My kids have a pile of cardboard screws that they use to turn boxes into all sorts of things; rockets, forts, cars and you could probably make organizers, shelves and the like too. The screws grip the cardboard surprisingly well, and it’s easy to make even quite large structures robust.

Could you let me know what sort of models you’re using? Everything I’ve tried has basically been so bad it was quicker and more reliable to to the job myself. Most of the models can barely write boilerplate code accurately and securely, let alone anything even moderately complex.

I’ve tried to get them to analyse code too, and that’s hit and miss at best, even with small programs. I’d have no faith at all that they could handle anything larger; the answers they give would be confident and wrong, which is easy to spot with something small, but much harder to catch with a large, multi process system spread over a network. It’s hard enough for humans, who have actual context, understanding and domain knowledge, to do it well, and I’ve, personally, not seen any evidence that an LLM (which is what I’m assuming you’re referring to) could do anywhere near as well. I don’t doubt that they flag some issues, but without a comprehensive, human, review of the system architecture, implementation and code, you can’t be sure what they’ve missed, and if you’re going to do that anyway, you’ve done the job yourself!

Having said that, I’ve no doubt that things will improve, programming languages have well defined syntaxes and so they should be some of the easiest types of text for an LLM to parse and build a context from. If that can be combined with enough domain knowledge, a description of the deployment environment and a model that’s actually trained for and tuned for code analysis and security auditing, it might be possible to get similar results to humans.

I’m unlikely to do a full code audit, unless something about it doesn’t pass the ‘sniff test’. I will often go over the main code flows, the issue tracker, mailing lists and comments, positive or negative, from users on other forums.

I mean, if you’re not doing that, what are you doing, just installing it and using it??!? Where’s the fun in that? (I mean this at least semi seriously, you learn a lot about the software you’re running if you put in some effort to learn about it)

‘AI’ as we currently know it, is terrible at this sort of task. It’s not capable of understanding the flow of the code in any meaningful way, and tends to raise entirely spurious issues (see the problems the curl author has with being overwhealmed for example). It also wont spot actually malicious code that’s been included with any sort of care, nor would it find intentional behaviour that would be harmful or counterproductive in the particular scenario you want to use the program.

A valid point, trackers often give you a certain amount of upload credit for free, and there are often other ways to earn those credits too, so all users’ ratios would be above 1.0, but that should have read “A closed group of users can all have a seed ratio of 1.0” if we’re looking at just the data transfer itself.

A closed group of users can all have a seed ratio above 1.0, but it’s a bit of a contrived set up. For simplicity, in the following examples we assume that each file is the same size, but this also works for other combinations.

Consider the smallest group, two users. If user A seeds a file and user B downloads it, whilst B seeds a different file, which A downloads, both users will have a ratio of 1.0 as they’ve up and down loaded the same amount.

For three users, A seeds a file, B and C then download a different half each, which they then share with each other. A has a total (upload, download) of (1,0), whilst B and C have (0.5,1). If you repeat this with B seeding and A and C downloading, then C seeding to A and B, you get each peer uploading 2 files worth of data, and downloading 2 files worth, for a ratio of 1.0 each.

You can keep adding peers and keep the ratios balanced, so it is possible for all the users on a private tracker to have a 1.0 ratio, but it’s very unlikely to work out like that in real life, which is why you have other ways to boost your ratio.

No, you cannot meaningfully delete your posts or comments, but that’s not because of any issue with lemmy, but because you posted them publically. They will be archived and indexed in other services.

It is always best to remember that all your activity here is public, and will be linked to your username. Given that, you may wish to minimise any personally identifying information you post, and use several accounts to split up your activities by topic.

Try writting ‘Deceased’ on it and return it. At the very least it’ll give any human who sees it a momentary pause, and maybe they’ll take it more seriously.

We fix it with rockets. Circularize the orbit and set it to an integer number of days that’s divisible by 28.

That only gives you 364 daya per year and we need just fractionally less than 365.25. You end up needing an extra day every year, and if we want to keep midnight in the middle of the night, and extra full day every four years (except when we don’t). Adding those sorts of bodges onto an otherwise elegant system would be awful to work with.

Instead, I propose we build giant rocket engines pointing straight up on the equator, and adjust the Earth’s orbit until one orbit around the sun takes exactly 364 days.

Hey, I didn’t get banned (yet), I just prefer the vibe here.

It’d be pretty trivial to do the same here, 1700 or so comments over ‘several months’, is less than 25 a day. No need even for bot posting, have the LLM ingest the feed, spit out the posts and have the intern make accounts and post them.

Before you can decide on how to do this, you’re going to have to make a few choices:

Authentication and Access

Theres two main ways to expose a git repo, HTTPS or SSH, and they both have pros and cons here:

• HTTPS A standard sort of protocol to proxy, but you’ll need to make sure you set up authentication on the proxy properly so that only only thise who should have access can get it. The git client will need to store a username and password to talk to the server or you’ll have to enter them on every request. gitweb is a CGI that provides a basic, but useful, web interface.

• SSH Simpler to set up, and authentication is a solved problem. Proxying it isn’t hard, just forward the port to any of the backend servers, which avoids decrypting on the proxy. You will want to use the same hostkey on all the servers though, or SSH will refuse to connect. Doesn’t require any special setup.

Replication

Git is a distributed version control system, so you could replicate it at that level, alternatively you could use a replicated file system, or a simple file based replication. Each has it’s own trade-offs.

• Git replication Using git pull to replicate between repositories is probably going to be your most reliable option, as it’s the job git was built for, and doesn’t rely on messing with it’s underlying files directly. The one caveat is that, if you push to different servers in quick suscession you may cause a merge confict, which would break your replication. The cleanest way to deal with that is to have the load balancer send all requests to server1 if it’s up, and only switch to the next server if all the prior ones are down. That way writes will alk be going to the same place. Then set up replication in loop, with server2 pulling from server1, server3 pulling from server2, and so on up to server1 pulling from server5. With frequent pulls changes that are commited to server1 will quickly replicate to all the other servers. This would effectively be a shared nothing solution as none of the servers are sharing resources, which would make it easier to geigraphically separate them. The load balancer could be replaced by a CNAME record in DNS, with a daemon that updates it to point to the correct server.

• Replicated filesystem Git stores its data in a fairly simple file structure, so placing that on a replicated filesystem such as GlusterFS or Ceph would mean multiple servers could use the same data. From experience, this sort of thing is great when it’s working, but can be fragile and break in unexpected ways. You don’t want to be up at 2am trying to fix a file replication issue if you can avoid it.

• File replication. This is similar to the git replication option, in that you have to be very aware of the risk of conflicts. A similar strategy would probably work, but I’m not sure it brings you any advantages.

I think my prefered solution would be to have SSH access to the git servers and to set up pull based replication on a fairly fast schedule (where fast is relative to how frequently you push changes). You mention having a VPS as obe of the servers, so you might want to push changes to that rather than have be able to connect to your internal network.

A useful property of git is that, if the server is missing changesets you can just push them again. So if a server goes down before your last push gets replicated, you can just push again once the system has switched to the new server. Once the first server comes back online it’ll naturally get any changesets it’s missing and effectively ‘heal’.

I manage all my homelab infra stuff via ansible and run services via kubenetes. All the ansible playbooks are in git, so I can roll back if I screw something up, and I test it on a sacrificial VM first when I can. Running services in kubenetes means I can spin up new instances and test them before putting them live.

Working like that makes it all a lot more relaxing as I can be confident in my changes, and back them out if I still get it wrong.

Even in cases like this justice must not just be done, but be seen to be done. It seems her guilt has been established, which is good; her sentencing comes next. It seem unlikely that there are any mitigating circumstances to reduce the punishment, but that judgement must be seen to be fair. The French citizenry are not renouned for their forebearance in the face of injustice, so I would be tempted to trust their system for now.

ETA: In fact, it seems like the punishment has already been decreed: five years ineligibility to run for office, four years in prison (two suspended), and a fine. That puts her out of tbe running for president, and likely tarnishes her enough to keep her down even after 2030.

From the article:

The 10-person team is trapped at the remote Sanae IV base, which is on a cliff edge about 105 miles inland from the ice shelf, by encroaching ice and weather as the southern hemisphere winter sets. Teams overwintering at the base are typically cut off for 10 months at a time. Sources told South Africa’s Sunday Times that the only way to leave the base now was via emergency medical evacuation to a neighbouring German base about 190 miles away.

As far as I can see it’s currently the end of the Antarctic summer, winter is just starting, and will likely last until October. It sounds like something went badly wrong with both the psychological screening of the team members, and the decision for the ice breaker that delivered them to leave before the situation was resolved.

They’re cut off, noone’s getting in or out until the weather improves, which will be months. The team are on their own with the attacker until then and will probably appreciate counselling when they’re out.

I have a strong suspicion that if I was suddenly attacked, my brain would dump all ideas of fighting back and just freeze, which of course allows the violence to happen.

Find, and take, local self defence classes. Not necessarily martial arts classes (though they may be involved), but real world self defence. It’ll be grittier, nastier and much better practice. Get used to grappling and fighting in a controlled environment, and you’ll be much less likely to freeze if you need it in an emergency.

You’re right that’ll it’ll take a long time to change at a cultural level, but that needs to start somewhere, and obe person doing it and then encouraging others could be a local catalyst.

That sentence was going rather predictably right up until the last word. Well done.

Unfortunately, what I suspect will happen is some thing along the lines of:

• US imposes tariffs on EU
• EU responds with tariffs on kind
• trump says the EU are being unfair and increases tariffs
• EU increase tariffs in response
• Days later, trump claims some sort of negotiated agreement and cancels tariff increase
• EU cancels their tariff increase
• trump claims is is a jeenious! as he got the EU to drop those horrible, evil, tariffs.

We might get the condensed version without the increase steps, but the general shape of his process seems to be becoming clear.