They're also injecting a CA bundle so, presumably, they're in including their own root of trust so they can sign their own certificate. I'm on mobile and can't easily look at what they're including.
Edit: Guess I've got openssl in my termux environment. They're injecting a fake Nest root CA key. Makes sense.
I'm shocked it was this easy to subvert the root of trust on these devices. I would expect a newer device would have the trust root pinned in hardware (TPM, etc) and firmware updates would be have been authenticated.
>I would expect a newer device would have the trust root pinned in hardware (TPM, etc) and firmware updates would be have been authenticated.
All those things cost money in hardware or development time, so companies basically never bother. You're probably also letting all the stories about DRM on phones or whatever color your experience on IOT as a whole. TPM basically makes no sense to implement on anything that's not a PC. Not even phones use it.
You could argue TPM can work as a generic term for security coprocessors, but on a technical forum that makes as much sense as saying the pixel tablet is an "iPad".
To be fair, I was using TPM a little genetically (hence the "etc"). I (perhaps wrongly) assume most SoC's today have a non-volatile area for storing roots of trust and possibly a bootloader. My only embedded experience was an Android-based tablet project where DRM on the firmware was of major import because features were locked behind time/geo-limited license keys.
I'm glad they didn't go that far... I wouldn't want that to get into a home device as long as it requires physical access to bypass/update the security in place. I'm really not a fan of excessively locked down hardware.
And not just off-line, but as we learned last week, if us–east-1 is down you have spotty connectivity, not hard down, and your device needs to not cook your users; literally in the case of Sleep8.
It was a near real-time messaging application. So not really applicable (other than seeing messages you already received - which could be cached from previous sessions).
I am so sure because of the self-evidence of my experience, the results of 2 millennia of analysis into the nature of cognition and experience, and consideration of the material composition of our organism (we obviously have lots of critical analog components, which are not selecting tokens, but instead connecting with flows from other continua).
Prediction is obviously involved in certain forms of cognition, but it obviously isn't all there is to the kinds of beings we are.
I am sure that if I am a fancy auto-complete, I'm way fancier than LLMs. A whole different category of fancy way above their league. Not just me, but any living human is.
I agree that is vulgar but the word carries more meaning than degradation. I thought perhaps dilapidation might work but that also misses some of the nuance.
I have a 2000+ day streak on Duolingo, mostly learning Russian. The app has got progressively worse since I started, for a while just giving me the same lesson every single day. I of course finished the course years ago, but I keep up with my one lesson a day to keep the bird happy. I find the UI incredibly annoying, I've disabled all the sounds and animations that I can. You might ask why don't I stop? Well I want to keep up my Russian, and the one lesson a day keeps my brain ticking over.
Last year they replaced all the recordings of native speakers with ML-generated recordings, in both Russian and Ukrainian (probably other languages too but those are the two I have). The ML-generated recordings are terrible, for example they can't deal with the ambiguity betweeen vse and vsyo (written identically in Russian) so they always say vsyo. They'll sometimes randomly say the names of individual letters instead of reading the word, particularly the hard and soft signs. One recording is for a sentence with the word "tochka" (period, as at the end of the sentence) and instead of reading "tochka" the recording just has a silence there.
I've reported these issues hundreds of times since they added the ML recordings and none of them have been fixed.
But like you I keep using it just to get that little daily exposure to the language. I suspect it's useless for actually learning a new language, but it's maybe just barely good enough to keep up a language you already know.
The ambiguity goes away if you write them as "все" and "всё". Diacritics, accents, umlauts and cedillas are useful; if you omit them you do a disservice to the reader.
Maybe so, but omitting them on ё is standard practice in Russian. A language learner who doesn't learn to deal with the ambiguity of the omitted diacritics will struggle to read real-world texts.
I've also got a 2000+ day streak (Spanish) and keep it going for similar reasons. I can't stand the goofy animations they keep adding to Duolingo. I'm about to dump my streak and move to something that doesn't make me feel like the developer thinks I'm a child clapping at the cartoons on the screen.
I stopped playing after reaching a bit more than 2000 day streak.
Towards the end I was just going through a lesson as fast a possible before going to sleep. That was no fun and I got nothing out of it.
That's exactly what I'm doing these days, sadly: just quickly sprinting through a quick lesson or two before going to sleep so I can maintain that streak. I've learned a lot from Duolingo, but none of that learning is recent.
I was frustrated that the Russian course was so short, so I started doing English as a Russian speaker, but soon the Russian part got thin and it's almost completely English.
reply