• 6 Posts
  • 582 Comments
Joined 2 years ago
cake
Cake day: August 4th, 2023

help-circle





  • I have a vivid memory of staying home sick from school and watching daytime educational programming on PBS. There was a (dry, low-budget, old) math show for kids on. They had a “skit” where a couple of teenagers went and got replacement tires for their car. They came in with a set of numbers that I assume had to do with the tire measurements. (Maybe hub diameter, hub thickness, and tire outer diameter.) They found tires that matched on two of those numbers, but the guy was impatient and said it had to be basically the same because it matched on two parameters. Then in the next scene, the same teens were driving the car with brand new tires and they got pulled over for speeding. The driver was sure the speedometer said he wasn’t speeding, but the new outer tire diameter changed the calculation, meaning the speedometer read lower than they were actually going.

    This is the first time in my life the memory of that show has ever come in handy.





  • I don’t know where you got the idea that the key fob doesn’t transmit a signal when at rest. If you’re talking about keyless ignition with the button on the car (not remote start via key fob) the key fob transmits a response when it gets a request from the car.

    The bad guys have a clever trick, though. They put one guy in your car and one guy next to you. The guy at the car hits the ignition button transmits the signal to the other guy, who transmits it to your fob. The second guy then transmits the response from your fob back to the guy in the car, who then sends it to the car. As far as your car knows, the fob is in the car. So it starts. A Faraday cage can protect against this.






  • I… doubt it?

    I took the liberty of looking in the developer tools as it failed, and there was a 500 response. The connection to Hulu’s servers was all over HTTPS and I didn’t get any certificate warning, so unless my ISP managed to get Hulu’s private key or got with a corrupt registrar willing to issue a valid replacement certificate, no ISP should be able to change response codes on a man-in-the-middle basis or a redirecting-traffic-to-a-hostile-server basis.

    And given how many people have reported issues, I doubt it’s specific to any particular ISPs.

    Net neutrality being dead is a huge bummer, but I don’t think this can be blamed on that.



  • I don’t disagree with anything you’re saying here. Yes, even though the pro-Trump folks don’t comprise a majority of Americans, it’s exceedingly concerning that they’re as close to 50% of the U.S. population as they are. I don’t think I said otherwise, though. I also didn’t say anything about whether the anti-Trump majority (if indeed it is a majority) is/isn’t/was/wasn’t/should be/shouldn’t be “silent.”

    Were the anti-Trump folks really “silent” before the election? Was there something they weren’t saying that they should have? 'Cuz it’s not like there wasn’t anybody campaigning against him.


  • the majority of people voted for him

    Eh… That’s not quite accurate. Current estimates are that 77,301,997 people voted for Trump, which is less than 50% of the 155,211,283 total votes cast. (But Kamala, the second-most-voted-for candidate got less than that at 75,017,626.)

    But only about 64% of those eligible to vote voted.

    So, not even half of those who did vote in the 2024 presidential election voted for Trump, let alone those who were eligible to voted, let alone all “people” in the U.S… But the ones who voted for Trump comprised many more than the number of people who voted for any other candidate.

    Sources: one and two.


  • American here.

    First, you’re right. About basically all of what you said above.

    I think you particularly hit the nail on the head with this:

    I’m always thinking “dude, you need to chill” cause literally no one is attacking them and they’re fully secure. But it seems like they’re always searching for a fight or something.

    The media here, funded by the big corporations, manufacture tons of FUD (“fear, uncertainty, and doubt.”) Things to be scared of. “They’re putting chemicals in the water that’s turning the frogs” (and by extension, your kids) “gay.” “The ‘woke mafia’ is trying to convert your kids to atheism.” “The Democrats are going to take your guns so they can install a totalitarian one world government without any resistance.” Most of it’s not true at all. Some has a nugget of truth but it’s not actually any threat.

    I will say the Republicans are worse about this than the Democrats (the Democrats’ concerns are more legitimate than the Republicans’), but the Democrats are far from immune. Both are living in fantasy worlds.

    …until something very bad happens like the second civil war…

    Indeed there’s plenty of rhetoric out there pushing the idea that the U.S. is in a civil war. Between the woke antifa (short for “antifascist”) and the fascist conspiracy theorists.


  • Does it really do any good for the drive to be encrypted if it doesn’t require a password (or Yubikey or retinal scan or other authentication factor) on boot? If you’re just going to put the plaintext key/password on the same drive but in a partition that’s not encrypted, there’s no point encrypting the drive, right?

    So maybe “it asks for a password on boot” is more of a “works as intended” thing?

    How will I access the encrypted devices after installation? (System Startup) During system startup you will be presented with a passphrase prompt. …

    The quote above is from Fedora documentation here

    This is your root FS that’s encrypted that we’re talking about, correct?

    If you really want an encrypted root but no password on boot and the plaintext decryption password/key on the same drive, there are ways to do it. (It would probably require customizing the initramfs somehow. But it’s Linux, and Linux certainly isn’t going to prevent you from doing such things. Just try to dissuade you.)

    If we’re not talking about a root filesystem, that would likely change some things. If it’s Luks, I’m pretty sure it wouldn’t matter particularly where on your filesystem the key was so long as your /etc/crypttab refers to it. I’d say that sort of setup would probably only provide additional security if the encrypted drive is an external drive that you might worry could be stolen or physically accessed when the attacker doesn’t have physical access to your root filesystem.

    Also, if you shared what encryption scheme was in use (Luks, Anaconda, etc), that would probably help as well.

    Edit: Ah. Ok. You gave more info while I was typing the above response. What you want is unlocking via ssh. For sure.


  • TootSweet@lemmy.worldtoOpen Source@lemmy.mlIf we had libre AI
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    29 days ago

    The GPL family of licenses was designed to cover code specifically. AI engines are code and are covered in most jurisdictions by copyright. (Disclaimer: I know a lot less about international intellectual property law than about U.S. intellectual property law. But I’m pretty confident what I’ll say here is at least true of the U.S…) But you don’t really have a functional generative AI system without weights. And it’s not clear that weights are covered by any particular branch of intellectual property in any particular jurisdiction. (And if they are, it’s not clear that the legal entity who trained the engine owns those rights on those weights rather than the rights holders who hold rights to the materials being used as training data.) It’s the weights that would make for any biases or purposefully nefarious output. Nothing that isn’t covered by intellectually property can meaningfully be said to be “licensed”, really. Under the AGPLv3 or any other license. To speak of something not covered by any intellectual (or non-intellectual, I suppose) property as “licensed” is just kindof nonsensical.

    Like, since Einstein’s General Relativity isn’t covered by any intellectual property, it’s not possible for General Relativity to be “licensed”. Similarly, unless some law is passed making LLM weights covered by, say, copyright law, one can’t speak of those weights being “licensed”.

    By the way, there are several high-profile cases of companies like Meta releasing LLMs that you can run locally and calling them “Open Source” when there’s nothing “Open Source” about them. As in, they don’t distribute the source code of LLaMa at all. That’s exactly the opposite of “Open Source” and the weights aren’t code and can’t really be said to be “Open Source”. More info here.

    Now, all that said, I don’t think there’s actually any inherent benefit to LLMs, AGPLv3 or otherwise, so I don’t have any interest even in AGPLv3 engines. But I’m all for more software being licensed AGPLv3. I just don’t think AGPLv3 is a concept that applies to any portion of LLMs aside from the engine.