Sure, in Firefox itself it wasn’t a severe vulnerability. It’s way worse on standalone PDF readers, though:

In applications that embed PDF.js, the impact is potentially even worse. If no mitigations are in place (see below), this essentially gives an attacker an XSS primitive on the domain which includes the PDF viewer. Depending on the application this can lead to data leaks, malicious actions being performed in the name of a victim, or even a full account take-over. On Electron apps that do not properly sandbox JavaScript code, this vulnerability even leads to native code execution (!). We found this to be the case for at least one popular Electron app.

Huh? What do you mean “if”? Such a PDF vulnerability literally did happen a few months ago; fixed in Firefox v.126: https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/.

There’s no real need for pirate ai when better free alternatives exist.

There’s plenty of open-source models, but they very much aren’t better, I’m afraid to say. Even if you have a powerful workstation GPU and can afford to run the serious 70B opensource models at low quantization, you’ll still get results significantly worse than the cutting-edge cloud models. Both because the most advanced models are proprietary, and because they are big and would require hundreds of gigabytes of VRAM to run, which you can trivially rent from a cloud service but can’t easily get in your own PC.

The same goes for image generation - compare results from proprietary services like midjourney to the ones you can get with local models like SD3.5. I’ve seen some clever hacks in image generation workflows - for example, using image segmentation to detect a generated image’s face and hands and then a secondary model to do a second pass over these regions to make sure they are fine. But AFAIK, these are hacks that modern proprietary models don’t need, because they have gotten over those problems and just do faces and hands correctly the first time.

This isn’t to say that running transformers locally is always a bad idea; you can get great results this way - but people saying it’s better than the nonfree ones is mostly cope.

Incredibly weird that this thread was up for two days without anyone posting a link to the actual answer to OP’s question, which is g4f.

I see. No, I don’t think I have any specific questions at this point.

Is there some feature comparison of lemmy vs mbin vs other reddit-like platforms? There was some major reason why I didn’t like kbin, but I forgot why.

There are minor feature differences there’s also a convenience factor: youtube-dl people for some reason stopped doing releases, so you can’t get a fresh version from pypi (only installing from github or their site). Yt-dlp is on pypi, including nightly builds.

Works much better with fzf, but even just default bash it’s useful.

One can justify it however they like but it’s going to end up making the experience worse for competent users anyway. Much like this Android 12 security change that made it permanently more annoying to manipulate files.

No linux user ever leaves home without their… piss minigun??

Thunderbird definitely does have autosync nowadays. No tray icon, true, but it can send native notifications which isn’t much worse.

Can confirm, UAD (which is internally just adb) works fine for samsung crap.