Cloudflare Tunnel is free and a good solution for those behind CG-NATs or an ISP firewall. It also offers effortless DoS protection.
I will admit, however, that I think it’s slightly “cooler” in some sense to host your site directly from your home, with no assistance from Cloudflare or other giant tech companies, even if you don’t really get much tangible benefit from doing it that way.
(By these standards of course, my personal site is rather lame because it’s just your standard Jekyll + GitHub Pages site.)
What are the risks of port forwarding and hosting on home network? I get the general risk of giving the public internet direct access to my home devices. But how do people specifically exploit this? It depends on me misconfiguring or not properly locking down the web server, right?
Pretty much, but nobody has ever made an unhackable server. So even if you “properly” configure the server it’s not 100% secure because nothing is.
I did get my router hacked and it had third party malicious software installed on it and it didn’t function until I got the NetGear people to fix it which is why I installed fail2ban vibe has worked so far. But nothing is foolproof.
Let’s assume you forward port 443 to your Pi running Apache. You’re basically exposing the following bits of software to the Internet:
Your kernel’s TCP/IP stack
Apache
Any software you may choose to place behind an Apache reverse proxy
The biggest risk is an RCE in any of those pieces, because you’re truly pwned, but I’d lay pretty long odds against an RCE in the Linux network stack, and I don’t think your average Apache config is at much risk either – these things have both been highly battle-tested. Some sort of denial-of-service exploit is more likely but again, Linux+Apache have powered a huge chunk of the Internet for the last 25+ years. Now, if you write an HTTP server which executes arbitrary shell commands from the body of POST requests and proxy it behind Apache, you have only yourself to blame…
I expose HTTP and a few other services from my home network via port forwarding. I don’t lose sleep over it.
Nice! I don’t know what it is but there is something really satisfying about hosting your website at home.
You can have some fun as well, like getting an LED to blink on every hit to the site.
I do want to do something hardware related because right now I’m under utilising the pi’s hardware abilities, but I feel like I’d have trouble distinguishing real traffic from bot traffic.
I have an interactive pixel grid that syncs to an ePaper in my home on my website: https://www.svenknebel.de/posts/2023/12/2/ (picture, grid it self at the top of the homepage feed)
Very intentionally very low-res so I don’t have to worry about people writing/drawing bad stuff, and its an entirely separate small program, so if someone ever manages to crash it only that part is gone.
I just moved my blog off of EC2 to my Raspberry Pi Kubernetes cluster at home just today. The whole idea behind running it on EC2 was that I figured I would have fewer reliability issues than on my homelab Kubernetes cluster, but the Kubernetes cluster has been remarkably stable (especially for stateless apps) and my EC2 setup was remarkably flaky[^1]. It’s definitely rewarding to run my own services, and it saves me a bunch of time/money to boot.
[^1]: not because of EC2, but because I would misconfigure Linux things, or not properly put my certificates in an EBS volume, or not set the spot instance termination policy properly, or any of a dozen other things–my k8s cluster runs behind cloudflare which takes care of the https stuff for me
I’ve found that chairs don’t need back rests, and we may better off spending less time leaning on chair backs. While WFH I developed sciatica, seemingly from sitting on a soft chair for too long. I didn’t acutely injure it like Hinton did, I think the problem was it was gradually weakened from not being challenged to support itself, until the lack of support put enough pressure on the spine to damage disks and put pressure on nerves.
I was fortunate to be able to reverse it back to normal with a combination of only using a standing desk and core exercises to strengthen my back. But I found that standing for long periods itself was problematic, as I was starting to develop swollen ankles after several hours, and it seemed likely that it’d cause varicose veins with more time.
Rather than stand all the time, I switched to sitting without a chair back (plus standing for shorter periods here and there). I find that sitting without a back support has most of the back benefits of standing, in that your back is supporting itself and maintaining its strength. I now feel like chairs with ergonomic padding/support are basically trying to replicate what your back does by itself when it just holds itself up, and it’s better to have it do that itself, rather than let it relax into an approximation of that position with a back support.
It’s not that chairs are bad, but that our bodies are very good at optimising themselves to being capable of what we demand of them and no more — if we exercise we get fitter, if we don’t we get less fit. Muscles shrink and loose strength without use. So if we spend all our time relaxing our back on a back rest, it’ll naturally become less strong. Spending time standing or not using a chair back is a mild form of exercise that maintains a certain minimum level of strength. You could achieve the same with consistent use of core strength exercises. The key is to consistently challenge your body, so that it has to remain strong enough to withstand the occasional larger challenge, like tripping over or carrying something heavy.
The key is to consistently challenge your body, so that it has to remain strong enough to withstand the occasional larger challenge, like tripping over or carrying something heavy.
I hear you and I understand the concept of hormesis, but I’m not going to do that while I work. I want to be comfortable working. The advice that I’d give anyone is to get under a barbell, if you want to feel uncomfortable in a useful way.
I second this. Nothing like heavy squats and deadlifts to build a strong and healthy back! It’s also a good medicine against depression (which working alone for long times may aggravate otherwise)
I don’t know if there’s evidence to back it up, but I’ve found that strength work helped (or at least coincided) with getting rid of some mild RSI I had starting in my mouse wrist many years ago.
AFAIK the theory is that RSI is an overuse/inflammation injury of tiny muscles. By targeting all the muscles with compound exercises you strengthen the entire area, including the smaller muscles. There might also be some sort of effect where the surrounding muscles can provide more support if they’re stronger.
but I’m not going to do that while I work. I want to be comfortable working. The advice that I’d give anyone is to get under a barbell, if you want to feel uncomfortable in a useful way.
I think one of the less intrusive things for your workday is to have a climbing board or a pull up bar in a location you’re passing through several times a day anyway (hallway/kitchen). I wish I had that at home.
Chin ups or pull ups don’t really strengthen the lower back though. Also, one might not be strong enough for body weight chin ups, which could lead to injury if tried anyway. It can’t be incrementally loaded like a barbell. Yes you can put weight on a belt but it’s less precise due to fluctuations in body weight.
That’s fair. Doing dedicated strength training is a good idea for everyone to maintain bone and muscles as we age.
For people who don’t have the time or inclination to do dedicated exercise, finding a way to incorporate exercise into day-to-day activities like this can help to get some exercise in that would otherwise not happen. I’d just say that it’s only uncomfortable while you adapt to it (as with any moderate exercise). I can now sit all day like this without feeling achey or like I need to slouch.
I sit on a perla gym ball at work, you can see it this picture of my work desk, and I use them for sitting at work - where I don’t have standing desk.
This gym ball has rubber udders for feet so it doesn’t roll to far away when you stand up - but as you never sit still on it, it is great for posture and looking after your back.
Looks like a well thought out arrangement you have there! How did you get a ball the right size to put yourself at the right working height? I imagine it’d take a bit of trial and error unless that’s a height-adjustable desk.
that’s the only limiting factor they only come in three sizes - the medium is perfect for me sitting at standard desk that is ~70cm off the floor, the ball has a 65cm diameter, my body weight (~80kg) means that my elbows are pretty close to 90°, but having adjustable desk height would be a perfect solution.
I see, thanks. I suppose the desk height could be manually fine-tuned using some kind of shims under each leg if it was a little off. Or perhaps the pressure in the ball can be adjusted too!
I’ve used OpenBSD as my primary desktop since 2001, but I get Solene’s points, and I would like BlueTooth back again (I don’t have the skills to implement it, and I have enough work arounds that it’s a nice to have…), and over the years I’ve seen crashes, but luckily I’ve not lost any data, and usually I’m back working again quickly, even with an fsck of the ffs.
I’ve also never really played computer games, as life is too short as it is, but I have run minecraft servers on OpenBSD and installed many of the games in packages for my kids to play with over the years.
I’ve used OpenBSD on my personal laptops (and work when I can) for the last 7 years at least. Installation, configuration and system related operations are a joy.
But the less then ideal docker through vm’s way of doing docker does stop me from using it for many contracts and in some contexts it can be very slow. I almost never have crashes and I dont remember losing any files, though I always have to do fsck when my battery runs out, and that happens pretty often.
If I move on from OpenBSD, the likely suspects are void linux, guixSD or Genode SculptOS.
Wow, I don’t even remember writing that. I just use apmd’s -Z option now to automatically hibernate when the battery is super low, with a script in /etc/apm/hibernate that tries to warn me with Xdialog.
OpenBSD isn’t even really supposed to be a desktop OS. I’d say it’s more like router firmware. I’m always shocked when someone actually implies they do or have been using it as a desktop OS.
And yes, I know there’s going to be someone who insists they also use it. I’ve also seen people try to use Windows XP x64 Edition well into 2014. Trust me, I have seen no shortage of questionable life choices.
The author of this was previously on the OpenBSD development team. OpenBSD devs tend to dogfood their own OS, so of course she would have used it as a desktop.
This isn’t really true. A few porters do huge amounts of work to keep (among other things) KDE and Chromium and Firefox available for OpenBSD users, and not insignificant work goes into making the base system work (more or less) on a decent variety of laptops. It’s less compatible than Linux but for a project with orders of magnitude less in resources than Linux it does pretty good. But I guess we’ve finally reached the Year of the Linux Desktop if we’re now being shocked that someone would have a BSD desktop.
I would say that the vast majority of OpenBSD developers are using it as their primary OS on a desktop or laptop. I am shocked (well not really anymore, but saddened) that developers of other large mature operating systems don’t use it as their primary OS. If you’re not using it every day, how do you find the pain points and make sure it works well for others?
We have reasonably up-to-date packages of the entire Gnome, KDE, Xfce, Mate, and probably other smaller desktop environments. We have very up-to-date packages of Chrome and Firefox that we’ve hardened. The portable parts of Wayland have made (or are making) their way into the ports tree. None of this would be available if there weren’t a bunch of people using it on their desktop.
Why?
It comes with an X server, an incredible array of software, both GUI and terminal based applications that I can install. For my needs OpenBSD is a very capable desktop, and more responsive and flexible then the Windows desktop that work gives me.
I have a Glove80 at work which I purchased following an open dislocation fracture of my little finger, and while I like the keyboard, I think the positioning of the six keys for the thumb clusters are too close together. I also need to spend a day configuring my Glove80 and Moonlander so the layouts are closer, so that switching from work to home can go more smoothly.
Even though I’ve had it just over 100 days now, I’m not practising enough to get my typing speed back up to 80 WPM, but my current 60WPM is fast enough for work…
I’ve been a fan of thumb clusters since building my Ergodox, and the Maltron keyboards, which were some of the earliest ergonomic keyboards used to put the letter ‘e’ under the right thumb as it was the most frequent letter in English :~)
A few years back I drafted out an essay called “falsehoods programmers believe about recipes”, which I later scoped down to “FPBA recipe ingredients”, which I later scoped down to “FPBA substitutions in recipe ingredients.” There’s no ceiling to how complicated you can make a recipe model, depending on what you actually want to do with it! Are “chopped carrots” and “grated carrots” the same ingredient? Depends on if you’re looking for a way to use excess grated carrots.
It’s probably for the best that the mainstream recipe schemas only support basic use-cases: search-by-ingredient, presentation, scaling. Doing more than that is a mess of madness.
Generally, recipes benefit from a level of vagueness, and often assume you can be as flexible with substitutions and preparation as much as you personally are willing to tolerate. If you need to go into any more depth than that, then you’re probably programming some kind of machine, and can work off of it’s own limitations rather than human limitations. In other words, defining specifics without an actual target platform is, as you mentioned, a fast track to madness.
My specific use case that inspired the essay was dinner party planning. I had a set of people coming with different dietary restrictions, and I wanted to make sure that every guest had at least one entree and two sides. So I wanted ot be able to do things like query recipes for “vegan”, but also “vegan under substitution”.
Maybe I should get back to that essay, it was pretty fun finding weird edge cases in the wild
Generally, recipes benefit from a level of vagueness, and often assume you can be as flexible with substitutions and preparation as much as you personally are willing to tolerate.
This severely depends on the recipe kind. Say, in baking, some components are flexible/allow substitution or removal, while others are absolutely crucial (which might not be obvious for a beginner baker, like, “what if I just omit this 1/4tsp of sodium carbonate, it is such a small amount and not that it has some pleasant taste anyway!”)
I, as a person who learned to cook complicated dishes only in my grown-up years, by books/Internet, and always lacked some basic “cooking intuitions,” am always missing the recipe specifying “what this ingredient actually does here.” Not only related to baking! Say, it was not obvious to me (dumb!) that when the recipe of some Indian-style dish calls for tomato paste while already having tomatoes, it is not to have it more “tomate-y,” but for a particular balance of liquid and sourness.
I toyed for some time with ideas of some semi-structured formats that consider it (the “role” of ingredients and their relation to others, not only their name/quantity), but to no interesting result.
isn’t this the classic computer science dilemma - how do you make your algorithm generic enough to be useful, but also specific enough to get it right for most common cases? and how do you deal with those cases that it doesn’t work for?
collecting recipes, definitely, but to make sure you can actual make the food using the recipe is another thing, for example when trying make mayonnaise many years ago I discovered by chance that temperature is really important but none of the recipes for mayonnaise mention it - people forget that cooking is chemistry ;~)
There’s an issue for that with some interesting discussion. Summarizing what I read:
It’s planned. There’s two possible paths to accessibility: tagged PDFs and HTML output. HTML output has the benefit of working very well with screen readers out of the box, and a screen reader user said that HTML is strictly better than any kind of tagged PDF. Tagged PDFs have the advantage that a lot of schools and businesses may use PDFs regardless. There are laws coming into effect requiring school work to be accessible, which could be a major source of Typst adoption if they manage to get the accessibility features ready in time.
I apologise for being a sceptic but I find this hard to believe:
But I found myself grating with the unending and pervasive issues [on Linux] with Wi-Fi, audio, GPUs etc.
Isn’t this exactly why people go for Ubuntu or Fedora? Also, just recently there was a post https://lobste.rs/s/15zleo/why_laptop_support_why_now_freebsd_s, which pretty much sounded like an acknowledgement that there is a lot to be done in the BSD world to catch up to Linux, not even mentioning Win/macOS.
Having said that, I wish more cloud/VPS providers and tutorial writers look at / focus on / promote OpenBSD because of its excellent security track record.
[This will be ranty, over-simplified and most importantly highly subjective. I have no interest in converting anyone to OpenBSD or any other BSD. Instead I want to add my experiences to this anyways subjective conversation. I hope this gives an idea of what could be meant by the quoted sentence - or how I interpret it. I use Arch Linux most of the time, so I am also not trying to drive you away from Linux or something]
I didn’t interpret this in terms of (just) hardware support. Hardware support isn’t really about “getting in the way” in my opinion. In most situations it’s either there or isn’t there or more generically it works or it doesn’t. Linux clearly has a broader hardware support than Linux - at least when it comes to laptop/desktop systems.
Wifi: Nothing in Linux land comes remotely close to having hostname.if(5) and just having simple configuration lines like join <network> wpakey <key>. From Networkmanager to wpa_supplicant to all the ways of configuring a dhcp client and weird, buggy UIs for them are a great big mess. If you are lucky and never have any needs it might work. But the configuration tools are still weird and complicated. And if you start having troubles it’s an even bigger mess to debug.
Audio: sndio is great, just works. On Linux even basic things like both connecting headphones (audio jack) switching to them and them being connected when turning on never worked out of the box. Not on Ubuntu, not on Fedora, not on Arch. Mics are just as messy. Pulseaudio is messy, and while Pipewire improved stuff it somehow does weird stuff when watching YouTube videos. Out of the box it either randomly freezes monitor outputs, it struggles with processing outputs or inputs, it freezes the video in Firefox, despite continuing. I don’t know why Audio on Linux seems to progressively getting worse. If everyone was using the current iteration of OSS it would likely be fine. And for non-rolling distros every other upgrade messes things up in a new way. Every other OS seems to be doing a better job the Linux here.
Graphics: Let’s skip the hybrid GPU topic to make this shorter. There are uncountable issues that one might fix via xorg and driver options. Most of the time one issue is traded for another. So many “known issues” with “just use this and that hack”. To be fair. GPU drivers are a mess across platforms (maybe not macOS?). However usually things don’t degrade. On Linux every distro finds a way to get rid of stuff working. From tearing, to performance issues, to not even being able to start X.org. And so many times the official solution is either switching to Wayland or switching to X.org. I thought just going the route of Intel GPUs would fix mentioned issues, but while it is a lot better, it just doesn’t happen. Having to fiddle with graphics in 2024 just feels wrong. On OpenBSD stuff that works keeps working.
I feel like I’m quite experienced. I have been using Linux for two decades. I can program, I will start up strace or a debugger, if I wanna get down to the root cause. But it feels like Linux is a bit how javascript frameworks. There is a working solution that has that one annoyance, but instead of working on improving it a new framework focusing on fixing that annoyance is being created. Everyone is happy… until they notice that the new way basically makes all the stuff that worked well on the previous solution is cumbersome. Then there is back and forth trolling. If you don’t like the new solution you are dumb, etc. The new solution is the future. Then it settles and finally a new version emerges. The mentioned Pulseaudio/Anti Pulseaudio -> Pipewire example is perfect. Now people only have problems with microphones and watching videos.
I wouldn’t conflate FreeBSD and OpenBSD in that regard. FreeBSD has no sndio by default. Even though you can totally switch to it through the ports systems and I’ve done so. It’s pretty amazing that you can do that. I wished there was something like that in Linux land. Anyways, it’s not there per default, also it’s in port, so third party. There is no hostname.if. I think the default way of doing Wifi is the same as on Linux. For graphics cards. I don’t know what the status is today, but OpenBSD over the last decade or so has been quicker at adding for example support for intel graphics. FreeBSD is a bit slower about adding such things somehow. Also slower than DragonFly for example.
I think the reason is that the FreeBSD culture is different. I think there are more OpenBSD users/devs running OpenBSD on their day to day laptop than FreeBSD people running FreeBSD on their day to day laptop. The whole Gaming on OpenBSD community is a good example on this. Arguably FreeBSD is the better gaming OS. Overall better performance, support for WINE (OpenBSD simly doesn’t have that), official NVIDIA drivers, etc. Yet some projects like fnaify (which evidently is now indierunner?) make running Windows games potentially more convenient than using WINE.
The BSDs are often viewed as “OpenBSD for Routers”, “NetBSD for the toaster” and “FreeBSD for everything else”, often overlooking that they aren’t distros, but independent general purpose OSs. And if you look at macOS also being a BSD, do grep -v, look at how they have dtrace, about how the way you run Docker is through xhyve, which is based of FreeBSD’s bhyve, etc. it really is another BSD. But aside from them never being a good gaming platform one wouldn’t consider it to be a bad desktop/laptop OS. Don’t get me wrong though. OpenBSD, NetBSD, FreeBSD are all not great desktop OSs. My argument here is about how “the BSDs” is a strange grouping. Because the main thing they have in common today is maybe name, maybe license preferences. Even they way closer to FreeBSD DragonFly, today has very different properties. They are father apart than let’s say Android and Debian in many regards.
On Linux even basic things like both connecting headphones (audio jack) switching to them and them being connected when turning on never worked out of the box.
This just works with pipewire. If it doesn’t for you, open an issue with pipewire. They’re very responsive.
If everyone was using the current iteration of OSS it would likely be fine.
Pipewire goes way beyond what’s possible with OSS. While it may not matter much for most people, there’s no other OS right now which comes close to the minimal latency, custom routed connection graph and trivial codec/sampling changes.
FWIW a lot of people who use one of the BSDs now haven’t used Linux too much in a while, so they just haven’t ran into Pipewire much.
If one’s memories about sound on Linux are from around, say, 2010 or so up until Pipewire age, it’s not surprising that they only remember it as a raging dumpsterfire. I think the only thing that worked worse than what Linux had during that decade was sticking two fingers from your left hand in the audio port and then, based on how it tingled, hitting a really thin membrane with a really tiny hammer really really fast with your other hand. The audio quality would’ve been worse, both because of the inefficient actuation mechanism and because of the highly non-linear signal propagation media, but it would’ve been a lot more reliable than PulseAudio up until 2015 or so, and still a lot easier to troubleshoot after that.
That matches my recollection of PulseAudio from that era, especially on laptop audio hardware. On desktops, with careful sound card selection, it wasn’t that awful.
In contrast, I think I only ever used PA on ThinkPads and it worked perfectly. I mean, at the time this was kinda the default hardware, if it was not the current year’s model.
PulseAudio improved a lot after, how do I put it… after maintainership was taken over by more community-minded people. Unfortunately, there are more fundamental things that no amount of actually looking at punctual bugs can fix.
I also used PA on ThinkPad hardware and some of my favourite bugs, which I never managed to troubleshoot conclusively, were:
If I plugged an HDMI monitor with speakers and left it plugged in when suspending, PulseAudio would sometimes select it as the default output when resuming from sleep and the laptop’s sound card would be gone. Restarting PulseAudio sometimes helped, but not always – sometimes it would reliably detect the sound card, but refuse to unmute it, and the only way to fix it then was to reboot the bloody thing. Resuming from sleep when the monitor was not plugged in worked fine.
I could sometimes get PulseAudio to crash by plugging in a USB DAC along with my HDMI monitor. Plugging the monitor first, and then the DAC seemed to work every time. Plugging the DAC, then the monitor, got it to crash. I actually spent a few hours trying to debug this, figuring that fixing sink detection on completely unfamiliar code was probably hopeless but surely a crash would be simpler. I was completely wrong.
Disconnecting Bluetooth headphones worked reliably, but I could not unmute the laptop’s speakers afterwards.
I had a particular USB microphone which, if plugged in, would get PulseAudio to crash after a few minutes. I don’t recall the details now (something about sample rate, some config tweaks fixed it) but it took forever to figure out, because it crashed late enough that I didn’t realise it had anything to do with the microphone.
One source of PA’s many problems was that, for years, it was written and maintained in terms of well, it works on my machine, you must be doing something wrong. So the layer of resilience (maybe a bit of a fancy word for proper locking and basic sanity checks on data structures, hardware input/output state etc., but anyway) and debugging features that ensures a smooth transition from “works on my machine” to “works on everyone’s machine” was worked in gradually, pretty late, and rather unevenly.
So if your machine happened to be just right, you could go through it without a hitch (I had one of those, too, a hand-me-down old Toshiba, of all things). If it didn’t, apulse helped for a while, but that was about it.
Fun, although the first one sounds like my #1 Discord-on-Windows issue. Sometimes randomly, sometimes after it updates itself everything looks good, but I don’t hear anything because it’s blasting into the nirvana of my screen and I have to manually reset.
Yeah I’m not defending it per se, it’s just apparently been unbroken on Debian and Ubuntu during this time I spoke of, I never really had a large amount of Linux machines with GUI at the same time.
I up-voted this comment, but wanted to add a “me too”. reezer’s experience is exactly my own.
I enjoy trying different operating systems on my home desktop and laptop. I’ve tried all the major ones and some more obscure ones. I make it my everything-OS for a month or a year, to give it a real go.
OpenBSD has always been the “JUST WORKS” one. The simplest, easiest one to recognize or config my hardware/network/sound/video/USB-stuff, etc.
OpenBSD usually seems to do, in a few config lines, what other operating systems do in a much more complicated way.
Wifi: Nothing in Linux land comes remotely close to having hostname.if(5) and just having simple configuration lines like join wpakey . From Networkmanager to wpa_supplicant to all the ways of configuring a dhcp client and weird, buggy UIs for them are a great big mess.
From a quick glance through the man page it seems that openbsd’s solution though doesn’t have any support for PEAP / MSCHAPv2 / all the enterprise and academic wifi schemes.
I’m curious with the pipewire freezing video thing, never encountered that across Arch Linux, Fedora, Ubuntu, Debian Bookworm on a variety of hardware
From a quick glance through the man page it seems that openbsd’s solution though doesn’t have any support for PEAP / MSCHAPv2 / all the enterprise and academic wifi schemes.
Never used MSCHAPv2. And from what I read Windows 11 also doesn’t support it because nobody should use it. But yeah, there you have to fall back to wpa_supplicant.
I’m curious with the pipewire freezing video thing, never encountered that across Arch Linux, Fedora, Ubuntu, Debian Bookworm on a variety of hardware
Here I am encountering that across various hardware, with various distributions. It’s not all the same though. Different systems, different issues. I much prefer the video freezing over the screen.
OpenBSD has vastly better Wi-Fi support compared to FreeBSD. If your chipset is supported, you get fast speeds and reliable Wi-Fi. And the config is through the superior ifconfig tool.
there was a post which pretty much sounded like an acknowledgement that there is a lot to be done in the BSD world to catch up to Linux
That post described FreeBSD, whereas this thread describes OpenBSD. I understand why people refer to “the BSD world” or similar given that these operating systems have a common ancestry, but the different systems diverged around 30 years ago when they all failed to support anything resembling today’s GPUs and WiFi chipsets.
Today, it’s often unhelpful to talk about “the BSD world”, “the BSDs”, or “*BSD” from a technical perspective although culturally they have some similarity, community overlap, and shared conferences. The different BSD-based operating systems share code, some of which finds its way into Linux, Windows, and MacOS, but they also have their own kernel interfaces, development processes and technical focus.
Note that macOS and iOS are BSDs. The XNU kernel began as a single-server Mach kernel with BSD (back when there was only one BSD) as the server providing the POSIX support. With OS X 10.0, the old BSD code was updated with FreeBSD 4.x and then 5.x code. Things like kqueue came from there. The MAC framework that’s used to implement the iOS and macOS sandboxing abstraction came from the (Apple-funded) TrustedBSD project, which implemented the same code for XNU and FreeBSD. Other things, such as the audio and graphics subsystems, were completely different. The Darwin libc was updated from FreeBSD’s at the same time, but later diverged. The POSIX2008 extended locale APIs originated in Darwin’s libc (as an extension to a GNU extension), for example, and the FreeBSD implementation is independent. Similarly, most of the core command-line utilities were forked from FreeBSD, but grew some nice extensions (such as consistently using -h and -H for binary or decimal units), but didn’t always get improvements from upstream.
NetBSD and OpenBSD diverged from FreeBSD further in the past than Darwin, though Darwin has had a lot more full-time engineers working on it and so the divergence is greater.
Lacking knowledge of Gentoo’s userbase as I do, it’s surprising to me that the design goals listed here even give consideration to running binaries built against a 32-bit time_t after the transition. But I’ve been using OpenBSD a lot, where running packages built on release N after upgrading to release N+1 is somewhere between “unsupported” and “good luck”.
Gentoo does not have fixed releases, and compiles everything from source. “With the update from today, you need to recompile and replace every binary on your system with an ABI-incompatible one” is a tricky requirement in such a case, as is getting the repo into the state where you can do that in one big jump.
I remember when OpenBSD did the switch to 64 bit time in 2013 and they recommended using a snapshot to do the move, as doing the compiling yourself required careful preparation or you would end up with a system you couldn’t boot, or if it did boot you couldn’t login, which is exactly what Gentoo are trying to avoid, but without the luxury of snapshots that OpenBSD has.
Intentionally distributing full verbatim copies of copyrighted material when you do not have permission from the copyright owner, illegal.
Transforming vast amounts of copyrighted material into an entirely different new form of technology, (probably) legal. There is a reason that “transformativeness” is one of the fair use tests in US copyright law.
It demonstrates that you can prompt the LLM to reproduce (some) texts. Whether that is copyright infringement is debatable. I can ask someone to recite The Hollow Men from memory, but that doesn’t make their memory a violation of copyright.
The question of transformativeness is about whether the LLM itself is sufficiently different from the copyrighted texts in its inputs to be considered a work of fundamentally distinct purpose and value. That’s not the only question at issue, but it’s an important one that clearly comes out in favor of the LLM creators. Google won a major lawsuit on this issue regarding Google Books even though it was a much less transformative use than LLMs are.
I can ask someone to recite The Hollow Men from memory, but that doesn’t make their memory a violation of copyright.
Their memory isn’t a violation of copyright, but their reciting The Hollow Men may be (seriously though, 1925, isn’t that thing public domain by now!?)
I imagine this varies with jurisdiction but where I’m from requesting permission from the publisher or the author is a standard requirement in a case like this. You’re free to learn poetry or music by heart but if you’re going to reproduce it verbatim in public, for reasons other than satire, commentary or academic study, you’ve got to ask for permission, no matter how transformative your brain is :-).
Yep. The fact that LLMs can reproduce copyrighted text is the strongest argument against them. But the question is who is responsible for the reproduction, the LLM creator or the LLM user asking for a copy of The Hollow Men. :)
Context: people go to jail if they allow others to use their servers and others use it for sharing warez. Even if the server owner can not see what has been shared, because data are e2e encrypted. Or teenagers went to jail because police found CDs with copies of MS Windows, Photoshop, AutoCAD or some films and music etc. Judge just multiplied the list price by the number of copies found and declared that the amount of damages.
I do not see much reason why (not much) transformed (rather anonymized) LLM should be more legal than a verbatim copy. LLMs are even worse, because they cannibalize the content and give no credit to authors. While verbatim copies, even warez, retain the name of the original author and the publisher. People often buy paper books, optical discs etc. of works that they first find in warez and liked them. But if you get some response generated from LLM, you even do not know, what original work you should buy or which author to be grateful to. This is purely parasitic business model.
That is probably the kind of thing that will have to be settled by a new ruling, and examining existing precedents by analogy is really treacherous. E.g. even if they superficially look like they’re the same thing, reciting poetry in general and reciting poetry from a dramatic work are treated very differently by copyright law in many Western countries. Similarly, an artist reciting poetry and distributing a recording of them reciting poetry are treated differently.
With the obvious jurisdiction caveat, where I’m from, assuming that storing copyrighted material in the form of LLM weights would qualify as a breach of copyright law, the debate would revolve around three major issues:
Who (as in which person with agency) included copyrighted material in their work
Who is distributing the work that includes copyrighted material
Did that person claim to own the right to distribute that work, even though it didn’t, and did they make enough information available to the user who asked for a copy so that they can verify if it’s being legally distributed.
If we’re talking about the simple case (user asks the LLM to write him a poem, LLM replies with The Hollow Men), that would mostly point at the LLM creator.
How so? I was under the impression that US legislation also put the onus for copyright compliance on the party that’s distributing the copyrighted material.
A general purpose LLM doesn’t behave like an archive of copyrighted material. It behaves like a general purpose language manipulation machine.
It would thus be analyzed as a new type of work with the possibility of reproducing copyrighted material, not as itself a reproduction of copyrighted material.
assuming that storing copyrighted material in the form of LLM weights would qualify as a breach of copyright law
“Behaves like a general purpose language manipulation machine” is one way to look at it. Another is “behaves like an archive of copyrighted works scrambled with a very long key”.
I’m not describing the latter point specifically because I agree with it, but because it’s the only one where direct precedents exist. The former is definitely a whole other story, indeed.
If I compress a film it’s still the film. If a model can reproduce ingested training data to… I dunno, whatever degree makes my argument work, then is the thing not in there?
Taking a bunch of novels and turning them into an LLM produces something that is not a novel. Add HRLF on top and you’ve got something even less like a novel.
The novel is not a specification for program behavior. It is used as input into a statistical model whose useful properties come from the fact that it is not a novel.
It is a derived work that would not exist without the original one. Whether it „is a novel“ or not, is not much important, however these „models“ actually sometimes vomit parts of the original works. If you do this with Windows source code (it is available on the internet) and copy a method or a block of code from their sources to your program, corporations like Microsoft will send an army of lawyers after you and sue you to death.
AI is not a human being, it is property of someone, it serves its owner, it is a tool like compiler, data convertor or any other software. Analogies like „I learned something from a book and then use that knowledge, so AI can also learn something from a book and use it“ does not apply.
Whether it „is a novel“ or not, is not much important,
Not important to whom? To the US legal system, whether the LLM is the same type of thing as its inputs is an important part of the legal analysis.
however these „models“ actually sometimes vomit parts of the original works.
And that is the strongest case against the LLM companies. But generally speaking, a user would have to knowingly prompt the LLM in a certain way to get more than snippets of copyrighted material. So there is a decent argument to be made that any copyright infringement is by the user requesting a copy of Harry Potter, not by the company that created the LLM.
Analogies like „I learned something from a book and then use that knowledge, so AI can also learn something from a book and use it“ does not apply.
Analogy is one of the primary ways that existing law gets applied to novel situations. Analogy may not matter much in software, but it matters a great deal in law.
To be clear, I’m not arguing about whether making LLMs from copyrighted material without author permission should be legal. I’m just pointing out that under current US legal precedent it probably is.
The conspiratorial tone of the top level comment in this thread really rubs me the wrong way, because the likely legality could already be correctly evaluated without regards to who the actors are in each case.
The “start here” video was very cool. I was surprised / not surprised to learn that this is a Bret Victor project.
I’m annoyed by how the tech seems to be “gatekept”. See Is Realtalk open source. I see some pretty cool computer vision and projection going on, and I want to know how it works. I expect there’s a CPU somewhere running code that was written in the “traditional” manner. There’s image and video, font shaping, 3D rendering, text editing, etc. I’ll be very surprised if that was all implemented de novo on this system.
My suspicion is that the degree to which the system is “fully self-hosted”- and perhaps even the degree to which the system works in demonstrations- is more aspirational than factual, and this is part of why it’s all kept secret. I am likewise irritated by the dichotomy of a system intended for “everyone” that is in practice accessible only to people who live nearby the single physical Dynamicland instance and know the right people to get an invitation. If only some actually open projects could get as much publicity and marketing as Dynamicland’s little digital private beach!
Concerning the first part, your claim that the system is not fully self-hosted, or that it’s just a demo, more aspirational than factual. Please read the 2021 status report:
We rebuilt Realtalk completely, from the ground up. … It’s absolutely amazing … The system is finally 100% objects, in real space. Nothing intangible. No files, directories, githubs, laptops. … Nothing like this has ever been done before. … It actually works. It’s not a demo or prototype or showpiece.
Concerning the second part. For the group to have done the things you fault them for not doing, they would have required more resources. Full documentation, a public space with staff to support visitors off the street? My impression is that the problems of the Dynamicland project have been due to a lack of funding and resources, plus the pandemic, not due to ill will or bad attitude. The pandemic would have been bad for a project that requires bringing together groups of strangers for close collaboration in physical space.
The public space in Oakland was open from 2018 to (March?) 2020, then closed down due to the pandemic. According to the old web site, funding was precarious. According to the old roadmap, in 2022, they were going to roll out Dynamicland to the world, “in the form of new kinds of libraries, museums, classrooms, science labs, arts venues, and businesses.” But that didn’t happen.
Now they’ve pivoted, and are currently focussing on a specific application from the list above: using Realtalk as a tool for scientists. A new location is planned in Berkeley, and it’s a science lab, which suggests that they have a new sponsor and a new source of funding.
Concerning the first part, your claim that the system is not fully self-hosted, or that it’s just a demo, more aspirational than factual. Please read the 2021 status report:
Ok but there’s tangibly no evidence to back this up, right?
According to the old roadmap, in 2022, they were going to roll out Dynamicland to the world, “in the form of new kinds of libraries, museums, classrooms, science labs, arts venues, and businesses.” But that didn’t happen.
While yes, dynamic land consists of a community project and code to make that work in tandem, there are many other similar projects that are open source. Hell, I worked on one a few years back. There’s nothing stopping them open sourcing the code and letting others build off it.
Exactly. A post-it note that says “our system is very real and so cool I can’t even describe it” is just marketing material.
Even if large portions of “the experience” of Dynamicland are written in RealTalk, it’s not magic: there’s some kind of substrate layer that interprets RealTalk, coordinates IO devices, offers graphics primitives like text rendering, and handles the actual persistence of data, running on physical computers with operating systems and filesystems; the bottom of the iceberg that doesn’t fit on a few sheets of paper clipped to a whiteboard. Programmers are rightfully interested in how this substrate works, and if it were open source (real open source, not Victor’s personal redefinition of the term) they could learn about it!
The repeated insistence of Victor and other Dynamicland developers that there is no substrate is extremely counterproductive and makes them seem like hot air salesmen, even if underneath all the puffery and rhetorical games there is real, innovative technology.
I would love to be able to play with parts of Realtalk system as I think that many of Bret’s ideas are exciting, but as you point out there is no real information on how the system actually works…
I’ll be very surprised if that was all implemented de novo on this system.
The web site repeatedly states that Realtalk is entirely self hosted. There is no source code. There is just a bunch of physical objects in a room. Each object is legible to humans using just the 5 senses, without using special equipment. A lot of the “code” is text printed on physical cards or paper.
Another idea that comes up repeatedly in the Dynamicland material I’ve viewed is how illegible Dynamicland is to outsiders, and that it’s particularly illegible to “git-oriented people”. Surely there must be source code in a git repository, and they are just hiding it from us?
I imagine there is a bootstrapping process, making use of a Realtalk “kernel”, written in a low-level dialect of Realtalk that is statically typed and compilable to machine code. There may be a special card that must be used to rebuild the kernel from source and install it, necessitating a reboot of the system.
I wish they weren’t so obscurantist about this. As far as I can tell, the core of the system is a pile of projectors and cameras coordinated with Lua. They really don’t like talking about this, mostly because they see the choice of Lua as immaterial to the higher-level presentation.
On top of this, their system is effectively a Linda-style tuple space. Any “wish” is published to the tuple space, wishes may be monoidally combined by dedicated wish-grooming tasks, and wishes are ultimately consumed by tasks which mutate the outside world.
This gives us a strong hint about why they are so cloistered; tuple spaces aren’t capability-safe, and any attempt to fix it quickly ossifies into languages like Syndicate because they must reach down to the bedrock. Like, rewriting Dynamicland in Syndicate would reveal that each Dynamicland location must instantiate its own local tuple space. It hints at why this isn’t a complete solution for e.g. libraries or other public spaces to extend computation to visitors; Dynamicland effectively has no access control.
Like, rewriting Dynamicland in Syndicate would reveal that each Dynamicland location must instantiate its own local tuple space. It hints at why this isn’t a complete solution for e.g. libraries or other public spaces to extend computation to visitors; Dynamicland effectively has no access control.
They also seem to acknowledge and not really care about access control (by the virtue of not having a concept of users) beyond physical access control.
I’ve been noodling on what a capability-safe Dynamicland-like system might look like for a while now. It seems to me that there are appealing reasons to do so, especially if you wanted to allow people to selectively pull in data from their own personal devices to use in the room. Your personal devices have a lot of personal data, so there’s good reason to be selective here.
I’ve been wondering if Syndicate would be a good foundation for something like that, though I don’t understand it well enough yet to say for sure.
We rebuilt Realtalk completely, from the ground up. … It’s absolutely amazing … The system is finally 100% objects, in real space. Nothing intangible. No files, directories, githubs, laptops. … Nothing like this has ever been done before. … It actually works. It’s not a demo or prototype or showpiece.
I don’t believe them. Like, consider the following statement from the same report:
I haven’t written a program on a laptop in years, I wouldn’t even know where to type it in.
I don’t really think that he’s completely forgotten how to use a shell or a Web browser; he’s being hyperbolic.
I think that RealTalk is compiled to some sort of Piumarta-style self-hosting object system, and that their implementation has been bootstrapped; one of those blurry pages of RealTalk instructions is likely a nasty machine-generated pile of Piumarta-style macros. Sure, it’s not Lua, but it’s spiritually equivalent, although they may have had to give up LuaJIT to self-host. I don’t know how they recover from power outages.
I don’t think that they reinvented any of the components of computer vision, pixel transmission, or image projection; I think that they use some standard stock FLOSS kernel to boot NUCish stock hardware which has stock cameras plugged in over USB/FireWire and stock projectors plugged in over HDMI/DisplayPort. I don’t have it at hand, but I’ve seen hardware manifests and I think they were using Mac Minis at one point.
I can fully agree with you that it’s not Lua and still insist on my second and third paragraphs; it still looks like an ambient tuple space with support for monoids, and that still constrains how we can deploy it. Sorry for being grumpy, but previously, on Lobsters, we explored how Dynamicland is not merely a blurry vision for the future but also a dysfunctional software-engineering project struggling in the present.
The claims that he makes are all plausible, though.
In the new system, Bret Victor no longer needs to use a laptop to do Dynamicland development.
“I haven’t written a program on a laptop in years”.
All of his development is now done using the Dynamicland user interface.
All of the source code he needs to work on is now represented by physical objects,
which is primarily text printed on sheets of paper.
When he says “The system is finally 100% real objects in real space”, I interpret “the system” as being Dynamicland and the dynamicland source code. All the code you edit when you are working on the dynamicland project. I don’t interpret “the system” as including the host operating system that dynamicland is embedded in.
Like, consider the following statement from the same report:
I haven’t written a program on a laptop in years, I wouldn’t even know where to type it in.
I don’t really think that he’s completely forgotten how to use a shell or a Web browser; he’s being hyperbolic.
I don’t see any hyperbole in his statement. He’s talking about writing programs. Using a shell or using a web browser is not the same thing as doing software development.
Yeah, I mostly sympathise with what I’ve read so far. Still, I’m the kind of person who enjoys building the systems that enable people to “to things with objects in the real world”.
So I guess I have to try to build one myself if I want to know how it works :)
In the Olympic womens road race a New Zealand rider lost her place - and that was due to a mechanical failure, and the new bike she was given did not have it’s derailleur battery - while I appreciate the improvements in performance of the wireless derailleurs, I have often thought that these wireless systems would be a security risk. Luckily I race a single speed BMX so this is not a risk for me :~)
Great start.
Have both used FreeBSD and DragonFlyBSD personally.
What frustrated me when arriving to BSD land, is hardware support. I would love for this guide to have a setup goal and to replicate it across the BSDs on a real laptop. Eg.: Install the OS, install NGINX as a service, so it autostarts, install a DesktopEnvironement, Browser and finally access the hello world localhost of NGINX in that browser. This should reveal a lot of BSD specific challenges.
Sorry but what/who is CrowdStrike? I went to their website and it’s like latin to me probably because it’s a B2B product whilst I am a lowly prole. It seems like cybersecurity so I don’t understand how it can bring about BSODs.
Their product is software that monitors everything done on the user computer and reports it to a central system somewhere else. I think the idea is that somebody in the cybersecurity department gets a pretty dashboard which they use to spot unusual activity in real-time.
Because the product has to monitor everything on the user machine, it runs as a kernel driver. And it auto-updates for reasons that are unclear to me. Today’s BSOD seems to be because the kernel driver is trying to apply an update at boot time and failing (and the solution seems to be to go into Window’s recovery mode, find the downloaded update file, and delete it).
I don’t know, but I see it’s marketed as a security product, so probably closer to employee workstation surveillance. The screenshots on their website show it tracking processes trees.
It’s a root/admin level agent that does whatever the central server tells it to do. Run antivirus, log the keystrokes, change the passwords, wipe the disk, gather statistics.
In this case, run a program that BSODs on boot. Bits have no intentions.
I get what you mean but the people selling or buying the bits have intentions. Is the software really as open ended as you say? I was only trying to figure out why the people who pay for it do it.
I don’t know that it even can log keystrokes, although you could maybe get it to through some sort of ‘execute some script’ functionality it may have - I don’t think there’s any native feature like that and it’s certainly not marketed (or used, to my knowledge) for spying on employees.
Lots of companies run Chef or some other equivalent on laptops so the idea that CrowdStrike is somehow unique or particularly marketed towards this is just ridiculous.
It’s primarily used for determining if malware is on your box or for forensic purposes (to see if it was on your box/ how it got there).
The summary someone posted on Mastodon was ‘corporate malware’, which seems to sum it up. Basically, it does all of the things that you’d expect from malware, but reports to your corporate IT overlords instead of an external entity.
CrowdStrike is an endpoint agent that instruments and reports activity on the system so that your administrators can determine if your host is behaving as it should - ensuring it’s patched, detecting malware, getting forensic logs, etc.
It’s obscene to compare this to malware or IT to “corporate overlords” and it’s also wildly inaccurate since malware doesn’t behave the same way at all.
Heh, it behaves exactly like a malware it just has owners that made you sign an ‘I know you’ll put malware on my work machine’ clause in your contract.
It’s a full root kit, it documents everything and can be used to run things on your machine from a command and control box, just like a malware or root kit in the wild. Only difference is the owner.
Not really. Malware doesn’t generally work the way that CB does, at all. And they do radically different things. Malware is almost never going to bother shipping every log on your box off, for example, and if it did it likely wouldn’t do so using the same APIs that CB does. CB, by contrast, isn’t going to keylog or take screenshots, or scrape your browser sessions off disk, etc. You can say they both “collect information” but it seems absurd to leave out that the information collected is completely different.
Malware uses lots of techniques like process hollowing and injection, CB and other security tools almost never do this sort of thing, or they do so in a much more limited scope (injection does happen sometimes, though it’s rare these days). Malware usually sets up all sorts of sneaky persistence mechanisms - CB and other EDR tools typically just register as services, although some may try to do a bit of extra work to avoid an attacker just shutting it down.
Fundamentally they do radically different things and so, as natural consequence, work radically differently.
What CB has in common with a small subset of malware is that it runs with high privileges and, yes, it talks to the network. If “has admin and talks to a network” is what we’re calling identical to malware with the “only difference” being the owner, I think that’s pretty absurd. It also minimizes a pretty major difference - the owner, but I don’t even feel like that’s worth getting into because, again, the software just works pretty differently. Or the fact that users know that the software is running versus users who have no clue they’re being monitored by malware.
Is every kernel module a rootkit? Seems pretty wrong to say so. Is Chef? Is apt? Your definition of being identical to malware is pretty broad.
This mischaracterization is just ridiculous, frankly.
25 years ago when I was working as a sysadmin our anti-virus software would regularly take out all our windows machines when their updates broke windows, it’s one of the reasons I hate anti-virus, and we ended up running the updates an hour later on all machines accept one so that we could stop the update when it broke. Crowdstrike provide anti-virus amongst other services…
I would suggest cloudflared (cloudflare proxy) versus opening a port on your home router and port forwarding.
cloudflare regularly blocks my access to sites, from both home and work, so I am not a fan of cloudflare services…
Cloudflare Tunnel is free and a good solution for those behind CG-NATs or an ISP firewall. It also offers effortless DoS protection.
I will admit, however, that I think it’s slightly “cooler” in some sense to host your site directly from your home, with no assistance from Cloudflare or other giant tech companies, even if you don’t really get much tangible benefit from doing it that way.
(By these standards of course, my personal site is rather lame because it’s just your standard Jekyll + GitHub Pages site.)
Can the cloudflare proxy reach the server without opening a port, etc ?
Ah, I did not read close enough. This thing creates a tunnel: https://github.com/cloudflare/cloudflared
What are the risks of port forwarding and hosting on home network? I get the general risk of giving the public internet direct access to my home devices. But how do people specifically exploit this? It depends on me misconfiguring or not properly locking down the web server, right?
Pretty much, but nobody has ever made an unhackable server. So even if you “properly” configure the server it’s not 100% secure because nothing is.
I did get my router hacked and it had third party malicious software installed on it and it didn’t function until I got the NetGear people to fix it which is why I installed fail2ban vibe has worked so far. But nothing is foolproof.
Let’s assume you forward port 443 to your Pi running Apache. You’re basically exposing the following bits of software to the Internet:
The biggest risk is an RCE in any of those pieces, because you’re truly pwned, but I’d lay pretty long odds against an RCE in the Linux network stack, and I don’t think your average Apache config is at much risk either – these things have both been highly battle-tested. Some sort of denial-of-service exploit is more likely but again, Linux+Apache have powered a huge chunk of the Internet for the last 25+ years. Now, if you write an HTTP server which executes arbitrary shell commands from the body of POST requests and proxy it behind Apache, you have only yourself to blame…
I expose HTTP and a few other services from my home network via port forwarding. I don’t lose sleep over it.
Oh I didn’t know they had a free tier but it looks like they do! I’ll look into it.
Also are you the same whalesalad on HN that gave me the advice on the browser text width?
Nice! I don’t know what it is but there is something really satisfying about hosting your website at home. You can have some fun as well, like getting an LED to blink on every hit to the site.
I do want to do something hardware related because right now I’m under utilising the pi’s hardware abilities, but I feel like I’d have trouble distinguishing real traffic from bot traffic.
I have an interactive pixel grid that syncs to an ePaper in my home on my website: https://www.svenknebel.de/posts/2023/12/2/ (picture, grid it self at the top of the homepage feed)
Very intentionally very low-res so I don’t have to worry about people writing/drawing bad stuff, and its an entirely separate small program, so if someone ever manages to crash it only that part is gone.
there is a neat little project at https://lights.climagic.com/ where you can switch the lights on and off remotely…
I just moved my blog off of EC2 to my Raspberry Pi Kubernetes cluster at home just today. The whole idea behind running it on EC2 was that I figured I would have fewer reliability issues than on my homelab Kubernetes cluster, but the Kubernetes cluster has been remarkably stable (especially for stateless apps) and my EC2 setup was remarkably flaky[^1]. It’s definitely rewarding to run my own services, and it saves me a bunch of time/money to boot.
[^1]: not because of EC2, but because I would misconfigure Linux things, or not properly put my certificates in an EBS volume, or not set the spot instance termination policy properly, or any of a dozen other things–my k8s cluster runs behind cloudflare which takes care of the https stuff for me
I’ve found that chairs don’t need back rests, and we may better off spending less time leaning on chair backs. While WFH I developed sciatica, seemingly from sitting on a soft chair for too long. I didn’t acutely injure it like Hinton did, I think the problem was it was gradually weakened from not being challenged to support itself, until the lack of support put enough pressure on the spine to damage disks and put pressure on nerves.
I was fortunate to be able to reverse it back to normal with a combination of only using a standing desk and core exercises to strengthen my back. But I found that standing for long periods itself was problematic, as I was starting to develop swollen ankles after several hours, and it seemed likely that it’d cause varicose veins with more time.
Rather than stand all the time, I switched to sitting without a chair back (plus standing for shorter periods here and there). I find that sitting without a back support has most of the back benefits of standing, in that your back is supporting itself and maintaining its strength. I now feel like chairs with ergonomic padding/support are basically trying to replicate what your back does by itself when it just holds itself up, and it’s better to have it do that itself, rather than let it relax into an approximation of that position with a back support.
It’s not that chairs are bad, but that our bodies are very good at optimising themselves to being capable of what we demand of them and no more — if we exercise we get fitter, if we don’t we get less fit. Muscles shrink and loose strength without use. So if we spend all our time relaxing our back on a back rest, it’ll naturally become less strong. Spending time standing or not using a chair back is a mild form of exercise that maintains a certain minimum level of strength. You could achieve the same with consistent use of core strength exercises. The key is to consistently challenge your body, so that it has to remain strong enough to withstand the occasional larger challenge, like tripping over or carrying something heavy.
I hear you and I understand the concept of hormesis, but I’m not going to do that while I work. I want to be comfortable working. The advice that I’d give anyone is to get under a barbell, if you want to feel uncomfortable in a useful way.
I second this. Nothing like heavy squats and deadlifts to build a strong and healthy back! It’s also a good medicine against depression (which working alone for long times may aggravate otherwise)
OH “I raise you a chin-up desk”
Helping mental health is a good point!
I don’t know if there’s evidence to back it up, but I’ve found that strength work helped (or at least coincided) with getting rid of some mild RSI I had starting in my mouse wrist many years ago.
AFAIK the theory is that RSI is an overuse/inflammation injury of tiny muscles. By targeting all the muscles with compound exercises you strengthen the entire area, including the smaller muscles. There might also be some sort of effect where the surrounding muscles can provide more support if they’re stronger.
I think one of the less intrusive things for your workday is to have a climbing board or a pull up bar in a location you’re passing through several times a day anyway (hallway/kitchen). I wish I had that at home.
Chin ups or pull ups don’t really strengthen the lower back though. Also, one might not be strong enough for body weight chin ups, which could lead to injury if tried anyway. It can’t be incrementally loaded like a barbell. Yes you can put weight on a belt but it’s less precise due to fluctuations in body weight.
That’s fair. Doing dedicated strength training is a good idea for everyone to maintain bone and muscles as we age.
For people who don’t have the time or inclination to do dedicated exercise, finding a way to incorporate exercise into day-to-day activities like this can help to get some exercise in that would otherwise not happen. I’d just say that it’s only uncomfortable while you adapt to it (as with any moderate exercise). I can now sit all day like this without feeling achey or like I need to slouch.
I sit on a perla gym ball at work, you can see it this picture of my work desk, and I use them for sitting at work - where I don’t have standing desk. This gym ball has rubber udders for feet so it doesn’t roll to far away when you stand up - but as you never sit still on it, it is great for posture and looking after your back.
Looks like a well thought out arrangement you have there! How did you get a ball the right size to put yourself at the right working height? I imagine it’d take a bit of trial and error unless that’s a height-adjustable desk.
that’s the only limiting factor they only come in three sizes - the medium is perfect for me sitting at standard desk that is ~70cm off the floor, the ball has a 65cm diameter, my body weight (~80kg) means that my elbows are pretty close to 90°, but having adjustable desk height would be a perfect solution.
I see, thanks. I suppose the desk height could be manually fine-tuned using some kind of shims under each leg if it was a little off. Or perhaps the pressure in the ball can be adjusted too!
I’ve used OpenBSD as my primary desktop since 2001, but I get Solene’s points, and I would like BlueTooth back again (I don’t have the skills to implement it, and I have enough work arounds that it’s a nice to have…), and over the years I’ve seen crashes, but luckily I’ve not lost any data, and usually I’m back working again quickly, even with an fsck of the ffs. I’ve also never really played computer games, as life is too short as it is, but I have run minecraft servers on OpenBSD and installed many of the games in packages for my kids to play with over the years.
I’ve used OpenBSD on my personal laptops (and work when I can) for the last 7 years at least. Installation, configuration and system related operations are a joy.
But the less then ideal docker through vm’s way of doing docker does stop me from using it for many contracts and in some contexts it can be very slow. I almost never have crashes and I dont remember losing any files, though I always have to do fsck when my battery runs out, and that happens pretty often.
If I move on from OpenBSD, the likely suspects are void linux, guixSD or Genode SculptOS.
apmdhas-zand-Zoptions to automatically suspend or hibernate when your battery is running low.I run @jcs shutdownd on my Laptops and I have a cron job to start it on boot and that has saved me my many times…
Wow, I don’t even remember writing that. I just use
apmd’s-Zoption now to automatically hibernate when the battery is super low, with a script in/etc/apm/hibernatethat tries to warn me with Xdialog.OpenBSD isn’t even really supposed to be a desktop OS. I’d say it’s more like router firmware. I’m always shocked when someone actually implies they do or have been using it as a desktop OS.
And yes, I know there’s going to be someone who insists they also use it. I’ve also seen people try to use Windows XP x64 Edition well into 2014. Trust me, I have seen no shortage of questionable life choices.
The author of this was previously on the OpenBSD development team. OpenBSD devs tend to dogfood their own OS, so of course she would have used it as a desktop.
This isn’t really true. A few porters do huge amounts of work to keep (among other things) KDE and Chromium and Firefox available for OpenBSD users, and not insignificant work goes into making the base system work (more or less) on a decent variety of laptops. It’s less compatible than Linux but for a project with orders of magnitude less in resources than Linux it does pretty good. But I guess we’ve finally reached the Year of the Linux Desktop if we’re now being shocked that someone would have a BSD desktop.
Using a BSD isn’t weird. OpenBSD specifically is a curious choice, though.
Use it if you like it, don’t if you don’t.
I love curious choices though!
I use OpenBSD as desktop OS for the last 10 years.
Good that you tell me that it’s not supposed to be used as Desktop OS. Otherwise, I wouldn’t have noticed!
You jest, but the blog post legitimately contains a massive list of things the author found very useful in Linux that isn’t in OpenBSD.
almost as if different users have different needs
I would say that the vast majority of OpenBSD developers are using it as their primary OS on a desktop or laptop. I am shocked (well not really anymore, but saddened) that developers of other large mature operating systems don’t use it as their primary OS. If you’re not using it every day, how do you find the pain points and make sure it works well for others?
We have reasonably up-to-date packages of the entire Gnome, KDE, Xfce, Mate, and probably other smaller desktop environments. We have very up-to-date packages of Chrome and Firefox that we’ve hardened. The portable parts of Wayland have made (or are making) their way into the ports tree. None of this would be available if there weren’t a bunch of people using it on their desktop.
XXX isn’t really supposed to be YYY.
For your usage, my usage, a supposed general usage or one of my cat’s usage?
Be thankful that enough people made the “questionable life choice” to run Linux as a desktop OS in the 90s.
Why? It comes with an X server, an incredible array of software, both GUI and terminal based applications that I can install. For my needs OpenBSD is a very capable desktop, and more responsive and flexible then the Windows desktop that work gives me.
I have a Glove80 at work which I purchased following an open dislocation fracture of my little finger, and while I like the keyboard, I think the positioning of the six keys for the thumb clusters are too close together. I also need to spend a day configuring my Glove80 and Moonlander so the layouts are closer, so that switching from work to home can go more smoothly.
Even though I’ve had it just over 100 days now, I’m not practising enough to get my typing speed back up to 80 WPM, but my current 60WPM is fast enough for work…
I’ve been a fan of thumb clusters since building my Ergodox, and the Maltron keyboards, which were some of the earliest ergonomic keyboards used to put the letter ‘e’ under the right thumb as it was the most frequent letter in English :~)
A few years back I drafted out an essay called “falsehoods programmers believe about recipes”, which I later scoped down to “FPBA recipe ingredients”, which I later scoped down to “FPBA substitutions in recipe ingredients.” There’s no ceiling to how complicated you can make a recipe model, depending on what you actually want to do with it! Are “chopped carrots” and “grated carrots” the same ingredient? Depends on if you’re looking for a way to use excess grated carrots.
It’s probably for the best that the mainstream recipe schemas only support basic use-cases: search-by-ingredient, presentation, scaling. Doing more than that is a mess of madness.
Generally, recipes benefit from a level of vagueness, and often assume you can be as flexible with substitutions and preparation as much as you personally are willing to tolerate. If you need to go into any more depth than that, then you’re probably programming some kind of machine, and can work off of it’s own limitations rather than human limitations. In other words, defining specifics without an actual target platform is, as you mentioned, a fast track to madness.
My specific use case that inspired the essay was dinner party planning. I had a set of people coming with different dietary restrictions, and I wanted to make sure that every guest had at least one entree and two sides. So I wanted ot be able to do things like query recipes for “vegan”, but also “vegan under substitution”.
Maybe I should get back to that essay, it was pretty fun finding weird edge cases in the wild
This severely depends on the recipe kind. Say, in baking, some components are flexible/allow substitution or removal, while others are absolutely crucial (which might not be obvious for a beginner baker, like, “what if I just omit this 1/4tsp of sodium carbonate, it is such a small amount and not that it has some pleasant taste anyway!”)
I, as a person who learned to cook complicated dishes only in my grown-up years, by books/Internet, and always lacked some basic “cooking intuitions,” am always missing the recipe specifying “what this ingredient actually does here.” Not only related to baking! Say, it was not obvious to me (dumb!) that when the recipe of some Indian-style dish calls for tomato paste while already having tomatoes, it is not to have it more “tomate-y,” but for a particular balance of liquid and sourness.
I toyed for some time with ideas of some semi-structured formats that consider it (the “role” of ingredients and their relation to others, not only their name/quantity), but to no interesting result.
isn’t this the classic computer science dilemma - how do you make your algorithm generic enough to be useful, but also specific enough to get it right for most common cases? and how do you deal with those cases that it doesn’t work for?
I’d say this is more data entry / structure / “massaging” than bona fide algos.
collecting recipes, definitely, but to make sure you can actual make the food using the recipe is another thing, for example when trying make mayonnaise many years ago I discovered by chance that temperature is really important but none of the recipes for mayonnaise mention it - people forget that cooking is chemistry ;~)
Some times standard proliferation is required, both considered options have drawbacks…
Typst looks really interesting, but the lack of features to produce accessible documents is disappointing.
There’s an issue for that with some interesting discussion. Summarizing what I read:
It’s planned. There’s two possible paths to accessibility: tagged PDFs and HTML output. HTML output has the benefit of working very well with screen readers out of the box, and a screen reader user said that HTML is strictly better than any kind of tagged PDF. Tagged PDFs have the advantage that a lot of schools and businesses may use PDFs regardless. There are laws coming into effect requiring school work to be accessible, which could be a major source of Typst adoption if they manage to get the accessibility features ready in time.
https://github.com/typst/typst/issues/133
The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018 came into force on 23 September 2018 here in the United Kingdom, and the European Accessibility Act’s provisions need to implemented by 2025, so from a UK perspective it is already too late, but it would be amazing if Typst did resolve the need to create accessible documents.
I apologise for being a sceptic but I find this hard to believe:
Isn’t this exactly why people go for Ubuntu or Fedora? Also, just recently there was a post https://lobste.rs/s/15zleo/why_laptop_support_why_now_freebsd_s, which pretty much sounded like an acknowledgement that there is a lot to be done in the BSD world to catch up to Linux, not even mentioning Win/macOS.
Having said that, I wish more cloud/VPS providers and tutorial writers look at / focus on / promote OpenBSD because of its excellent security track record.
[This will be ranty, over-simplified and most importantly highly subjective. I have no interest in converting anyone to OpenBSD or any other BSD. Instead I want to add my experiences to this anyways subjective conversation. I hope this gives an idea of what could be meant by the quoted sentence - or how I interpret it. I use Arch Linux most of the time, so I am also not trying to drive you away from Linux or something]
I didn’t interpret this in terms of (just) hardware support. Hardware support isn’t really about “getting in the way” in my opinion. In most situations it’s either there or isn’t there or more generically it works or it doesn’t. Linux clearly has a broader hardware support than Linux - at least when it comes to laptop/desktop systems.
join <network> wpakey <key>. From Networkmanager to wpa_supplicant to all the ways of configuring a dhcp client and weird, buggy UIs for them are a great big mess. If you are lucky and never have any needs it might work. But the configuration tools are still weird and complicated. And if you start having troubles it’s an even bigger mess to debug.I feel like I’m quite experienced. I have been using Linux for two decades. I can program, I will start up strace or a debugger, if I wanna get down to the root cause. But it feels like Linux is a bit how javascript frameworks. There is a working solution that has that one annoyance, but instead of working on improving it a new framework focusing on fixing that annoyance is being created. Everyone is happy… until they notice that the new way basically makes all the stuff that worked well on the previous solution is cumbersome. Then there is back and forth trolling. If you don’t like the new solution you are dumb, etc. The new solution is the future. Then it settles and finally a new version emerges. The mentioned Pulseaudio/Anti Pulseaudio -> Pipewire example is perfect. Now people only have problems with microphones and watching videos.
I wouldn’t conflate FreeBSD and OpenBSD in that regard. FreeBSD has no sndio by default. Even though you can totally switch to it through the ports systems and I’ve done so. It’s pretty amazing that you can do that. I wished there was something like that in Linux land. Anyways, it’s not there per default, also it’s in port, so third party. There is no hostname.if. I think the default way of doing Wifi is the same as on Linux. For graphics cards. I don’t know what the status is today, but OpenBSD over the last decade or so has been quicker at adding for example support for intel graphics. FreeBSD is a bit slower about adding such things somehow. Also slower than DragonFly for example.
I think the reason is that the FreeBSD culture is different. I think there are more OpenBSD users/devs running OpenBSD on their day to day laptop than FreeBSD people running FreeBSD on their day to day laptop. The whole Gaming on OpenBSD community is a good example on this. Arguably FreeBSD is the better gaming OS. Overall better performance, support for WINE (OpenBSD simly doesn’t have that), official NVIDIA drivers, etc. Yet some projects like fnaify (which evidently is now indierunner?) make running Windows games potentially more convenient than using WINE.
The BSDs are often viewed as “OpenBSD for Routers”, “NetBSD for the toaster” and “FreeBSD for everything else”, often overlooking that they aren’t distros, but independent general purpose OSs. And if you look at macOS also being a BSD, do grep -v, look at how they have dtrace, about how the way you run Docker is through xhyve, which is based of FreeBSD’s bhyve, etc. it really is another BSD. But aside from them never being a good gaming platform one wouldn’t consider it to be a bad desktop/laptop OS. Don’t get me wrong though. OpenBSD, NetBSD, FreeBSD are all not great desktop OSs. My argument here is about how “the BSDs” is a strange grouping. Because the main thing they have in common today is maybe name, maybe license preferences. Even they way closer to FreeBSD DragonFly, today has very different properties. They are father apart than let’s say Android and Debian in many regards.
This just works with pipewire. If it doesn’t for you, open an issue with pipewire. They’re very responsive.
Pipewire goes way beyond what’s possible with OSS. While it may not matter much for most people, there’s no other OS right now which comes close to the minimal latency, custom routed connection graph and trivial codec/sampling changes.
FWIW a lot of people who use one of the BSDs now haven’t used Linux too much in a while, so they just haven’t ran into Pipewire much.
If one’s memories about sound on Linux are from around, say, 2010 or so up until Pipewire age, it’s not surprising that they only remember it as a raging dumpsterfire. I think the only thing that worked worse than what Linux had during that decade was sticking two fingers from your left hand in the audio port and then, based on how it tingled, hitting a really thin membrane with a really tiny hammer really really fast with your other hand. The audio quality would’ve been worse, both because of the inefficient actuation mechanism and because of the highly non-linear signal propagation media, but it would’ve been a lot more reliable than PulseAudio up until 2015 or so, and still a lot easier to troubleshoot after that.
That matches my recollection of PulseAudio from that era, especially on laptop audio hardware. On desktops, with careful sound card selection, it wasn’t that awful.
In contrast, I think I only ever used PA on ThinkPads and it worked perfectly. I mean, at the time this was kinda the default hardware, if it was not the current year’s model.
PulseAudio improved a lot after, how do I put it… after maintainership was taken over by more community-minded people. Unfortunately, there are more fundamental things that no amount of actually looking at punctual bugs can fix.
I also used PA on ThinkPad hardware and some of my favourite bugs, which I never managed to troubleshoot conclusively, were:
One source of PA’s many problems was that, for years, it was written and maintained in terms of well, it works on my machine, you must be doing something wrong. So the layer of resilience (maybe a bit of a fancy word for proper locking and basic sanity checks on data structures, hardware input/output state etc., but anyway) and debugging features that ensures a smooth transition from “works on my machine” to “works on everyone’s machine” was worked in gradually, pretty late, and rather unevenly.
So if your machine happened to be just right, you could go through it without a hitch (I had one of those, too, a hand-me-down old Toshiba, of all things). If it didn’t,
apulsehelped for a while, but that was about it.Fun, although the first one sounds like my #1 Discord-on-Windows issue. Sometimes randomly, sometimes after it updates itself everything looks good, but I don’t hear anything because it’s blasting into the nirvana of my screen and I have to manually reset.
Yeah I’m not defending it per se, it’s just apparently been unbroken on Debian and Ubuntu during this time I spoke of, I never really had a large amount of Linux machines with GUI at the same time.
I up-voted this comment, but wanted to add a “me too”. reezer’s experience is exactly my own.
I enjoy trying different operating systems on my home desktop and laptop. I’ve tried all the major ones and some more obscure ones. I make it my everything-OS for a month or a year, to give it a real go.
OpenBSD has always been the “JUST WORKS” one. The simplest, easiest one to recognize or config my hardware/network/sound/video/USB-stuff, etc.
OpenBSD usually seems to do, in a few config lines, what other operating systems do in a much more complicated way.
From a quick glance through the man page it seems that openbsd’s solution though doesn’t have any support for PEAP / MSCHAPv2 / all the enterprise and academic wifi schemes.
I’m curious with the pipewire freezing video thing, never encountered that across Arch Linux, Fedora, Ubuntu, Debian Bookworm on a variety of hardware
I’m using OpenBSD with Eduroam wifi, I needed to install wpa_supplicant, but it works, and was easier to debug that Eduroam on my android phone…
Never used MSCHAPv2. And from what I read Windows 11 also doesn’t support it because nobody should use it. But yeah, there you have to fall back to wpa_supplicant.
Here I am encountering that across various hardware, with various distributions. It’s not all the same though. Different systems, different issues. I much prefer the video freezing over the screen.
OpenBSD has vastly better Wi-Fi support compared to FreeBSD. If your chipset is supported, you get fast speeds and reliable Wi-Fi. And the config is through the superior ifconfig tool.
https://man.openbsd.org/man4/iwx.4
That post described FreeBSD, whereas this thread describes OpenBSD. I understand why people refer to “the BSD world” or similar given that these operating systems have a common ancestry, but the different systems diverged around 30 years ago when they all failed to support anything resembling today’s GPUs and WiFi chipsets.
Today, it’s often unhelpful to talk about “the BSD world”, “the BSDs”, or “*BSD” from a technical perspective although culturally they have some similarity, community overlap, and shared conferences. The different BSD-based operating systems share code, some of which finds its way into Linux, Windows, and MacOS, but they also have their own kernel interfaces, development processes and technical focus.
Note that macOS and iOS are BSDs. The XNU kernel began as a single-server Mach kernel with BSD (back when there was only one BSD) as the server providing the POSIX support. With OS X 10.0, the old BSD code was updated with FreeBSD 4.x and then 5.x code. Things like kqueue came from there. The MAC framework that’s used to implement the iOS and macOS sandboxing abstraction came from the (Apple-funded) TrustedBSD project, which implemented the same code for XNU and FreeBSD. Other things, such as the audio and graphics subsystems, were completely different. The Darwin libc was updated from FreeBSD’s at the same time, but later diverged. The POSIX2008 extended locale APIs originated in Darwin’s libc (as an extension to a GNU extension), for example, and the FreeBSD implementation is independent. Similarly, most of the core command-line utilities were forked from FreeBSD, but grew some nice extensions (such as consistently using
-hand-Hfor binary or decimal units), but didn’t always get improvements from upstream.NetBSD and OpenBSD diverged from FreeBSD further in the past than Darwin, though Darwin has had a lot more full-time engineers working on it and so the divergence is greater.
I’ve only used Thinkpads, but Ubuntu has been awesome on a 2013 X220 and a 2023 E14
I tried OpenSuSE and that was fine too.
Lacking knowledge of Gentoo’s userbase as I do, it’s surprising to me that the design goals listed here even give consideration to running binaries built against a 32-bit time_t after the transition. But I’ve been using OpenBSD a lot, where running packages built on release N after upgrading to release N+1 is somewhere between “unsupported” and “good luck”.
Gentoo does not have fixed releases, and compiles everything from source. “With the update from today, you need to recompile and replace every binary on your system with an ABI-incompatible one” is a tricky requirement in such a case, as is getting the repo into the state where you can do that in one big jump.
I remember when OpenBSD did the switch to 64 bit time in 2013 and they recommended using a snapshot to do the move, as doing the compiling yourself required careful preparation or you would end up with a system you couldn’t boot, or if it did boot you couldn’t login, which is exactly what Gentoo are trying to avoid, but without the luxury of snapshots that OpenBSD has.
Funded by The international Republican Institute - more than a little worrying, though the tech is interesting.
Do you have a source for that? Having trouble finding one.
in the About section on: https://awala.network/
Don’t know how I didn’t see it right on the home page 🤦♂️ thank you
Scraping copyrighted content to then spend the electricity budget of Panama to regurgitate it back to you via LLMs: legal
Carefully curating content such that only one person can borrow it at a time, as libraries have been doing for centuries: illegal
If a techbro can’t make money off the commons, it’s illegal, is what I’m learning.
Intentionally distributing full verbatim copies of copyrighted material when you do not have permission from the copyright owner, illegal.
Transforming vast amounts of copyrighted material into an entirely different new form of technology, (probably) legal. There is a reason that “transformativeness” is one of the fair use tests in US copyright law.
NYT vs OpenAI Exhibit J pdf illustrates a lack of transformation…
It demonstrates that you can prompt the LLM to reproduce (some) texts. Whether that is copyright infringement is debatable. I can ask someone to recite The Hollow Men from memory, but that doesn’t make their memory a violation of copyright.
The question of transformativeness is about whether the LLM itself is sufficiently different from the copyrighted texts in its inputs to be considered a work of fundamentally distinct purpose and value. That’s not the only question at issue, but it’s an important one that clearly comes out in favor of the LLM creators. Google won a major lawsuit on this issue regarding Google Books even though it was a much less transformative use than LLMs are.
Their memory isn’t a violation of copyright, but their reciting The Hollow Men may be (seriously though, 1925, isn’t that thing public domain by now!?)
I imagine this varies with jurisdiction but where I’m from requesting permission from the publisher or the author is a standard requirement in a case like this. You’re free to learn poetry or music by heart but if you’re going to reproduce it verbatim in public, for reasons other than satire, commentary or academic study, you’ve got to ask for permission, no matter how transformative your brain is :-).
Yep. The fact that LLMs can reproduce copyrighted text is the strongest argument against them. But the question is who is responsible for the reproduction, the LLM creator or the LLM user asking for a copy of The Hollow Men. :)
Context: people go to jail if they allow others to use their servers and others use it for sharing warez. Even if the server owner can not see what has been shared, because data are e2e encrypted. Or teenagers went to jail because police found CDs with copies of MS Windows, Photoshop, AutoCAD or some films and music etc. Judge just multiplied the list price by the number of copies found and declared that the amount of damages.
I do not see much reason why (not much) transformed (rather anonymized) LLM should be more legal than a verbatim copy. LLMs are even worse, because they cannibalize the content and give no credit to authors. While verbatim copies, even warez, retain the name of the original author and the publisher. People often buy paper books, optical discs etc. of works that they first find in warez and liked them. But if you get some response generated from LLM, you even do not know, what original work you should buy or which author to be grateful to. This is purely parasitic business model.
That is probably the kind of thing that will have to be settled by a new ruling, and examining existing precedents by analogy is really treacherous. E.g. even if they superficially look like they’re the same thing, reciting poetry in general and reciting poetry from a dramatic work are treated very differently by copyright law in many Western countries. Similarly, an artist reciting poetry and distributing a recording of them reciting poetry are treated differently.
With the obvious jurisdiction caveat, where I’m from, assuming that storing copyrighted material in the form of LLM weights would qualify as a breach of copyright law, the debate would revolve around three major issues:
If we’re talking about the simple case (user asks the LLM to write him a poem, LLM replies with The Hollow Men), that would mostly point at the LLM creator.
You may be right about the jurisdiction you live in. But on balance, US precedent points the other way.
How so? I was under the impression that US legislation also put the onus for copyright compliance on the party that’s distributing the copyrighted material.
A general purpose LLM doesn’t behave like an archive of copyrighted material. It behaves like a general purpose language manipulation machine.
It would thus be analyzed as a new type of work with the possibility of reproducing copyrighted material, not as itself a reproduction of copyrighted material.
Right, but that’s why I qualified it with this:
“Behaves like a general purpose language manipulation machine” is one way to look at it. Another is “behaves like an archive of copyrighted works scrambled with a very long key”.
I’m not describing the latter point specifically because I agree with it, but because it’s the only one where direct precedents exist. The former is definitely a whole other story, indeed.
If I compress a film it’s still the film. If a model can reproduce ingested training data to… I dunno, whatever degree makes my argument work, then is the thing not in there?
Whether “the thing is in there” doesn’t answer the legal questions at stake in this case. See my comment here for more context.
How does training an AI model differ from e.g. compilation of a source code to an executable binary or converting one image format to another?
Taking a bunch of novels and turning them into an LLM produces something that is not a novel. Add HRLF on top and you’ve got something even less like a novel.
The novel is not a specification for program behavior. It is used as input into a statistical model whose useful properties come from the fact that it is not a novel.
It is a derived work that would not exist without the original one. Whether it „is a novel“ or not, is not much important, however these „models“ actually sometimes vomit parts of the original works. If you do this with Windows source code (it is available on the internet) and copy a method or a block of code from their sources to your program, corporations like Microsoft will send an army of lawyers after you and sue you to death.
AI is not a human being, it is property of someone, it serves its owner, it is a tool like compiler, data convertor or any other software. Analogies like „I learned something from a book and then use that knowledge, so AI can also learn something from a book and use it“ does not apply.
Not important to whom? To the US legal system, whether the LLM is the same type of thing as its inputs is an important part of the legal analysis.
And that is the strongest case against the LLM companies. But generally speaking, a user would have to knowingly prompt the LLM in a certain way to get more than snippets of copyrighted material. So there is a decent argument to be made that any copyright infringement is by the user requesting a copy of Harry Potter, not by the company that created the LLM.
Analogy is one of the primary ways that existing law gets applied to novel situations. Analogy may not matter much in software, but it matters a great deal in law.
To be clear, I’m not arguing about whether making LLMs from copyrighted material without author permission should be legal. I’m just pointing out that under current US legal precedent it probably is.
The conspiratorial tone of the top level comment in this thread really rubs me the wrong way, because the likely legality could already be correctly evaluated without regards to who the actors are in each case.
The “start here” video was very cool. I was surprised / not surprised to learn that this is a Bret Victor project.
I’m annoyed by how the tech seems to be “gatekept”. See Is Realtalk open source. I see some pretty cool computer vision and projection going on, and I want to know how it works. I expect there’s a CPU somewhere running code that was written in the “traditional” manner. There’s image and video, font shaping, 3D rendering, text editing, etc. I’ll be very surprised if that was all implemented de novo on this system.
My suspicion is that the degree to which the system is “fully self-hosted”- and perhaps even the degree to which the system works in demonstrations- is more aspirational than factual, and this is part of why it’s all kept secret. I am likewise irritated by the dichotomy of a system intended for “everyone” that is in practice accessible only to people who live nearby the single physical Dynamicland instance and know the right people to get an invitation. If only some actually open projects could get as much publicity and marketing as Dynamicland’s little digital private beach!
Concerning the first part, your claim that the system is not fully self-hosted, or that it’s just a demo, more aspirational than factual. Please read the 2021 status report:
Concerning the second part. For the group to have done the things you fault them for not doing, they would have required more resources. Full documentation, a public space with staff to support visitors off the street? My impression is that the problems of the Dynamicland project have been due to a lack of funding and resources, plus the pandemic, not due to ill will or bad attitude. The pandemic would have been bad for a project that requires bringing together groups of strangers for close collaboration in physical space.
The public space in Oakland was open from 2018 to (March?) 2020, then closed down due to the pandemic. According to the old web site, funding was precarious. According to the old roadmap, in 2022, they were going to roll out Dynamicland to the world, “in the form of new kinds of libraries, museums, classrooms, science labs, arts venues, and businesses.” But that didn’t happen.
Now they’ve pivoted, and are currently focussing on a specific application from the list above: using Realtalk as a tool for scientists. A new location is planned in Berkeley, and it’s a science lab, which suggests that they have a new sponsor and a new source of funding.
Ok but there’s tangibly no evidence to back this up, right?
While yes, dynamic land consists of a community project and code to make that work in tandem, there are many other similar projects that are open source. Hell, I worked on one a few years back. There’s nothing stopping them open sourcing the code and letting others build off it.
Exactly. A post-it note that says “our system is very real and so cool I can’t even describe it” is just marketing material.
Even if large portions of “the experience” of Dynamicland are written in RealTalk, it’s not magic: there’s some kind of substrate layer that interprets RealTalk, coordinates IO devices, offers graphics primitives like text rendering, and handles the actual persistence of data, running on physical computers with operating systems and filesystems; the bottom of the iceberg that doesn’t fit on a few sheets of paper clipped to a whiteboard. Programmers are rightfully interested in how this substrate works, and if it were open source (real open source, not Victor’s personal redefinition of the term) they could learn about it!
The repeated insistence of Victor and other Dynamicland developers that there is no substrate is extremely counterproductive and makes them seem like hot air salesmen, even if underneath all the puffery and rhetorical games there is real, innovative technology.
A better link: https://dynamicland.org/2024/Is_Realtalk_open_source/
Oops. That is the link I wanted. Thanks!
I would love to be able to play with parts of Realtalk system as I think that many of Bret’s ideas are exciting, but as you point out there is no real information on how the system actually works…
The web site repeatedly states that Realtalk is entirely self hosted. There is no source code. There is just a bunch of physical objects in a room. Each object is legible to humans using just the 5 senses, without using special equipment. A lot of the “code” is text printed on physical cards or paper.
Another idea that comes up repeatedly in the Dynamicland material I’ve viewed is how illegible Dynamicland is to outsiders, and that it’s particularly illegible to “git-oriented people”. Surely there must be source code in a git repository, and they are just hiding it from us?
I imagine there is a bootstrapping process, making use of a Realtalk “kernel”, written in a low-level dialect of Realtalk that is statically typed and compilable to machine code. There may be a special card that must be used to rebuild the kernel from source and install it, necessitating a reboot of the system.
I wish they weren’t so obscurantist about this. As far as I can tell, the core of the system is a pile of projectors and cameras coordinated with Lua. They really don’t like talking about this, mostly because they see the choice of Lua as immaterial to the higher-level presentation.
On top of this, their system is effectively a Linda-style tuple space. Any “wish” is published to the tuple space, wishes may be monoidally combined by dedicated wish-grooming tasks, and wishes are ultimately consumed by tasks which mutate the outside world.
This gives us a strong hint about why they are so cloistered; tuple spaces aren’t capability-safe, and any attempt to fix it quickly ossifies into languages like Syndicate because they must reach down to the bedrock. Like, rewriting Dynamicland in Syndicate would reveal that each Dynamicland location must instantiate its own local tuple space. It hints at why this isn’t a complete solution for e.g. libraries or other public spaces to extend computation to visitors; Dynamicland effectively has no access control.
They also seem to acknowledge and not really care about access control (by the virtue of not having a concept of users) beyond physical access control.
I’ve been noodling on what a capability-safe Dynamicland-like system might look like for a while now. It seems to me that there are appealing reasons to do so, especially if you wanted to allow people to selectively pull in data from their own personal devices to use in the room. Your personal devices have a lot of personal data, so there’s good reason to be selective here.
I’ve been wondering if Syndicate would be a good foundation for something like that, though I don’t understand it well enough yet to say for sure.
I found a 2018 reference to Lua being used in Dynamicland. That was the initial prototype.
The 2021 version is implemented entirely in Realtalk, not sure how much of Lua survived into this version.
I don’t believe them. Like, consider the following statement from the same report:
I don’t really think that he’s completely forgotten how to use a shell or a Web browser; he’s being hyperbolic.
I think that RealTalk is compiled to some sort of Piumarta-style self-hosting object system, and that their implementation has been bootstrapped; one of those blurry pages of RealTalk instructions is likely a nasty machine-generated pile of Piumarta-style macros. Sure, it’s not Lua, but it’s spiritually equivalent, although they may have had to give up LuaJIT to self-host. I don’t know how they recover from power outages.
I don’t think that they reinvented any of the components of computer vision, pixel transmission, or image projection; I think that they use some standard stock FLOSS kernel to boot NUCish stock hardware which has stock cameras plugged in over USB/FireWire and stock projectors plugged in over HDMI/DisplayPort. I don’t have it at hand, but I’ve seen hardware manifests and I think they were using Mac Minis at one point.
I can fully agree with you that it’s not Lua and still insist on my second and third paragraphs; it still looks like an ambient tuple space with support for monoids, and that still constrains how we can deploy it. Sorry for being grumpy, but previously, on Lobsters, we explored how Dynamicland is not merely a blurry vision for the future but also a dysfunctional software-engineering project struggling in the present.
The claims that he makes are all plausible, though.
When he says “The system is finally 100% real objects in real space”, I interpret “the system” as being Dynamicland and the dynamicland source code. All the code you edit when you are working on the dynamicland project. I don’t interpret “the system” as including the host operating system that dynamicland is embedded in.
I don’t see any hyperbole in his statement. He’s talking about writing programs. Using a shell or using a web browser is not the same thing as doing software development.
Second link is missing, by the way.
I think they don’t want to emphasize this part; what matters to them is what people (plural) things do with objects in the real world.
Yeah, I mostly sympathise with what I’ve read so far. Still, I’m the kind of person who enjoys building the systems that enable people to “to things with objects in the real world”.
So I guess I have to try to build one myself if I want to know how it works :)
In the Olympic womens road race a New Zealand rider lost her place - and that was due to a mechanical failure, and the new bike she was given did not have it’s derailleur battery - while I appreciate the improvements in performance of the wireless derailleurs, I have often thought that these wireless systems would be a security risk. Luckily I race a single speed BMX so this is not a risk for me :~)
I knew there was a reason I used ksh…
Great start. Have both used FreeBSD and DragonFlyBSD personally.
What frustrated me when arriving to BSD land, is hardware support. I would love for this guide to have a setup goal and to replicate it across the BSDs on a real laptop. Eg.: Install the OS, install NGINX as a service, so it autostarts, install a DesktopEnvironement, Browser and finally access the hello world localhost of NGINX in that browser. This should reveal a lot of BSD specific challenges.
I have always found NYC*BUG dmesg database a good source for working out what hardware works with the *BSDs.
On OpenBSD I usually “Shutdown the box” using:
shutdown -ph now, rather thanhalt -phalt(8) says:
Sorry but what/who is CrowdStrike? I went to their website and it’s like latin to me probably because it’s a B2B product whilst I am a lowly prole. It seems like cybersecurity so I don’t understand how it can bring about BSODs.
Their product is software that monitors everything done on the user computer and reports it to a central system somewhere else. I think the idea is that somebody in the cybersecurity department gets a pretty dashboard which they use to spot unusual activity in real-time.
Because the product has to monitor everything on the user machine, it runs as a kernel driver. And it auto-updates for reasons that are unclear to me. Today’s BSOD seems to be because the kernel driver is trying to apply an update at boot time and failing (and the solution seems to be to go into Window’s recovery mode, find the downloaded update file, and delete it).
Is it meant for tech support (like for having the diagnostic data to fix technical issues) or for employee surveillance?
I don’t know, but I see it’s marketed as a security product, so probably closer to employee workstation surveillance. The screenshots on their website show it tracking processes trees.
Yes.
It’s a root/admin level agent that does whatever the central server tells it to do. Run antivirus, log the keystrokes, change the passwords, wipe the disk, gather statistics.
In this case, run a program that BSODs on boot. Bits have no intentions.
I get what you mean but the people selling or buying the bits have intentions. Is the software really as open ended as you say? I was only trying to figure out why the people who pay for it do it.
I don’t know that it even can log keystrokes, although you could maybe get it to through some sort of ‘execute some script’ functionality it may have - I don’t think there’s any native feature like that and it’s certainly not marketed (or used, to my knowledge) for spying on employees.
Lots of companies run Chef or some other equivalent on laptops so the idea that CrowdStrike is somehow unique or particularly marketed towards this is just ridiculous.
It’s primarily used for determining if malware is on your box or for forensic purposes (to see if it was on your box/ how it got there).
It’s meant for ticking a compliance checkbox that you do endpoint security.
The summary someone posted on Mastodon was ‘corporate malware’, which seems to sum it up. Basically, it does all of the things that you’d expect from malware, but reports to your corporate IT overlords instead of an external entity.
Terrible summary, tbh. Is eBPF “linux malware”?
CrowdStrike is an endpoint agent that instruments and reports activity on the system so that your administrators can determine if your host is behaving as it should - ensuring it’s patched, detecting malware, getting forensic logs, etc.
It’s obscene to compare this to malware or IT to “corporate overlords” and it’s also wildly inaccurate since malware doesn’t behave the same way at all.
Heh, it behaves exactly like a malware it just has owners that made you sign an ‘I know you’ll put malware on my work machine’ clause in your contract.
It’s a full root kit, it documents everything and can be used to run things on your machine from a command and control box, just like a malware or root kit in the wild. Only difference is the owner.
Not really. Malware doesn’t generally work the way that CB does, at all. And they do radically different things. Malware is almost never going to bother shipping every log on your box off, for example, and if it did it likely wouldn’t do so using the same APIs that CB does. CB, by contrast, isn’t going to keylog or take screenshots, or scrape your browser sessions off disk, etc. You can say they both “collect information” but it seems absurd to leave out that the information collected is completely different.
Malware uses lots of techniques like process hollowing and injection, CB and other security tools almost never do this sort of thing, or they do so in a much more limited scope (injection does happen sometimes, though it’s rare these days). Malware usually sets up all sorts of sneaky persistence mechanisms - CB and other EDR tools typically just register as services, although some may try to do a bit of extra work to avoid an attacker just shutting it down.
Fundamentally they do radically different things and so, as natural consequence, work radically differently.
What CB has in common with a small subset of malware is that it runs with high privileges and, yes, it talks to the network. If “has admin and talks to a network” is what we’re calling identical to malware with the “only difference” being the owner, I think that’s pretty absurd. It also minimizes a pretty major difference - the owner, but I don’t even feel like that’s worth getting into because, again, the software just works pretty differently. Or the fact that users know that the software is running versus users who have no clue they’re being monitored by malware.
Is every kernel module a rootkit? Seems pretty wrong to say so. Is Chef? Is apt? Your definition of being identical to malware is pretty broad.
This mischaracterization is just ridiculous, frankly.
Is the machine yours, or is it their machine that they have you use as part of your job?
Not mine, and I don’t have a problem with it either. No expectation of privacy on a work machine. It’s still a full root kit.
25 years ago when I was working as a sysadmin our anti-virus software would regularly take out all our windows machines when their updates broke windows, it’s one of the reasons I hate anti-virus, and we ended up running the updates an hour later on all machines accept one so that we could stop the update when it broke. Crowdstrike provide anti-virus amongst other services…