For something that is as personal as a keyboard, it would be good to know what "Usage data" you are collecting and how it is used. I am eager to switch away from ios keyboard, but I do not trust most developers to have access to what I type. I understand it is "not linked to me", but this is an area where heavy skepticism is warranted.
Hey, we're super transparent about the data we collect.
We collect zero data about your typed words, personal dictionary data, stored contacts, clipboard history and basically anything else that's privacy-sensitive.
What we do collect is very generic and fully anonymized metrics such as: Do you use a theme, did you modify the keyboard, did you add an emoji key to your keyboard, etc.
We are not interested in typed words or any private data. We just want to know how people use the keyboard in general (which features in particular), and that's all we collect. You can opt out at any time, and all collected data is automatically deleted every 30 days because we only keep a 30-day rolling window.
If you want to be extremely safe, you can also skip enabling full access for the keyboard, which makes it impossible for us to send data from the keyboard itself to the app. But as said, we don't actually collect any privacy-sensitive data (and never will), and disabling full access comes with a few other caveats because Apple put many basic features such as vibration etc behind the full access setting as well, for whatever reason.
This is exactly the reason why I haven't looked into other keyboards. Gboard seems like a google-sponsored key logger? Anyone know of some good privacy-focused ones?
Please see my other comment here :) We do not collect any private data, and we never will. We only collect very generic and fully anonymized usage data, but that does not include typed characters, words, clipboard history, snippets, or anything else that could be considered private.
Yeah, this is the great irony of it all. Germany really wants to discourage taking a car for "environmental reasons" and so on and does everything to encourage public transport.
But one thing is clear: I won't be bothered, robbed or even stabbed in my own car, and I also won't arrive in a different village lest I drive there myself. I won't arrive three hours late either, or have to stay overnight in some shitty Hotel because they couldn't find a replacement train.
The German public transport, like many other things in Germany, is an absolute fever dream for a "developed country".
All of these are incredibly obvious. If you have even the slightest idea of what you're doing and review the code before deploying it to prod, this will never succeed.
If you have absolutely no idea what you're doing, well, then it doesn't really matter in the end, does it? You're never gonna recognize any security vulnerabilities (as has happened many times with LLM-assisted "no-code" platforms and without any actual malicious intent), and you're going to deploy unsafe code either way.
Sure, you can simplify these observations into just codegen. But the real observation is not that these models are more susceptible to fail when generating code, but that they are more susceptible to jailbreak-type attacks that most people have come to expect to be handled by post training.
Having access to open models is great, and even if their capabilities are somewhat lower than the closed-source SoTA models, and we should be aware of the differences in behavior.
> more susceptible to jailbreak-type attacks that most people have come to expect to be handled by post training
the keyword here is "more". The big models might not be quite as susceptible to them, but they are still susceptible. If you expect these attacks to be fully handled, then maybe you should change your expectations.
> All of these are incredibly obvious. If you have even the slightest idea of what you're doing and review the code before deploying it to prod, this will never succeed.
Well this is wrong. And it's exactly this type of thinking why people will get absolutely burned by this.
First off the fact they chose obvious exploits for explanatory purposes doesn't mean this attack only supports obvious exploits...
And to your second point of "review the code before you deploy to prod", the second attack did not involve deploying any code to prod. It involved an LLM reading a reddit comment or github comment and immediately executing.
People not taking security seriously and waving it off as trivial is what's gonna make this such a terrible problem.
Afaik rubygems kicked some long term contributors and stole the entire project. Thats some serious red flags for me. At what point rubyruby gems does something nasty is only a matter of time. They could start to gatekeep or even worse add some sort of paid version.
Anyway.. a core piece of infra like this needs to be open for anyone and not closed for some shady entrerprize.
In short, a hostile takeover forced by Shopify through Ruby Central.
It was sparked after Ruby Central chose to platform an extremist figure prominently for their last RailsConf against the wishes of the sponsors, losing them a lot of sponsorship money, as well as community support.
This is a little glib, you dropped "Entirely" because you know multiple first hand accounts are actually worth something. If you want to argue the credibility of those accounts, then please be specific about it.
So you critisize Joel because he worked at Shopify. He pointed that out when he wrote the article.
Let's add here that YOU also worked at Shopify, until recently.
IF we are going to be critical, then let's be complete here.
I actually think there is a lot of validity to the statement made that Shopify is NOT a neutral party here. We can dispute how much Shopify was involved, but to assume "all is unsubstantiated" while not even disclosing one's own work at Shopify, feels super-strange here.
> It was sparked after Ruby Central chose to platform an extremist figure prominently for their last RailsConf
This is so incredibly one-sided that it misleads more than it informs.
The person they are talking about is DHH. Inviting the creator of Rails to speak at RailsConf – a conference for Rails – is not the outlandish behaviour this comment makes it sound like.
Agreed. There is a lot of conflation of statements that are not directly connected.
The whole DHH argument, for instance, as well as some people having a vendetta about him, is not, or not directly, related to the hostile take-over of rubygems.org. There is a slight partial overlap, but it is a separate discussion (even if DHH was involved with the take-over via Shopify because he does not like Arko or Shopify wanting more power-control to bully the independent developers at rubygems.org with more corporate rules and restrictions; and, by the way, DHH never mentions Arko's name, but even this is a separate discussion still. For instance I specifically do not care about rails nor DHH really, but the hostile take-over was a complete no-go. Ruby Central really pissed off too many people here and unfortunately there are still many open questions that ruby-core has to think about. I am not necessarily saying all came with malicious intent, because I think there is an english language barrier too in regards to Hiroshi Shibata, but even then it may be better to have someone with better knowledge about the english language in charge of gems; there seems to be some strange disconnect or translation going on between english, into japanese and japanese culture, and it is super-confusing.)
Interesting, I only knew who he was through his "Leaving the cloud" serie of posts.
I am just trying to draw a parallel between the two to try to understand its broader ideology. So some might say both big cities like London and hyperscaler like AWS are:
- very expensive and have become unaffordable for many actors
- limit your freedom to scale and accommodate a very broad range of guests
- under massive surveillance and control
where the comparison stops is:
- AWS offers pretty good security but London is not (and hasn't for a long time)
- It is pretty easy to get kicked out of AWS if you do not follow the rule or pay
NYC has roughly the same stats - 40% of the residents there are foreign-born. This is more to do with low birth rates by natives, so population growth in NYC and London is entirely driven by immigration. The biggest problem is that it's too expensive for most people to have and raise kids in major cities.
What was more troubling to me was that he called the Tommy Robinson rallies "heartwarming". TR was a member of an explicitly fascist, white nationalist party. The rallies were full of signs calling for death to Muslims. Or, in the same blog post, his disproven claims of migrant gang r*pes. On top of that, he has written some really vile things about transgender people.
I would like to go to a tech conference and focus on Ruby, not politics. I'd like to leave my identity home and discuss software engineering and interesting technical ideas. DHH has made that impossible.
> I suspect these "really vile things" will turn out to be not so vile (like JKR)
"Not so vile" things like spreading lies about a female Olymics Boxer's gender, calling her terrible names, and inciting her online followers to harass her? She not only bullies transgender individuals but also targets other women who don't meet her own standards of femininity. If you have no problems with people like that, no wonder you can't fathom why the Ruby community has trouble accepting similar people with open arms.
Evidence for thee, but not for me? You write with such authority on this topic, yet you insist on demanding evidence for even the most basic knowledge surrounding it.
Consider what this conversation was actually about - a male sexual predator, caught pleasuring himself in the showers attached to a girls' changing room, who claimed, when caught, to have a female gender identity:
Setting aside that you're passing claims from a far-right troll as facts, that still doesn’t make it acceptable to equate trans women with sexual predators, both morally and logically. Or are you suggesting that if you can find one male sexual predator, it justifies equating all males with predators? I have a feeling you’d be up in arms about that.
Anyways, it's clear that you're intent on dehumanizing others, even creating a new account for the sole purpose of saying the most vile things, so I'll stop replying here.
The reason that this male sexual predator was allowed to use the female changing room and showers is because he claimed to have a female gender identity.
This illustrates the safeguarding risk in allowing males to use female spaces on the basis of simply saying that they identify as female. It ends up with situations like this: a registered sex offender pleasuring his erect penis in a shower area that young girls are using, and a reluctance of the authorities to stop him and file charges because they're in the thrall of policy that deems self-declared gender identity to be unquestionable.
> are you suggesting that if you can find one male sexual predator, it justifies equating all males with predators
For the purposes of safeguarding, yes. This is much of the reason why we have female-only spaces in the first place, as a preventative against male predation.
Not all males are predatory, but one can be quite sure that the subset of males who disregard and ignore women's and girls' boundaries are. Including the sex offender being discussed in that Twitter conversation. And any other male who demands access to female spaces.
Oh sorry I thought you were talking about DHH. I've been trying to find a link to something awful that he's said but nobody has one.
And as for that incident, "spreading lies" is clearly an exaggeration. That boxers gender is at best debatable. She's clearly on the awkward boundary between genders that sport (and society in general) doesn't really know how to deal with.
> literally equating trans women with sexual predators
Not what she was saying. She was calling out an only-true-scotsmen argument.
Shame on you for promoting libel by spreading unverified claims as fact. Have you even paused to consider what it's like for those on the receiving end of such harmful lies? Or do you, like JKR, revel in it even more after you've thought about it?
The evidence indicates that Khelif is male, with male physiological advantage, and therefore should never have been competing in women's boxing. And it is a matter of record that Khelif withdrew from the Eindhoven Cup rather than take the sex verification tests required to compete.
That proposed lawsuit mentioned in your BBC article near the end of 2024 went nowhere, by the way. How could it? The facts show there was no libel.
I'm not. It's true that I dislike Ruby and prefer everyone would abandon it, but that's orthogonal to the issue we're discussing. In fact I'm saying that the Ruby community is being stupid and shooting themselves in the foot by characterizing relatively mainstream right wing views as "extremism".
If I was being disingenuous I should really encourage this schism!
> It
Dunno if you're a native English speaker or not but the normal way to refer to someone of unknown gender is "they". "It" is offensive.
This doesn't preclude extreme. Not commenting on whether the community's is shooting themselves in the foot or not, just that the reason provided is not a good one for believing so.
> If I was being disingenuous I should really encourage this schism!
I do not think that you are necessarily being disingenuous but misunderstanding the difference of opinion in this way actually seems to encourage said schism.
You have misunderstood why people use the term "extremism".
> Mainstream views can't be extreme by definition.
Of course they can; mainstream views can't be uncommon by definition. Extreme doesn't strictly mean uncommon (not even in a political context), it is also used to mean "high degree", which can include distance from political centrism but can also include, e.g., frustration or flavor of cookie. To give another example, various online "challenges" like the "ice bucket challenge" are extreme but were also relatively mainstream when they were commonly performed and posted online; the term "ice bucket challenge" is still mainstream and the challenge itself is extreme (in fact, the reason it's called a "challenge" is because it is extreme).
Thinking there's too many immigrants might be mainstream (it currently is) but whether or not it's extreme depends on the degree to which it's believed. If it's believed to a high degree (such as "immigration is the worst thing about the capital city of this nation") by a large number of people then it is an extreme mainstream view by definition.
> various online "challenges" like the "ice bucket challenge" are extreme
Ok I think you just have a very abnormal (extreme even?) definition of the word "extreme".
In a political context it literally means "far from the norm". His views are not far from the norm, as much as you might hate that. (I'm not a huge fan either but I'm not going to distort reality to make myself feel better.)
> In a political context it literally means "far from the norm".
No, this is simply what you want it to mean, keeping in mind you're trying to tell other people what they mean with their word choice. Extreme views can be normal and mainstream and typical. There are many normalized-but-extreme views in current mainstream politics.
> Ok I think you just have a very abnormal (extreme even?) definition of the word "extreme".
Pouring a bucket of ice water on your head to bring attention to something is extreme. Like, it's over-the-top and exaggerated. You can disagree but that's kinda moot: someone isn't strictly wrong that it's extreme, you just disagree. You still didn't address the greater point that extreme, as it's being used, is orthogonal to mainstream.
But I guess I can link to a dictionary so you can see that I have a pretty normal (and mild) definition of the word in question. I hope you don't cherry-pick definition 1c, ignoring definitions 1a and 1b, which are, of course, valid.
Maybe 4 is the best definition, seeing as it gives "the extreme political left" as an example usage. It's not obvious to me how "advanced and thoroughgoing" means "not mainstream", though. I wouldn't mind an explanation.
As I understood it, to secure (their words) the supply chain, they took ownership of the code and repo (which others disputed as being owned by them) and kicked out users from Github.
It is said the underlying cause is that devs push rv which is threatening RubyGems.
How is rv threatening rubygems? I am pretty excited about rv on first glance, I tried it and it was too beta when I did to work nicely, but definitely good to have a uv type tool for ruby.
"Yes, I agree. And some of the “admins” even announced publicly many days ago they were launching a competitor tool and were funding raising for it. I’d not trust the system to such “admin”."
But how is this a conflict? Both are not-for-profit projects with the same goal? How can one even use the term 'competition' in this context? What if the Ruby community embraces a new and better package manager? This is, again, a net win for the Ruby community, and both projects strive for that?
Is Rubygems a company? My mind cannot comprehend why are people conflating not-for-profit open-source projects with for-profit companies...
If Rubygems was a company, they'd have a trademark, they'd have patents, they'd have lawyers to protect the money they were making from their brand and product. But we are speaking about not-for-profit open-source projects, not for for-profit corporations!
Ruby Central is a company that manages rubygems.org and rubygems. The maintainers who were locked out were being paid by Ruby Central while fundraising for their startup creating a competitor.
Doesn't it seem like a bit of a security risk to you?
OpenRouter is great. Less privacy I guess, but you pay for usage and you have access to hundreds of models. They have free models too, albeit rate-limited.
Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised.
They seem to be using SendGrid. I pinged the CEO and CTO of Autodesk, the official Autodesk account and the SendGrid account on X about this, but now, more than 24h later, the attack is still ongoing and nobody seems to be giving a flying fuck about it.
reply