TheHobbyist

@[email protected]

Just a stranger trying things.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them (www.404media.co)

The situation is a heavy machinery example of something that happens across most categories of electronics, from phones, laptops, health devices, and wearables to tractors and, apparently, trains. In this case, NEWAG, the manufacturer of the Impuls family of trains, put code in the train’s control systems that prevented them...

TheHobbyist,

And allow selfhosting servers for (at least after) when the publisher/developer stops supporting the game.

TheHobbyist,

I agree and I wish, I think the tricky part would be defining the criteria to what constitutes “abandomware”. Is it the stop of the sale? The shutdown of the attestation servers, the shutdown of the multiplayer servers (and in that case what about single player games)? I can only imagine the creativity of publishers pretending their game is not abandonware yet it practically being so.

25 FPS default to 50 Hz instead of 75 (OLED)

I was exploring the fps and refresh rate slider and I realized that when setting the framerate limiter to 25, the refresh rate was incorrectly set to 50Hz on the OLED version, when the 75 Hz setting would be a more appropriate setting, for the same reason 30 fps is at 90 Hz and not 60 Hz. Anyone else seeing the same behavior? Is...

TheHobbyist, (edited )

This is not about VRR. I am talking fixed refresh rates.

This is entirely possible because the display can perform at any refresh rate between 40 45 and 90. As to why 75 over 50, your second paragraph answers that.

Edit: you can totally do 30 at 60, but it would be increasing stutter for missed syncs.

Edit2: oled screen is 45-90 hz

TheHobbyist,

Where did you see it draw less? And by how much? Computing 50 frames per second does draw less than computing 75, but a display to render at 50 or 75, I have not seen anything with respect to consumption, so I’m curious.

TheHobbyist,

You’re confusing rendering and displaying. There is no doubt that rendering at higher fps requires more power draw. But were talking here about a fixed rendering framerate of 25 fps and a case of refreshing the screen at 50 or 75 hz using the same 25 fps rendering. This is not a usual scenario so there is little info about this, hence my initial point.

TheHobbyist,

30 fps defaults to 90 hz, where is the default frame doubling in that case?

Google Researchers’ Attack Prompts ChatGPT to Reveal Its Training Data (www.404media.co)

ChatGPT is full of sensitive private information and spits out verbatim text from CNN, Goodreads, WordPress blogs, fandom wikis, Terms of Service agreements, Stack Overflow source code, Wikipedia pages, news blogs, random internet comments, and much more....

TheHobbyist,

This is not the case in language models. While computer vision models train over multiple epochs, sometimes in the hundreds or so (an epoch being one pass over all training samples), a language model is often trained on just one epoch, or in some instances up to 2-5 epochs. Seeing so many tokens so few times is quite impressive actually. Language models are great learners and some studies show that language models are in fact compression algorithms which are scaled to the extreme so in that regard it might not be that impressive after all.

TheHobbyist,

Are Meta even committing to stop tracking when users pay? Or are they simply not showing targeted ads but still totally tracking?

TheHobbyist,

Where do they claim that?

The article from Facebook I found about the subscriptions is this one: about.fb.com/…/facebook-and-instagram-to-offer-su…

The only relevant thing I saw related to the topic was “while people are subscribed, their information will not be used for ads”. It does not say that information will stop being collected. Just that it will not be used for ads.

So by all interpretations, there is in fact no suggestion that they will stop tracking paid users.

TheHobbyist,

More notably, what it also does not mean is “we will stop collecting it”…

TheHobbyist,

I think there is a key distinction here: providing ads is fine, but tracking users and sending them targeted ads requires explicit consent. Forcing them to consent to giving up that privacy or else paying is not a fair choice. It’s not even financially fair either as meta is apparently making 80usd a year per user.

Why not give a choice to a user to get ads but not being tracked and not getting targeted advertisements? Where is that option?

When you pay meta, do they comit to stop tracking you or only stop showing you target ads? Because I certainly care about the tracking part and giving users the false sense of privacy because they pay is so disingenuous…

TheHobbyist,

You are in luck, there should be plenty of cheap LCD versions, on the second hand market. It is still an equally capable device with great features. Don’t let the OLED version make the LCD version seem anything less than a perfectly usable and great device!

TheHobbyist,

I’m glad to see it improving lately, together with proton, but it’s not ideal yet, for sure.

For people who want to follow the progress of anticheat on Linux: areweanticheatyet.com

Apple announces that RCS support is coming to iPhone next year (9to5mac.com)

In a surprising move, Apple has announced today that it will adopt the RCS (Rich Communication Services) messaging standard. The feature will launch via a software update “later next year” and bring a wide range of iMessage-style features to messaging between iPhone and Android users....

TheHobbyist,

I don’t want to be cynical, but is this part required for Apple to implement RCS?

“and bring a wide range of iMessage-style features to messaging between iPhone and Android users.”

I can totally imagine it being limited to the encryption and the bare minimum, as imessages features don’t perfectly overlap with the RCS features (e.g. emojis).

TheHobbyist,

Same for the digital foundry video, it has a long list of changes.

TheHobbyist,

I’m not sure you’re attempting good faith communication, but in the case you are, I think most people’s opinion is that there could be room for Google but people are just concerned about Google being the only option instead of one of many. That’s also my interpretation for GrapheneOS’s stance, they don’t intend on breaking compatibility with Google services but instead run them on your own terms, putting the user in control of how Google operates on their phone. Hence, I don’t see any contradiction in your two statements.

TheHobbyist, (edited )

It is illegal in some countries to fully cover your face in public. If it became a way to bypass surveillance, it could be made into law if it wasn’t already :(

Edit: for those wondering, Switzerland is one of them. Though they don’t have a large number of public cameras (yet?).

TheHobbyist,

Can you share more information? I’m looking at the bill and by means of searching do not find mention of waterproof. Thanks!

TheHobbyist,

OP, can you share more information? I’m looking at the bill and by means of searching do not find mention of waterproof. Thanks!

TheHobbyist,

I don’t know what GPU you have, whether it is AMD, Nvidia or Intel, but if you use Nvidia, the standard tool is nvidia-smi (if you install the proprietary drivers from here with the optional cuda package, you can access the command) . You will need to combine it with the watch tool for real time info.

Otherwise, the one I prefer is nvitop.

I’ve seen Intel specific tools too, but don’t recall them. And I’m not familiar with AMD tools.

TheHobbyist,

Did OpenAI ever detail what GPT-4 was trained on?

TheHobbyist,

And how should your proposal change that?

TheHobbyist,

Yes, people will continue to steal content,

I fail to see how this will solve anything. Why would stealing for AI or scraping for other purposes be done differently? If someone does not care about the rules for scraping, they still won’t care about it for AI. Especially as they don’t even have to disclose that it was used for AI (see my point about OpenAI above). There is no accountability. Previous versions or GPT language models have been trained on heaps of copyrighted material. Unless some law is enacted, it is unlikely to change.

Is the robots file carrying any legal value? I don’t think so but if I’m wrong, this feels more like wishful thinking. I don’t mean to say I don’t care about it being done, but this is realistically unlikely to change anything in practice.

Perhaps if robots files had legal weight (if they don’t already) (in the sense of being legally constraining the crawlers and scrapers) similarly to how LinkedIn was recently forced to abide by “do not track” requests in Germany then I’d welcome it with open arms!

TheHobbyist,

I have heard of shadowsocks for this purpose. I have not tried it myself but I recall having read it being used to hide VPN traffic behind the great firewall. A brief intro to it here:

errande.com/obfuscate-wireguard/

TheHobbyist,

I tried truenas and was at first enamored but felt quite limited when it came to using docker compose. There are no official ways for using it. Additionally because it uses kubernetes under the hood it’s not as easy to go under the hood to make it work, as it requires knowledge of that in addition to docker. There is an unofficial docker compose package but there is almost no documentation that I could find and it seems to be largely unmaintained nowadays.

The other OS are good candidates, though through my research, if you are after reliability, people seem to prefer Debian with its more robust validation of updates.

I’m here mostly because I’m setting up my own homelab and I’m preparing for making use of Alpine Linux, which has no desktop environment which makes it particularly fast to boot. Additionally it is very robust, has decent documentation and allows for quite some customization but requires to learn a bit about how to make it work. With its barebone structure, it is more secure as it has a smaller attack surface and you only install what you need. Perhaps an alternative for you to consider?

Edit: to keep some sanity while needing to manage your homelab, make sure to put some weight on an os you are familiar with. I have juggled for months between OSs to find what does what I want but it has been a long battle of learning everything from scratch every time. Having tried proxmox, truenas, xcpng, and now hopefully settling with Alpine and zfs. Go the more sane way, any of those first three will work just fine.

TheHobbyist,

What does this mean regarding their components pairing? Will they still force indepent repair shops to go through apple to validate a repair by requesting a new pairing for the replaced part? Will it be free? Will it depend on whether the part is a genuine apple part? A salvaged one? A third party part?

TheHobbyist,

Do you mean that someone can take the design, place a hardware vulnerability and sell it? Sure, but this does not require RISC V to be possible, there are already vulnerable CPUs sold on the market. People have found such vulnerabilities already in reputable Intel CPUs for example (look up Spectre).

TheHobbyist,

With HoloISO? Is it compatible? I think?

github.com/HoloISO/holoiso

Wander, (edited ) to selfhosted
@Wander@packmates.org avatar

The future of selfhosted services is going to be... Android?

Wait, what?

Think about it. At some point everyone has had an old phone lying around. They are designed to be constantly connected, constantly on... and even have a battery and potentially still a SIM card to survive power outages.

We just need to make it easy to create APK packaged servers that can avoid battery-optimization kills and automatically configure an outbound tunnel like ngrok, zerotrust, etc...

The goal: hosting services like , , !? should be as easy as installing an APK and leaving an old phone connected to a spare charger / outlet.

It would be tempting to have an optimized ROM, but if self-hosting is meant to become more commonplace, installing an APK should be all that's needed. can do SSH, VPN and other tunnels without the need for root, so there should be no problem in using tunnels to publicly expose a phone/server in a secure manner.

In regards to the suitability of home-grade broadband, I believe that it should not be a huge problem at least in Europe where home connections are most often unmetered: "At the end of June 2021, 70.2% of EU homes were passed by either FTTP or cable DOCSIS
3.1 networks, i.e. those technologies currently capable of supporting gigabit speeds."

Source: https://digital-strategy.ec.europa.eu/en/library/broadband-coverage-europe-2021

PS. syncthing actually already has an APK and is easy to use. Although I had to sort out some battery optimization stuff, it's a good example of what should become much more commonplace.

cc: @selfhosted

TheHobbyist, (edited )

I think there’s some truth to it. But I imagine it will be more AOSP than what android is with google services. AOSP is really a great operating system with very good security and built in features. And with neural engines and high bandwidth emmc, it is mostly just lacking a large amount of storage to make it all complete, but the latest SOCs are most probably powerful enough. Is there something like docker for android? :)

Edit: I do recognize what someone else said, which is that one big challenge would be software updates. We are not that limited by hardware when we consider servers, they can easily run for years with regular software updates.

TheHobbyist, (edited )

May I suggest the following shows:

Both of them are rather old, but quite great in their unique way. Perhaps you enjoy them too!

Mumin is even an anime, if you like that, but was widely distributed in Swedish as it was a collaboration work with a Japanese anime studio.

Edit: adding links

TheHobbyist,

I don’t know if you want to talk specifically about codec settings but it seems overall the compression quality goes AV1 > HEVC/h265 > h264. So if you have the time and/or hardware go for AV1, otherwise HEVC will be perfectly fine. I don’t know of any situations which calls for h264 nowadays.

TheHobbyist, (edited )

You can create multiple user profiles in which you can install different apps. Each profile behaves as an independent phone installation in a way. That allows you to install google services to a specific user profile (with all the GrapheneOS sandboxing, controlling all permissions). Once you have google services, you can install google services dependent apps which basically work as they would normally.

There are some few banking apps which depend on something called “native code debugging” (a security feature). Normally it is advised to disable it for security but some banking apps need it enabled to be able to self inspect and verify integrity, from what I understand.

Edit: you can read more about GOS user profiles here: grapheneos.org/features#improved-user-profiles

TheHobbyist, (edited )

There are very few apps which don’t work with GrapheneOS assuming you install google services. There’s hardly anything specific about grapheneOS which makes it incompatible, its just that some apps don’t like when google services are not available. But the combination of user profiles and compatibility layer with Google services makes the vast majority of the apps work.

Edit: user profiles are not necessary but they are what can help isolate google services from all other apps for instance.

TheHobbyist,

Thank you, I’ll see if this new information can help me pinpoint the video.

TheHobbyist, (edited )

I’m not expecting it to be a long term authorized practice to have community notes on ads, given how much ads are a crucial part to the financing of the platform… It just feels like biting the hand that feeds you would be a bad idea.

Goodbye Youtube and thanks for all the fish (infosec.pub)

Youtube let the other shoe drop in their end-stage enshittification this week. Last month, they required you to turn on Youtube History to view the feed of youtube videos recommendations. That seems reasonable, so I did it. But I delete my history every 1 week instead of every 3 months. So they don’t get much from my choices....

TheHobbyist,

I hear you but this seems to largely ignore that we are all already paying google, a lot. It is only thanks to their unscrupulous private data harvesting that they have become the mastodon they are. This has been going on for so long and only in the recent past to we get the scale of this effort. Now they want us to pay them too, while nothing is changing on the data privacy side? Frankly, I don’t think they deserve our trust. It’s not like paying makes them get any less of our private data, so they are basically double dipping. That does not sit well with me.

I’m all for paying for a due service, but I also have expectations of data privacy rights. Those are mostly vanishing into thin air with google…

TheHobbyist, (edited )

I’m arguing I’m already paying…

Additionally, google has no right to how the website they serve me is displayed in my browser on my computer. If they send me the video stream despite me not looking at their ads, that’s on them. What happens in my browser on my machine should not be Google’s business.

TheHobbyist,

The battery life in arstechnica’s review stands out as different and lower compared to 2 other reviews (pcgamer and techradar):

lemmy.zip/comment/3284894

It might be due to the use of the USB-A ports on the backside of the laptop which are known to have some abnormal power draw, which framework is currently addressing.

TheHobbyist, (edited )

Indeed. On both the picture at the top of the article and at the bottom, do we see them having the USB-A expansion card in the slot closest to the screen. If that’s how it was configured for the battery test, it would show battery life in a non-optimal configuration.

Edit: this is only an issue on the AMD board.

TheHobbyist,

This survey was published almost 4 months ago, is it still relevant by now? When is the deadline for this survey?

TheHobbyist,

I can’t stand winter time, would love DST all year long. Its so depressing to have the sun set before I finish work and come home when its pitch black…

Switzerland in no rush to mirror EU sanctions against China (www.swissinfo.ch)

Switzerland feared retaliatory measures from China but kept the decision quiet for undefined legal reasons, reports the NZZ am Sonntag newspaper. China’s ambassador to Bern, Wang Shihting, warned Switzerland last November not to impose sanctions. “Anyone who really cares about the friendly relations between the two countries...

TheHobbyist,

They have followed up on all sanctions from the EU I believe. What do you mean no problem with Russians?

TheHobbyist,

Regarding your last point, this is due to swiss neutrality: they don’t export to countries in war. That’s nothing new and is a fundamental principle of swiss neutrality.

TheHobbyist,

I tried this just last week with windows 11, successfully:

Disconnect internet, run installation until I needed to connect to the internet.

Shift + F10 to open terminal

Enter the command: OOBE\BYPASSNRO

It restarted install and the “skip now” option appeared to connect online, allowing for an offline account creation.

tomshardware.com/…/install-windows-11-without-mic…

Edit: I now read you are using windows 10 and not 11, not sure if this will work…

TheHobbyist,

“Good” really depends on what you’re after. Do not use CalyxOS if you care about security. They are significantly behind in implementing security patches, regularly. You are in some way more vulnerable with CalyxOS than regular android on a pixel because you would get security updates faster on pixel. Additionally, the network permission of GrapheneOS is a paramount security and privacy feature. Also, GrapheneOS takes over all location services requests even if you use google services, making sure that even if google services are installed, google only gets location info whenever the location request is for the google services, not all/any services or apps on your phone. There are additional points too, but CalyxOS, while I don’t want to bash them, should not be considered a secure OS the same way GraphemeOS is.

TheHobbyist, (edited )

Would you care to put any weight behind your accusation?

The main issue I’m trying to expose is that any custom distribution by an OEM can implement any app/service the way they want. The android source code is available, any access and permission can be obtained depending on how you implement it in the source code. You can even weaken the security if you want. Any distribution by these OEMs is a secret sauce, you have no way of knowing what shenanigans they are pulling on your phone.

So yes, they can get root access if that’s what they want.

This is not to say they do. I’m just saying we have no way of knowing how things are implemented and hence why open source is so fundamental to security.

Edit: I concede that the strict definition of what considers a system app does not provide with these accesses. I’m saying any custom distribution with built in apps may have been customized to allow for these things to happen. Perhaps this is where we may have misunderstood each other.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines
    •