Kata1yst

Kata1yst , 24 days ago

I like looking at butts more than heart shapes anyway.

Kata1yst , 24 days ago

Nah. Derision, public shaming, and ostracism are fundamental to the maintenance of the social contract. How else can we moderate extremists? The denazification of Germany was effective because they didn't shy away from these methods.

Kata1yst , 26 days ago

And why they dismantle the systems they're tasked with protecting the moment they can.

Kata1yst , 28 days ago

Over the years of using Vim both professionally and for my own uses, I've learned to just install LunarVim and only add a handful of packages/overrides. Otherwise I just waste too much time tinkering and not doing the things I need to.

Kata1yst , 28 days ago

Most debt actually can't be inherited, instead debt collectors get first dibs on inheritance assets until they're made whole or the estate runs out of assets, whichever comes first.

That doesn't mean that debt collectors won't try to convince family members to pay. Just tell them where they can shove it.

Kata1yst , 1 month ago

I know several large companies looking to Microsoft, Xen, and Proxmox. Though the smart ones are more interested in the open source solutions to avoid future rug-pulls.

Kata1yst , 1 month ago

Yes...? All are except Microsoft, which is why most companies I work with aren't looking that way.

Kata1yst , 1 month ago

2009 era was also when Intel leveraged their position in the compiler market to cripple all non-Intel processors. Nearly every benchmarking tool used that complier and put an enormous handicap on AMD processors by locking them to either no SSE or, later, back to SSE2.

My friends all thought I was crazy for buying AMD, but accusations had started circulating about the complier heavily favoring Intel at least as early as 2005, and they were finally ordered to stop in 2010 by the FTC... Though of course they have been caught cheating in several other ways since.

Everyone has this picture in their heads of AMD being the scrappy underdog and Intel being the professional choice, but Intel hasn't really worn the crown since the release of Athlon. Except during Bulldozer/Piledriver, but who can blame AMD for trying something crazy after 10 years of frustration?

Kata1yst , 1 month ago (edited 1 month ago)

Nope! And most hydrogen is fossil fuel (methane) derived and horribly energy inefficient. At this point it's green washing at best.

Edit: adding data:
Steam-Methane Reforming (SMR) accounts for about 95% of all hydrogen production on earth. It uses a huge amount of heat, water, and methane to produce hydrogen.

https://en.m.wikipedia.org/wiki/File:SMR%2BWGS-1.png

For inputs:

• 6.2MWh of Heat
• 2.2 tons of Methane
• 4.9 tons of pure water

The outputs are:

• 6 tons of CO2
• 1.1 tons of H2

The overall energy in vs energy out is at most 85% efficient. https://www.sciencedirect.com/science/article/abs/pii/S0016236122001867

Hydrolysis, the main competing method, and the one most touted by hydrogen backers, accounts for about 4% of hydrogen production.
This method takes in only pure water and electricity, but it's efficiency is abysmal at some 52%. In every case, a modern kinetic, thermal, or chemical battery will exceed this efficiency.

Other methods are being looked into, but it's thermodynamically impossible for the resulting H2 to produce more energy than it takes to create the H2. So at best today we could use H2 as a crappy battery, one that takes a lot of methane to create.

Kata1yst , 1 month ago

When it's a documented scientific process and it's scaled up and used in the real world to displace the other methods, I'll be ready to acknowledge hydrogen as a valid part of energy infrastructure.

Kata1yst , 1 month ago

It’s a tough pivot to make, but what else are fans of the genre gonna play hahahah

Sins of a Solar Empire 1

And hey, we get to hope Sins 2 remains great.

Kata1yst , 1 month ago

Dishonor on you! Dishonor on your cow!

Kata1yst , 1 month ago

https://www.urbandictionary.com/define.php?term=GYAT

Kata1yst , 1 month ago

I mean, that's precisely the ideal case and goal of many tariffs.

Kata1yst , 1 month ago

On a server, it allows you to track who initiates which root season session. It also greatly minimizes the attack surface from a security perspective to have admin privileged accounts unable to be remotely connected to.

Kata1yst , 1 month ago

Wouldn’t separate SSH keys achieve the same?

Separate ssh keys for the user and the admin? Yeah, see point 2, admins should not be remotely accessible.

Really? How, exactly? Break the ssh key authentication? And wouldn’t that apply to all accounts equally?

Keys aren't perfect security. They can easily be mishandled, sometimes getting published to GitHub, copied to USB drives which can easily be lost, etc.

Further, there have been attacks against SSH that let malicious actors connect remotely to any session, or take over existing sessions. By not allowing remote access on privileged accounts, you minimize risk.

Forcing a non privileged remote session to authenticate with a password establishes a second factor of security that is different from the first. This means a cracked password or a lost key is still not enough for a malicious actor to accomplish administrative privileges.

A key is something you have

A password is something you know

So, by not allowing remote privileged sessions, we're forcing a malicious actor to take one more non-trivial step before arriving at their goals. A step that will likely be fairly obvious in logs on a monitored machine.

Kata1yst , 1 month ago

I strongly disagree with your premise. Separating authentication and privilege escalation adds layers of security that are non-trivial and greatly enhance resilience. Many attacks are detected and stopped at privilege escalation, because it happens locally before a user can stop or delete the flow of logs.

If I get into your non-privileged account I can set up a program that acts like sudo

No you cannot. A non privileged user doesn't have the access necessary to run a program that can accomplish this.

And even if they do it’s too late anyway because I’ve just compromised root and locked everybody out and I’m in there shitting on the filesystems or whatever. Because root can do anything.

Once again, you didn't privilege escalate, because once you have a foothold (authentication) you don't have the necessary privileges, so you must perform reconnaissance to identify an exploitable vector to privilage escalate with. This can be any number of things, but it's always noisy and slow, usually easy to detect in logs. There is a reason the most sophisticated attacks against well protected targets are "low and slow".

And if I can’t break into your non-privileged account then I can’t break into a privileged account either.

You're ignoring my points given regarding the risks of compromised keys. If there are no admin keys, there are no remote admin sessions.

These artificial distinctions between “non-privileged” and “superuser” accounts need to stop. This is not good security, this is not zero trust. Either you don’t trust anybody and enforce explicit privilege escalation for specific things, or just accept that you’re using a “super” paradigm and once you’ve got access to that user all bets are off.

Spoken like someone who has never red teamed or purple teamed. Even admin accounts are untrusted, given only privileges specific to their role, and closely monitored. That doesn't mean they should have valid security measures thrown away.

Kata1yst , 1 month ago

That's called 'privilege escalation', and replacing system level calls with user level calls is closely watched for and guarded against with many different security measures including SELinux.

You've already outed yourself multiple times in this thread as someone who doesn't understand how security in the real world works. Take the L and try to learn from this. It's okay not to understand something. But it's very important to recognize when that happens and not claim to understand better than someone else.

Kata1yst , 1 month ago

Whataboutism? Really? That's the game we're playing?

Sure, okay, I'll bite.

Edward Snowden: He's a hero, no doubt in my mind. But from this perspective, no one has attacked him since his departure from the US. Formal requests have been made to extradite him and they've been turned down. Once on foreign soil the US respected Russian sovereignty.

Julian Assange: Okay personally I find Assange to be a piece of shit, but that aside, the extradition process has been followed legally.

Chelsea Manning: Broke the law. And while her initial imprisonment situation was absolutely concerning, it was legal. The legal process was followed, and the sentence given was far short of the maximum. Her sentence was commuted by a sitting president. No foreign governments were involved, so no sovereignty was violated.

Drake and Binny: Always were on US soil. No foreign involvement whatsoever. They were raided and Drake was changed with crimes. He received probation and community service. Once again, the legal process was followed and no foreign sovereignty violated.

Boeing Whistleblowers: What the fuck is this arguement? You think the US is happy one of it's biggest military manufacturers and transportation providers has serious quality issues? You think the US is taking action against the whistleblowers? Be serious.

Basically: you're saying the US charges people who violate the laws around information handling as criminals. Yes, that's true. Now, I personally am sympathetic to most of these cases. I assume you are too. Whistleblowers should be better protected, but at the same time some information, like the names and personal information of government assets abroad, reasonably should be protected. It's a delicate balance, and one I think the US could greatly improve.

However, these are not similar to the cases in question. The cases in question are actions by governments on foreign soil or against US citizens. This is an enormous violation of sovereignty, legality, and due process. That's the issue at hand.

Kata1yst , 1 month ago

I host my own to avoid running into timeouts, fairly easy

Kata1yst , 1 month ago

https://www.reuters.com/business/aerospace-defense/glass-lewis-recommends-investors-vote-against-three-boeing-directors-2024-04-30/

The recommendation to shareholders from the independent advisor who proxies Boeing is to vote out several board members who are responsible for safety and QA. Crazy to see at a Fortune 100.

Kata1yst , 1 month ago

MRSA infection following hospital admittance for Pneumonia. That shit is serious and way more prevalent than people think, it's just that it usually kills people who are already terminally ill.

Unlikely to be an assassination. But not impossible. Either way, looks very bad.

Kata1yst , 1 month ago

I use FreshRSS. Can't say I love the interface, but with the open and standardized API, there are dozens of beautiful front ends to choose on any device.

Kata1yst , 1 month ago

For real? Damn it that's going to be painful.

Kata1yst , 1 month ago

“We had a huge chunk of our engineering staff spending time improving FreeBSD as opposed to working on features and functionalities. What’s happened now with the transition to having a Debian basis, the people I used to have 90 percent of their time working on FreeBSD, they’re working on ZFS features now … That’s what I want to see; value add for everybody versus sitting around, implementing something Linux had a years ago. And trying to maintain or backport, or just deal with something that you just didn’t get out of box on FreeBSD.”

I still hold much love for FreeBSD, but this is very much indicative of my experience with it as well. The tooling in FreeBSD, specifically dtrace, bhyve, jails, and zfs was absolutely killer while Linux was still experiencing teething problems with a nonstandard myriad of half developed and documented tools. But Linux has since then matured, adopted, and standardized. And the strength of the community is second to none.

They'll be happier with Linux.

Kata1yst , 1 month ago

If you're trying to use it as a workstation or a laptop, you won't find much compelling. It's built with the intent to act as a server. In fact, as a web server or networking server it's second to none.

Administrating BSD is lovely. It's well documented and everything is very stable, understandable, and predictable.

Kata1yst , 2 months ago (edited 2 months ago)

I was actually surprised to find out QUIC is fairly close to being default.

Wikipedia

HTTP/3 uses QUIC, a multiplexed transport protocol built on UDP.

HTTP/3 is (at least partially) supported by 97% of tracked web browser installations (thereof of 98% of "tracked mobile" web browsers), and 29% of the top 10 million websites.

Kata1yst , 2 months ago

https://en.wikipedia.org/wiki/HTTP%2F3?wprov=sfla1

Kata1yst , 2 months ago

Never ask a man his pay, a woman her weight, or a data horder the contents of their stash.

Jk. Mostly.

I have a similar-ish set up to @Davel23 , I have a couple of cool use cases.

• I seed the last 5 arch and opensuse (a few different flavors) ISOs at all times
• I run an ArchiveBot for archive.org
• I scan nontrivial mail (the paper kind) and store it in docspell for later OCR searches, tax purposes etc.
• I help keep Sci-Hub healthy
• I host several services for de-googling, including Nextcloud, Blocky, Immich, and Searxng
• I run Navidrome, that has mostly (and hopefully will soon completely) replace Spotify for my family.
• I run Plex (hoping to move to Jellyfin sometime, but there's inertial resistance to that) that has completely replaced Disney streaming, Netflix streaming, etc for me and my extended family.
• I host backups for my family and close friends with an S3 and WebDAV backup target

I run 4x14TB, 2x8TB, 2x4TB, all from serverpartsdeals, in a ZFS RAID10 with two 1TB cache dives, so half of the spinning rust usable at ~35TB, and right now I'm at 62% utilization. I usually expand at about 85%

Kata1yst , 2 months ago

You found one video supporting your viewpoint. Kaspersky's role in Russian intelligence has been an open secret since the mid 2010s. This is Facebook Anti-Vaxxer "research" methodology.

Kata1yst , 2 months ago

Thank you! I was like, where are the supporting vertebrates?

Kata1yst , 2 months ago

I think the confusion comes from the meaning of stable. In software there are two relevant meanings:

1. Unchanging, or changing the least possible amount.
2. Not crashing / requiring intervention to keep running.

Debian, for example, focuses on #1, with the assumption that #2 will follow. And it generally does, until you have to update and the changes are truly massive and the upgrade is brittle, or you have to run software with newer requirements and your hacks to get it working are brittle.

Arch, for example, instead focuses on the second definition, by attempting to ensure that every change, while frequent, is small, with a handful of notable exceptions.

Honestly, both strategies work well. I've had debian systems running for 15 years and Arch systems running for 12+ years (and that limitation is really only due to the system I run Arch on, rather than their update strategy.

It really depends on the user's needs and maintenance frequency.

Kata1yst , 2 months ago

Both are widely used in that context. Language is like that.

Kata1yst , 2 months ago

Amazingly, for someone so eager to give a lesson in linguistics, you managed to ignore literal definitions of the words in question and entirely skip relevant information in my (quite short) reply.

Both are widely used in that context. Language is like that.

Further, the textbook definition of Stability-

the quality, state, or degree of being stable: such as

a: the strength to stand or endure : firmness

b: the property of a body that causes it when disturbed from a condition of equilibrium or steady motion to develop forces or moments that restore the original condition

c: resistance to chemical change or to physical disintegration

Pay particular attention to "b".

The state of my system is "running". Something changes. If the system doesn't continue to be state "running", the system is unstable BY TEXTBOOK DEFINITION.

Kata1yst , 2 months ago

No, I'm not conflating "a" with "b". I'm using stability exactly as it's used in physics.
https://phys.libretexts.org/Bookshelves/College_Physics/College_Physics_1e_(OpenStax)/09%3A_Statics_and_Torque/9.03%3A_Stability

My point is, it's a completely valid use of the word. And yes, so is reliable, though I think "reliable" fails to capture the essence of the system changing but maintaining it's state, hence why we don't study "reliable systems" in physics.

I recommend picking something else to be pedantic about.

Kata1yst , 2 months ago

Yeah exactly. Toy OSs have only increased in scope, scale, and number. And the public is still completely unaware, because these toy OSs don't solve day to day problems the way that Windows, Mac, and Linux did when they first came to market.

Kata1yst , 2 months ago

Disingenuous how? You don't think Linux solved a real day to day need of it's first users?

Sure, from Torvald's perspective, it was a project specifically to solve a small problem he had. He wanted to develop for a nix platform, but Minix wouldn't work on his hardware, and the other *Nixs were out of reach.

And this was generally true in the market as well. Linux arrived just in time and was "good enough" to address a real gap, where Minix was limited in scope to basically just education, Hurd was in political development hell, and the other Nixs were targeted at massive servers and mainframes. Linux filled the "*Nix for the rest of us, inexpensively" niche, eventually growing in scope to displace its predecessors, despite their decades of additional professionalism and maturity.

That niche is now filled, the gap no longer exists. A "New Linux" wouldn't displace Linux, because the original already suits the needs we have well enough. This is precisely why the BSDs and Solaris were "too little, too late". They were in many ways better than Linux, but the problems they solve compared to Linux are tiny and highly debatable. Linux addressed a huge, day to day need of people who were motivated to help.

Kata1yst , 2 months ago (edited 2 months ago)

these toy OSs don't solve day to day problems the way that Windows, Mac, and Linux did when they first came to market.

Yes, this is the exact point I made in my first post. And in depth in my response.

Kata1yst , 2 months ago

Newegg came under new management years ago and has gone into the "drop-shipping for random shady merchants" business.

Do not use modern Newegg.

Kata1yst , 3 months ago

My cat has been training for the next war her entire life.

Kata1yst , 3 months ago

Quora is trash, but this thread has a breakdown of many of Lucas' "inspirations", which show he was always happy to directly copy other's art. Most of it is hilariously blatant.

https://www.quora.com/Is-it-true-that-Star-Wars-copied-an-old-French-comic

Kata1yst , 2 months ago

Quora is a lawless and godless place.

Kata1yst , 3 months ago

Doesn't Kickstarter not pull funds until the project's success?

Kata1yst , 3 months ago

My favorite city builder in decades. A few notes.

Pros:

• Easy mode is relaxing and quite easy.
• Medium mode is a fun challenge at first, eventually becoming fairly chill as you advance in skill and confidence.
• Hard mode is always fairly hard, especially on harder maps.
• There are many resources to manage, but none that feel burdensome.
• The game is extremely thematic, it feels alive with charm.
• Graphics are excellent, though sometimes graphical glitches can still be encountered.
• The water. It's so hard to explain to someone who hasn't encountered this system before, but water is life in this game, and it's both beautiful graphically, and extremely well simulated by physics. Learning to control the water, and see the shortest paths to end water scarcity with beaver engineering is an amazingly fun and unique aspect of the game.
• Mods are well supported and the community is vibrant.

Cons:

• Not a ton of content. They've been very good about adding new mechanics (badwater, extract, etc) but there's still just 2 races of beaver and a dozen or so maps.
• No directed experience. In similar games I've enjoyed a campaign, challenge maps/scenarios, weekly challenges, a deeper progression system, just... Something to optionally set your goals. There's nothing of the sort in the vanilla game. It's fully open ended and there's only one unlock outside of your progress though the resource tree in a map.

All in all, I highly recommend it, especially at the modest asking price. If you love city builders, charming and beautiful art, thematic settings, dynamic challenge, and solution engineering, this is a fantastic game for you.

Other games I've enjoyed that scratch similar itches:

• KSP
• Cities: Skylines (but Timberborn has been far more compelling)
• Factorio
• Mindustry
• Planet Zoo (Timberborn has less of a directed experience, but is otherwise completely superior)
• Gnomoria
• Banished
• Tropico series (though I view this as more casual)

Get it and have fun is my recommendation.

Kata1yst , 3 months ago

Author doesn't seem to understand that executives everywhere are full of bullshit and marketing and journalism everywhere is perversely incentivized to inflate claims.

But that doesn't mean the technology behind that executive, marketing, and journalism isn't game changing.

Full disclosure, I'm both well informed and undoubtedly biased as someone in the industry, but I'll share my perspective. Also, I'll use AI here the way the author does, to represent the cutting edge of Machine Learning, Generative Self-Reenforcement Learning Algorithms, and Large Language Models. Yes, AI is a marketing catch-all. But most people better understand what "AI" means, so I'll use it.

AI is capable of revolutionizing important niches in nearly every industry. This isn't really in question. There have been dozens of scientific papers and case studies proving this in healthcare, fraud prevention, physics, mathematics, and many many more.

The problem right now is one of transparency, maturity, and economics.

The biggest companies are either notoriously tight-lipped about anything they think might give them a market advantage, or notoriously slow to adopt new technologies. We know AI has been deeply integrated in the Google Search stack and in other core lines of business, for example. But with pressure to resell this AI investment to their customers via the Gemini offering, we're very unlikely to see them publicly examine ROI anytime soon. The same story is playing out at nearly every company with the technical chops and cash to invest.

As far as maturity, AI is growing by astronomical leaps each year, as mathematicians and computer scientists discover better ways to do even the simplest steps in an AI. Hell, the groundbreaking papers that are literally the cornerstone of every single commercial AI right now are "Attention is All You Need" (2017) and
"Retrieval-Augmented Generation for Knowledge -Intensive NLP Tasks" (2020). Moving from a scientific paper to production generally takes more than a decade in most industries. The fact that we're publishing new techniques today and pushing to prod a scant few months later should give you an idea of the breakneck speed the industry is going at right now.

And finally, economically, building, training, and running a new AI oriented towards either specific or general tasks is horrendously expensive. One of the biggest breakthroughs we've had with AI is realizing the accuracy plateau we hit in the early 2000s was largely limited by data scale and quality. Fixing these issues at a scale large enough to make a useful model uses insane amounts of hardware and energy, and if you find a better way to do things next week, you have to start all over. Further, you need specialized programmers, mathematicians, and operations folks to build and run the code.
Long story short, start-ups are struggling to come to market with AI outside of basic applications, and of course cut-throat silicon valley does it's thing and most of these companies are either priced out, acquired, or otherwise forced out of business before bringing something to the general market.

Call the tech industry out for the slime is generally is, but the AI technology itself is extremely promising.

Kata1yst , 3 months ago

Seriously. This guy thinks that regulators would have stepped in to stop OpenAI or Microsoft from acquiring a no-name 2 year old startup with two rounds of funding?

Please.

Kata1yst , 3 months ago

Used to be the best way to get performant graphics on Linux.

Like, 8 years ago.

Kata1yst , 3 months ago

That's like saying "The Monopoly money I have is very real, just not official USA currency."

If they're sitting in your drawer at home, they're a toy. The moment you try to use them as official docs, they're fake and you've at minimum committed fraud.