Posts by doublelayer

Re: Canary in a coal mine or the ramblings of a dead parrot ?

Read more comments from the same source and you'll see a lot more of them. It's something in the weights for whatever generates the associated word salad along with "methinks" and the username on whatever it replies to.

Re: Conclusion probably right, comparison probably wrong

The question in the report was whether it could sustain more than three players, which is what I was responding to. My conclusion was that it could, but possibly not long from now, demand might decline so much that even those shut down. However, I doubt that will happen either. There are enough people who use the models that have already been generated that I expect some people will still continue this long after the bubble has popped. The big companies may no longer get massive server clusters to build another model, but for a lot less money, you can still build more and more wrappers around the models you have. They cost less to run than they do to build, and if you make them small enough, you can make the users run them and still charge them for doing so.

I've seen plenty of negative uses of LLMs. It can be tempting to think that maybe one day the investors will pull the plug and they'll all stop, but this is not very likely. As long as people are still willing to pay for that, someone will still charge them for running it. I don't expect people who are already running LLMs in their workloads to stop until those LLMs cause single, very big problems that are publicly linked to the use of that model, rather than the numerous but small problems we get today. I'd like the shortcut out of that, but I don't see it and I'm pretty sure loss of investor confidence won't be enough.

If running a 500b parameter model is what you want to do with your machine, the CPU you need is different from the CPUs anyone else needs, or maybe it's irrelevant. The most limiting factor trying to do that on typical consumer kit is that you need lots of RAM. Even if you quantize it to FP4, that's 125 GB of RAM, not exactly the typical amount included in the average desktop. But Intel isn't making that, so ignoring that elephant for the moment. GPUs are faster than CPUs at running these models, but I assume you're not considering that for the RAM shortage since, while I can get 128 GB of RAM into a desktop if I pay enough, getting 128 GB of VRAM is not very likely. NPUs may eventually bridge this gap, and AMD's tend to be faster than Intel's right now.

That means that the CPU you want is exactly what you said you didn't, low performance per core and lots of them. Running an LLM benefits a lot from parallelism, meaning that the more raw compute the CPU can put out in total, the faster you'll get your results. There are a lot of tasks that don't get that, either by intractable problems with the algorithms involved or because they weren't written that way. That's why a lot of things benefit from having a smaller number of cores that can obtain much nicer single-thread benchmarks. LLMs are not among these uses. As increases in single-thread performance slow down, both Intel and AMD have been finding ways to increase their core counts, and in many cases, you get higher benchmarks on both from Intel processors with faster performance cores and more numerous efficiency cores at the cost of much higher power and heat levels, whereas AMD often gets higher numbers for performance per watt but has been doing some power inflation of their own recently. In both cases, running such a large LLM is not something a lot of buyers are looking for, so most consumer chips are designed for what they are doing with their hardware.

Re: DOGE is the one FINDING this!

LibreOffice would save even more if all you need Microsoft or Google for is a word processor or a spreadsheet. If you need other things that are included in those subscriptions, you'll need more open source software. Your confident assertion of simplicity shows the problem with it. A lot of improvement can be made by shifting to open source software, and it's likely that it exists for almost all the things the various departments and agencies need, but if you try to do it on a simplistic, single approach without considering what specifically the needs are, everyone is going to hate it and Microsoft will be back as soon as they can get rid of you.

I've seen attempted migrations to open source software be torpedoed, not by the software, which was perfectly able to do everything the users needed, but by adherents of open source who refused to see problems with it, even when those problems could have been worked around. If you need to replace Office365, you need to ask the people which parts they're using and which parts they don't, and only then can you even give them the list of things they need to do the same thing.

Re: "gigawatts" capacity ?

"And comparing my 2013 CPU to the leading CPUs today, it IS clear that POWER does the work. My 3220 2-core is 53 Watts, I see faster CPUs sucking 90 130 190 Watts."

There are those, but there were those in 2015 as well. There are CPUs that are much faster while maintaining the same TDP. For example, the Intel Core Ultra 9 285T has an official TDP of 35 W and benchmarks 179% above yours on single-core performance, which isn't far from your 3x requirement. It benchmarks much higher on multicore, but because it has 24 cores instead of your 2, so that may not count. You could argue that this is because it can burst up to 112 W, which is fair, but it won't stay there very long as heat comes up, and the performance wasn't only measured at that peak when it could operate that high.

But if you're particular about that point, let's instead use the AMD Ryzen AI 9 HX PRO 370. Not quite as fast, only benchmarking 147% higher, and it only has 12 cores. However, the default TDP is 28 W and it can only go to 54 W, so no bursting and probably more efficient than your Pentium most of the time. Single core performance may not have stuck to doubling every eighteen months, but it was obvious it wasn't going to, and performance per watt if you can use multiple cores has maintained that rate so far.

Re: Why even have a local disk?

So email is persistent, but the rest of my files aren't? I do not understand why this is an improvement. If email wasn't persistent, then you couldn't read any if you had local access. If files were, you could work on them too.

I think this is the problem that Chrome OS, and every Chrome OS-like system will always run into. At a different scale, it's the problem that every cloud-based application runs into. There are some minor advantages possible with everything on a server, and there are some much larger ones possible if everything is local, but some local things and some remote things often gives you the downsides of both and the benefits of neither. Many of the advantages of remote data only work in specific scenarios that not every user is in, so these systems tend to evolve to having local options anyway, moving you into the both downsides area.

Re: Why even have a local disk?

What are you going to put on the local disk that helps if you're at home or on the road? On my work computer, I can do some work without a network connection because my code and my text editor and my plans are on there, but it sounds like all of those are supposed to be remote. I can work efficiently from a mobile hotspot because most of the big data is already on my disk and I just have to pull modifications, but again, it sounds like that would be remote too.

Unless you just want the OS to be immutable and the user would otherwise be able to install applications and store data freely, I'm not understanding what the disk does for you. If you are planning to have that, then your immutable system isn't much different than existing ones. I can replace my kernel, and if malware did it, it would be a problem, but malware capable of doing it is capable of doing anything else it wants already and the malware that I'm most likely to get will not bother to replace it.

If my original idea was correct, then having a disk won't help at all. You'd still need one because your terminal OS has a browser in it and those need updating frequently. It would be prohibitive to replace ROMs for that or to pull updates from a server every time it turns on, so some persistent storage would be required. But having one that the user can't use at all wouldn't change the situation. I'm still not convinced it's a good idea except in some narrow use cases. If you need a computer which is blank when investigated, then it could be useful, but there are other ways of having a clean computer that may be more reliable.

Re: Perfect for running the Laundy

My problem with the idea is that all-remote data often makes the data fragile. For example, let's say I need a bunch of credentials to access things because my employer hasn't got a full SSO setup. They want me to use random passwords and a password manager. Where are my passwords? Options:

1. On my computer: then it's not stateless, because at least some information is stored there.

2. On their servers, and I have to authenticate to get to it, which makes it easier to attack because the attacker does not need access to my computer.

There's a reason why many businesses prefer number 1. Having a dumbish terminal also leaves you with a dependency on the network. You might be in the admittedly large camp that always has network access or can't do much work without it anyway, though not everyone is, but one major problem even in that situation is that some things are sensitive to latency. There are tasks that aren't well handled by such a device.

Re: Computers have screen recorders you know?

Bug: When a serial device is connected over USB and sends a certain string, data can be injected into protected memory. This probably allows command injection, but so far, all I've achieved is causing a kernel-level crash.

Video through screen recorder: The video shows the desktop, then cuts out because the kernel crashed. How useful is that?

Video through external camera: It shows me plug in a USB cable, then the BSOD appears. How useful is that? For example, if I'm wrong and it's not what the device sent but a driver is wrong, how would the video help you identify this?

String to be submitted through serial port: You can test it for yourself and see whether it works and what conditions apply.

This was just one case. Many cases of security vulnerabilities either have no significant results that a video demonstrates or the video would just show the user doing obvious things already shown in their report. There is a reason why most bug reports have reproduction steps in them. A video could be useful in cases where reproduction steps are complicated, where the case requires things the person checking doesn't have, or when the results are hard to explain. If these conditions apply, the reporter may provide a video for extra data or the reviewer may have a good reason to request one in a follow-up. If those don't apply, making the video wastes the time of the reporter and the reviewer.

Re: It is unclear.. what problem the video was intended to fix

Having dealt with bug bounty reporting systems, the flood of low-quality submissions in several ways is a major problem, but a video would almost never help.

There are always a lot of terrible submissions when the possibility of money is on the line. I would get things along the lines of "your web server is running Nginx, Nginx has this CVE", which often was a different version or we had already patched it, but even when it wasn't, you don't get credit for discovering something someone else discovered. Maybe if it was something we had failed to update in a while, but if the CVE came out yesterday and we haven't patched yet, that doesn't count. Or we'd get something like "If you enter a bunch of junk in a query parameter, the page looks weird" which would count as insufficient input validation in the client-side script on that page, but that isn't a security issue and a lot of people would argue that it's not a bug worth solving. Crucially, those people are the people I'd have to go to with it and I have actual security problems to shout about.

In none of these cases would making them submit a video help. Someone in the hopes of a payout who doesn't understand what counts will have no problem showing the output of curl -I to say "look, Nginx, just like I said". They will find it easy to record their screen to show how typing gibberish into their browser causes the UI to go wrong. Neither video provides any more information than a proper report would. I suggested trying to reduce this by adding a box for possible consequences of exploitation, but AI can easily generate a few generic paragraphs on that topic, so that probably won't work either. At the end, there's little that can be done other than have someone do the boring slog through the submissions to find if there are legitimate ones in there, and if you're unwilling to do it, just take away the payment commitment; that will drop a lot of quantity right away.

Re: In other news, today's Times >

We're not decrying the Chinese government for bringing in this law. I, and at least some others here, are reacting to the fact that they violate the law they passed themselves all the time and will continue to do so. I, unlike some of those posts, also don't think they have any intention of enforcing this, even on private companies that don't work for their government.

Now take a guess whether I'm pleased when countries I support more often do the same thing. Do you think I'd praise the action? In case you're unaware, no, I don't and I want them to stop. I will do what little I can to get them to stop. Most of the time, they do not bother listening to me.

Re: Don't buy closed hardware in the first place

"Yes, I could start out on a lower end CPU in a given family and then upgrade to a better one in the future, in the same family...e.g. start out on something i3 class (because for some reason my budget might be tight) then move to an i7 in 6 months to a years time...rather than being stuck on the i3 until I can afford a whole new laptop...that's the difference socketing makes."

And that is exactly what Framework provides. From the context of the previous comments, the discussion was whether you have to replace the RAM if you do that. For your use case, no, you don't, because the same generation uses the same type. If, however, you replace the old I5 using DDR4 with this year's Ryzen which uses DDR5, then you do have to change the RAM but you would have to with sockets.

"They aren't all standard. Whilst the variance isn't massive, it is there...and connectors are even worse. There are laptops that use standard size batteries, but they don't use standardised connectors. Connectors are where laptops tend to differ the most."

And Framework's laptop uses one battery with one connector, hence standard. They've made a few generations of boards, including Intel and AMD boards, and they use the same battery and the same battery connector. How did we get derailed from this? This thread is entirely about what Framework does to be upgradeable or not. Using the same battery connector is one of the advantages I see in it because it means I don't have to search to identify what connector I have and hope I can find a battery using it eight years from now; if Framework's still around, then I can get one from them, and if they're not, the connector design is at least available to others.

Re: Don't buy closed hardware in the first place

Your critiques are falling into either obvious or obviously impossible categories. For example:

"Some of those items aren't a given either...a new board might require different RAM...": Yes, it might, based on what RAM type the CPU uses. Would socketed CPUs do anything different? No, they would not. Thus, that does nothing to argue that the mainboard approach is any less upgradable than the unavailable alternative with which you're comparing it.

"a battery with a different voltage": What part of standard design makes you think that's an option? The board is responsible for converting the voltage from the battery to whatever the CPU needs, which is likely the same voltage the other CPU needed, but just in case it isn't, that's what the other components are for. The battery will stay the same.

Also, the main reason I bought one isn't to upgrade the board inside it. The main reason I chose it is that I am often content to run the same old processor for a while, but some other parts are more likely to fail while I'm doing it. I've had the experience of looking for parts for an old machine and finding that they're not easily located or the replacement process involves dismantling everything. I wouldn't be surprised if, when the one I'm using eventually gets discarded, the mainboard is among the original parts whereas other consumables aren't.

I agree with you that these aren't the most cost-efficient models out there. I could have gotten the same performance for less money. I could have even gotten more of some specs for less money, although most of that "more" consists of things like touchscreens which I don't care about. I've dealt with computers, mostly others' but sometimes mine, that lost things like charging ports or keyboards that were too tightly integrated, and the computer this one replaced was replaced because things like that had happened to it, not because the CPU was too old for me. Since I expect to be replacing some parts and keeping this one for a while, I am gambling that the parts availability will allow this one to last longer than the cheaper alternative. We'll see if I am right. I am not a Framework apologist; they've done some things I'm not a fan of, but my experiences with the competition haven't been very good.

Re: Don't buy closed hardware in the first place

Most of that is correct, but some of it is exaggerated. For example, when upgrading motherboards, the chassis is not all you keep, unless by chassis you mean literally everything except the processor and the board it's attached to. The battery, the screen, the keyboard, the storage, the wireless card, all the other little bits in there stay there. The processor isn't on a socket, but it's not like the board it's on has a lot of other replaceable components that you'd normally find. You do have to buy new USB-C ports and M.2 connector with the new CPU, but those things are not very expensive compared to the parts that stay. That is what other laptops cannot do. One of the main reasons that is an advantage though is, by having standard form factors, it becomes possible for others to make a board. Some company could produce a board that, for example, could take a Raspberry Pi compute module. Expose some USB-C ports and connect to documented and open sockets* and their board can be dropped into laptops with all the rest of the components built in. That is what isn't easy to do with any other laptop because you'd have to reverse-engineer the internal connections and because that model might be designed completely differently next year and all the effort is wasted.

The ports are dongles, true, and they're not anything special. The important part is that they're dongles that are designed into the computer, making them fit as if they were integral. I chose only USB connectors, meaning that I have what looks like a normal computer and I will use dongles when I need other ports, but if I wanted an HDMI connector, I would have one that fit just as nicely. The problem with dongles is that they are separate, meaning that people leave them behind, they stick out and have to be disconnected when traveling, and all the small inconveniences that come along with that. The "dongle" approach also helps in that they're replaceable. I've known people with computers with broken USB and HDMI ports, but if that happened to a Framework, they'd simply be removed and replaced. I would have liked if they could build them differently, for example if I could put more than four of them into my computer because I often find that more ports is usually better. Still, your comparison seems to miss why that's been done.

* If someone did make a Raspberry Pi CM board, the largest challenge would probably be connecting it to the screen, because I don't think it is an HDMI one. You might need extra hardware to connect those up.

Re: An Interesting Article in IEEE Spectrum not entirely irrelevant...

I have read that article, and while the points are basically correct, I find them rather simple. Basically, they point out that it isn't easy to identify or prove who is the absolute best at what they do, if there is such a big distinction in the first place, and that you can't guarantee to keep them. Therefore, you must not assume that you will always be able to find and attract some and must plan for more normal levels of productivity and skill. Most businesses already know this because they don't always find and hire people who are perfect at generating code or whatever else they're generating, as much as they might want to. Most aren't even trying, because all the very knowledgeable programmers I know are uninterested in going to work for the kind of company that builds the necessary but boring applications that are most common; there's no way for them to use their unusual knowledge in a place like that and that's what they enjoy.

Other than that, though, the article seems to run out of ideas. I would think that the most important element is how to improve individual productivity if it matters so much, but that's not mentioned. Team performance is great, but there are a lot of tasks in programming, and I'm sticking with programming not because it's the only job where this applies but because it's what the article talked about and what I know, that are not easily parallelizeable. The article is wrong about this, claiming that:

Everyone uses the same software delivery pipeline. If it takes the slowest engineer at your company five hours to ship a single line of code, it’s going to take the fastest engineer at your company five hours to ship a single line of code. The time spent writing code is typically dwarfed by the time spent on every other part of the software development lifecycle.

No, if the slowest engineer takes that long, then they'll produce less code. Maybe they'll turn out to be great reviewers, testers, organizers, or maybe they're just dead weight. The fastest engineer will produce code faster, and as long as the simplest amount of separation has been put in place, they'll be able to do that without waiting on the slowest engineer because the two bits they're writing should be independent of or compatible with one another. You often can't speed up development of a small module by having three people write it, but you can speed up development of three modules by having one person write each of them as long as you can be pretty sure that the modules can be written without coordination. If they don't recognize that, they may be arguing against looking for 10x engineers for a bad reason, "they aren't useful", rather than the many correct ones, only some of which they mention.

Re: HP

Remember that this is the person who invented time travel yesterday. I'd plan to wait a while for this, unless the plans can be sent backward to today using that ansible.

Re: Why do you assume that CISA are happy with the DOGE developments?

CISA can't be happy or unhappy about any of this. People who work there are probably unhappy with their colleagues being fired. The people deciding what it does mostly include the directing staff of the Department of Homeland Security who were appointed by Trump, so they're probably willing to carry out his orders and annoyed that the courts have blocked this one. Ordinarily, they'd have a director to do this, but the previous one resigned and they haven't put in another yet, hence the increased involvement from its parent department. I wouldn't read pleasure into cooperating with this order any more than you should read it in their cooperation with the previous order; they have no control either way what happens here and simply do what the last person to rule says.

Re: Maybe there's an ulterior motive to this?

This is one reason I'm quite glad for this guy. With every time he brings his case based on the stupidest legal arguments, he puts one more brick in the wall against that argument should someone (I wouldn't put it past anyone who makes LLMs) try to do the same. I'm sure they would if they could, and somehow they would get a lawyer to argue simultaneously that they can use any material, no matter its copyright status, and that they own all the versions of that data after their program has chopped it up and reconstituted some of it.

Re: Of course it's Stephen Thaler again.

Nothing says that his idealistic point is one I agree with (I don't) or logical (it's not). However, there is still a difference between the person who tries to pass this because they stand to gain and someone who does it by being completely deluded, and I have seen enough similar motions to conclude that it is the latter in his case. The patent office has already told him that he can have his program spit out as many patents as he wants and he can own them. If this was a ploy to flood the patent system, he has the power to do it. He isn't doing it. Instead, he is trying over and over to let a program have ownership itself, and he alleges that the programs involved are beings capable of owning and disposing of the intellectual property they'd theoretically own.

Perhaps the problem was my use of the word "idealistic", which suggests a positive element. I meant it in the sense of pursuing a personal ideal, even an illogical and stupid one, without having a pragmatic purpose behind the action. From what I've seen of his court cases so far, he doesn't have a pragmatic purpose, he wouldn't stand to gain if he actually won, he isn't adjusting his tactics at all in order to make it more likely that he will win, and his statements tent to be philosophical and largely nonsensical.

Re: Of course it's Stephen Thaler again.

He seems to be doing this for an idealistic point, since the patent office said that he could patent the thing the program created but he wants the program itself to own it. I wonder if he has a suggestion for how a program would own something and act based on that ownership. If he somehow succeeded, what does he think his program would do? If it doesn't already have code in it to sell or license out the patent it creates, then surely editing it to insert that would make a different program that doesn't own them?

I wonder if this is another case of sci-fi overdose. I find that quite a few people, mostly people who work with or at least around tech, seem to have read a lot of classic science fiction, as I have as well, but have forgotten that it was intended to be fiction. These people do things like grab doomsday scenarios from a story written to be interesting rather than extrapolating to theorize a likely way that our current situation could lead to disaster; invest time or effort into duplicating something that wasn't written as a suggestion; or in this case, ascribe to computers the kind of attributes given to robots or aliens in the stories without realizing that most of those stories were using robots or aliens as analogies to humans or, if they weren't, were describing things that were unquestionably conscious and sapient. Whether it's Zuckerberg not understanding why his VR business doesn't have the same pull that immersive environments do in cyberpunk books, virtually everybody at OpenAI and Anthropic worrying about their AI taking control of nuclear arsenals instead of all the things it's actually going to break without thinking that authors from the 1950s and 1960s might have been thinking a lot about nuke safety, or people who think the point of space travel is to get a human to Mars as soon as possible without considering how much nicer it might be to get lots of probes there before any human is around to mess it up though some authors actually did write about that, they seem to think that plots written for different reasons and often many decades ago are futuristic and visionary thinking.

Re: Who would own that copyright?

That is why this ruling is so important. If the output of AI could be copyrighted, then the creators of the programs, among the most prolific copyright violators in existence, would almost certainly try to automatically copyright anything it spit out. Not so much a problem for people whose work it quotes, because they can prove it was in existence before the model was created, but a big problem for anyone they claimed used their model's output afterward. The hypocrisy would somehow not be obvious enough to automatically cause their suits to fail, though I do think they'd lose a lot of them. A blanket no-copyright stance is very helpful though.