Threads for ssl

  1. 10

    I’m not an expert in the field but to me it seems obvious that LLM needs some sort of db lookup for esteblished facts in order to produce reliable factual output. Why is this not obvious to experts?

    For example, if you ask ChatGPT how to get from Dallas to Paris it will tell you a lot about how to get to France. It wouldn’t care to clarify which Paris you actually want to get to. Maybe it’s the one 100 miles away. All just because statistically Paris, France comes up more often in the training data set.

    Why would an LLM show any different behaviour in science? Pi stands for all sorts of things (nucleotide diversity in chemistry, pion particle in physics, population proportion in statistics, prime counting function in maths, to name a few) but most often it’s circle circumference to diameter ratio constant. Would we expect an LLM to reliably use pion in the phisics context? Would we expect an LLM to always properly pick either pion or the ratio constant given that both have place in the related math?

    Statistically plausible text generation is maybe good to come up with technobabble for your next sci-fi but I don’t see why experts in the AI field though it might produce good science.

    I wonder what I miss that made them confident enough to release this Galactica model.

    1. 6

      You’re saying this like humans don’t have the exact same issue. Ask me about pi and I’ll tell you the math answer. (Because it’s statistically likely) Start a conversation about physics and maybe I’ll expect you mean pion instead. Yet our science does just fine (usually).

      You can construct prompts with enough context to tell GPTs what kind of lookup is available and how to use it too. They just can’t guess what you’re thinking about.

      1. 10

        Concrete knowledge is the same issue for humans. One obvious difference though is humans are pretty good at knowing when they don’t know something or have low confidence in their knowledge. Especially in scientific/research environment. That’s why every paper has a tonne of citations and why most papers have a whole section restating previous findings that the paper build on. LLMs though are way to happy to make stuff up to be useful for doing novel research.

      2. 4

        Two things are obvious to experts (Experts in what? Ontology?):

        For example, Bing’s chat product can query Wikipedia, but even if the LLM dutifully summarized Wikipedia, there are biases in both the LLM’s training data and in Wikipedia’s own text.

        1. 3

          Well, yes, but LLMs often hallucinate things completely divorced from reality as opposed to merely biased datasets of Wikipedia or whatever. The discourse would’ve been very different if LLMs were biased but factually correct on the level of Wikipedia. As of right now we’re very far from that and yet some people still think Galactica is a good idea.

          1. 2

            There is ongoing work to solve that, for instance: https://arxiv.org/abs/2305.03695

            It’s not as easy as “just throw a DB at it”. I expect this problem will eventually be solved. Companies like Google or Meta were once careful not to release early, untested models but the competition from OpenAI changed that. Things are just going so fast currently that we will see issues like this for a while.

        2. 4

          Part of the issue is that this is fundamentally impossible. LLMs as an approach cannot do anything even remotely like this. There are many other approaches that either already do do something like this or could (with sufficient research) plausibly be made to do so, but just fundamentally the LLM approach cannot ever do anything like this. The closest thing to this that I have seen plausibly demonstrated for LLMs is usually euphemistically called ‘fallback’ - basically, you either have:

          1. some form of (non-LLM) recognizer that scans the input for things that can be actually solved by some real AI (or just regular Comp Sci) technique, it replaces the thing with some kind of placeholder token, the external system solves the thing, and then it gets substituted in where the LLM has emitted a ‘placeholder answer’ token.

          or

          1. you have some (non-LLM) system to detect ‘the LLM has generating something with problems’, and the prompt + answer (or some subset of it) gets sent to a human in a call center somewhere, who writes the actual response and does some data entry followup.

          And neither of these is actually connecting the LLM to a db or giving it the ability to look up facts - they are both ways to hide the fact that the LLM can’t actually do any of the things that are advertised by using non-LLM systems as a patch over the top in an ad-hoc way.

          The correct way to proceed is to mine the LLM development for the one particular interesting bit of math that they developed that could be of a lot of use to statistics if it actually turns out to be mathematically valid (basically a way to make high dimensional paths with ~ arbitrary waypoints that are differentiable and/or a way to do sampling+something like correlation very nonlocally, depending on how you look at it) and then throw the rest away as dangerous but also useless garbage, and pour the billions of dollars that have been mustered into any of the many actual areas of AI that are real and useful.

          1. 2

            What are you referring to when you say “this”? What is fundamentally impossible for LLMs?

            1. 3

              some sort of db lookup for esteblished facts

              Edit: apologies for lack of clarity in my initial reply to you

              1. 1

                I wonder why it’s fundamentally impossible? At least on the surface it appears LLMs are capable of some form of reasoning so why can’t they know thye’re making an inference and need to look stuff up?

                1. 3

                  LLMs do not reason, and they do not ‘know’. You are misunderstanding what the technology is and how it works (unfortunately aided in your misunderstanding by the way the major promoters of the technology consistently lie about what it is and how it works). They are a technology that produces output with various different kinds of ‘vibe matching’ to their input, and where ‘fallback’ (a fundamentally non-LLM technology) is used in an ad-hoc way to patch over a lot of the most obvious nonsense that this approach produces.

                  Edit: That is, LLMs are fundamentally a different approach to the general problem of ‘knowledge stuff’ or ‘machine intelligence’ where, instead of doing all the difficult stuff around knowledge and belief and semantics and interiority and complicated tensorial or braided linear logic and solvers and query planners and knowledge+state representation and transfer to connect all of these different things plus a whole bunch of difficult metacognition stuff and etc etc that would mean that connecting to a knowledge db is something that could actually work, you just… don’t do any of that difficult stuff and then lie and say you did.

                  1. 1

                    I don’t disagree with your assessment but I wonder if there is a way of tweaking LLMs to do this without altering their fundamental architecture. If you add a load of ‘don’t know’ tokens to the training data then I would expect their predictions to be full of these in any output where the other things in the input set did not provide a stronger signal. It wouldn’t be completely reliable but you could probably count the proportion of ‘don’t know’ tokens that end up interleaved with your output to get a signal of how accurate the response is and then train another model to generate searches based on the other tokens and then have the tandem system loop feeding more lookup results from the second model’s output into the first until it is below a threshold ratio of ‘don’t know’ to other tokens.

                    1. 1

                      Do you have a rocomendation for a shortish explainer on LLMs that can clear up this apparent reasoning ability (and other wonderful capabilities) for me? Or materials on what it actually does and why it might look like it has some cpabilities that it actually doesn’t have?

            2. 3

              Openai spent 6 months testing GPT-4 before releasing it… There might be a hint of what should be and shouldn’t be done…

              1. 13

                They trained it on the internet and were surprised it „mindlessly spat out biased and incorrect nonsense.“ There might be a hint of what should be and shouldn’t be done… 😉

              2. 3

                I think it is obvious to most people trying to build applications out of LLMs, but it seems some people, like researchers have a harder time with this. Most practitioners are using models to produce embeddings which are used in conjunction with vector databases to find similar information. It works fairly well.

                1. 3

                  db lookup for esteblished facts

                  https://www.wikidata.org/ maybe?

                  Also see http://lod-a-lot.lod.labs.vu.nl/

                  1. 4

                    There are a plenty of options and it doesn’t take much effort to find them. The issue is that LLMs don’t use any of them.

                  2. 2

                    LLM needs some sort of db lookup for esteblished facts in order to produce reliable factual output.

                    Wolfram Alpha and the wikidata have been earlier attempts at making such DB’s. Both done the hard way. Maybe the next killer application will be an LLM instruction-trained to use them?

                    1. 2

                      I wish. It seem to me currently LLMs don’t use either because they have a very small input buffer (i.e. wikipedia doesn’t fit into it) or don’t do multi-step inference (can’t look up missing data and put it into context for another try).

                      Things like AutoGPT might be a viable approach even with smaller context if they didn’t try to pursue the task from the get go and instead did a few rounds of “what do I need to know before I can give an answer?” before replaying to the initial prompt.

                      But there was that paper that promised very large/virtually unlimited inputs so maybe that one’s going to work. I’m sceptical though because it probably would take a lot of time for a GPT-4-sized LLM to chew through the whole Wikipedia on every prompt.

                      1. 3

                        (can’t look up missing data and put it into context for another try).

                        ChatGPT can do this - it will perform searches online to find information to help it answer prompts. It requires beta though.

                  1. 50

                    I’ve been using FastMail with my own custom domain for several years now, and it’s been all smooth sailing.

                    • CalDav and contacts CardDav means I also use it for syncing my calendar/contacts across devices
                    • They generate an Apple profile configuration so it’s trivial to configure it
                    • They support wildcard aliases. I use it all the time to setup an email address per account (for example, lobsters@mydomain.com) so I can easily see who sold my email address, and I can then block that address with simple filtering rules
                    1. 13

                      Moreover, you can put multiple domains under one plan, even if just for one sole user. Works wonders for my DNS name hacks that I foolishly bought years ago.

                      1. 1

                        I also take advantage of this for my side project!

                        I just add the domain under the same account, so anybody can contact me trough that domain name as well. Very handy while the project is a one-person effort.

                      2. 5

                        How is Fastmail’s web UI experience compared to gmail?

                        1. 9

                          It’s clean and fast. (screenshot) Keyboard shortcuts as expected. I much prefer it to Gmail’s.

                        2. 4

                          Same except I use Pobox. They’ve been around for decades, and they’re excellent. They became part of Fastmail a few years back, and buyouts usually suck, but this one didn’t because Fastmail is great in all the same ways. I think the only noticeable change is we got better webmail.

                        1. 1

                          I don’t think I understand what this means. They seem to have a path that’s depending on some binary somewhere but then builds a chain of C compilers that builds them a working system? I’m not really sure what this buys them. I can bootstrap a FreeBSD system (kernel, userland, and packages) if I have a moderately recent C++ toolchain that is capable of building a modern Clang (which then builds the rest of the system), bmake, and a couple of other tools. The extra steps in bootstrapping the compiler look like more places for malicious code to hide, but maybe each step is verifiable in some way?

                          The kernel on the host system that’s doing the builds is malicious and so if you’re worried about not being able to trust the compiler, I hope you got the compiler and kernel from different providers.

                          1. 3

                            AIUI what they want is to have the initial binary[0] as simple as possible, ie. disassembly is understandable by someone with passing familiarity with ASM. Rest is supposed to be shell and guile scripts, and starting with those ingredients, tinyCC is built, with path towards full GCC.

                            [0] https://github.com/oriansj/bootstrap-seeds/blob/master/POSIX/x86/hex0-seed

                            1. 1

                              It is rather moot if it’s all running on a pre-existing POSIX environment since the kernel could compromise anything. I’m still confused about this project’s aims.

                              Full bootstrapping needs to begin with a computer with all non-volatile storage devices, including firmware flash chips, fully erased, and everything built from source, including firmware. You would need to begin with manually programming a hex monitor similar to that proposed by this project into something. Probably by building a PCB out of fixed-function logic devices that allows you to manually generate SPI transactions (to program an SPI flash) by flipping a switch on and off to manually input binary. The harder part is probably building Linux without a POSIX environment.

                              1. 1

                                Thanks, that makes sense. I’m not sure what this buys you that simply compiling your bootstrap tools with two different toolchains doesn’t though. For example, I can build the FreeBSD bootstrap tools with Clang or GCC (on a FreeBSD or Linux host) and then compare that the binaries that they build are the same. With something like Guix, I’d expect them to be much more able to lean into a package-transparency model, where many people can do the same bootstrap starting with different host platforms and add the hashes that they get and see if they’re getting a different output.

                                1. 2

                                  This is at least partially a response to the trusting trust attack

                                  1. 3

                                    This Bootstrappable Builds project, together with the Reproducible Builds project, has completed one of the only practical examples of “Diverse Double Complication” as described by David A. Wheeler.

                                    https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/

                                    It is very much a response to the Trusting Trust attack.

                                  2. 1

                                    Why would you expect two different compiler pipelines to produce identical binaries, that sounds unlikely to be the case?

                                    1. 2

                                      I would expect the, to produce functionally equivalent binaries. This is how GCC’s trusting trust defence works. You first build gcc with the system compiler, then with the newly built gcc, then with that compiler. The second and third binaries are both produced by the same version of GCC, compiled with different compilers, and so should be identical. Clang also tries very hard to produce identical output independent of how the compiler was built (and most of the test suite depends on this property).

                                      All of the tools needed to build FreeBSD are in the source tree and are compiled once with the host compiler during the bootstrap phase. They are then used to build everything that ends up being installed. The result is that the final binary should not depend on the compiler used to build the bootstrap tools.

                                      1. 1

                                        OK, I think you’re saying compile your desired build compiler with two different compilers and then compare the output of the resultant candidates, presumably against unpredictable input, which should be identical. I didn’t quite get that from the initial comment.

                                        Practically, I can see how this is a useful verification method, even if it doesn’t seem to be completely equivalent.

                                        1. 1

                                          It depends a bit on the threat model. I assume that the kernel is in scope if you’re worried about supply-chain vulnerabilities because it would be trivial to have a kernel patch that spots something that looks like a compiler, watches for specific patterns in its output, and replaces them with something different. If you are using a *NIX distro as your build environment, precisely the same people have access to introduce trojans into the kernel as do in the compiler, so removing the compiler from the TCB doesn’t buy you much. You can kind-of work around this if you build in an attested environment (i.e. have a valid secure boot chain to a known-good kernel), but that depends on having a trusted environment and if you actually trust the environment then you don’t need any of these mitigations. If you assume that an attacker can compromise your supply chain then diversity is a better defense. If I build the bootstrap tools on FreeBSD with clang and Ubuntu with gcc then it’s very hard for someone to inject a trojan into both. If I then compare the outputs and I get the same thing then I have a lot of confidence that any malware in my final system image was present in my source tree.

                                2. 2

                                  it means, it is possible to have a binary root of trust only 510bytes in size.

                                  No need to trust any operating system kernel or anything else.

                                  It can all be built from source code alone.

                                  We proved this out with live-bootstrap and builder-hex0

                                  1. 1

                                    How does that 510-byte binary write things to files without trusting the kernel that it’s running on?

                                    1. 2

                                      That 510byte binary is an operating system kernel written in the MBR of a hard drive/floppy disk and started by the bios hardwired to build a 4KB POSIX kernel on power up.

                                      So there is no kernel to trust. But perhaps you mean about the bios bootstrap trust problem which we have not yet solved.

                                      1. 2

                                        Aha, that’s the bit of the story I was missing. I thought it was a userspace binary that ran on a host kernel.

                                1. 2

                                  Why in the bloody hell is my suggest button not visible? Title should be amended with the year.

                                  1. 3

                                    Different Bash implementations have subtle differences that make it hard to eliminate inconsistencies and edge cases—and it’s hard to discover those in the first place because Bash is all but untestable.

                                    Am I being gaslit here, or where are the other bash impls than https://www.gnu.org/software/bash/ ?

                                    1. 6

                                      I would guess that part is talking about disparate platform and version number combinations of Bash, unless I am also uninformed on some other indie Bash impl

                                      1. 8

                                        I agree that it’s speaking a bit loosely about platform/version differences, plus utility/env differences.

                                        For example, here’s a dumb edge-case we hit in the official installer around a bug in the bash that ships with macOS: https://github.com/NixOS/nix/pull/5951

                                        Another recent example was that the installer was using rsync for ~idempotently copying the store seed into the nix store. Debian, iirc, lacked rsync, so someone changed it to a cp command. But the flags weren’t supporting an idempotent copy, so a lot of people started getting hard errors during partial reinstalls that would’ve otherwise worked.

                                        We’ve also run into trouble recently because the platforms we were supporting were all using GNU diffutils. I took advantage of some of its flags for formatting less-programmer-centric diffs for some state-curing actions, and then macOS Ventura promptly dropped gnu diffutils for their own homegrown version without these flags.

                                      2. 1

                                        Just different versions. macOS ships with Bash 3.0, which is 10+ years old and has subtle bugs around empty arrays and other areas.

                                        1. 1

                                          My Mac install nags me to move over to zsh. I just use bash as a launcher so don’t really care.

                                      1. 7

                                        For python: requests, beautiful soup, eventlet, keras.

                                        1. 4

                                          SQLAlchemy?

                                        1. 7

                                          Use near-black […] instead of pure black

                                          Doesn’t this prevent OLED displays from saving power on true black?

                                          1. 5

                                            Doesn’t this prevent OLED displays from saving power on true black?

                                            pure-white on pure-black looks very bad to people with astigmatism.

                                            1. 3

                                              Is it a colour thing or a contrast thing – is grey on/under pure black okay to look at?

                                              I think the rule “Use near-black and near-white instead of pure black and white” should include a warning that (a) the designer should be sure to leave enough contrast, and (b) that text that’s just-contrastful-enough to young eyes may have insufficient contrast for older eyes.

                                              …actually, I just scrolled the article again, and noticed that in the tip “Elements that the user does not need to notice […] can use as little contrast as possible”, the picture contains a divider that I had completely missed first time around. So that illustrates my point. (Or it illustrates that “does not need to notice” was meant literally.)

                                              1. 5

                                                Yes, “elements that the user does not need to notice”, such as unsubscribe buttons.

                                              2. 2

                                                I don’t know. It was fine until I needed glasses anyway. Even now I don’t see much difference between black and gray BG without glasses. Black on white is slightly better without them, though.

                                                Was there a research?

                                                1. 2

                                                  Some* people with astigmatism, maybe. As a person diagnosed with severe astigmatism in both eyes, I definitely prefer pure black backgrounds with high-contrast text (not necessarily pure white) over the alternatives.

                                                  Looking at the first image in the article, the example on the left is far more legible to my astigmatic eyes than the example on the right. Of course, I’m just one person, and this is just one anecdata point, but I am nonetheless suspicious of your claim.

                                                2. 3

                                                  I remember seeing something that said the difference is about a few seconds of battery life on a smartphone. I’ll look for it when I’m at a desk

                                                  1. 2

                                                    Yes, but do you really want to risk being seen as unnatural?

                                                    The issue they allude to would definitely be better to leave to the client.

                                                    1. 1

                                                      What even is “unnatural” about it? The night sky, one of the most natural things, is pure white on pure black.

                                                      1. 3

                                                        To me, the clear sky at night, outside of light polluted areas, always looked more like a complex gradient of some very deep blues and almost blacks. The stars I see golden, silvery, white, and some flicker green/red/blue.

                                                  1. 7

                                                    In a functioning market, people would vote with their feet when companies started pulling such crap. But AFAIK Netflix has several exclusive deals with movie studios which would make it hard to get away from them. There’s not a whole lot of competition (yet), and the competitors they do have pull the same kind of shit, so you’ll end up needing as many subscriptions if you want to watch “exclusive” shows and movies.

                                                    1. 19

                                                      Remember we’re talking about entertainment here, not insulin or some other vital commodity. Yes, Netflix has content you can’t (today) get (legally) elsewhere. If every company provided the same content there’d be little for them to compete on, making the whole market statement pointless.

                                                      Part of a “functioning market” is people being willing to be mildly inconvenienced to hold corporations accountable. If this is really a meaningful issue and people won’t “vote with their feet” for six months or whatever to actually inflict some pain on Netflix management, we’re truly lost as a society.

                                                      It’s not like there aren’t billions of hours of content available via other services, not to mention the option of just not watching TV and reading a book, playing a board game, etc.

                                                      1. 12

                                                        Remember we’re talking about entertainment here, not insulin or some other vital commodity.

                                                        Fair enough, we’re squarely in the domain of “first world problems” here.

                                                        If every company provided the same content there’d be little for them to compete on, making the whole market statement pointless.

                                                        That doesn’t sound like that should be true - back when there were video/DVD rental stores, there wasn’t just one chain, but many and they all had the same “content”. And even now you can watch the same movies in various cinemas, as well. Netflix and its competitors could compete on time to market of movies, user experience like recommendations and app UI, streaming speed, subscription models and price, availability on set top devices etc etc.

                                                        Traditional TV subscriptions have done the same here in Europe at least - sure, there’s probably been some exclusive deals with some networks only being offered by some companies, but for most of them they deliver the same stuff. The infrastructure is already there, so that’s not an issue - especially nowadays with digital TV. Same for ISPs and telcos.

                                                        Part of a “functioning market” is people being willing to be mildly inconvenienced to hold corporations accountable.

                                                        So that’s why people keep using all these services such as Google and Facebook, or even smartphones which have been shown time and again to violate their privacy? In our day and age, it falls to governments to fine them for doing such. In my experience, people choose convenience over almost anything, every day of the week. Except perhaps cost.

                                                        1. 3

                                                          That doesn’t sound like that should be true - back when there were video/DVD rental stores, there wasn’t just one chain, but many and they all had the same “content”

                                                          True-ish but IIRC they’d play games with pay-per-view, release dates to HBO or premium cable, etc. Disney is (in)famous for only selling movies on VHS (and DVD? I can’t recall) during limited windows and then putting them “in the vault.”

                                                          Videos stores may have had access to the same content, but we also had less content. You also had limited copies. “Sorry fam, I know we all wanted to watch the latest Rambo, but all the copies are gone. I got Over The Top instead, cause it also has Stallone!”

                                                          In our day and age, it falls to governments to fine them for doing such. In my experience, people choose convenience over almost anything, every day of the week. Except perhaps cost.

                                                          And our governments suck because, again, people choose convenience over almost anything - including the bare minimum oversight & holding accountable the people who are in government. (I’m looking at the U.S. and other democracies here where substantial percentages of the population can but don’t even bother to vote. Or vote very poorly against their own interests…)

                                                          I’d have cancelled Netflix when they dropped the last Chappelle special but I’m not the one in my household paying for the subscription, and my wife is still grumpy about losing Spotify and being talked into cancelling her NYT subscription…

                                                        2. 10

                                                          Because entertainment is trivial, there is even more reason to regulate it, since there’s not a lot of downside risk. :-) The regulation I would impose would be pretty simple: content distributors cannot also be content owners, and content owners have to license content on listed terms that anyone can pay. That is, if studio X licenses show Y for $Z/stream to one streaming site, they have to make the same terms available to other streaming sites. Pretty low impact, but it would simplify things a lot for consumers and creators.

                                                          1. 11

                                                            The regulation you propose was actual American law from 1948-2020 – movie studios could not own movie theatres (the Paramount Decree). So it’s not a particularly unusual idea.

                                                            1. 2

                                                              Yes. I want to return to the olden days of antitrust. IP is intrinsically a monopoly on the ability to reproduce some idea. It only works if there are other regulations to balance out the monopoly with competition. If Disney owns all the movies and TV shows and Disney+, consumers are doomed.

                                                        3. 4

                                                          In a functioning market, there needs to be a diversity of supply. Copyright intrinsically creates monopolies because entertainment isn’t fungible: no one who wants to watch a film and is going to be happy with whatever the cheapest film available on the market at that point is, they will want a specific genre, often a specific franchise, or specific actors / writers / directors.

                                                          If you want the streaming market to behave like a functional market, lobby to make copyright contingent on RAND licensing after a short period of exclusivity. If Disney, Paramount, Netflix, and so on all had to license their own content to all streaming platforms at the same price that they charge their first-party service after, say, 6-12 months of exclusivity then there would be a lot more competition.

                                                          1. 3

                                                            There’s not a whole lot of competition (yet),

                                                            Whoa, whoa. The streaming market right now is very competitive. D+, HBO Max, SkyShowtime, all have very broad movie libraries. Moreover, HBO Max has excellent Series selection, surpassing Netflix in quality. And frankly, Prime Video isn’t starved either.

                                                            And if you /really/ care about movies, there’s MUBI.

                                                            1. 2

                                                              I hadn’t heard of half of the services you mention - maybe because I’m in Europe? I always thought Disney+ had just Disney movies, and HBO just offered series. So that’s competition in the general sense, but they’re not competing against eachother for movies from the big studios. But perhaps times are changing - if they offer the same types of movies, there’s at least a bit of choice for consumers.

                                                              1. 1

                                                                maybe because I’m in Europe?

                                                                So am I? I live in Poland.

                                                                Disney+ had just Disney movies

                                                                Yeah, no. Now it does have the backlog from 20th Fox, Searchlight, Marvel, Lucas. etc

                                                                HBO just offered series

                                                                HBO Max is offering those yes, but it also has movies from… Warner Bros.

                                                                they’re not competing against eachother for movies from the big studios

                                                                Nope, they are the big studios. Only in Europe Universal and Paramount decided to spin up a joint streaming venture for their catalogues, and that’s SkyShowtime which is rolling out right now.

                                                                perhaps times are changing - if they offer the same types of movies

                                                                Right now we’re living through a period that resembles the pre-split up Hollywood of early 20th century. https://en.wikipedia.org/wiki/Studio_system Movies that can be distributed in-house, are.

                                                                If you want broad coverage, you either need a lot of those services, or turn back to the black flag operations. I’m doing both.

                                                          1. 9

                                                            What’s the most irking is that the Metro-era widgets nowadays look more out of place than those from vista/7 period.

                                                            1. 5

                                                              Yeah I was surprised to find that, looking at the examples of Windows 7, I thought “Those look fine.”

                                                              Heck, if it weren’t for the pixelation, the 9X UI elements don’t offend me either. The icons there are visually busy, but at least they’re explicit and not abstract shapes. I’m not left guessing what the meaning of three partially-closed squares is in this context versus the other contexts. I think value consistency over this-or-that aesthetic of the moment. Both is nice, but if I had to choose one, consistency is my pick.

                                                            1. 4

                                                              Amazing, I wonder what caused the sudden jump?

                                                              I moved from OSX to Ubuntu + Gnome in 2016, then Arch + Gnome a few years later and then Arch + Sway recently. Been very pleased with the overall experience. Running all this on a €900 Lenovo Yoga with AMD Ryzen 7 and it blows my previous MacBook (which was more than 3x as expensive) out of the water on all fronts.

                                                              1. 16

                                                                It’s simply because it’s not the same initial question from previous years.

                                                                In the past, you could only select one main OS, while in 2022 you could select more than one.

                                                                1. 4

                                                                  I wonder what caused the sudden jump?

                                                                  I have two bets, WSL2 getting really usable with working GUI, and Steam Deck.

                                                                  I’m running NixOS on Ryzen 7 5850U, with Gnome.

                                                                  1. 1

                                                                    I also agree, WSL isn’t exactly “Linux desktop”.

                                                                    Anyway, next year I’ll gonna contribute in the other direction, the new company offers me either windows or Mac, so count one Linux less :(

                                                                    1. 1

                                                                      Both run full screen Linux VMs quite well ;⁠) I’m actually not joking. VMware if you can pay or something like utm https://mac.getutm.app/ works great.

                                                                      This of course assumes you’re not bound by some os specific tools, but if there’s a win/Mac choice, that’s unlikely.

                                                                  2. 1

                                                                    I wonder too, it’s a really big jump. Perhaps people gave up on their COVID sourdough starters and started a Linux install instead?

                                                                  1. 19

                                                                    I wouldn’t have deleted that key on their behalf. If it was running some kind of critical service it would now be failing, and services might be at risk, services potentially critical to human life. It’s also Unauthorized Access to a Computer and you shouldn’t trust a corporation to not take legal action against you when it has the opportunity.

                                                                    1. 5

                                                                      The blog appears to be ran by a British citizen who lives in London, so short of the US govt getting involved, there isn’t likely much Infosys could do, even if they got super duper upset about it.

                                                                      US laws do not apply outside of the US, despite the US not always acting like that’s the case.

                                                                      That said, I agree it wasn’t the best action they could have done, but hindsight is 20/20 and all.

                                                                      1. 2

                                                                        US laws do not apply outside of the US, despite the US not always acting like that’s the case.

                                                                        If you hack into something that’s hosted on US soil, or route traffic across US soil to do it, you can bet US law applies. The only question is whether the country you’re currently in will extradite you.

                                                                        Or, more simply: laws still apply just fine on the internet and you probably rely on that being true, whether you realize it or not.

                                                                        1. 6

                                                                          I completely agree that US laws apply on US soil, obviously they do. They just don’t apply outside the US at all, unless the other countries want them to apply. It’s the treaties and the UK’s willingness that matter here. It’s hard to say how the UK would handle this particular case, assuming the US govt got upset enough to bother the UK about it.

                                                                          My comment that you are quoting was more about: The US govt can generally bully their way into whatever they want in most places on the planet, since they currently have the largest military and economy around.

                                                                          1. 5

                                                                            The current UK prime minister is the son-in-law of the founder of infosys. So I don’t think it would take too much to inflict pain on the author of this blog.

                                                                            1. 3

                                                                              Wow, that’s unfortunate for the OP. Though at the rate the UK is currently going through prime minsters, that may change tomorrow.

                                                                              1. 2

                                                                                My first reaction would be “surely they wouldn’t do anything so petty?” but then I remember who is running the UK at the moment and now I’m not so sure.

                                                                              2. 2

                                                                                Any type of network or equipment that’s on US soil is, well, on US soil. Any sort of entity you affect that’s on US soil is on US soil. Lots of things are actually on US soil.

                                                                                “But the person sending the bytes over the wire wasn’t in the US” doesn’t change that. At best it just means now two countries can each carry out a prosecution, and the person hopes the one they’re currently in won’t do that and won’t extradite.

                                                                                This isn’t some sort of completely new unheard-of never-before-considered untested thing, either. Extradition treaties, and other procedures for handling people who think they’ll evade punishment by being on the other side of a border, is something that literally goes back millennia.

                                                                                1. 1

                                                                                  The only part I disagree with is: “At best it just means now two countries can each carry out a prosecution”.

                                                                                  This assumes the action is illegal in both countries. In this case, where the OP deleted the AWS key, that’s possible, but I wouldn’t say it’s certain. That’s for lawyers to fight over, if it ever gets that far.

                                                                              3. 4

                                                                                US law does not apply outside the US, some Americans just think it does.

                                                                                1. 3

                                                                                  If what you do passes through wires, networks, servers, routers, anything on US soil, then it was not “outside the US”.

                                                                                  Like I said to the other person: you probably, whether you realize/like it or not, rely on the fact that wherever you reside can in fact enforce its laws in this fashion, regardless of which country you reside in.

                                                                                  1. 2

                                                                                    If this comes as a surprise to anyone, consider the story of CSE TransTel, a telecom company, and its parent company CSE Global Limited, both based in Singapore. CSE TransTel signed a contract to install communications equipment inside Iran, and paid purchase orders to Iranian companies to support delivery & installation of their equipment. They made their payments out of a Singapore-based bank.

                                                                                    What’s the problem, you ask? They made payments out of an account denominated in US dollars. These payments were processed through the US financial system: as a result, the US government argued that the actions of an entirely foreign company using entirely foreign banks resulted in financial institutions in the US handling payments to Iranian companies, which violates sanctions against Iran. This created a US nexus that made otherwise totally legal actions impermissible under US laws.

                                                                                    CSE TransTel settled with OFAC for twelve million dollars. Why? They’re based in Singapore?! If they didn’t, they’d end up listed as a specially designated national and any US company or person would be legally barred from working with them or risk OFAC sanctions of their own.

                                                                                    The US legal system and enforcement regimes will take a very broad determination of jurisdiction, and any company – web hosting, infrastructure, payments – with a US connection are legally required to fall in line.

                                                                                    1. 2

                                                                                      From my other comment: The US govt can generally bully their way into whatever they want in most places on the planet, since they currently have the largest military and economy around.

                                                                                      Here CSE TransTel had to have known it was a bad idea to sell to Iran, since even their own government is less than pleased with Iran’s nuclear weapons program. They probably thought about it, and figured it was worth trying, got caught and eventually gave in, knowing their own govt wasn’t really on their side either.

                                                                                      I’m not necessarily against the US Govt’s bullying tactics, it helps the world just get stuff done sometimes, but it is a power they can(and arguably have) over-used sometimes.

                                                                                      1. 1

                                                                                        You seem to have a very specific political axe to grind, but it’s not applicable here.

                                                                                        To see why, imagine there’s a building near an international border, and someone on the other side of the border throws a rock across and breaks a window in the building. The country the building was in can call it a violation of their laws, even though the person who threw the rock wasn’t on their soil. Whether the person who threw the rock will actually be punished by the country the building was in depends on the existence and details of extradition treaties, but nobody should be surprised if that person gets extradited to face consequences in the country where the building was.

                                                                                        The internet didn’t change anything about this. If you send bits over wires, and some of those wires are in another country, that country’s laws apply. It’s not “bullying” or some sort of new, unique, just-made-up recent thing. Like I already said in another reply, we’re talking about things that political and legal systems have been dealing with for literally thousands of years at this point. Rather: a lot of people hoped and wished and wanted the internet to somehow provide a new, never-before-seen type of extraterritorial place where those political and legal systems couldn’t reach, but their wanting and wishing didn’t and hasn’t made it so. Instead, long-existing frameworks have been adapted as needed, and that’s that.

                                                                                        1. 1

                                                                                          You seem to have a very specific political axe to grind, but it’s not applicable here.

                                                                                          no? You seem to be misunderstanding what I’m saying perhaps? I’m a little confused by this comment.

                                                                                          Anyways, The US and the UK have an extradition treaty, and the UK government is happy to publish it here: https://www.gov.uk/government/publications/extradition-treaty-between-the-uk-and-the-usa-with-exchange-of-notes

                                                                                          I’m not currently an international lawyer and I haven’t read the whole thing, but skimming through it, it seems to say, In general, if it’s against the law in both countries, then they will automatically extradite people either direction. Which seems totally reasonable to me.

                                                                                          Nowhere in there does it say that US laws apply in the UK, as that is straight up ridiculous. An easy example of how ridiculous that is: Guns are generally illegal in the UK and are generally not illegal in the US.

                                                                                          1. 1

                                                                                            You seem to be misunderstanding what I’m saying perhaps?

                                                                                            Over and over you single out one and only one country and talk about “bullying”.

                                                                                            Nowhere in there does it say that US laws apply in the UK, as that is straight up ridiculous.

                                                                                            The issue here is you are the one who is trying to argue that this is somehow “US law applying in the UK”. Not me.

                                                                                            I’ve explained to you multiple times now that it is an extremely normal and banal and accepted and uncontroversial idea that you can break the law of a country by committing acts that involve or have effect on entities or infrastructure in that country, even if your physical body was not physically within that country’s borders at the time.

                                                                                            But this is not the same as saying a particular country’s laws apply everywhere – thus the example of throwing a rock over the border and causing damage on the other side, which hopefully is a pretty clear and common-sense example of the underlying principle.

                                                                                            1. 1

                                                                                              Over and over you single out one and only one country and talk about “bullying”.

                                                                                              Would s/bullying/interfering/g be a better word for you? The US is far from the only ones that do this type of behaviour. Generally it’s larger countries relative to smaller countries, that the US is the largest just makes them more effective at it.

                                                                                              The issue here is you are the one who is trying to argue that this is somehow “US law applying in the UK”. Not me.

                                                                                              Then I apologize for my part in our miscommunication. Though I find it very confusing that you think my position is that US law applies in the UK. Clearly we don’t seem to be communicating well during this course of conversation. With such gross miscommunication, it’s probably easier to just stop. Especially since the stakes for you and me are at worst some feelings being hurt. Have a pleasant and wonderful weekend!

                                                                            2. 4

                                                                              I mean, it’s sketchy, but it does seem to be a key used for development, and which had been inactive for a whole year. Granted, anyone who screws up by issuing AdministratorAccess keys to individual developers might also run some critical service under them, but given the context (running some statistical models over externally-hosted records from several sources) it appears rather unlikely that it was used to run anything critical to human life. The key was, after all, used by Infosys to run things at their end, not by JH.

                                                                              I don’t wanna defend what the author did, I’m, not sure I would’ve done it that way, either, but I do think it was quite safe to do from a technical standpoint. From a legal standpoint, based on my experience working with (and, sadly for my mental sanity, occasionally in) outsourcing companies, I doubt there is anyone at Infosys’ end who can a) read logs and b) is not on the verge of ragequitting, so there’s probably no one to notify the Legal team about it :-).

                                                                              1. 6

                                                                                It might seem that way, but there was no way for the author to know. They should have reported to infosys and Johns Hopkins.

                                                                                As it is, the author has potentially harmed people and/or incurred liability.

                                                                                1. 13

                                                                                  It seems like the author ended up doing that precisely because they couldn’t contact either JH or Infosys. There’s obviously no way to verify that, but I have been at the receiving end of the problem. Someone went public with several issues in a program that the company I was working for sold. The higher-ups got very butthurt, nasty press release came out…

                                                                                  …turned out the researcher had tried to contact them through several separate channels, but messages got ignored each time because they weren’t read by anyone who actually understood what was being said to them. One of the official channels for reporting security issues was mostly unused, because people usually went through unofficial channels. IIRC the people who supposedly monitored that channel weren’t even working there anymore. Dude ended up going public because he thought it was likely the only way to actually prevent anyone from getting harmed, despite incurring liability.

                                                                                  1. 1

                                                                                    Were there any legal consequences?

                                                                                    1. 3

                                                                                      AFAIK no, and the whole thing was dropped like a very hot potato the moment people realized there had been as much as one attempt at responsible disclosure. I mean it’s not 1992, companies are legitimately expected to make this no more complicated than a couple of Google searches and an email.

                                                                                      Management is rarely inclined to litigate when there’s a looming PR disaster in it. A lawsuit moves slowly, even when coaxed with money and connections, whereas social media and the press operate on an hourly timetable. Realistically, there’s barely anything to gain from a lawsuit on a matter like this, and potentially a lot to lose in terms of PR and community relations – they only move forward if someone in the legal team really needs to prove themselves. Even the financial incentives are practically zero, the kind of sum they could get is probably in the sort of amount that companies like Infosys regularly write off for government bribes.

                                                                                      1. 2

                                                                                        That’s my view as well. Infosys would be very stupid to raise a legal stink about this, as it would shine a light at their alleged incompetence at deploying code and responding to disclosures.

                                                                                  2. 3

                                                                                    You’re right, but the flip side is reporting it properly, having them not do anything about it, and then a bad actor finds and uses it. Not much to recommend one over the other imo.

                                                                                    1. 8

                                                                                      From what I’ve seen, you may run into careless business associates / sub-associates, but covered entities are often very wary of the risk around HIPAA violations. It sounded like the author attempted to report to Infosys directly so I’m not surprised he hit a wall.

                                                                                      So again, if you find PHI – "Johns Hopkins Hospital" "general counsel" into your favorite search engine took me straight to their legal department, including direct contacts to HIPAA lawyers. Even without specialist lawyers, just get in touch with someone in their legal / leadership chain. The magic happens when you say “I’d like to report a HIPAA violation” to a human, preferably a human on a legal team.

                                                                                      And if you truly can’t get anyone to act, HHS has a process to report complaints directly to them. It’ll likely take longer for them to act, but they have broad leeway to sanction bad actors and will get the attention of the offender.

                                                                                      1. 1

                                                                                        On the other hand, people not living in USA might not be be so intimately familiar with USA laws and compliance culture.

                                                                                2. 1

                                                                                  All access to remote computers is unauthorized. Maybe we should stop allowing corporations to hurt themselves and others, even if it means violating their privacy.

                                                                                1. 3

                                                                                  I’m on a business trip in Bengaluru and trying to figure how to entertain myself. I already saw most of important mysore sights, not sure what else is there.

                                                                                  1. 5

                                                                                    As usual, remember it’ll be patched until heat death of the universe by 3rd parties that have this in their LTS distros, RHEL, Ubuntu, no clue about SUSE.

                                                                                    As a side note NetworkManager’s connection sharing uses unbound as the server.

                                                                                    1. 4

                                                                                      Yes, but who will be looking for issues to patch? Particularly security bugs that only exhibit buggy behavior in the face of malicious input and are therefore unlikely to be discovered on accident by end users (and now that the project is unmaintained, developers).

                                                                                      1. 1

                                                                                        Developers are not the ones looking for the issues to patch normally. The standard path starts from a security researcher who hopefully reports it to the project. The only difference is that they’ll have to report it to either some distro, or project zero, or something similar.

                                                                                      2. 4

                                                                                        I think you mean dnsmasq.

                                                                                        1. 3

                                                                                          Oooops, my bad. It is dnsmasq.

                                                                                      1. 16

                                                                                        drugs 🤷 Also, LotR Return of the King will be shown in local IMAX, can’t not make it.

                                                                                        1. 2

                                                                                          Sounds like a great weekend

                                                                                          1. 7

                                                                                            Take it easy on the LotR. It can kill you.

                                                                                            1. 1

                                                                                              Not sure I get the reference…?

                                                                                              1. 2

                                                                                                It’s not a reference, it’s a joke

                                                                                        1. 6

                                                                                          I am slightly nostalgic for the NT 3.5/Warp days. The terrible PC hardware, the weird software environments. I sort of wish I had gotten my hands on a copy of Desqview/X, too.

                                                                                          1. 7

                                                                                            I’m not nostalgic for the times in general, but it was the last gasp of some very neat, highly-optimised, task-specific OSes that ran on PC kit.

                                                                                            Novell Netware was amazing in its time. All the classic era versions:

                                                                                            • Netware 2, which was able to cold-boot itself from a hard disk, and able to run non-dedicated, usefully;

                                                                                            • Netware 3, a small miracle of efficient design and blistering performance;

                                                                                            • Netware 4, the beginning of the end, but NDS was amazing and in hindsight vastly better than NT domains; Netware 4 and NDS integration into an NT 4 network was just astoundingly good, and it spoke TCP/IP natively for the first time.

                                                                                            But not just Netware. The PC demo of QNX was amazing. Psion’s EPOC32 was a miracle of compact OS design, and it ran on the PC too, which Psion barely mentioned – it was just a tool for developers.

                                                                                            DESQview/X is out there. I’ve run it on VMs, and it’s great. Sadly QEMM386 won’t start on any 21st century PC I’ve tried. :-(

                                                                                            1. 4

                                                                                              I’ve found a QNX iso on torrent, loaded it in vm, and was flabbergasted by the responsiveness of it, and how quickly it boots, while still bringing relatively modern background desktop/multimedia services.

                                                                                              I think it was v6, but I couldn’t find v7 nor any license keys to either.

                                                                                              1. 6

                                                                                                Yes indeed.

                                                                                                Did you see the QNX Demo Disk?

                                                                                                http://toastytech.com/guis/qnxdemo.html

                                                                                                http://qnx.puslapiai.lt/qnxdemo/qnx_demo_disk.htm

                                                                                                https://winworldpc.com/product/qnx/144mb-demo

                                                                                                A full desktop xNix, with GUI, and web browser, and web SERVER, all on a single 1.4MB floppy.

                                                                                                Absolutely astounding, even in the 1990s.

                                                                                              2. 3

                                                                                                To my knowledge, Netware is the only OS ever to use rings 1 and 2 on x86. This made it very exciting to run in Paravirtualised mode on Xen, which wanted to run everything in the guest in ring 3.

                                                                                                I found EPOC16 more impressive. It ran on a 3.84 MHz 8086 with 256 KiB of RAM (and no storage other than the RAM Ddisk). within that, it was able to run a multitasking graphical environment and was so stable that you could rely on the RAM disk for persistent storage. EPOC32 felt bloated in comparison (though EKA2 remains my favourite kernel architecture and the Symbian internals book is the one that I insist as required reading for any student who considers writing a new OS).

                                                                                                1. 1

                                                                                                  So very much this.

                                                                                                  I wonder if it would be possible to crowdsource a revival of Symbian to get it running on the RasPi?

                                                                                                  Once it runs, then modernization to a recent C++ compiler would be more appealing. TBH there’s little reason to try to keep binary compatibility.

                                                                                                  1. 2

                                                                                                    Apparently the Symbian code makes use of a lot of Arm compiler extensions that don’t work elsewhere, so it’s quite challenging to make it work well in another context. I’d love to see EKA2 on new hardware though.

                                                                                                    My team is writing a compartmentalised RTOS for a CHERI RISC-V microcontroller that is about an order of magnitude faster than the CPU in the Series 3 (in FPGA. ASIC versions can be a lot faster depending on your power budget). Once we open source, I expect that my hobby project will be to try to connect up a frame buffer and see if we can build something like a reimagined EPOC16. You won’t be able to fit a browser on that platform, but it has about as much RAM as the Xerox Alto, so should be able to run a blue book Smalltalk-80 interpreter or similar.

                                                                                                    1. 1

                                                                                                      … Arm compiler extensions…

                                                                                                      Yes, I’ve read something similar to that. For now, the code it needs is still out there and can still be installed and run on versions of Windows that still run on existing hardware. But for how much longer?

                                                                                                      a compartmentalised RTOS for a CHERI RISC-V microcontroller

                                                                                                      Coo. Sounds interesting. I have written about CHERI fairly recently:

                                                                                                      https://www.theregister.com/2022/07/26/cheri_computer_runs_kde/

                                                                                                      That sounds intriguing…

                                                                                              3. 6

                                                                                                The network admin at the time insisted on running NT 3.51 for years and we all thought he was strange, but he never had any crashes (we in the programmers’ nest were on Windows 98).

                                                                                                Still, Windows 2000 was the peak for me. Reliable, fairly speedy, didn’t look like @$$.

                                                                                                1. 2

                                                                                                  I ran NT 3.51 at work well into the NT 4 era.

                                                                                                  On our LAN it was a near-bulletproof server OS. NT 4 was just UI changes, really, and didn’t do anything more. Nothing that mattered on a server.

                                                                                                  As a workstation, it was one of the smallest, fastest, but stablest client OSes I’ve ever seen. The ideal combination of resilient modern design and modest hardware requirements… just a relatively poor UI. But you could ignore that. I had all my apps bound to hotkeys in Program Manager. Boot up, log in, then press Ctrl+Alt+(letter) to open (or to switch to)…

                                                                                                  • W: Word
                                                                                                  • M: MS Mail
                                                                                                  • E: MS Excel
                                                                                                  • D: DOS prompt
                                                                                                  • F: File manager

                                                                                                  … etc. etc. I barely ever even saw ProgMan.

                                                                                                  This took manual customisation but it worked and the speed of it baffled my hunt-and-click colleagues.

                                                                                                  I agree re W2K.

                                                                                                  A comment to me on the Reg told me that there’s a small community of people still using W2K today. I knew of a hack that added some kernel/GDI calls that were added in XP, which used to allow you to run Windows Defender (MS’ free-as-in-beer antivirus for XP) on 2K, with free updates indefinitely.

                                                                                                  Apparently this has been enhanced and now also offers some marginally more modern XP browsers, such as Opera and Seamonkey, and some other XP-specific apps.

                                                                                                  I installed XP onto a Sony Vaio P last week, for a laugh. I used TinyXP from the Internet Archive.

                                                                                                  It is so much faster and more responsive than Windows 7 Thin PC, it’s hard to believe. It makes this tiny, sluggish dual-core 32-bit Atom sub-netbook actually somewhat usable. It’s much smaller and faster than even the lightest 32-bit Linux distros I have found.

                                                                                                  1. 2

                                                                                                    On our LAN it was a near-bulletproof server OS. NT 4 was just UI changes, really, and didn’t do anything more. Nothing that mattered on a server.

                                                                                                    NT 4 significantly changed the internal architecture, moving large chunks of the OS into the kernel for better performance (which turned out to be a very, very bad thing for security later on).

                                                                                                    1. 3

                                                                                                      It also turned out to be a bad thing for performance later on, though that was much flatter. Modern GPUs are designed for kernel bypass. You can set up the shared memory contexts in the kernel and the userspace process can initiate DMA from its own address space and submit commands directly into the GPU’s command ring. This means that you can have a userspace process set up to render to a texture in GPU memory, and another userspace process (the compositing manager) render window decorations and composite those textures into the frame buffer, without the kernel being involved at all. On NT, all of those system calls into win32k just add overhead.

                                                                                                      1. 1

                                                                                                        Indeed – that’s what I meant by “nothing that mattered on a server”.

                                                                                                        It wasn’t even noticeably faster as a desktop.

                                                                                                        The magazine I worked for at the time commissioned a review. It was glowing, laudatory. So they commissioned a response. It too was glowing, and laudatory. So I wrote a response as well, pointing out all the bad ideas, the failure to deliver the promised new “Cairo” UI and much more besides.

                                                                                                        The chaps who wrote the main piece and the response were not happy with me.

                                                                                                  2. 3

                                                                                                    In college, I ran OS/2 2.1 and OS/2 Warp 3 (and Warp 4 in grad school). One of my hallmates in college ran Desqview/X, and really liked it.

                                                                                                    I was running OS/2 on a 386SX that initially came with 3(!)MB of RAM, but I had upgraded it to 5(!). It ran okay, though I could get it to thrash pretty easily. The thing that OS/2 2.1 did that Windows 3.1 definitely did not do was to let you run a ZModem download in the background while you did literally anything else. When NT 3.5 came out, it wasn’t on my radar at all because Wired said it needed 16MB.

                                                                                                    One minor inaccuracy: OS/2 could give each Windows 3 app it’s own resource heap, at the cost of running a complete independent Windows session for it. Maybe NT could do it with less memory.

                                                                                                    In general, though, the competition for OS/2 2.x (etc) wasn’t Windows NT; it was Windows 95, and OS/2 was substantially better than Win95/98/ME in more or less every way. Once home and office PCs got beefy enough to run WinNT (basically around the Windows 2000 era), there was no argument for OS/2 anymore, though. Other than the nicer GUI and lower RAM requirements, OS/2 didn’t have anything over NT, and by then, substantial disadvantages (single-user, couldn’t run Win32-only apps, which were starting to be common by then). By that time, I had already switched to Linux, and wouldn’t actively use Windows again until required to for a job in 2006.

                                                                                                    1. 2

                                                                                                      One minor inaccuracy: OS/2 could give each Windows 3 app it’s own resource heap, at the cost of running a complete independent Windows session for it.

                                                                                                      OK, fair point.

                                                                                                      Yes, on NT there was a ticky-box to run apps in their own memory space or in a shared one, and with little RAM – meaning only 16MB or so – shared was better, but it meant if one crashed you could lose data in the others.

                                                                                                      But this was more efficient than the OS/2 approach, of multiple entire copies of Windows.

                                                                                                      I have yet to try this on my shiny new (15YO laptop, 2-day-old install of eCS 2.1) OS/2 box with 2GB of RAM. :-)

                                                                                                  1. 2

                                                                                                    It doesn’t look like your X-Clacks-Overhead header is actually coming through, at least when requesting the page using curl with HTTP/2.

                                                                                                    1. 2

                                                                                                      It would appear that Nginx is not sending it correctly since I changed some cache settings, thanks for the heads up!

                                                                                                      Edit: should be fixed. Thanks again.

                                                                                                      1. 4

                                                                                                        I love the whimsical nature of the Clacks Overhead project and I’m super delighted people are still using it!

                                                                                                        1. 2

                                                                                                          It’s a lovely project, and a nice way to incorporate remembering folks I miss into everyday sysadmin work :)

                                                                                                        2. 1

                                                                                                          Amélia’s name is mangled in the response x-clacks-overhead: GNU Natalie Nguyen; GNU Anna Harren; GNU Amélia Chavot

                                                                                                          1. 1

                                                                                                            Yeah, I’m not sure why this is. The headers are, I think, ISO-8859-1 encoded and should support the diacritic.

                                                                                                            1. 1

                                                                                                              Maybe it’s this https://stackoverflow.com/a/4410331 seems like clients do not care about anything not ascii

                                                                                                              1. 1

                                                                                                                Aw, dang. Okay, I’ll remove the diacritic and just pretend that France isn’t real.

                                                                                                      1. 24

                                                                                                        Good self-hosted software really needs to have leak-proof abstractions. Too many leaks means too much admin intervention, which is in short supply for hobbyists.

                                                                                                        Gitea is one that does this well IMO. A single binary, a single config file, and a single data directory are all key. Contrast this with my MediaWiki instance that needs a dozen packages installed, config is split between httpd.conf and LocalSettings.php, and data is split between the static files and database files. Not as bad as some, but still not ideal.

                                                                                                        1. 3

                                                                                                          Configuration woes are exactly why I’m considering writing my own web server instead of using Apache or Nginx. My needs are simple:

                                                                                                          • Static files only.
                                                                                                          • TLS (that kind of sucks but I don’t have a choice).
                                                                                                          • Content negotiation for languages (some of my posts are dual English/French).
                                                                                                          • Nice to have: cache everything in RAM (my website is that small).

                                                                                                          Then maybe one day I’ll stare into the SMTP abyss.

                                                                                                          1. 24

                                                                                                            You sound like a person who is yet to discover the warm convenience of https://caddyserver.com/

                                                                                                            1. 2

                                                                                                              I am indeed. Thanks for the tip.

                                                                                                            2. 4

                                                                                                              Using libretls makes using TLS painless.

                                                                                                              1. 3

                                                                                                                Nice to have: cache everything in RAM (my website is that small).

                                                                                                                Since you have a static site I’d assume that this is mostly handled by file system anyways, minus compression. I wonder how much one really gains from that, especially when using the right syscalls.

                                                                                                                Then maybe one day I’ll stare into the SMTP abyss.

                                                                                                                If you want a simple SMTP config OpenSMTPD is the way to go. See the examples section of their man page.

                                                                                                                Of course that doesn’t cover delivery (IMAP, etc.) or anti-spam measures. The good thing here is that it doesn’t change much.

                                                                                                                1. 1

                                                                                                                  Then I’d advise going full OpenBSD and use opensmtpd, https and relays for the config simplicity and practical usage.

                                                                                                              2. 1

                                                                                                                Making self hosting easy would be very possible, but I think the amount of work it would take is just too much. For an ideal system, everything needs to be standardized. There needs to be some way to just browse a UI and click “install”.

                                                                                                                Yes I know there are many projects that advertise this, but none of them actually work well. It’s a monumental amount of work for the projects to patch and configure every service so it fits a set of standards for backups, SSO, webserver access, certificates, etc. And then last I checked these projects were not containerized so there were major issues doing things like OS updates because PHP/etc would update which would present major issues for running services.

                                                                                                                And then there is just no money in it to make it worth the effort.

                                                                                                              1. 12

                                                                                                                Mastodon

                                                                                                                Too power hungry for my taste. No easy way to host inside docker, which made it a pain to keep running. I’m very happy with Fosstodon, and don’t see a reason to switch to a self-hosted instance any time soon.

                                                                                                                I run an instance too and agree it’s too power hungry. Just the RAM requirements are a bit excessive. Ruby seems to use a lot, as does Postgres and elasticsearch (not required, but needed if you want good searchability)

                                                                                                                1. 12

                                                                                                                  There’s also a newer implementation of an activitypub server at https://docs.gotosocial.org/en/latest/

                                                                                                                  1. 6

                                                                                                                    I’ve been running a node from under my desk and I gotta say I’ve been really impressed with the ease of installation and the responsiveness of the dev team. Everything that I ran into was due to generic self-hosting problems like dynamic DNS and hairpin routing, gotosocial itself hasn’t given me any trouble.

                                                                                                                    1. 2

                                                                                                                      This is what I use to run my server on, I have a server that could run Mastodon but it’s so fiddly to setup and operate that I never bothered. GtS on the other hand is extremely easy to run and they are very quickly (surprisingly so) adding features to give it parity with Mastodon.

                                                                                                                      1. 2

                                                                                                                        What I’m waiting for is a “migrate from Pleroma to GTS” guide. I can probably figure it out but it looks like a mountain of faff and pain that my brain fog prevents right now.

                                                                                                                      2. 8

                                                                                                                        There’s also Honk! if you’re willing to go SUPER minimalist.

                                                                                                                        I’m with the OP as well. I ran a Mastodon instance of my own for a bit less than a year, and after a few iterations of Rails migrations, the back-end and the front-end refused to speak and nobody could figure out why so I gave up :)

                                                                                                                        1. 5

                                                                                                                          Have you considered swapping to pleroma? If I were to host a fediverse node, I’d try that first, looking at the current shape right now.

                                                                                                                          I think you can even graft the slick mastodon frontend to a pleroma backend.

                                                                                                                          1. 15

                                                                                                                            For people like me who would never consider Pleroma because of their, um, politics, it’s worth noting there is a hard fork called Akkoma that is working to save the technology from its toxic community: https://coffee-and-dreams.uk/development/2022/06/24/akkoma.html

                                                                                                                            https://akkoma.dev/AkkomaGang/akkoma/

                                                                                                                            I can’t promise they’re better, not having personally used Pleroma or interacted with either dev community directly, but I’m cautiously optimistic.

                                                                                                                            They’ve put a Code of Conduct in place too: https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/CODE_OF_CONDUCT.md​

                                                                                                                            the community must create an environment which is safe and equitable

                                                                                                                            1. 3

                                                                                                                              …I’ve never seriously considered getting involved in fediverse dev (mastodon is no better for my mental health than twitter is), but I have to admit that hacking on Akkoma sounds fun. I’ve been wanting a good excuse to get into Elixir/Erlang’s ecosystem more.

                                                                                                                              1. 7

                                                                                                                                I did some development on Pleroma back before their dev team got overtaken by shitlords, and I have to say I was impressed with how approachable it was. I’ve never done Elixir before but I have some dusty experience with Erlang and some very dusty experience with Rails and everything seemed to fit together in a sensible way, kind of what I wish Rails could have been. I wrote about my experience here: https://technomancy.us/191

                                                                                                                              2. 4

                                                                                                                                I have great difficulty understanding the approach of “this tool is made by people I don’t like so I will deny myself the utility of this tool”.

                                                                                                                                1. 21

                                                                                                                                  It’s possible that part of your confusion is that with an open source project, it is often possible to use the software without directly giving the developers money or other obvious support. But this seems unwise if you want the software to continue to be developed and maintained, as most users of software do. And if you engage in less monetary ways like filing bug reports, you then have to interact with the people you do not like.

                                                                                                                                  Fortunately this is a demonstration of one strength of FOSS, the right to fork: people who do not want to work with the Pleroma developers can take the codebase and go their own way, as Akkoma seems to be doing. Why spend time with people you don’t get along with, if you could just… not?

                                                                                                                                  1. 12

                                                                                                                                    People who write open source software write it, primarily, for themselves. It will end up optimised for their use cases. If they are interested in creating a society that is antithetical to one in which I want to live then, pragmatically, they will probably evolve the software in directions that I dislike.

                                                                                                                                    1. 4

                                                                                                                                      This seems like quite a bit of a stretch. Perhaps for social media, since different groups have different ideas on how to regular discourse, but vast amounts of software don’t fall in this bucks.

                                                                                                                                      If libpng was written by Hitler, it still does the job.

                                                                                                                                      This divisive attitude leaking (primarily?) out of America is seriously not healthy. For better or worse, people you do not agree with will not simply disappear. If we stop talking, all that is left is violence.

                                                                                                                                      1. 10

                                                                                                                                        If libpng was written by Hitler, it still does the job.

                                                                                                                                        It does run the same, yes. But as skyfaller was saying, if you want to report a bug or send a patch, you depend on Hitler. Unless you fork. I don’t think such an extreme example serves your argument well.

                                                                                                                                        This divisive attitude leaking (primarily?) out of America is seriously not healthy. For better or worse, people you do not agree with will not simply disappear. If we stop talking, all that is left is violence.

                                                                                                                                        Case in point: out-of-context, I would like to agree with this. But now that you mentioned Hitler, I have to remind you that western democraties actually kept talking with him until very late in the 30s. It didn’t stop the violence.

                                                                                                                                        1. 3

                                                                                                                                          Most people are not Hitler, and we all know it. It was hyperbole for effect, and we all know that too. I feel you’re intentionally missing my obvious point.

                                                                                                                                          The vast majority of your (likely) fellow Americans who you disagree with are not bad people. This is a deeply unhealthy perspective that will only make things worse, and outside this argument you surely know this too.

                                                                                                                                          You’ll forgive me if I bow out now.

                                                                                                                                        2. 5

                                                                                                                                          If libpng was written by Hitler, it still does the job.

                                                                                                                                          This isn’t about libpng; it’s about Pleroma, which is a social media tool.

                                                                                                                                          It turns out when these kinds of people have atrocious opinions about minorities, they tend to also have bad ideas about moderation and harassment; they only care about the use cases that matter to straight white males.

                                                                                                                                          I think it’s a bad idea to run social software that’s written by people who don’t care about moderation and protecting their users.

                                                                                                                                          1. 4

                                                                                                                                            they only care about the use cases that matter to straight white males.

                                                                                                                                            Citation needed please.

                                                                                                                                            I think it’s a bad idea to run social software that’s written by people who don’t care about moderation and protecting their users.

                                                                                                                                            Social software is about bringing people together, right? Moderation and protecting users is about keeping people apart. I’ll cheerfully admit that there are reasons we keep people apart, but if the criteria is “software to bring people together” it seems obvious to me that the more laid-back software is the way to go.

                                                                                                                                            The platonic ideal of protecting users is putting them in a box by themselves.

                                                                                                                                            1. 7

                                                                                                                                              Social software is about bringing people together, right? Moderation and protecting users is about keeping people apart.

                                                                                                                                              This kind of simplistic thinking is exactly the kind of thing that would be an enormous red flag if I was evaluating social media servers and I heard one of the maintainers saying it.

                                                                                                                                              1. 4

                                                                                                                                                Sure, but you’ve neither explained why it’s incorrectly simplistic nor why it’s a red flag (nor justified your lazy dig at “straight white males”).

                                                                                                                                                I’ll drop it, but if you want to have a discussion of substance DMs are always open. :)

                                                                                                                                2. 4

                                                                                                                                  Ruby seems to use a lot

                                                                                                                                  I think it’s mostly rails actually. Ruby has a bit of a bad reputation when it comes to performance, when it’s mostly rails. In that area, other than JS always used to do the best, and compared to language implementations like Python it’s quite fast.

                                                                                                                                  At least it was like that ages ago, when someone told me they want to rewrite some big project thinking switching away from Ruby would somehow magically make things faster.

                                                                                                                                  1. 2

                                                                                                                                    I’ve never heard of Ruby being described as ‘quite fast’ compared to Python. Way back in the Ruby 1.8 days, Python was faster, but they’re now more or less neck and neck in terms of performance. Ruby got a bad reputation because of how slow its AST-based interpreter was back in the day.

                                                                                                                                    On the other hand, JavaScript (specifically V8) and PHP are faster than both.

                                                                                                                                    1. 1

                                                                                                                                      Yeah, I think you’re right. I don’t know much about either, but just going off what I see in top

                                                                                                                                  1. 12

                                                                                                                                    One speculation I heard about Whisper is that it was developed to generate text training data to train GPT-4. GPT-3 used Common Crawl, and there is no larger text dataset in existence. OpenAI is running out of text, and Whisper is the answer.

                                                                                                                                    This explains some strange features of Whisper. There is a mode to translate to English. Input is 30 seconds chunks, and there is no way to stream. Both are strange for a speech recognition system, but make perfect sense for a text training data generator.

                                                                                                                                    1. 1

                                                                                                                                      Do you want to say they want to collect more textual data from existing audio data? But is there really so much more audio/video data than text data?

                                                                                                                                      1. 2

                                                                                                                                        Do you want to say they want to collect more textual data from existing audio data? But is there really so much more audio/video data than text data?

                                                                                                                                        Not the parent commenter, but yes, that’s what they appear to do.

                                                                                                                                        But is there really so much more audio/video data than text data?

                                                                                                                                        The amount of non-English audio data certainly is bigger than English textual data.

                                                                                                                                    1. 10

                                                                                                                                      I just want to publish software that I think is neat so that other hobbyists can use and learn from it, and I otherwise want to be left the hell alone. I should be allowed to decide if something I wrote is “done”.

                                                                                                                                      One way to do it is to pick a license that’s considered radioactive by FAANG and their wanna-bees. Just stick AGPLv3 into that COPYING.md file, no one will bother you again.