phase_change

@phase_change@sh.itjust.works
5 Post – 27 Comments
Joined 1 years ago

Except it’s not that they are finding the expansion rate is different in some directions. Instead they have two completely different ways of calculating the rate of expansion. One uses the cosmic microwave background radiation left over from the Big Bang. The other uses Cepheid stars.

The problem is that the Cepheid calculation is much higher than the CMB one. Both show the universe is expanding, but both give radically different number for that rate of expansion.

So, it’s not that the expansion’s not spherical. It’s that we fundamentally don’t understand something to be able to nail down what that expansion rate is.

5 more...

As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.

This poll tracking is showing Harris barely ahead on national polls. This millennium, Republicans have won the presidency in 2000, 2004, and 2016.

In 2000 and 2016, the Democratic candidate won the popular vote.

Winning the popular vote doesn’t mean shit. The electoral college is what matters.

That same NYT poll link lists 9 tossup states: Wisconsin, Michigan, Pennsylvania, Arizona, Georgia, Minnesota, North Carolina, Nevada, and Virginia.

You’ll notice all but the first three are in alphabetical order. That’s because all but the first three don’t have enough polling to make a prediction. Of those first three: a statistical tie in Wisconsin and Michigan with a Trump lead in Pennsylvania.

If you include Kennedy, Harris is ahead by 1% in Wisconsin and Pennsylvania but still tied in Michigan.

National polling trends are going in the direction I want, but they really don’t matter.

I write this from a state whose electoral college votes have never gone for a Democrat in my lifetime and won’t ever before my death. I’ll be voting for Harris, but that vote is one of those national votes that won’t actually help my preferred candidate.

The only way I can help is via monetary donation.

And if you’re a Harris voter in a solidly blue state, your vote means as much fuck all as mine does. Yes, it actually makes it to the electoral college, but, like mine, that’s a forgone conclusion. You should be donating money too and hoping it’s used wisely to affect those swing states.

3 more...

Under the CMB method, it sounds like the calculation gives the same expansion rate everywhere. Under the Cepheid method, they get a different expansion rate, but it’s the same in every direction. Apparently, this isn’t the first time it’s been seen. What’s new here is that they did the calculation for 1000 Cepheid variable stars. So, they’ve confirmed an already known discrepancy isn’t down to something weird on the few they’ve looked at in the past.

So, the conflict here is likely down to our understanding of ether the CMB or Cepheid variables.

I believe you are correct. Any paying Red Hat customer consuming GPL code has the right to redistribute that code. What Red Hat seems to be suggesting is that if you exercise that right, they’ll cut you as a customer, and thus you no longer have access to bug fixes going forward.

I suspect it’s legal under the GPL. I’m certain it violates the spirit of the GPL.

Me too, but I’d put Usenet in there before Slashdot.

1 more...

Because most people aren’t technical enough to understand there are alternatives, particularly if those alternatives involve removing a scary label telling you not to.

Upvotes and downvotes.

Right now, I can browse by New on my subscribed communities and see every post since the last time I did that.

I can view or re-view posts and read every response. If the responses are legion, I can play with hot/top and get the meat of the discussion.

Did you notice that last sentence? On the few posts where there are too many responses to view all, I’ll try to get at those that are relevant.

If the Lemmy community grows large enough, I’ll need to do the same for posts. I will no longer be able to regularly view by new and have time to see everything.

So, I’ll need to rely on some sorting method to make certain I see relevant stuff.

Someone with millions of bots that never post have millions of upvotes and downvotes to influence the score used by the sorting algorithm that I’ll use to decide what to read.

And the article content posted is just an excerpt. The rest of the article focuses on how AI can improve the efficiency of workers, not replace them.

Ideally, you’ve got a learned individual using AI to process data more efficiently, but one that is smart enough to ignore or toss out the crap and knows to carefully review that output with a critical eye. I suspect the reality is that most of those individuals using AI will just pass it along uncritically.

I’m less worried about employees scared of AI and more worried about employees and employers embracing AI without any skepticism.

Does the GPL cover having to give redistribution rights to the exact same code used to replicate a certain build of a product?

It does, and very explicitly and intentionally. What it doesn’t say is that you have to make that source code available publically, just that you have to make it available to those you give or sell the binary to.

What Red Hat is doing is saying you have the full right to the code, and you have the right to redistribute the code. However, if you exercise that right, we’ll pull your license to our binaries and you lose access to code fixes.

That’s probably legal under the GPL, though smarter people than me are arguing it isn’t. However, if those writing GPLv2 had thought of this type of attack at the time, I suspect it wouldn’t be legal under the GPL.

Yeah, runaway global warming might not happen. Plant monocultures would begin to disappear. New invasive species wouldn’t happen, though existing ones might have a better time for a bit. Major thoroughfares wouldn’t create barriers to migration. Dams might take centuries to collapse, but I think humans going extinct might have one of the biggest impacts.

I’ll agree and go one further: the idea of wanting to recreate Reddit is bad.

Most of us left Reddit because of the API crap, but I suspect most of us have not been as happy with the Reddit experience as we once were. The more you recreate a system that’s close to Reddit, the more you make it easier for influence campaigns, spam bots, and disruptive trolls to operate.

Federation, with separate but similar communities, makes it tougher for a massive bot operator to run a monolithic influence campaign. My hope is the design of the fediverse helps to defend against these types of attacks. My fear is the inexperience of server operators with these types of coordinated attacks makes it difficult.

2 more...

The person isn’t talking about automating being difficult for a hosted website. They’re talking about a third party system that doesn’t give you an easy way to automate, just a web gui for uploading a cert. For example, our WAP interface or our on-premise ERP don’t offer a way to automate. Sure, we could probably create code to automate it and run the risk it breaks after a vendor update. It’s easier to pay for a 12 month cert and do it manually.

Kids these days with their containers and their pipelines and their devops. Back in my day…

Don’t get me started about the internal devs at work. You’ve already got me triggered.

And, I can just imagine the posts they’re making about how the internal IT slows them down and causes issues with the development cycle.

I am not a lawyer, but I have been a follower of FLOSS projects for a long time.

Me too. I know what I’m suggesting is functionally impossible. I’m wondering if it could be done in compliance with the GPL.

All of those contributors have done so using language that says GPLv2 or higher. Specifically says you can modify or redistribute under GPLv2 or later versions. So nothing stops the Linux Foundation from asking new contributors to contribute under the GPLv4 and then releasing the combined work of the new kernel under GPLv4.

The old code would still be available under the GPLv2, but I suspect subsequent releases could be released under a later version and still comply with original contributions.

Again, I know it won’t happen, just like I believe Red Hat’s behavior is within the rules of the GPL. I’d love to hear arguments as to how Red Hat is violating the GPL or reasons why the kernel couldn’t be released under GPLv3 or higher.

I suspect what Red Hat is doing is compatible with GPLv2, which is how the Linux kernel is licensed. I’m certain what they are doing is inimical to the Intent of GPLv2.

That raises some questions and possibilities. It looks like the Linux kernel still has the GPLv2 or later clause, despite not moving to GPLv3. See https://www.kernel.org/doc/html/v4.18/process/license-rules.html

How possible is it to create a GPLv4 that addresses this? Building a new license that does shouldn’t be difficult. However, I’d assume the Linux kernel isn’t released under a GPLv3 or later because of some objections with those changes. I’d imagine creating a GPLv4 that addresses the Red Hat issue but leaves out the changes in GPLv3 is likely a non-starter because those that have chosen a GPLv3 or later license will object.

Given the thousands of contributors to the Linux kernel, is an upgrade to a GPL version higher than v2 even possible? I’ve got no idea, but I’m curious of any insights.

1 more...

But aren’t thumbnails local?

Yep. I’ve hosted my own mail server since the early oughts. One additional hurdle I’d add to you list is rDNS. If you can’t get that set up, you’ll have a hard time reaching many mail servers. Besides port blocking, that’s one of the many reason it’s a non-starter on consumer ISP.

I actually started on a static ISDN line when rDNS wasn’t an issue for running a mail server. Moved to business class dsl, and Ameritech actually delegated rDNS to me for my /29. When I moved to Comcast business, they wouldn’t delegate the rDNS for the IPv4. They did create rDNS entries for me, and they did delegate the rDNS for the IPv6 block. Though the way they deal with the /56 IPv6 block means only the first /64 is useable for rDNS.

But, everything you list has been things I’ve needed to deal with over the years.

Thanks. Very interesting. I’m not sure I see such a stark contrast pre/post 9-11. However, the idea that the US public’s approach to the post-9-11 conflict would have an influence makes sense and isn’t something I’d ever have considered on my own.

That’s my hope. Still from where I live I can only hope my specie contributions are used to affect that.

Part of what prompted my question is that I doubt I have the correct worldview because I believe I’m influenced.

Hardly surprising. Any popular app is going to have enough users that it doesn’t make economic sense to stay. A niche app that’s halfway decent will soon have enough users they’ll need to fold to.

The South. Just below Indiana, the middle finger of the South. And I say this as a Hoosier for much of my life.

I migrated to Reddit after Digg imploded. Here’s a few things I think were better.

Feeds weren’t filled with meme posts. Comments weren’t filled with quick one-liners to get upvotes. Back then, there was much more substantive commentary.

Now, over the years, I’ve subscribed to subreddits that contained the type of content I wanted, plus the default subreddits I was subscribed to as a new user back then are much different than today. Open Reddit using a different browser or a private browser window, so that you’re not logged in. How does that compare to your experience of 12 years ago?

Honestly, much of the things I don’t like are because of large entities wanting to influence social media. That same thing will happen (likely is already happening) to the fediverse. I just hope the distributed nature makes it more difficult.

Thanks. Based on some of the other answers, particularly in https://sh.itjust.works/comment/12511, I know understand better.

I appreciate everyone helping to explain some pretty basic questions in such detail.

Perfect! Thanks.

My concern is less the VM hosting the docker instance getting compromised but that Lemmy has an exploit and the Lemmy instance getting compromised. I’m quite certain that Lemmy is getting a closer look by the bad guys. You’ve had hundreds of instances spun up in a week, most that have done nothing more than follow an online example of how to spin up a Lemmy instance.

And, I was under the impression that the container and thus the logs were cleared when restarting or redeploying docker. If I’m wrong, I’m horribly embarrassed and will point at that “old school” in the title. I’ll also be doing some testing.

1 more...