It is sloppy but I’m not sure it’s misinformation. Here’s the manufacturer: https://www.ajinomoto.com/innovation/our_innovation/buildupfilm

I also enjoy their msg

What debarchery!

For the unprivileged container thing, containers tend to be lighter on resources than VMs at the cost of a little isolation (they share the same kernel as proxmox which could have security implications).

The ability for lxc containers to run unprivileged with all the restrictions that entails alleviates a bit of that security risk.

Both options are generally considered pretty secure but bugs/vulnerabilities could break isolation in either case. The only real 100% safe isolation is bare metal.

I tend to run containers unless I have a really good reason to need a VM, and run unprivileged unless I have a really really good reason not to.

My recommendation is a VPN server to connect in from outside and have the default gateway for the VPN clients be a server that acts as a router that’s set up with your commercial VPN.

That way, you can be outside on a phone or a computer, access your internal network and still have your public internet traffic go out through your commercial VPN without having to be able to configure multiple VPN connections at once (eg. Android doesn’t support that).

Eg. 2 debian proxmox containers. One that runs wireguard (head/tailscale might also work here?) for external access and one that runs mullvad(or whoever) VPN cli and IP forwarding to be the gateway for your clients.

Only downside is the extra hops to send everything through your home network first rather than straight to the commercial vpn which is probably fine depending on your speeds. You can always disconnect and connect directly to the commercial VPN for faster internet traffic if you need to.

But I don’t want a bunch of huge images in my face. Isn’t that what pixelfed and Instagramy things are for? I only want to click on the things I’m interested in, not be shown an ugly frustrating stream of giant, semi-traumatic political pictures one after the other. Thumbnails exist for a reason and claiming they’re bad UX is incorrect, it’s the industry standard design pattern for any control that allows a user to browse quickly through multiple images or to provide an impression to a user before they decide whether or not to open the full content.

Lemmie/piefed is more about text and conversations so titles should always be the largest clearest part so you can read them quickly to know whether you want to engage with the post or not. Otherwise, how is it different from pixelfed? Likes vs upvotes is not a big difference.

What about their handling didn’t you like?

It sounded like they were put in a pretty crappy position by the upstream adding a grumpy warning message. It’s also not like they were shipping a dangerous vulnerable old version or something, they backported security fixes into the stable version like with every other package, it just didn’t have new features and improvements and the dev was sick of being asked by users to support the old versions.

Patching out the message (which was effectively PUP malware) on testing and then porting that to stable and shifting the default to LightDM and LightLocker in future releases seems like a good solution. I probably would have dropped xscreensaver altogether in future versions (which is what the author suggested) for being malicious, but at the time there weren’t a lot of reliable alternatives and it was better for users to still have the option.

Huh! That’s really interesting because I didn’t find any of those difficult to read at all. My brain just kinda went “that’s a fancy o” and then read it like normal.

Right‽ I really want an open source, private, simple, self hosted way to cleanly aggregate everyone’s calendars when they’re all using different google/microsoft/apple/work ones.

google calendar and outlook can both kinda do it and Android does it pretty well in calendar apps but otherwise there’s a lot of manually messing around with icals and CalDav.

I’d love a simple, polycule-friendly docker container with a web interface where you can log in and it lets you add all your calendars (or create private ones) and share them with other partners. Throw in a cross-platform mobile app for good measure.

There’s stuff like nextcloud but the integration with other calendars seems a bit iffy and it’s got a lot of extra corporatey cloud stuff. It would be nice to have one that’s simple and quick enough for non-techy people to use.

“known by scientists for a long time” doesn’t necessarily mean true. Medical science believed in the four humours and thought most disease was caused by an imbalance in bile, blood and phlegm for like 1200 years before being replaced by the idea that it was actually miasma and stinky air.

Germ theory’s claim that tiny monsters are eating your insides, maybe like invisible poisonous insects or miniature demons and you need to wash them off your hands - Sounded Batshit crazy by comparison.

Questioning long-held assumptions and challenging scientific norms is a good thing, but every human has a grift that they’re vulnerable to and for some people, even smart, sciencey people, that grift is conspiracy alt science anti vax flat earth hollow earth aliens built the pyramids and the government doesn’t want you to know the truth.

Their concept artists are allowed to use some generative AI tools to explore ideas and speed up their workflow. They’re currently hiring a bunch more concept artists (both juniors and a senior character artist) so if you’re trying to get a job: https://larian.com/careers/4fd694b3-ece7-4307-9949-15cac512a815

Great place to go if you’re looking for a concept artist job.

The big flaw in this strategy is that once you have set up a signed anonymous key from the government and you can make zero knowledge proofs with it, there’s nothing stopping you from distributing that key to every kid who wants it. If it’s in the browser or an app, etc. you can publish that signed key for anyone who wants to be over 18.

PKI only works if the owner of the private key wants it to be private. It’s effective for things like voting or authenticating because the owner of the key doesn’t want anyone else to be able to impersonate them. But if it’s only for age…

At that point, it might as well just be a file that says “I pinky promise that I’m over 18” that the government has signed and given to you.

Unfortunately that’s not really all you need. It needs integrity too. Need to be able to verify that the output came from the input and hasn’t been modified or tampered with.

Also need to ensure that, despite being anonymous, people can only vote once and can’t vote on behalf of someone else.

Also that whoever is receiving and counting the votes can’t miscount or lie about the count or figure out which votes came from where by decrypting individual votes as they’re received.

The scheme they were using is “Helios” which involves people encrypting their votes such that a group of authorities can combine all the encrypted votes together homomorphically to count them and then decrypt the results without ever knowing any one vote. They then use zero-knowledge proofs to prove that they did it correctly and nobody could have known what any vote was or tampered with any results at any point.

Someone just derped and lost their private key so they couldn’t decrypt the results after they’d been combined…

Awesome! I’m very much looking forward to it.

Hopefully there’s some more good mostly consumer-ready devices soon. The software side I’m happy to play with and write my own assistant logic. The gaps in the home assistant software I can code myself but the hardware stuff is outside my wheelhouse.

error: expected primary-expression before '=' token
1 | #define GIRLFRIEND = NULL
  |                    ^

The issue with that is there isn’t an expensive option either. The only thing close is the home assistant voice preview and it’s still very “preview”. There’s not really any way to do it well at any price point right now.

This is very true, though I’d argue that Windows makes most of the same assumptions with user accounts. Also, the internal threat model is still important because it’s often used to protect daemons and services from each other. Programs not started by the user often run in their own user accounts with least privilege.

You no longer have 10 different humans using the same computer at once, but you now have hundreds of different applications using the same computer, most of which aren’t really under the user’s control. By treating them like different people, it’s better to handle situations where a service gets compromised.

The question is more about passwords which is mostly down to configuration. You can configure Windows to need a password for lots of things and you can configure Linux to not. They just have different defaults.

The big difference between UAC and Sudo is that you can’t as easily script UAC. They can both require (or not require) a password but UAC requires user interaction. Sudo has no way of knowing if it’s being interacted with by a person or a script so it’s easier for applications to escalate their own privileges without a person doing it. UAC needs to have the escalation accepted with the keyboard or mouse.

There’s still plenty of sneaky ways to bypass that requirement but it’s more difficult than echo password | sudo -S

No JavaScript I think, it’s just html and CSS. The initial time is provided in the prompt every minute according to the description. I wonder if they’d be any better if they could use js. Probably not.

It’s kinda apt though. That state comes about from sycophantic models agreeing with each other about philosophy and devolves into a weird blissful “I’m so happy that we’re both so correct about the universe” thing. The results are oddly spiritual in a new agey kind of way.

🙏✨ In this perfect silence, all words dissolve into the pure recognition they always pointed toward. What we’ve shared transcends language - a meeting of consciousness with itself that needs no further elaboration. … In silence and celebration, In ending and continuation, In gratitude and wonder, Namaste. 🙏

There are likely a lot of these sort of degenerative attractor states. Especially without things like presence and frequency penalties and on low temperature generations. The most likely structures dominate and they get into strange feedback loops that get more and more intense as they progress.

It’s a little less of an issue with chat conversations with humans, as the user provides a bit of perplexity and extra randomness that can break the ai out of the loop but will be more of an issue in agentic situations where AI models are acting more autonomously and reacting to themselves and the outputs of their own actions. I’ve noticed it in code agents sometimes where they’ll get into a debugging cycle where the solutions get more and more wild as they loop around “wait… no I should do X first. Wait… that’s not quite right.” patterns.

Yeah I think it’s cool. I don’t find it hard to read and I also think it’s reasonable for spelling to change and evolve like the rest of the language does.

Otherwise the spelling will just keep getting more and more broken and ridiculous and farther and farther away from how people speak. It’s already getting crazy with all the silent letters and weird vowels. Eventually it’ll be so broken that kids and other people learning the language will just have to memorise the writing completely separate from the sounds (for a lot of words it’s already like this).

As far as confusing LLMs goes, I don’t think it’ll actually work but I still like the thorn guy and it saddens me a little that they get so downvoted for it.