Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)T

TechLich

@ TechLich @lemmy.world

Posts
2
Comments
120
Joined
3 yr. ago

  • me_irl

    Jump

  • Yeah. Wikipedia calls it "link aggregation" and the standard is IEEE 802.1AX which also calls it that and the protocol LACP. I think the real reason for so many names is that the standard wasn't developed until later so everyone built their own competing incompatible implementations with different names and it was a mess for years.

    Linux implemented it with the Linux bonding driver and switch manufactures made up their own proprietary extensions for it but the standard didn't become a thing until like 2000. Seems like "teaming" is one of the most popular names for it.

  • me_irl

    Jump

  • Why does this have so many names?

    Some stuff calls it bonded, sometimes it's teamed, sometimes LAGed or aggregated or bundled or link channelled or ethertrunked or smartgrouped or Multi-link trunked etc. etc.

  • ‘Irresponsible’: backlash as Utah approves datacenter twice the size of Manhattan

    Jump

  • There are quite a few. The best ones are sustainable closed loop datacenters with on-site solar which is becoming pretty common across the world, especially for new builds. Often producing more power than they need and feeding it back to the grid (especially if the local government has an energy buy back scheme).

    But most data centers are pretty tiny and just built into an office building with a bunch of server racks.

    Depending on where you live, a quick web search for data centers in your local area will probably show up dozens of them of varying quality hosting people's websites and business apps etc. They aren't any scarier than anything else you find in a city. They're critical infrastructure that helps make the internet a thing. In most cases, if it wasn't a datacenter, it would be a car yard or a factory, etc.

    But! There are also truly evil datacenters. Like this insane Utah monstrosity built for a shitty purpose and the size of a freaking city. An obscene monument to the US tech cesspool's hubris.

  • ‘Irresponsible’: backlash as Utah approves datacenter twice the size of Manhattan

    Jump

  • I mean they're not all for AI and they're not all environmentally devastating.

    This one very much is.

  • ‘Irresponsible’: backlash as Utah approves datacenter twice the size of Manhattan

    Jump

  • That's fair. The nuance that people lose is more that people are often painting them all with the same brush. Protesting any datacenter regardless of impact.

    It becomes something like: "datacenters are evil and are a symbol of techno fascist distopia! If they build a datacenter in my city, the taps will run dry and Elon Musk will use it to make ai porn of my children!" Even if it's a small solar powered closed loop that provides VPS, storage and web hosting for nerds and small businesses.

    I also do think there's also a scale of evil there. Some environmental impacts are not immediately obvious and might not be known about during planning. Some were built a long time ago with older tech and are a bit shitty but have a plan to transition to be more sustainable, etc.

    The world is full of "alright but a little bit shit." It's not all perfect angels and mustache twirling villains.

    I don't want to detract too much from the real villains though. Nobody needs a 9GW datacity for military ai.

  • ‘Irresponsible’: backlash as Utah approves datacenter twice the size of Manhattan

    Jump

  • Not all data centres are evil and the issue is nuanced. This one sounds pretty evil though.

    9GW is totally insane and they're building a gas plant for it instead of renewables (although there's some solar too). It's closed loop so the water use fears once it's running are probably a bit overblown, but the construction itself is going to be ecologically insane. The thing is basically a data city, 162 square km is even larger than a lot of cities and involves building an entire power plant and new energy infrastructure. Building it is a full megaproject and even just noise pollution and the construction impacts will mess with bird migration etc. Obviously the whole thing isn't going to be full of data centre, some of that space is empty but still.

    It's also going to have the US military as a major client so... Pretty high up there on the evil scale IMO.

  • Data center "mistakenly" used 30 million gallons of water

    Jump

  • This was actually used during construction work. This particular data centre is closed loop and won't use much water at all once it's built.

    From the actual article:

    The company said its water consumption was so high last year because of temporary construction-related activities, such as concrete work, dust control and site preparation. Once operational, the company said the data centers only will use water for domestic needs, such as bathrooms and kitchens. That will total the equivalent of what four U.S. households use per month, the spokesperson said.

    Data centres with evaporative cooling can use huge amounts of water. Whether that's bad/dangerous depends on the location and the water supply. That does go back into the water cycle, it's not like fossil fuels where the resource gets destroyed but there are places where data centres are contributing heavily to droughts or water shortages and causing water prices to rise and are dumping hot water into waterways which kills wildlife and encourages things like algal bloom and bacterial growth etc.

    Usually that's in places where there are regulatory failures and underfunded environmental protection. Usually the same places you find mass runoff of agricultural phosphates, PFAS and similar polyflural dumping from chemical plants etc. Where corporations pay their way into regulatory capture.

    It's a real serious issue that's nuanced. Not every data centre is being built for AI (a huge amount is for video encoding and streaming all these tiktooks, reeliess, tubes and netting flixes) and not every data centre is an ecological disaster. A lot are also building their own solar and batteries because in some places its cheaper long term than paying for the grid. There's also a bunch building/buying shitty gas or coal plants for the same reason.

    The electricity generation can also eat more water because power plants need cooling too. Again, the ecological impact of that is hugely dependent on the location.

    Essentially, it's a big nasty problem that is complex and situational and different in different areas, that is easy to simplify to "AI is destroying all our water!" in order to get quick clicks and outraged interactions.

    "Evil AI Data Centre Steals Town's Water Supply!" Is a much snappier headline that gets shared much farther than "Construction Site Screws Up Their Pipes and Water Meters then Pays Their Water Bill!"

  • Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

    Jump

  • Yes kinda? It depends a lot on the system. It's still pretty common, even with containers like docker, for different services to run with different accounts and permissions. Eg. If you have a webapp with a small database or something, the web server will be www-data or whatever and the db will be a different user account like a postgres user or something. Even a fresh Linux install will have a separate user account for things like ntp (or systemd-timesync) etc. Users aren't usually people, they're daemons with limited scope and rule of least privilege.

    Even if it's all docker containers and you deploy them with the same docker account on the host, there are almost certainly a bunch of different accounts inside.

    That way if there's some vulnerability in ntp or something, an attacker might have permission to mess with the time but can't, in theory, take over the whole container.

    I think there is a trend towards caring less about that aspect of defence in depth if each service is in its own container and just rely on isolation. People are deploying services running as root with ansible or even just in dockerfiles, and not caring about it because there's nothing else on the box for an attacker anyway. If they compromise the service, they've already got what they want.

    I get the thought process but it still doesn't feel good to me. If some docker bug shows up that allows a container user with root to break isolation and use the shared kernel to pivot to the host or other containers, then that one dodgy webapp that's not running as a restricted user can become a part of a larger kill chain. It's really easy to develop systems with least privilege in mind and there's not much downside to doing it. It's a good habit to create different accounts for different services (even if there's one admin/docker/ansible/whatever account for deployment).

  • Dirty Frag: Universal Linux LPE - allows any unprivileged local user to gain root access on a vulnerable Linux system - no patch available

    Jump

  • Your user account can run applications and read and write to a lot of locations on the disk.

    So it can be used to run malware (cryptominers, ransomware, RATs etc.) Exfiltrate the data your account has access to, download or plant malicious or illegal data, use your internet connection to attack other systems with DOS or similar, use any logged in social media accounts to attack or spam your contacts, steal saved passwords and credentials from your web browsers, use your peripherals or connected devices (printers cameras microphone speakers), pivot to access other services on your local network (smart devices, IoT, TVs, home lab) etc.

    There are comparatively few things an attacker wants on a desktop that actually require root access. It's mostly just system files, package management and settings changes that require root to mess with. Eg. You would need root to dump a shadow file or stuff like luks encryption keys from kernel memory, but if an attacker has your logged in user account, the disk is already decrypted and account is already logged in.

  • A dark chapter returns: Stripping citizenship

    Jump

  • They do use emojis quite a lot.

    I think Claude code is the one that does emojis in lists and as icons/graphics the most. Especially in "make me a shitty website/blog" kind of cases. They can't reliably produce good icons and glyphs yet, so they stick in emojis like graphical placeholders everywhere. Especially in lists.

    You also see it in some of the more corporate, venture capital or ai-friendly github readme.md files so some people see emojis in lists and have an immediate negative response. It's not universal and the style obviously originated with humans or the AIs wouldn't have learned it.

  • Is it rude to interrogate downvoters?

    Jump

  • I think it's simpler than that. By default, Lemmy/piefed/etc. orders comments by top using upvotes and downvotes.

    So if you want something to move up and be more visible you upvote it. If you want something to move down and be less visible, you downvote it.

    The difference between likes/dislikes is that you don't need to like something or dislike something to up/down vote it. You might like something but think it doesn't contribute or is in the wrong comm or even just that the other comments should be higher up than it. There doesn't need to be an assumption of negative judgement (although often there is anyway), they're tools for arranging comment/post order.

  • It hurts.

    Jump

  • Optional. Optical sweaty is when you are so sad that your eyes start to vacuum tears.

  • Nvidia CEO Says He Gets Where The DLSS 5 Outrage Is Coming From: ‘I Don’t Love AI Slop Myself’

    Jump

  • I think they're saying that it's not generating slop from nothing. They take the artist's "structure data" as a "ground truth" and the generation is "guided" to generate slop that won't deviate too far from the original?

  • ‘Pokémon Go’ players have been unknowingly training delivery robots

    Jump

  • I thought so too. I seem to remember it almost being a selling point. Like: "Your adventures are being used to improve maps and train AI systems for the future of humanity! Yay!"

    But I had a look at their old pages from 2017-2020ish in the Wayback machine and there's no mention of it. In fact, their privacy policies seemed to try to make it very clear that they don't sell or share user data except where needed to deliver the service or in anonymised aggregate to third parties (48 people went to your business while playing Pokemon!).

    There's some mention of using it to advertise but none of them mention using it to build an advanced geo-spacial dataset for AI. Unless I'm missing something or reading it wrong?

    Might be a Mandela effect.

  • signal w

    Jump

  • Security yes, privacy not especially.

    PGP lets you encrypt the messages and sign them to digitally prove you sent them.

    It doesn't help with the problem here which is that the metadata of who you are (the IP used to log into the webmail and the email address of the sender) and who you're talking to (the email of the recipient) and when (timestamps etc.) were able to be leaked.

    In fact, depending on the implementation, PGP could be considered slightly worse for privacy because you'd have the added identity proof of the message having a signature that only you could create with your private key (although that's encrypted, it's a stronger identity proof than the sender email address). It also generally leaks the recipients' key IDs too (although that's configurable) PGP is great for accountability, message confidentiality and non-repudiation. Not so much for privacy. For that you'd need other systems.

  • Is private age verification technically possible and if so how?

    Jump

  • Ah misread that it was card, not a service. That mostly works and is the same kind of thing as the other crypto solutions.

    Though a bad actor could still set up a service with a legit card that provides government signed anonymous "yes" responses on demand.

    I worry that the response will be to require an account and a full ID from it. Social media sites saying "we need to verify your identity to ensure you're an adult human and to combat bots. Scan your id card..."

    Still one of the better technical solutions here though.

  • Is private age verification technically possible and if so how?

    Jump

  • The difference is one is physical and requires interaction with a human: "Hey uncle Bob, buy me beer?" Vs. The other one is technical and just requires them to do a Google search and click a button without interacting with anyone.

    The first one has a higher barrier for entry and at least involves some form of adult supervision. The second one makes it not much different to the classic "what is your birthday?" thing.

  • Is private age verification technically possible and if so how?

    Jump

  • The difference with the asking an adult to buy alcohol is mostly that, because the whole thing is online, they wouldn't need to ever really interact with an adult.

    If the circumvention is as easy as looking up "free age verification" in a search engine, typing a url and clicking a button then it might not be very effective.

    If it at least required them to steal dad's id card or get uncle Bob to help or something that's a different story.

  • Is private age verification technically possible and if so how?

    Jump

  • I agree, although in this thread I'm mostly interested in the technical puzzle.

  • Ask Lemmy @lemmy.world
    TechLich @lemmy.world

    Is private age verification technically possible and if so how?

  • TenForward: Where Every Vulcan Knows Your Name @lemmy.world
    TechLich @lemmy.world

    Irish unification coming this year!