Posts by doublelayer

Re: -h or --help

So your complaint is about the lack of --? That's really not the important part in all of this. Lots of commands have different syntax for their parameters. For example, do you do --param value or --param=value? It doesn't really matter, because the man page tells you that. Similarly, --install or install makes no difference. IP is different, but it doesn't really change the mess you're going to have regardless. IP could be split into different programs, and each program's arguments could be simpler, but then you'd just have thirty commands for doing something to a network interface and the complexity would be figuring out which of the thirty you needed. It would be no easier than figuring which of the many functions of IP you want and how to invoke that.

Re: Intuitive GUI? My arse.

I made two points in two comments, and I think you may have mixed the two to disagree with them. The pdftotext example wasn't about a GUI being superior, it was to demonstrate why "man -k" is not a functional solution to finding a command you didn't know about. And no, it did not work well for me in my example. I only found the command because I already knew it existed and was able to figure out what the search term needed to be to make it come up. I pointed out why several logical choices that a user who didn't know the command existed would make completely failed to find the command. I had a second example which I decided not to include because it would have been similar, just a lot longer and less successful. You are correct, however, that the GUI would not necessarily solve that problem.

However, while a GUI won't make it obvious what every installed program does, it does make local option discovery easier for the unacquainted user. You can pull up contextual menus on an object and get a list of actions that can be taken on the object. This is quite useful in finding out what actions you can take, whereas the command line often doesn't have that because they expect the user to understand which commands you can send streams to and what they do. The original example of how to shut down Windows demonstrates this. I don't know how long it took them to think that the big button opens a menu and maybe the shutdown option would be in there, but since there was no other system menu, it probably wasn't very long. Once they opened that menu, they could explore all the other things in there and, knowing what options they had, start to use them. If you don't know what options are available to you, a GUI usually tells you that information more quickly than a CLI does. That doesn't make the CLI bad, it makes it harder to learn quickly, but since the CLI also comes with a lot of power and convenience once you've done that, it's still a valuable skill to have.

Re: How I see it

"There probably will be times when you really do want to click yes or no to every instance of a word you are searching for and replacing; but the rest of the time, you can't beat sed."

Or the "Replace All" button? Which doesn't require your editor to close the file before you do it.

Re: -h or --help

"That’s against the basic philosophy of Unix: “one command, one function”, but it has become the norm for modern tools, and we’re stuck with it now."

I think that makes the most sense. A package manager should be able to manage packages, which means that it should be able to install and remove them. Is "apt install" and "apt purge" really that worse than "apt-install" and "apt-purge", because that's what you would get if you insisted that the app-install command be unable to delete a package. I don't think the philosophy was that each minor difference in function should be handled by a completely separate program, but that programs shouldn't succumb to scope creep away from their initial function. Installing and deleting packages is one function. Starting, stopping, and reporting on a service is one function.

Re: Intuitive GUI? My arse.

"GUI design is opinionated...which means you don't always get access through the GUI to all the possible features and combinations, only what the developer decided that you needed and was willing to expose."

That's all interfaces. Developers of CLI tools have exactly the same problem. They run out of single letters for flags, the new option will conflict with an old one and users will complain if any part of the interface changes, the new option requires them to come up with a complex command syntax and write a parser for it and they really don't think the users will use that interface enough to justify that work, or they don't want to write the hundred lines that the new option will require to reject invalid combinations, so they leave it out. That is if they can, for example the other options are available in a config file somewhere or they're writing a frontend to something someone else wrote which has the option. Whenever you run a program, you are going to get the options the developer chose to put in it. A GUI doesn't necessarily have any fewer options than a CLI, and the best way of knowing which one has more options is to know which one came first because it probably got the canonical set, while some developer figured that their version could skip something that they thought was unimportant.

Re: Intuitive GUI? My arse.

"I'd go one step further than a big red button on the PC itself and go as far as to suggest a dedicated key on a keyboard to "restart current app" would be great"

I will take the opposing side there. The user can learn to close applications. They can learn that there is no restart Outlook button, and that when you say "restart" you mean exit and relaunch. Or you can say "exit and relaunch". Either is much simpler than adding a key to a keyboard that is completely unnecessary.

If we start adding more keys for every situation that comes up some time, the desk will have no space for a mouse or papers because it will all be a keyboard with buttons like restart app, clear print queue, actually check for network interface having a connection rather than have the user assume that their internet is down, enable remote access for the helpdesk to show you what to do, close remote access because a scammer told you to push that button, figure out what application the user wants to use to open that file instead of the OS default because they don't know how to change it, etc.

Re: Intuitive GUI? My arse.

The man -k command is a pretty rudimentary search facility which usually doesn't work. It can't handle any kind of complex query, and it falls back to hoping you can find a keyword that only matches the command you're looking for with it being quite easy to get nothing or twenty unrelated things instead. Here's an example. I've installed a command, pdftotext, which does what it sounds like. Imagine that someone new has sat down at my terminal, doesn't know that command exists, but wants to do that.

man -k "convert PDF to text"

convert PDF to text: nothing appropriate.

Well, maybe the quotation marks are not right here? They wrapped it because it is a command line argument with spaces in it, but when you do that in a search engine, it means to literally find the phrase. Let's try without.

$ man -k Convert PDF to text

30-systemd-environment-d-generator (8) - Load variables specified by environment.d

Git (3pm) - Perl interface to the Git version control system

RAND (7ssl) - the OpenSSL random generator

__fbufsize (3) - interfaces to stdio FILE structure

__flbf (3) - interfaces to stdio FILE structure

[over a thousand more results removed]

Fine, so maybe a phrase isn't the best search pattern. We don't want a thousand results. What if we use the smallest term possible:

$ man -k PDF

pdfattach (1) - Portable Document Format (PDF) document embedded file creator (version 3.03)

pdfdetach (1) - Portable Document Format (PDF) document embedded file extractor (version 3.03)

pdffonts (1) - Portable Document Format (PDF) font analyzer (version 3.03)

pdfimages (1) - Portable Document Format (PDF) image extractor (version 3.03)

pdfinfo (1) - Portable Document Format (PDF) document information extractor (version 3.03)

[8 more results]

This would seem to help a bit, after all I only have thirteen PDF handling tools installed here and they all came from the same package anyway. However, what happens if I run the same command on, for example, a system where I have a lot of LaTeX tools, which output to PDF. You get pages even with a terse search term like that. The search facility is very broad and the only way to restrict things involves regular expressions, which can work (man -k "PDF.*text.*convert") or can fail (man -k "PDF .* text .* convert"). Yes, the latter search pattern doesn't work because the description we're looking for has PDF in parentheses. This worked because I already knew the right command and could work back to a search pattern. For a user who doesn't know what the command's description has in it, they will have many more problems.

Re: Intuitive GUI? My arse.

My suggestion is to write a quick script in any language of choice that looks something like this:

The problem comes when you have commands that don't structure their man pages like that, don't have a useful synopsis when they have one, or the many things in there that don't have man pages.

Writing code in the comment box doesn't work well. It was indented properly when I put it here.

Re: Intuitive GUI? My arse.

A CLI has a claim to being the least intuitive interface to the unfamiliar user, however. If you already know a command exists, you can probably look up a help page on it, but if you're asking a question like "What do I need to perform [action]", you don't have any way of finding that out quickly from the interface. You could look through every binary available on the path on the assumption that it's probably one of those, but those aren't organized in any way, have names that don't tell you anything about what they do, and not all of them will even have man pages. Invoking them to hope that they all have a --help argument and won't, for example, run some program that ignores the parameter is dangerous. Don't get me wrong, I spend most of my day in CLIs and I'm posting here while I wait for another CLI command to finish, but that works a lot better because I have had years of experience with it and I'm using a system where I already know the commands I'm using most often, know what they are capable of, and have DDG at my side in case I need someone to tell me the incantations related to something I haven't worked with before.

"May as well just randomly scrape images off random sources."

Yes, that's the plan. Then, if you can be bothered, hire cheap labor to filter out some of the worst stuff. Then just train on the remaining mass. That's the models we have now. They contain stuff nobody wants in there, they contain illegal versions of works that the AI companies don't want to pay for, they contain complete gibberish, they contain personal information, and the AI companies are fine with it because they still look sort of authoritative when they make up something.

Re: In a more direct way...

Do you want to explain how a company makes money by having customer details taken by people who will use it for fraud? If it's the obvious: the fraudsters pay the company for that information, would you care to cite a single time it's happened? The fraudsters don't want to pay for that when they can steal it. They can steal it because the company has been lax with their security because they won't suffer too much. Those things work together very well for those who sell stolen personal information. If you want to prove otherwise, you'll have to do more than suggest that I'm stupid; I might be, but you have done nothing to prove that your allegation so demonstrates.

Re: So my theory is...

In an indirect way, yes, because they spend less on securing things and have little or no consequences when a breech happens. Directly, no. They're not getting money from having a breech. I'm not sure if you meant that, but others have expressed that view before and it is ridiculous.

Re: 7,000 lbs?

I'm interested to see how many cars you can find in any category except 6. There may be a few things in 5 which can be shoved, but I'd like to see a category 2 car. Oh, and was there supposed to be a 4 there? You might need a new category system when user-carried is not part of the plans, replaced by user-carrying.

Re: Why not?

I have this feeling that if the event is sudden enough that you know you should go to your secret emergency location, it is probably also sudden enough that the people working the airports where your plane is decide they don't need to be working today, or if they do, that your flight is less important than the emergency transport going through that airport. Unless you have a private runway and a pilot who doesn't have a reason to want to go somewhere else, air transport is probably insufficient. Similarly for a ship, they usually take a lot of people to run properly and those probably are not sticking around when something bad happens so you can get going when you say now.

Re: Why not?

I do wonder how they expect to get from where they live to where their secret bunker is. Sure, sometimes they live in the above-ground part of that place, so if "the event" happens while they're there, then they might be fine. If they're in California when "the event" starts off, it's not going to do them much good, is it? This also depends heavily on what exactly the event is, but I'm not sure they've thought far enough to have any useful answer to that question. If I had infinite money and for some reason couldn't spend it on useful things, I'd consider something like this, but I'd have answers to the questions that caused me to do so.

Re: Problematic pattern recognition

Of course, but my point was that working remotely or in person makes no difference to that situation, since you can record with equal ease in those situations if you've decided to do so. It may not always be the best idea, but if you're worried about recording, remote working is no guarantee that it will come in writing. Our friend elsergiovolador is a major adherent of remote working, but I'm afraid it leads to attempts to praise it whether deserved or not.

Re: Problematic pattern recognition

It's completely unrelated to WFH. If they want to avoid a paper trail, they'll do a voice or video call if they can't have a physical meeting. Either way, there will be no recording unless you make one, and you can make one if it's in person just as easily as if it's online. It's not hard to turn on your phone's voice recorder before having a meeting in person if you decide you need to. I know that you like remote working, but ascribing benefits it doesn't actually have doesn't really help make that argument.

Re: Wonder

If we decide that modern AI is useful, then that's exactly the situation we're in. My view is that it is not sufficiently useful to justify exempting training anyway, and that even if it was, the companies that intend to make a lot of money from the result of the training can pay for their training data. We usually don't get exemptions for being useful. No matter how useful the code I write, I don't get my requirements for free. AI companies don't deserve an exception.

Re: Why worry so much?

And how will you find that place to publish? If people are attracted to a publisher because they have avoided the AI-generated books, then what stops a bunch of authors from sending their AI-generated books to that publisher for consideration because, if they manage to fool them, they'll benefit from the better reputation? Any publisher that is successful at gaining that reputation will have to deal with a large quantity of LLM-written books anyway.

I'm not sure there's anything we can do about this, but I'm certainly not willing to take the destruction of copyright with that as the end benefit.

Re: Science fiction or fantasy?

No, it's better. It's a future where rich people who want to pay so that everyone else gets great work for free just pop out of nowhere. Surely, if those people are there, they'll also be generous as well. If we're leaving reality, why not paint the best utopia we can come up with? The writer of that proposal certainly isn't restricted by reality.

Re: Short sighted sci-fi

Well, not a sci-fi writer exactly, but the short story "The Great Automatic Grammatizator" by Roald Dahl comes close. I won't post a link since I'm on copyright's side here and it is still found in libraries, but it's almost certainly online as well.

The companies who decide that having a work in their training data is better than not having it would pay the person who made that work for the right to include it. They would be free to ignore anything like that and only use free data, and if they decided that they want to use more content, they decide what content and then pay for the stuff they want, rather than trying to decide that everything is free if you happen to be an AI company, a rule that I'm pretty sure they would not agree with should I get a copy of their models.

Re: Regulate the prompts?

Consider something else I can do with AI. There are some pretty good programs that, with some effort and a lot of GPUs, can create models of a person's voice and appearance. Let's say that I can find some videos of you speaking online and I use this software to create a model of you. It looks like you. It sounds like you. It is under my control. I can make a virtual person of you say whatever I want. I could use this in an illegal way by actually using it to impersonate you, but let's say I don't. Still, whenever I want a video made, it would appear to be you saying and doing whatever I stated. Should I be allowed to do this if I can find the video online, even if you didn't intend it to be up there, even if you would have tried to have it taken down if you knew it was there?

That's basically what these models are doing. It sounds cleaner because it's text and because it's using data from more than one person, but it is still using data which was obtained illegally. I can pay you to get the right to make a virtual you, and several people have agreed to that, but doing it to someone who has not agreed should not be permitted. The human parallel is also there. Making a computer representation of you is similar to hiring a lookalike actor and a vocal mimic if we only look at the intention, but the realities of the two are very different, both in strength and scope.

"During a session, requests can carry a session identifier by annotating href and XHR request-URIs with query parameters, and forms with hidden form fields, simply by injecting those when serving content."

That is very easy to break. For example, if this is an online store and I've sent you a link to an item in the store, but you already added items to your order, then using my link will not retain your session identifier and you'll lose your progress. Weirder things might happen when people unwittingly include their session identifiers in links sent to others. Probably most of them will have expired by the time anyone uses it, but there's a chance that if Alice shares a link and Bob clicks it right away, Bob might find himself having more access to Alice's account than Alice had planned. Ways to work around this are of course possible, for example embedding an IP address in a session token and invalidating it if a different IP address is used, but that would risk having a leaked session token including personal information and would now mean that a user on a laptop or mobile device finds themselves losing stored progress when they move to a different network. There is a pretty good reason for not including session-specific data in URLs, and if you're not putting it there, then it has to go somewhere else.

Re: losing his job

I'm certainly not trying to be a contrarian. I think I'm failing to understand the distinctions that are so clear to you. For example, losing your contract and losing your job don't feel all that different to me. Using myself as an example, in either case, I am still a programmer, I still have the ability to go find someone else who wants to pay to get some code written, but I don't have the relationship that was bringing in income anymore. Therefore, if failing to show up early in the morning can get me fired or have my contract canceled, it feels like a similar level of power to me. The mechanics of how I do the job are different if I'm a contractor or an employee, but I will have similar requirements if I want to keep earning money from that company. If I'm a contractor and the company cancels it, what I am left with that an employee wouldn't have is the structures I set up to do the contract, for example the corporate entity through which I work, but that's not a lot since I, as an employee, could also just set one up if I decide to start being a contractor.

There is clearly a difference between contractors and employees and should be one. I'm not opposed to trying to classify gig workers as employees, although my opinion on it varies with what specifically they're doing. I just don't think the test of how much freedom they have works very well because it seems difficult to quantify that. If I'm working as a contractor for a massive corporation, someone trying to apply the rule probably won't think that I have an equal level of power with that company, but size doesn't necessarily equal the amount of power they have. Many of the other tests that are used are things that a computer could do given some defined inputs, or at least a human could do without having to require too much common sense, while the level-of-control test would appear to require a lot of subjective determinations.

For example, who has more freedom: a person who is tasked with going to a specific location at a specific time and decides in advance whether they'll take it or leave it, or one who gets individual jobs and accepts or rejects them at the time? Using those descriptions, I would say the former is the more restricted, but those are descriptions of a cabling contractor who has to install cable in an office when it's not in use and a rideshare driver who gets to choose the rides they do, and with those clarifications, the driver seems to be the more restricted. You could use a different test, such as whether there is an intermediary involved, but that still wouldn't change all of the ways the worker does control their situation, arguments that those businesses are sure to bring up when this test becomes part of a court case. That is why I suggest we find a clearer way to make that determination.

Re: test applied objectively

I'm not sure that comparison works. I can easily tell my boss that I don't care about his requests, at the cost of probably losing my job. A contractor has a similar situation. A contractor that's told that they have to attend a meeting with people to determine the requirements of the project or to provide feedback on an intermediate stage will not usually get to just refuse to do that and keep the contract, but does that mean that the contractor is not really a contractor in that situation? Similarly, the mechanic can look at the task I asked for and tell me to go away, and I can look at my boss's tasks for me and quit. Those end up looking very similar: I don't do the work, I don't get paid, I probably don't get any more work from that guy. So what test do you use to determine whether a choice to leave, which basically everyone has, is that of a contractor or an employee?

Re: Not difficult

"Funnily enough one of the other criteria is how much freedom the freelancer has in undertaking their work. If you act like a boss, you're an employer."

That was their point. Specifically, that a term like that is kind of vague. If you hire a contractor, you usually still have some requirements about what that contractor is going to do for you, including some pretty detailed descriptions of the job you intend that contractor to complete and quite often tasks they'll have to perform that place some restrictions on when they do it. For example, a contractor hired to write a system will receive a lot of information about what the system has to do, on what resources are available for the software, and a list of meetings they'll have to attend to get information which will partially set the work hours involved. Does this qualify or not? If it doesn't, then what does? It is not a test which can be applied objectively.

Re: It is only Rural if they say it is.

I'm not sure why you're using Nigeria when speed data in various parts of the US, which is at issue, are available for a longer time. For example, you could use this article or the map it's referring to. One problem that might have is that as more users sign up, they will either have to send up more satellites or decrease speeds for everyone, probably both. As the linked article states, they're already having to do that in some parts of the country where there are more users. If subsidies are used to add more users to the service right now at the cost of decreasing the speeds for everyone and not necessarily having any long-term plans, then the FCC might prefer a different method.

Re: Internet in Brazil was very expensive, until competition.

"No-one in the UK would put up with over $100/mo for a sim only mobile service."

Do they have to? I see plenty of much cheaper mobile plans from US providers, including options from $10-$40 per month, with the higher levels including unlimited data though there's probably a catch to it somewhere. Also, we're not really talking about mobile service, but home internet. I don't expect that the FCC's rural proposals will be perfect, but they're intended to provide faster service where there is currently nothing, and if such a service could compete with Starlink, then customers would at least have a choice of two providers, and those providers might try to win customers from the other one in some way that would benefit them.

Re: but it's not always as easy as that to implement.

"You'd really like to trust your personal phone to Microsoft (for example), not to screw up an update? Really?"

You mean of the Microsoft Authenticator app? Yes, I'm completely fine with that. I've had that authenticator, along with several others, for years. The app has never broken, let alone caused damage to anything else on my phone, because can you name any app update that went through the normal procedures* that bricked a phone? At worst, the authenticator would break which is more my employer's problem than mine, but that's never happened with that one or any of the other ones I've used, and I've used at least four for various purposes.

* I'm referring to a normal app with user-level permissions, not for example one installed as part of a rooted device's firmware. I have broken, although not bricked, a device by messing with those, but a) that wasn't an update, it was me deliberately deleting and replacing files in the /system/priv-app directory which you can't expect to be perfect, b) authenticator apps are not in that directory and don't do anything like that, and C) they wouldn't have the ability to do that even if I was able to replace them with code intended to brick your phone because of app sandboxes for user-installed apps.

Re: "Many of these victims reported [MFA] was not enforced"

Which points out how it fails:

"IT shouldn't be able to mandate MFA without approval by the C level."

IT: We should have MFA.

Management: We're busy. Go away.

IT: There are major security risks. We can prevent them or at least significantly reduce them.

Management: Fine, go do it.

IT: We'll need some money and you will all need security tokens on you at all times.

Management: How about we skip this idea?

IT: That's dangerous, and it's not that much money.

Management: Bring it back up at the next planning meeting.

Admittedly, everywhere I've worked full time, IT has and it's gotten implemented, but you can see how it isn't quite as simple as we'd like it to be. I'm not comfortable letting IT off the hook when the management has pushed back, but neither can IT bear all the blame in that situation.