A software developer and Linux nerd, living in Germany. I’m usually a chill dude but my online persona doesn’t always reflect my true personality. Take what I say with a grain of salt, I usually try to be nice and give good advice, though.

I’m into Free Software, selfhosting, microcontrollers and electronics, freedom, privacy and the usual stuff. And a few select other random things as well.

  • 21 Posts
  • 4.19K Comments
Joined 5 years ago
cake
Cake day: August 21st, 2021

help-circle
  • Well my reason was, it’s too close to botspam. And just re-posts (sometimes of re-posts). I rather have genuine conversation on an internet platform.
    Most of it will be low engagement. I’ll see a question, and take 10mins out of my day to anwer it, just to find out I wasted that time, because OP never had that question. And the real OP never sees my answer. Cm0002 improved, though. They cut down on forwarding questions, and they’re transparent it’s just forwarded content, these days. But ultimately, it’s the same thing with other content. I’ll see a post about RISC-V and interact. But it’s just a waste, because it’s fabricated and I’ll never see any responses.

    I think it’s particularly bad in niche topics. The few people actually wanting to discuss RISC-V (just an example) are drowned in noise news-posts by someone who isn’t even interested in discussing topic, they just push a political agenda there. So it kinda displaces the little genuine conversation we have.

    And after wasting some time here and there by commenting into the void, I decided to suppress those posts and use my time to interact with actual people who have notifications turned on, read my stuff, teach me something or who have a genuine question in need of some advice.

    I guess this is somehow related to the question whether we (just) want many posts here. Or have good conversation in the comments. To me it seems the former doesn’t really lead to the latter. Some techniques are even detrimental to that cause. And I think this is one of those cases… At least it kills my engagement. I agree on the broad idea, though. I’ve long moved away from lemmy.ml communities. I just wish we had a bit more original content here, and not just 80% re-posts of what other people posted on Reddit, what they posted on lemmy.ml


  • I mean to also be fair here, that’s not a unique feature of the Fediverse. We currently have some drama (in Germany) about people impersonating people on X. The commercial platforms even earn money doing the same thing. And it’s very clear in the prelude to a potential court case, they have no intention to stop this. They’re currently doing some really weird shenanigans so the lawyers can’t serve any papers or mail.

    Not sure how it is on other platforms. It’s been a while since I helped people to get rid of unwanted content on social media. But it was never easy. And once you do it for privacy reasons or mild doxxing, you’re basically screwed. Because these days they’ll all make you pull down your pants to prove it’s legitimate. So you basically end up doxxing yourself to protect your private information. I mean what’s more likely to happen is, they don’t even listen. But I’m not really up to date with that any more. Maybe they changed and now they do? But I doubt it. It’s just how the internet operates.







  • Lots of good comments here. Just wanted to say: Privacy often depends on the threat scenario. What really helps is encryption.

    And if you need anonymity within the network, that needs to be baked into the protocol. Like I2P or TOR do on the internet. They bounce traffic through random nodes so nobody knows both sender and receiver at the same time. That of course makes it expensive for the network, and slow.

    Other protocols just send packets from a sender to a receiver. That’s fast. But people en-route know who’s communicating with each other. Packets might be encrypted, though. So third parties can’t look inside what kind of information is exchanged.

    And there’s a million different threat scenarios with the surveillance state. They might be far away and not catch the radio you’re sending through the air. They might come and triangulate your position once you transmit any stuff over radio.

    And the internet is just complicated. Most traffic there is encrypted these days. But the easy stuff they’ll do is just ask Google what’s on your account. Or have a side-channel to the data that’s generated for the advertising industry. Or bug your phone or unlock it. Or subpoena the internet service provider, or mobile phone provider. So they can see what DNS queries you do. Or your phone location 24/7. Or they’ll get access to your modern car electronics…

    So depending on what you’re trying to do, you might want to get rid of your smartphone, modern car etc. Credit card, NFC train ticket… Accounts with big corporations… That’s all data the surveillance state is more interested in than random chat messages… Though, those have an impact as well. So it really depends on what we’re trying to protect here, because there’s so many different attacks on privacy from all kinds of directions. It is a chore.




  • I think there’s a lot of nuance here. I mean the Fediverse isn’t super efficient. But it manages to do what it’s supposed to do. And it really depends. Which Fediverse software. How many people are on those servers, how are they distributed. Do groups of people mingle on certain servers. Do they all subscribe to all the same content out there. Are there really big groups on servers with happen to have a slow internet connection… And then of course can we come up with improvements if we need to.
    I think we’re going to find out once (or if) the Fediverse grows substantially. Some design decisions of the Fediverse are indeed a bit of a challenge for unlimited growth. Oftentimes technical challenges can be overcome, though. With clever solutions. Or things turn ot differently than we anticipated. So I don’t think there’s a good practical and straightforward answer to the question.



  • I mean Retrospect is kind of an episode about date rape. Implying something about false memories in assault victims. And it ends on: Maybe the main thing behind the story never happened. The End. Which are the endings that often feel very disappointing to me. And we don’t even learn if it was an illusion. I get why that episode isn’t cherished by people.

    I think the pon farr episodes are weird as well. And I don’t think I particularly enjoyed that episode. But at least some of the good guys are trying to do the right thing? And even if the Vulkan gets away unpunished, I don’t think he’s portrayed in a positive way. As far as I remember the crew unanimously thinks sex is unacceptable. Minus the people who are out of their mind. And Tuvok. But he has kind of a weird role with arguing logic in that situation. And the episode ends on a happy end. They’ve averted danger and death for the moment, and nobody had to have sex. And as a viewer I’m glad it turned out they didn’t need to follow through with Tuvok’s “logical” plan, either. That feels a bit more right to me.

    But the entire set up of pon farr and biology or tradition just causing violence, is a bit rapey. I guess from a storywriting perspective it’s a bit difficult to bring up that topic in a creative way. But movie or TV is a lot about violence and sex. So I can see how storywriters make it part of stories.

    Some Voyager episodes were just a bit weird in my opinion. I think it’s okay if it provokes thought. And less so, if it makes the audience start to confuse right and wrong.


  • Good blog post.

    I couldn’t think of a clever response to that. I still can’t.

    I think it’s central to the issue they’re talking about. There’s demand for quick, cheap stuff. There’s also demand for quality stuff. But they’re not the same.

    I mean, I’m sometimes sad nothing lasts anymore. Or means anything. We buy clothes, appliances, software, phones… just to throw it out a year later. Same with AI. We could do intricate art. Commission someone to draw our company logo or come up with a good advertisement video. But why? Everyone has a attention span of 30s these days and pretty much anything will do for Instagram. So rubbish it is. And we’re done in 5 minutes.

    I think it’s more that society doesn’t value quality and sophisticated things any more. We rather have plenty cheap and superficial things. And for a lot of applications, it’ll do. Same with art, same with some software and webdesign. Also works the same way without AI. The consumer will do the beta test. And any random messenger uses 150 dependencies and Electron, and two Gigabyte of memory. That’s hardly artistry either.




  • Soweit ich weiß, hatte er darauf auch eine Antwort. Und zwar die Oberfläche soll nicht in Richtung Internet exponiert sein. Damit ist das dann per Definition keine Sicherheitslücke mehr, sondern ein fehlerhaftes Set-Up, was der Anwender verschuldet hat.

    Ich möchte ihn aber auch nicht in Schutz nehmen, oder in die Richtung diskutieren… Ich meine für den Anwender, oder die Leute die dann darunter leiden ist es egal wie es zustande kam, oder wie die technische Definition lautet. Der Schaden ist dann im Zweifel so und so da…

    Letztlich wird es halt schwierig. Er verwendet seine Ressourcen lieber dafür neue Features einzubauen, herumzuspielen… Und liebt das Chaos(?) Die Zeit ist dann logischerweise nicht da um die Weboberfläche abzusichern oder solche Dinge.

    Ich find’s letztendlich legitim solche Entscheidungen mit seinen Privat-Aktivitäten zu treffen. Es ist ja sein Ding. Und für mich sieht es eher wie ein Kunst-Projekt aus. Es wird ja niemand gezwungen das zu Nutzen. Man kann sich ja auch Claude Code installieren, oder eine der anderen “professionellen” Agenten Plattformen …wenn man auf sowas steht. Das hätte dann wenigstens Sicherheit irgendwie in der Projektbeschreibung.

    Aber letztlich hast du sicherlich recht. Sobald Menschen zu Schaden kommen, hört irgendwie der Spaß auf. Und es ist auch vollkommen richtig die Dinge beim Namen zu nennen. Und den Leuten beizubringen mit was sie es hier tatsächlich zu tun haben. Ich denke das ist für viele Menschen nicht wirklich klar erkennbar.

    Und ich lese deinen Artikel auch gerne. Danke für die Auflistung, ich lerne dabei auch noch einiges dazu. Es ist ja viel zu viel um da selbst informiert zu bleiben.

    Und dann bei OpenAI anzufangen oder OpenClaw von einem der Großkonzerne übernehmen zu lassen ist auch wirklich Banane. Mir fehlen etwas die Worte. Die sind halt wirklich alle bescheuert. Und der Hype-Train ist echt auf Volldampf unterwegs.


  • Also ich hab den c’t 3003 Beitrag über OpenClaw geschaut und ein paar andere Interviews mit ihm. Ich würde sagen er ist ein zertifiziert Bekloppter. Nicht unbeding in negativem Sinne… Aber seine Grundidee ist ja alle langweiligen Sicherheitsmaßnahmen und Einschränkungen wegzulassen und mal zu schauen was so passiert. Er nimmt absichtlich das am meisten “unhinged” KI-Modell und feiert die “Banger” die es bringt. Vollzugriff auf die Computer, inklusive API-Keys. Er pushed Code und schaut ihn sich nicht an…

    Also für mich ist das Sicherheitslücken anmäkeln eher so wie auf ein Metal-Festival gehen, und sich beschweren, dass dort keine Schlager laufen. Und dass die Leute da alle betrunken sind… Also ich meine, Ja? Das ist korrekt? Aber war auch irgendwie Sinn der Sache?!

    Nur das das hier kein Metal-Festival ist, sondern ziemlich albern.


  • Haha, danke für den Link! Es ist etwas schwierig mit OpenClaw und all den skurillen Dingen auf dem Laufenden zu bleiben. Wusste gar nicht, dass die bloggen und Schmähbriefe schreiben.

    Aber die Anzahl der Sicherheitslücken zu quantifizierten, finde ich etwas dumm. 73? Da gehe ich wohl eher mit Peter Steinberger… Das Ding ist eine große Sicherheitslücke. Und was soll überhaupt als Lücke gelten, wenn es mit Absicht vollkommen freie Hand hat? Ich denke das Wort “fail” trifft es da schon sehr gut.


  • Indeed. That looks nice. It’s about 2bit quantization. So not sure if it translates to the other paper. I had a quick glance at their code, and it’s specific to the Llama2 and Llama3 architectures. So, it’d need to be enhanced for other models. And what might be a bummer: they load the model at full precision to calculate the activations. That means you’re looking at a system with ~480GB of (V)RAM. And we don’t have machines of that size show up on the AI horde. (As far as I know.)

    I think we’re looking more at crowdfunding research here. I mean sorry for being overly negative. I’d like to see 1bit models as well. And I always love to see community projects and independent people push the limits. I just think the hard part is coming up with the research, the math… or even the engineering to combine two papers and adapt an approach to something. So we somehow need to crowdfund that.
    In these two examples, seems the compute power isn’t really the issue. I mean the 1bit training was doable on a single H100. And this LoRa isn’t very complex either, and they’re not using that many samples.

    It just wouldn’t fit on any of the 38 LLM workers currently online on the AI Horde. Not even remotely. So this and the Horde is kind of a bad / impossible fit. However, I still think compute power wouldn’t be the biggest issue, we can rent that by the hour. And it’s not even hard to set up or that expensive. I think the main issue is coming up with the math and the code to produce something useful. So maybe we need a research community. And these things already happen. I mean the llama.cpp community has long been working on quantization and pioneered some things. There’s people on Reddit discovering new things. We’ve had random(?) individuals contribute substantial advancements to image and vide generation. There have been communities/projects like RedPajama, who trained a model from grounds up (and assembled the dayaset)… Seems very low precision quantization is just a tough nut to crack.

    Seems to me Bitnet needs a pile of money in compute, plus a team of bright researchers to improve upon. NanoQuant doesn’t perform as good as any 4bit or 8bit model with a similar resource footprint, so it’d need way more research as well. And RILQ is a bit specific, it’d need further research as well. It’s not entirely clear whether that happens. There’s something like publishing bias. Sometimes researchers don’t publish negative results. So maybe they tried to apply it to lower resolutions, failed, and didn’t write a paper about how they failed. So I’m not sure where to go with this. There isn’t anything we could run or just apply as is.

    And the AI Horde does inference with fixed scripts. On something like gaming GPU’s and Apple silicon. People who bought a few old 3090s. But that’s inference only. What’s needed for general research is a new project. It’d need to provide you with cloud GPU, launch Docker containers for arbitrary workloads. And expensive enterprise GPUs, or infiniband clusters of some. So the entire software needs to be scrapped and replaced, and the hardware improved as well for cutting edge research. We maybe can call this new thing AI Horde as well. But it’d be an entirely new thing.

    And I guess alignment, harvesting user data and preferences from the user’s interactions could be done as well. At least from the technological perspective. I don’t really know if the audience likes that. Depends a bit on how it’s done.