills.

Or… you could just… you know… stop using it.

What the Internet Archive is doing seems to be to be a pretty textbook case of fair use to me.

The claim that the publishing and recording industries are somehow harmed by a site that can only make copies of content that was made freely available and isn’t being resold is ludicrous stupid.

Sometimes ChatGPT/copilot’s code predictions are scary good. Sometimes they’re batshit crazy. If you have the experience to be able to tell the difference, it’s a great help.

Lemmy’s a lot better than Reddit for not being an echo chamber because the communities are less interest specific, and most of us are here because we’re the type to seek out a better discussion rather than stick with status quo.

But as it gets bigger and the communities become more niché it will become a bigger issue.

You wouldn’t be able to MITM a plaintext connection inside a corporate network with this attack by itself. You could only MITM something that the attacker can access without your VPN.

Any corporate network that has an unsecure, publicly accessible endpoint that prompts for credentials is begging to be hacked with or without this attack.

Now you could spoof an login screen with this attack if you had detailed info on the corporate network you’re targeting. But it would need to be a login page that doesn’t use HTTPS (any corporations, dumb enough to do that this day and age are begging to be hacked), or you’d need the user to ignore the browser warning about it not being secure, which that is possible.

I can’t see routing traffic to some kind of local presence and then routing back to the target machine to route out through the tunnel adapter without a successful compromise of at least one other vulnerability.

That’s not to say there’s nothing you could do… I could see some kind of social engineering attack maybe… leaked traffic redirects to a local web server that presents a fake authentication screen that phishes credentials , or something like that. I could only see that working in a very targeted situation… would have to be something more than just a some rouge public wi-fi. They’d have to have some prior knowledge of the private network the target was connecting to.

As I mentioned in my other comment, this wouldn’t let an attacker eavesdrop on traffic on a VPN to a private corporate network by itself. It has to be traffic that is routable without the VPN.

Not all VPN traffic. Only traffic that would be routable without a VPN.

This works by tricking the computer into routing traffic to the attacker’s gateway instead of the VPN’s gateway. It doesn’t give the attacker access to the VPN gateway.

So traffic intended for a private network that is only accessible via VPN (like if you were connecting to a corporate network for example) wouldn’t be compromised. You simply wouldn’t be able to connect through the attacker’s gateway to the private network, and there wouldn’t be traffic to intercept.

This attack doesn’t break TLS encryption either. Anything you access over https (which is the vast majority of the internet these days) would still be just as encrypted as if you weren’t using a VPN.

For most people, in most scenarios, this amount to a small invasion of privacy. Our hypothetical malicious coffee shop could tell the ip addresses of websites you’re visiting, but probably not what you’re doing on those websites, unless it was an insecure website to begin with. Which is the case with or with VPN.

For some people or some situations that is a MASSIVE concern. People who use VPNs to hide what they’re doing from state level actors come to mind.

But for the average person who’s just using a VPN because they’re privacy conscious, or because they’re location spoofing. This is not going to represent a significant risk.

So for this attack to work, the attacker needs to be able to run a malicious DHCP server on the target machine’s network.

Meaning they need to have already compromised your local network either physically in person or by compromising a device on that network. If you’ve gotten that far you can already do a lot of damage without this attack.

For the average person this is yet another non-issue. But if you regularly use a VPN over untrusted networks like a hotel or coffee shop wifi then, in theory, an attacker could get your traffic to route outside the VPN tunnel.

I question the methodology here. The same site lists Linux desktop share at 2% in my country specifically. It feels like if it was that high you’d see it on people’s laptops more in coffee shops and what not… but I’ve yet to see a single other person using Linux on the desktop.

I know most of that 4% is in India… but still feels like it should be more ubiquitous if the number is that high.

Reddit never expected the new api pricing to be a fountain or money. This was never about LLMs or the lack of ad revenue.

If it was just about LLMs they could have made one price for api users that were primarily harvesting data and a different price for api users that contributed significant content or moderation. Which would make good business sense to do so as content contributors are what bring the eyeballs (and therefore the value) to the platform.

It wasn’t about ad revenue either, by all estimates the revenue from a third-party app user would have been many times more than the opportunity cost from the ad revenue they were missing out on from 3rd party app users. If they wanted to profit from the api pricing, they only needed to give the community more time to transition business models. They didn’t even need to give everyone more time, just a dozen or so major third party apps.

This was always about killing off the third party apps. The ones they let survive had low user counts to begin with and went even lower.

I don’t know their real motivations here but so far there’s only two possibilities that i can think of.

A) Reddit’s leadership and board of directors are beyond incompetent

B) They collect significantly more data from the first party app than they were able to from the third party apps, and they’re selling that data for a significant sum of money beyond just their own ad ecosystem.

I will absolutely give you that transitioning an established mature product to the subscription model is usually a terrible idea. Plenty of examples of that going horribly wrong.

As for subscriptions being a “blatant money grab” that definitely happens sometimes… notably when there’s a mature product with a dominating market share. The company already captured most of the market share, so they can’t get much more revenue from new customers, existing customers are satisfied with the version they have so they’re not buying any updates. Sales go down and someone comes along say just make it a subscription and keep milking the cash cow forever…. Yep, I admit it, that totally happens. The enshitification ensues.

But none of that’s the fault of the subscription model per se.

The same subscription model that becomes the incumbent’s downfall, is what creates a market opportunity for a new competitor.

A new competitor can coming in with a new product that was built with a subscription model from the start. The competitors product is cheap to try for a month, cheap to switch to with no big upfront costs. The newcomers can generally react much faster to customers needs than the incumbent. (Not because of the model, they can because they’re smaller)

Established software companies doing blatant money grabs happen all the time. Hell most of us are here using Lemmy because Spez attempted a blatant money grab on Reddit. Had nothing to do with the model.

Subscription model gets a lot of hate because greedy companies tried to use it as a blatant money grab exactly as you described. But it doesn’t have to be that way.

Subscription models make it easier for newcomers entering a space, which is good for consumers. It’s more compatible with agile development methodologies because you don’t need wait until you’ve bundled enough features together to market it as a new version worth upgrading to. It’s in your best interest to ship new features immediately as they’re developed.

It’s totally fair of you don’t like the model.

But the model itself isn’t the problem.

Shitty companies being greedy will always happen.

Totally fair if you don’t like the subscription model.

But I am genuinely curious what you think I’m making assumptions about.

Wow… lots of people in here bashing the subscription model, but let me point out it’s maybe not as bad as you think…

If you sell a product under a perpetual license model (I.e the one-time purchase model). Once you’ve sold the product, the manufacturer has almost no incentive to offering any support or updates to the product. At best it’s a marketing ploy, you offer support only to get word of mouth advertising of your product which is generally a losing proposition.

Since there’s little incentive to improve the experience for existing customers. Your main income comes from if you can increase your market share which generally means making products bloated often leading to a worse experience for everyone.

If the customer wants support, you need to sell them a support contract. If they want updates you have to make a new version and hope the customer sees enough additional value to be worth upgrading. Either way we’re back to a subscription model with more steps, more risk, and less upside than market expansion so it takes a backseat.

If you want to make a great product without some variation on a subscription. You need to invest heavily upfront in development (which most companies don’t have the capital to do, and investors generally won’t invest in unproven software)

From a product perspective, you don’t know if you’ve hit the mark until people start using your product. The first versions of anything but the most trivial of products is usually terrible, because no matter how good you are, half to three quarters of the ideas you build are going to be crap and not going to be what the customers need.

Perpetual licensing works for a small single purpose application with no expectation of support or updates.

It works for applications with broad market needs like office software.

For most niche applications, subscription models offer a better experience for both the customer and the manufacturer.

The customer isn’t facing a large transition cost to switch to a competitor’s product like they would if they had to buy a perpetual license of it, so you have a lot more incentive to support and improve your product. You also don’t see significant revenue if the customer that drops your service a couple months in… even more reason to focus on improving the product for existing customers.

People ought hate the idea of paying small reoccurring fees for software instead of a few big upfront costs. But from a business model perspective, businesses are way more incentivized to focus on making their products better for you under that model.