Posts by doublelayer

Re: Chat GPT Apples

I'll try this once more, but it is clear that you're trying to excuse obvious errors and unintentionally insulting people in the process.

Me: If the program meant that you took two away, leaving three, and then something happened to the three, leaving two, then it would say so.

You: Why would you assume that? Moving goalposts?

Because it clearly did say "If you have 5 apples and take 2 away, you would have 2 apples remaining." That was contrasted with the "take away" = "I have the ones I took away" branch. There is no room here for additional actions affecting one of the remaining apples. It could have said it: "If you have 5 apples and take 2 away, maybe someone grabbed one of the remaining ones while you were taking yours, and then you would have 2 apples remaining." It did not. It subtracted wrong. LLMs calculate wrong all the time.

Various types of people like to or find it difficult not to interpret this question in many ways. I have done it. Others in these threads have done it. The main difference is that, even though we've all come up with different interpretations of various apple-related subtraction problems, they either result in a "not enough information" answer, or they state an interpretation and then correctly solve for the number if that interpretation were correct. Nowhere did they simply state that it was unclear, so the answer was definitely 42 and refuse to tell you how that happened. Autism does not cause people to do that either if they're actually trying to solve the problem. While I have no reason to think that I am on the spectrum, I know many people who are, and while they may make fewer assumptions than others would, they would do the calculations right.

From your posts here and elsewhere, you clearly like LLMs as a tool. I have found them frustratingly unreliable. Sometimes, their answer is useful and relevant, but very frequently, very simple errors make their output useless and the time I spent getting the answer wasted. Who knows, maybe you're just excellent at making them not do that in the first place. The problem is that your eagerness to justify obvious errors as not errors suggests that you may not be the best user of them either but refuse to admit the quality issues in the output you are putting to use. You're unintentionally insulting people with autism by suggesting that they would do the same kind of shoddy work, when many of them would not and, in my experience, be more conscientious about the quality of their work than others.

Whether a model is too large to feasibly open source doesn't change how this works. There is no requirement that they be open source. I have some large software which is free, but it's not open source. It's still useful. Large models which are distributed under generous terms can be very similar. The problem is that one of the freedoms provided by open source is missing: the freedom to know what is in the program you're running. The FSF refers to this as "freedom to study how the program works", so I disagree that all four freedoms are there. So far, only one seems present. Without the training data, the prompts the model is based on, the ways it was trained, etc you have a black box, very similar to what I have in the binaries that I'm allowed to use but I don't know what's in them.

In practice, open sourcing a model could be so hard that it's not worth doing. Retraining it to confirm that the binary you have matches the source data, or at least to make a binary that does for you to do later, may be infeasible. Neither of those realities changes what it means to be open source. This should be evident when we compare it to a small model. If a writer of a small model with a gigabyte or two of training data refuses to let me see, let alone modify and retrain, that training data, it is not open source and, as far as I can tell, they might have all sorts of extra unadvertised stuff in there.

Without this, the freedom to modify is restricted. Yes, I can use other methods to change how the model works. You can argue that some of those count as modifying. Several of them are more akin to building a system around the program, the way that if I call a binary from my program, my program isn't a modification of that software, just a user of it. However, I can't modify everything. My ability has been constrained, and not necessarily by my access to resources to use. It has been constrained by the unavailability of the source to this program.

Re: Cartel Is in Full Operation

All the 2020-era machines already support Windows 11. So the last refresh already makes another refresh unnecessary. I have seen some companies who refresh their computers every 4-6 years, and this is probably what Dell is thinking about. When I have seen that, it has always seemed wasteful and pointless to me, especially as many places I've worked use the slightly longer period of "until it catches fire or there are bits hanging off". I prefer that one most of the time, though it can be taken a little too far.

Re: Repeal the de minimis provision

That's where it would stop working. If I want to import a small item, I have to find a company willing to resell it to me, get the manufacturer in China to sell it to an exporter, the exporter to put it in a shipping container, the container to be passed by customs even though it probably contains a thousand individual packages with different things in them, wait for my distributor to sort out my package, charge me their markup for the action of receiving a box off a ship, then send it the rest of the way. None of that is at all related to the price of sending boxes through the mail. That's the point that the original post inaccurately conflated with the rest of the regulations, because it is entirely independent of the rest of this. Others have described what happens when you have this company in the middle. Either you can't get an item, you can only get it from someone who has applied a 200% markup on it because they're the only person who has imported a box of them and you can't manage it yourself, and you certainly can't use whatever supplier you want because, if you're lucky enough to find someone importing them, they've already decided on one supplier.

There are two problems that are worth solving. One is that we're paying more than China does for sending packages. That's worth fixing, and although it's a tricky diplomatic experience, it's unrelated to the rest of this. The second is the existence of dangerous products. Given all the dangerous products stored in bulk locally in Amazon warehouses, the customs exceptions for small packages isn't a simple answer to that problem either. Most likely, there will still be dangerous items and we won't make a dent in them unless we spend a lot more money in individual enforcement actions against their sellers.

Re: Bad response from Crowdstrike

But low-level code basically doesn't. If you're writing in assembler or in C, a lot of important things do not raise exceptions for every invalid situation. With more clarity, C doesn't have exceptions. Some libraries have their own things that look kind of like exceptions, but they all work a little differently from each other and a lot of code you work with will not have those either. Good functions, including kernel ones, do check for and report errors, but you have to check that manually. If you don't, execution will proceed. You can't do a global check either. For instance, if you try to allocate memory and there isn't memory available, you have to check that right after trying and if you don't, your code will continue to execute until it tries to use that memory that never got allocated.

That's just talking about organized system calls which return errors in a way other than exceptions. There are lots of other things where you don't even have that. If you're dealing with locations in memory and you refer to a location that doesn't exist, isn't yours*, or doesn't contain what you intended it to contain, that's not an exception situation. You will get, respectively, a crash that can't be recovered from, a crash that can't be recovered from, and the wrong data which will probably lead to more bad pointer arithmetic somewhere which will, hopefully soon enough, give you a crash that can't be recovered from instead of a bunch of shredded data and then a crash that can't be recovered from. The only way to do this is to put more effort into not messing up and assuming that you still have, so trying to find out where before the users run the code. CroudStrike did not test their file in the way they needed to. It was a QA problem, and one I have a feeling they've fixed now, but they needed to learn that configuration files that get executed are code and can break things just as badly as the code that looks more familiar.

* When you run as the kernel, basically all of RAM is yours. While a program running in a user account, even root, will only crash itself** when trying to access memory used by another program, the kernel can stomp on memory used by any process. This is one of the reasons why you can't recover from an invalid memory use in the kernel. By the time you know you've had one, the chances are high that several other things are hideously damaged and you don't know what and where they are. Continuing to run is likely to cause more problems than not, so it requires a restart.

** Most of the time. There are some ways to access RAM that is not yours, and predictably, bad things happen when that goes wrong.

Re: Euphemisms, Repeatedly

In some cases, you could argue that there's a slight difference, though not one that any victim would really care about. For instance, if they are theoretically paid and permitted to leave, but they have been told that they have a debt and must pay it off. This is a common tactic. In turn, this takes two forms. Sometimes, it's actually real in that they can scam enough to pay off a "debt" and then be released. More often, the operators find ways to increase the "debt" whenever that might happen, meaning the payment is basically fake, but they still go through the motions.

I'm not sure "forced labor" is much of a euphemism either. It's pretty clear about what's happening to people and how unwilling they are. When attempts have been made to make a euphemism out of slavery, the slavers tend to have to obscure their purpose more than that. For instance, the "vocational training" required of some Uyghurs in Xinjiang which is as forced labor as this is is a euphemism worthy of the name.

I don't think that's the part they disagreed with. I think they, and I, disagree with the part "in theory a very good idea."

The problem is that there are lots of cases where a company owning some intellectual property is the most logical and only workable solution. If a company hires me to write some code, it isn't very workable for me to own the copyright to the code I wrote for them. It doesn't work for them: how can they sell a product based on the code they paid for when it's split up among anyone who ever touched it? How can they prevent someone else from doing the same? Could their competitor find each of the coders, pay them a small amount, and get legal copies of the same thing the company already paid for? It also doesn't work for me. In almost all cases, I'm going to write my code along with some other people, not all of whom might be there anymore. Can I use and modify the work of someone who no longer works there if they still own the copyright to that part? Do we need to track them, or their next of kin, down and ask for permission for me to view it? I think that, in that example, the company owning the work they paid me to make makes a lot of sense and is a perfect parallel to similar jobs; if I make a physical object at my employer's request, my employer owns the object.

So if a company can own something when they've paid me to make it, it also makes sense that they can buy it from me. To use another coding example, let's say I wrote some code on my own. I've been selling licenses, but there is a company that would like to use it. I no longer want to support it, keep updating it, dealing with licensing discussions. I could try to give them a generous, perpetual license then just stop, but then what if someone else wants it? They could try to track me down and get a license, but I might not be easy to find. I could sell the code outright to the company and allow them to issue licenses, and they could pay me more for the extra power than they would have for the more limited license. I've been part of this from both sides. I've had code I didn't want to sell anymore. Often, I did the easy thing and either open sourced it or just stopped acknowledging that it ever existed, essentially giving up on ever getting more money from it, but if I had a buyer, I'd happily have sold it to them. I've also tried and failed to track down a copyright holder for some code that I would have wanted to buy a license for, but because the person who originally worked on it got bored, you just couldn't because the holder was uncontactable and for the most part unidentifiable.

Both my examples are about code, but similar conditions apply for most types of copyrightable work.

Re: K.I.S.S.

A USB disk is much cheaper and larger, and you can put whatever you want on that. I don't think there are any security policies allowing booting to a floppy that don't allow booting to a USB drive, so unless you're working with something that doesn't have USB ports, then just use that way. Optical drives are another option that works just as well.

As for this approach, it's interesting, but I wonder how useful it is. I'm guessing that, in order to make it that small, they've excluded lots of things that I have on my recovery USB drives. For a while, my recovery drive was 1 GB in size (the benefit of that one was that it was too small to write other things to so I never erased it). That got lost so now it's a 4 GB drive. In both cases, I could easily add in whatever tool I wanted and keep that for later.

You want a product, and it tells you some places where you can buy it. How it picks the places to include, how it ranks them, and whether it even found what you were looking for are not specified. Other services attempted a similar thing, and Google often pushed them down the page, both by putting a shopping block on top whenever you did a search that looked like you were trying to find a way to buy something and by moving them down in the search results that appeared below that.

In my experience, many of the "where to buy this item" services weren't very useful. They often reported prices from a small number of stores, missing cheaper places to buy it, and if you actually liked the prices they found, you could easily find that it wasn't available anymore or had some extra terms tacked on that made it unusable. Then again, I only tried using them a couple times, so maybe I just got unlucky.

The other problem, and probably the largest one, is the description of the part you need. I have not looked and don't have a gun, so I can't prove the article correct, but if it is, here's their description:

"These devices, also known as "switches" or "auto sears," can be smaller than a USB flash drive and made of just a single piece of plastic."

There's nothing that can be controlled when the pieces we're talking about are that simple. One person who knows what they're doing could print thousands, so all you need is one such person attached to people who will distribute them and there could be only one printer involved. That printer doesn't have to be in the country as small plastic things get mailed in all the time. Meanwhile, people who want one of these things probably only want one or two, so it's not like they'll set off many alarms if they get their own printer or borrow another one.

I don't have a solution I can sell to US politicians. I am quite confident that this one won't work.

Re: Car thing

Yes. The younger generation is brilliant: they invented the concepts of debt and renting. They didn't exist before. Older people have never had either, even when they were young. Now all the young have to do is get the patent royalties on those and their problems will be solved.

I'm not sure why so many people like making a generational thing out of this. Lots of older people buy things with subscriptions, either willingly or not. For instance, some people I know, aged 59 and 63, who purchased those security cameras for which you have to pay every month to use them at all. Their children didn't make them do that; they chose to do it all on their own. Just in case they were unaware, I explained the subscription terms. They were aware and chose to accept it.

To the extent that there is any generational thing here at all, it's because it is easier to make a subscription out of devices with modern technology and the manufacturers are taking advantage of that. It's easier to have a camera that only works with the manufacturers' servers and phone app now that the users have phones it can work with and a connection to keep the cameras and the servers in contact. That would be a more convincing argument if there hadn't been many similar things before which used the same terms. Before there were cameras connected over WiFi to your phone, there were still home security systems, often paid for monthly and managed by a company. It's not just those. Televisions were rented. Cars were leased. People chose that option, or were sometimes not given another option, even before the year 2005.

Subscriptions work because people sometimes choose them. I generally try to avoid them whenever possible, but I'm also comfortable doing some of the work that a subscription involves. If I ever decide I need a camera on my house, I'll do the network setup to get in contact with it when I'm away. I may even build the device, probably with a Raspberry Pi in it. A lot of people who want that are not willing to do that, and when given the option of a single-purchase camera which requires them to learn some network admin or one with a convenient app that just works, they choose the subscription. Some people are just not as frugal as we are or value things differently, and age is not really a factor in it. The important things are that we make clear when something is a subscription and when they're not so that people can make an informed decision and that we prevent companies from switching from "you bought it" to "just kidding, you didn't, and now you have to pay again to keep using it".

1 - Expensive and very time consuming. It's worth it, but people sometimes want to get there today, not in five years. When those years have passed and the new route exists, that will be great for the people in that area, but chances are that there will be a new one that could use a route.

2 - Expensive depending on the demand.

3 - It depends how many people want to go to the places you're talking about. If it works as it often does, where the trip on the public transit is pretty fast but then you have a long walk ahead of you, the benefits during the part where the dedicated rights of way are speeding it up can be wiped out in the walk later on. I generally don't mind that, but that's when I can spend extra time commuting and am not worried about how quickly I'll arrive.

4 - I suppose it depends how much groceries you're carrying. I could easily carry a medium amount on transit where I live, but the trains I've been on before won't be convenient if I'm trying to carry groceries for a longer period or a larger family. We're packed in too tightly and most of the things I'd buy are easily damaged.

Re: no Real-Time Clock

Likely the same thing that the Pi would do a lot of the time: use the wrong, cached time, which is still later, and boot successfully.

But yes, one of the tradeoffs of the strict verification is that, if there is no RTC, the power is lost so the cached time is out of date, and packages were verified during the running session, then they will not verify during boot. Those prerequisites are pretty rare with a server that generally has an RTC that works most of the time and generally isn't losing power unexpectedly given that they often have UPSes and automatic shutdown scripts if power is going to go down. That's less common with a Raspberry Pi which doesn't have an RTC at all and is most often connected to a less reliable power source with no prediction if it is going to fail. With every program, you end up building in assumptions and tradeoffs.

For instance, the same RTC lack can mess with programs that start before a Pi gets a network connection. It's well-known as something you have to consider. Some things that use wall clock time may report odd behavior when it switches from saved, wrong time to real time. Results get reported as applying to huge time periods. Scheduled tasks end up running because the time they were supposed to run was in the middle of that period that really doesn't exist. For better or worse, a lot of programs that are running as normal userspace programs have decided that they will have a clock available and if the clock acts oddly such as skipping entire hours, that's the user's problem. Not every program needs to write special cases for that not being the case, especially since most of them will be unable to tell between a clock acting oddly because the hardware makes it necessary and a clock acting oddly because there's an actual bug or hardware failure causing it. The user on a server will deal with this by a) disabling the verification so boot completes, b) adjusting the clock before the operating system is booted, c) replacing the faulty RTC battery, or d) preemptively doing A because they've decided they don't care. That doesn't mean that it should be preemptively disabled for everyone because some people may choose to do it for themselves. One of the typical attitudes of the Linux community is that you should be trusted to know how something will affect you if you change it and to let you get on with it. Defaults are defaults for a reason, but you're free to change them as you wish.

"I don't think the Russians could (or would) have been much help in the invasion - as they'd have had to commit their troops to both under allied command, and use the allies supply chain."

I don't see why that would have to be necessary. They could easily attack Japan from the north and west while the other allies, primarily the US, attacked from the south. Other than coordinating aerial action, they could operate somewhat independently if the goal is simply destroying everything until there is no more resistance, then repeating that further ahead. I admit that my picture of how this might have gone is probably biased by an alternative history that did consider this*, but I don't think it's that unrealistic. I agree with most of your other predictions. A more militarized cold war that likely would get warmer, if not a World War III less quick and fiery than the term generally describes.

* The book in question is Joe Steele by Harry Turtledove. Joseph Stalin's parents moved to the US and he became its president, and because he's a dictator, physicists don't want to give him nuclear weapons so there is a delay in making them. They still make them, but not until after the war has ended. Japan ends being split between US and Soviet spheres of occupation similar to real world Korea. It's not the most realistic of premises, but still a fun read.

Re: Get over yourselves please

The other problem, other than the snake oil, is that a lot of people want a single choice solution. They want the cloud to either be good or bad, so even without a marketer trying to pretend that something does what it doesn't, you have many people attempting to simplify a complicated problem. The finance person likes the Opex option, so they say that cloud must be better than anything else, so let's switch all our computers to that. Admins, as many here have demonstrated, have some, possibly accurate, reasons to be skeptical of the cloud, but they decide that it means all cloud options are always bad. Sometimes, their reasons are perfectly accurate, but sometimes they're also faulty. For example, one admin I knew who disapproved of cloud for, in my view, the same reason that he disapproved of Linux: he eventually learned how to administer a Windows server without setting it on fire and didn't want to learn anything else ever again.

In many cases, you actually have to calculate it out. What do we want to do. How much does it cost to do it with cloud supplier number 1? How much with supplier 2? How much right here in this building? How much in a colo nearby? What extra things do we gain with each option? The cloud probably provides us faster networking without having to do extra work. The local server room likely decreases our costs to add more systems there. What risks are there with each option. And now that we've done all that boring stuff, we can actually eliminate some options and make a decision. A lot of people want to skip this and use worse reasons, or no reasons at all, to pick one.

Re: ARMed and Ubiquitous

I still have to give them credit for doing a pretty good job at decreasing their power consumption figures significantly. Not to phone levels, but there's a reason why the low-end X86 boxes nearly all use Intel parts rather than AMD. That market segment may not be the most alluring, but they did find a demand for their low-power chips and they can be surprisingly good.

"Why are the makers of the Deep Fake software not being held responsable ? Surely they should have been the 1st bunch people to have action taken against."

Because such software generally exists in three forms:

1. Software specifically targeted at one type of deep fake, often sexual in nature. The people who make that generally don't put their names on that. They make it, they release it, and copies end up passed around the internet. Maybe they've got malware in them too, who knows. Tracking down the original author(s) who might be in any combination of countries is not easy.

2. Software which can generate lots of kinds of images whose protections against illegal ones are either absent or weak. They're owned by large companies that already ignore many laws, such as the one that says you're supposed to have licenses for training material, so even if you identify them, they're not about to let you enforce judgements on them. They'll call up a lawyer who will say that they're not responsible for what someone did with their software, that their software was not intended for any illegal purpose, and go find the user and figure it out. If charges continue to exist, the lawyer files documents and it takes months or years to complete, the way that almost none of the copyright trials have even gotten to trial yet.

3. Open source software which isn't intended to do this but which gets modified. Either it gets modified thoroughly by some person, in which case go back to option number 1 but the author(s) did less work to get the program, or it ends up being relatively easy to break protections and get illegal images. If it's that branch, then government could go after the person who made the open source model, but it would end up angering people who see someone who didn't want that to happen and has no reasonable ability to stop it or defend themselves being punished for what someone else did.

If you have a good way of escaping this triad, let us know.

Re: Conspiracy or ineptitude.

If I had to guess, I'd assume that there were things in the "why to vote for Trump" list that were in a prompt as potentially divisive things that you're not supposed to talk about, so that triggered the response, whereas the training data didn't have as much on Harris because she wasn't the candidate when the model was trained, so it got past the filter. I couldn't know, though, because lots of things are conceivable reasons and it is almost certainly LLM-based, where any protections you try to put in fall apart half the time and any attempt to make them consistently hold a certain opinion is similarly flaky.

An oversight or a deliberate setting would both make a lot of sense to me, but I still think the most plausible one is a combination of both. I doubt they deliberately set the prompt to refuse to speak about Trump but support someone else. The deliberate settings could be on more specific issues that are likely to come up when writing an answer to that question because those are what comes to mind for the prompt writers when they're asked to list political topics that we don't want bad press about. An oversight is not testing to see what actually happens when you add that filter and just assuming that, if you've put something in that rejects political questions, it will reliably reject all political questions. We will probably never know for certain. There's a reasonable chance they won't ever know either, even if they try to investigate.

Re: That solves neither set of problems.

If your only goal is slowing them down, then you have better ways that won't have stronger impacts on the legitimate users than the illegitimate ones. If I'm a criminal and I want a bunch of verified accounts, then I'm probably planning to make a bit of money out of this. I can bribe some people to go to your office and collect tokens for me; if I'm successful, I'll get it back. Meanwhile, someone who just lives in a rural area will try to go themselves and it will take a lot more time.

There are lots of ways to slow down a transaction. Collect an address, mail something to it, make them enter the number. Get a credit card number, charge something to it, wait for it to post, then return it. In many cases, there is no compelling reason to do either of those things. A physical office visit is worse than both of them in many cases, not that either of those is good.

The reasons for that are complicated, and I'm guessing you don't care about them, so I won't bother going into it. The other important fact there is that the U.S. government took the plane. Not a random company, not a specific company like its manufacturer, but a government. It is much easier for a government to take property from a foreign government, either following or ignoring law, international, treaty, or local. It is much harder for a company to do so. Most courts will ignore the request by saying they don't have jurisdiction. If they find a judge who agrees to let them do it, the country will appeal it and it's likely that the next judge will cancel that. If they get a judgement and try to enforce it, they are likely to have other problems, because if you go after the money that the Brazilian government might hold in a large New York bank, Brazil can threaten that any dollars taken from their account there will be taken back from that bank's holdings in Brazil, holdings which cannot be quickly removed to prevent them from doing that. Those banks do a lot of business in Brazil and don't want to pick a fight, so they can find reasons why the judgement needs to be reconsidered and, since it's likely not to be legally binding either, they are likely to have it reversed before any hard decisions need to be made.

This applies whether the country is democratic or authoritarian and no matter how justified their action is. It is why companies that invested a lot of money in budding dictatorships often lost it. People who stored their money in Venezuela or Russia, for instance, often lost it and were unable to get anyone to give it back. We may have agreed that they deserved it back, but they weren't likely to get permission to start selling off anything those countries had to take.