Tbf 500ms latency on - IIRC - a loopback network connection in a test environment is a lot. It's not hugely surprising that a curious engineer dug into that.

It is quite terrifying that people think these unoriginal and inaccurate regurgitators of internet knowledge, with no concept of or heuristic for correctness... are somehow an authority on anything.

Don't use Gitea, use Forgejo - it's a hard fork of Gitea after Gitea became a for-profit venture (and started gating their features behind a paywall).

Codeberg has switched to Forgejo as well.

Also, there's some promising progress being made towards ActivityPub federation in Forgejo! Imagine a world where you can comment on issues and send/receive pull requests on other people's projects, all from the comfort of a small homeserver.

This is probably an attempt to save money on storage costs. Expect cloud storage pricing from Google to continue to rise as they reallocate spending towards ML hardware accelerators.

Never been happier to have a proper NAS setup with offsite backup 🙃

Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

My domain admin account got nuked, but presumably they didn't know who had created it. Looked up the school's vendor ("Research Machines Ltd.") and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom's computers.

Also changed the permissions on my home directory so that the school's teachers (who were not domain admins) couldn't view my files, because I felt that this was too invasive at the time.

That last bit got me caught proper, and after a long afternoon in the principal's office I left school systems alone after that for fear of having a black mark on my "permanent record".

This is why self hosted to me means actually running it on my own hardware in a location I have at least some control of physical access.

That said, an ISP could perform the same attack on a server hosted in your home using the HTTP-01 ACME challenge, so really no one is safe.

HSTS+certificate pinning, and monitoring new certificates issued for your domains using Certificate Transparency (crt.sh can be used to view these logs) is probably the only way to catch this kind of thing.

There are some very impressive AI/ML technologies that are already in use as part of existing medical software systems (think: a model that highlights suspicious areas on an MRI, or even suggests differential diagnoses). Further, other models have been built and demonstrated to perform extremely well on sample datasets.

Funnily enough, those systems aren't using language models 🙄

(There is Google's Med-PaLM, but I suspect it wasn't very useful in practice, which is why we haven't heard anything since the original announcement.)

It’s an interesting idea! I think there are many such applications for federation protocols.

A few thoughts/questions:

• Ideally you’ll need a stable identifier for each specific product. Most small online stores I use have product names riddled with typos, so a way to tackle that would be nice.
• What’s the data model? Would each store be an ActivityPub Actor? Like each one would have a username and publish inventory updates?
• Where do these updates go (maybe something akin to a Lemmy “community”)?
• If you’re just relying on stores’ self-reported stock levels, where’s the benefit of using a federated model? Could you just build an open source app that scrapes retailers’ websites and collates that information?
• Is the eventual goal that this competes with Amazon et al? I.e. it becomes an actual marketplace, perhaps with a “buy” and “sell” Action, and where vendors’ instances are effectively web stores?

I know of at least one other case in my social network where GPT-4 identified a gas bubble in someone's large bowel as "likely to be an aggressive malignancy." Leading to said person fully expecting they'd be dead by July, when in fact they were perfectly healthy.

These things are not ready for primetime, and certainly not capable of doing the stuff that most people think they are.

The misinformation is causing real harm.

Yeah, this is actually a pretty great application for AI. It's local, privacy-preserving and genuinely useful for an underserved demographic.

One of the most wholesome and actually useful applications for LLMs/CLIP that I've seen.

Zsh is a nice balance of modern features and backwards compatibility with bash.

Maybe I'm being stupid, but how does this service actually determine suspicious-ness of instances?

If I self-host an instance, what are my chances of getting listed on here and then unilaterally blocked simply because I have a low active user count or something?

Idk… in theory they probably don’t need to store a full copy of the page for indexing, and could move to a more data-efficient format if they do. Also, not serving it means they don’t need to replicate the data to as many serving regions.

But I’m just speculating here. Don’t know how the indexing/crawling process works at Google’s scale.

I don't think it's necessarily a bad thing that an AI got it wrong.

I think the bigger issue is why the AI model got it wrong. It got the diagnosis wrong because it is a language model and is fundamentally not fit for use as a diagnostic tool. Not even a screening/aid tool for physicians.

There are AI tools designed for medical diagnoses, and those are indeed a major value-add for patients and physicians.

Did they ever satisfactorily resolve that issue, or did the media just stop covering it as aggressively? Last I heard they were trying to add solar shields to the satellites to reduce their albedo.

(6.9-4.2)/(2024-2018) = 0.45 "version increments" per year.

4.2/(2018-1991) = 0.15 "version increments" per year.

So, the pace of version increases in the past 6 years has been around triple the average from the previous 27 years, since Linux' first release.

I guess I can see why 6.9 would seem pretty dramatic for long-time Linux users.

I wonder whether development has actually accelerated, or if this is just a change in the approach to the release/versioning process.

Yeah bro but eXpOnEnTiAl ImProVeMeNt bro!

And haven’t you heard of Roko’s basilisk? Better be careful what you say on the cybernets, lest our AGI/ASI overlords of 2026 take a disliking to your commentary regarding their eventual supremacy!

Excuse me while I go back to mining Dogecoin until I can buy enough NFTs to make Elon or Sam Altman notice me.

/s

I saw a job posting for Senior Software Engineer position at a large tech company (not Big Tech, but high profile and widely known) which required candidates to have “an excellent academic track record, including in high school.” A lot of these requirements feel deliberately arbitrary, and like an effort to thin the herd rather than filter for good candidates.

Moon is such a fantastic film in its own right. Absolutely shook me when I saw it the first time.

Crostini is an official feature built by Google that allows you to run Linux on a tightly integrated hypervisor inside Chrome OS. You keep a lot of Chrome OS’ security benefits while getting a Linux machine to play with.

That said, no, it’s not illegal to install a different operating system on your Chromebook hardware. They are just PCs, under the hood. You might lose some hardware security features though, e.g. the capabilities provided by integration of the Titan silicon.

If you had a job at Google, corporate IT would definitely not be happy if you wiped the company-managed OS and installed an unmanaged Linux distro :)

Transmission with OpenVPN, using the haugene/transmission-openvpn Docker image.

I mostly torrent via API using Sonarr and Radarr.

“Why?”

Power management is going to be a huge emerging issue with the deployment of transformer model inference to the edge.

I foresee some backpedaling from this idea that "one model can do everything". LLMs have their place, but sometimes a good old LSTM or CNN is a better choice.

Exactly. So the organisations creating and serving these models need to be clearer about the fact that they're not general purpose intelligence, and are in fact contextual language generators.

I've seen demos of the models used as actual diagnostic aids, and they're not LLMs (plus require a doctor to verify the result).

Surprised I had to scroll this far down to see this!

Are CloudFlare, Amazon or Microsoft any better? Google at least take security (if not privacy) very seriously.

In general it seems bad to have any huge profit-driven organisation exercising significant control over open standards, but I do think that Google is lesser than many of the other evils.

From here:

• SAML
• Branch protection for organizations
• Dependency scanning (yes, there are other tools for this, but it's still a feature the open source version doesn't get).
• Additional security controls for users (IP allowlisting, mandatory MFA)
• Audit logging

Yeah, like shake-to-undo. I was dumbfounded when I discovered that the ability to undo was not implemented on Android.

Sonarr + Radarr + Transmission-OpenVPN + Ombi + Plex.

For the past ~5 years or so, I’ve had the choice of a polished web UI to pirate any movie or TV show on demand. Up until the past few months, I have still paid for:

• Netflix
• Amazon Prime
• Apple TV+ (as part of Apple One)
• Disney+
• YouTube Premium

… because their products and recommendation engines were more user-friendly for my family and I. Since the pattern of price gouging in the last 6-12 months, I now subscribe to:

• Netflix (cancelling this imminently)
• Apple Music (Apple One cancelled)

I hope the shameless cash grabs result in a mass exodus of users and really hurt these platforms.

Most of those things are deliberate restrictions on Apple's part, rather than technical ones (it is really shitty though).

Songs and albums that I’ve uploaded from my own collection have disappeared from Apple Music, despite my physically owning them on CD and Apple advertising the ability to store my CD rips in the cloud.

It’s unacceptable. I’m still on Apple Music for now, but moving my music library to Jellyfin looks more appealing by the day.

If you include ChromeOS that's very likely.

Sonarr and Radarr with Ombi for requests if desired. Transmission + OpenVPN for the download side.

Or you could manually rip DVDs/Blu Rays if you can still get ahold of them for the stuff you want to watch.

Ohh, my bad! I thought the person you were replying to was asking about Gitea. Yeah, Forgejo seems truly free and also looks like it has a strong governance structure that is likely to keep things that way.

This sadly isn't true anymore - they now have Gitea Enterprise, which contains additional features not available in the open source version.

I would’ve been delighted to receive a managed Ethernet switch as a kid! I hope it came with some useful SFP modules and a USB serial adapter 😜

Agreed, and it could definitely make such an assumption. The other aspect that I don’t really get is… if a superintelligent entity were to eventuate, why would it care?

We’re going to be nothing but bugs to it. It’s not likely to be of any consequence to that entity whether or not I expected/want it to exist.

The anthropomorphising going on with the AI hype is just crazy.

The reddest of red flags.

Open source vulnerabilities typically stem from poorly written code

Yeah, because paid programmers never write bad closed-source code…

Ideally you want something that gracefully degrades.

So, my media library is hosted by Plex/Jellyfin and a bunch of complex firewall and reverse proxy stuff... And it's replicated using Syncthing. But at the end of the day it's on an external HDD that they can plug into a regular old laptop and browse on pretty much any OS.

Same story for old family photos (Photoprism, indexing a directory tree on a Synology NAS) and regular files (mostly just direct SMB mounts on the same NAS).

Backups are a bit more complex, but I also have fairly detailed disaster recovery plans that explain how to decrypt/restore backups and access admin functions, if I'm not available (in the grim scenario, dead - but also maybe just overseas or otherwise indisposed) when something bad happens.

Aside from that, I always make sure that all of all the selfhosting stuff in my family home is entirely separate from the network infra. No DNS, DHCP or anything else ever runs on my hosting infra.

IIRC DuckDuckGo wasn't a fan of the Australian media bargaining bill either. I suspect they will also deindex news sites in Canada should amendments not be made.

I haven't seen the Canadian one and this is honestly the first I've heard of it, but the idea that a referrer has to pay a news website for directing traffic to them is ludicrous to me.