It doesn’t seem like a crazy idea to me to have some “second tier” of packages that undergo a higher level of scrutiny and have to pass that before they are released in that tier.

Maybe an arbitrary set of security endorsements would be more flexible.

That permits retaining a low bar for just making the stuff initially-accessible in packaged format, but also helps developers in raising the floor.

Like, okay. Say I have something like:

$ cat .config/npmrc
required_security_endorsements=["npm_auto_audit", "maintainer_id_validated", "european_cybersecurity_competence_center_tier_1", "nsa_tier_1"]
$

An attempt to install a release of a package without those endorsements fails.

That’s going to always create pressure to get something a security endorsement so that it can be used by people who only permit packages with some given security endorsement, but it lets parties start running security endorsement projects to improve the situation without excluding any existing projects from pushing stuff to npm.

EDIT: Also, I’ve not done much node.js development, but assuming that the dependencies in a package manifest default to the newest version unless specific frozen versions are mandated, a la PyPI, it might reasonably be able to fall back to versions with the required security level automatically, if they’re available. If the dependency format permits specifying optional dependencies, a particular dependency could be automatically excluded to conform to the security endorsement requirements list.

“Zbijgl, my old fart, my favmamort n n n n number is 183442356742255214676213566873225566333543”

https://www.workableweb.com/_pages/tips_how_to_write_good.htm

How To Write Good

Lesson 1 - The Grabber

The “grabber” is the initial sentence of a novel or short story designed to jolt the reader out of his complacency and arouse his curiosity, forcing him to press onward. For example:

“It’s no good, Alex,” she rejoined, “Even if I did love you, my father would never let me marry an alligator.”

The reader is immediately bombarded with questions, questions such as “Why won’t her father let her marry an alligator?” “How come she doesn’t love him?” and “Can she learn to love him in time?” The reader’s interest has been “grabbed”!

Looks like that’s GTK 3-based.

$ apt depends cinnamon 2>/dev/null|grep libgtk
  Depends: libgtk-3-0t64 (>= 3.9.12)
$

I was going to say “this should really be cross-posted to !unix_surrealism@lemmy.sdf.org or the artist explicitly credited or something,” but then I realized that it was in fact pmjv who posted it, so…

Some YouTuber: “I wish I got to fuck GTK2 when it was still young”

Well, this is git, so the past is as accessible now as it ever was.

$ git clone --single-branch --branch GTK_2_0_0 https://github.com/GNOME/gtk.git

The limiting factor is in significant part memory and to a lesser degree storage, and while in some cases, there are options for PCs — like using scavenged DDR4 DIMMs — that aren’t available for consoles, PC prices have also generally been hit by the same factors that have driven up console prices.

Sure, I’d like that, but I’m not going to keep personally fighting to make life better for that manufacturer’s customers. Not when there are other car manufacturers that aren’t pulling that stuff that people can be directed to.

Is the message you want to send “if you buy product from a vendor who actively goes out of their way to dick over open-source developers, it probably won’t matter for me as a customer because those developers will keep expending time and accepting legal risk to try to improve the situation for those customers”? Or do you want it to be “you probably want to look for open-source friendly manufacturers”?

I don’t really see the point. I mean, why bother to try to do something that just makes the company’s printers more desirable? Even if you “win”, the company is going to be a pain in the ass. Do you really want to waste time and financial resources on improving the company’s product?

Just don’t buy Bambu Lab printers. Don’t recommend them. And don’t support them with software.

If this was a world in which there was one 3D printer manufacturer, it’d be different, but it’s not. They have competition.

but it literally is just Thacker Pass.

This isn’t Thacker Pass.

https://en.wikipedia.org/wiki/Thacker_Pass_lithium_mine

The Thacker Pass lithium mine is a lithium clay mining development project in Humboldt County, Nevada

The location being discussed:

McDermitt Caldera in Oregon

It looks like there was some discussion that there might be lithium there a bit back, like in 2023, but this is not decade-old news.

For example a lemmy-like, threaded interface with interactivity?

I don’t mean to be rude, but surely you’ve used an email client that supports threading before?

I think I used elm at one point. (checks) Yeah, it doesn’t support threading. But everything after that that I’ve used for any length of time has.

It’s not that they lasted longer, but that it was considerably less expensive to recharge them than to buy and throw out a new set of batteries for each session.

That thing drank 6x AA batteries like there was no tomorrow.

There were NiCad rechargeables. I didn’t own a Game Gear, but a friend did, and I remember him using NiCads for that and RC vehicles.

https://www.youtube.com/watch?v=SO8jCls8F24

Unless it’s baked into non-rewriteable ROMs, I imagine that someone might come up with a way to stick whatever scream you want into the thing.

And…let me make it even more concrete. I’d say that there are basically two scenarios:

1. We establish that AI — for some definition of AI — is simply too dangerous for humanity to have. In that case, the right path is to ban AI globally. That means that nobody gets it. Some coalition of countries is going to have to be willing to attack anyone who tries developing it. In that case, what we have is effectively an arms control restriction baked into customary international law. It is not optional to participate. And, for all the future of humanity, we need to be willing to enforce that. It means that we need a viable verification protocol to ensure that nobody is developing it, as is normally the case for arms treaties. And everyone has to submit to that verification protocol.

2. We don’t. In that case, we want to develop AI sooner rather than later.

I am certainly not willing to say that #2 is the “right” scenario and #1 is the “wrong” one. But if we decide on #1, that comes with a lot of things that we need to be doing as a species. It’s not just going to be the pre-computer-era status quo persisting, where our limited state of technology was what maintained the situation.

EDIT: I’d also add that, just as that I’m not sure that Friendly AI is a solvable problem, I’m also not sure that it’s really viable to have a verification protocol where we can prevent development of AI. Past arms control treaties where I think that verification was likely much easier — it’s hard to hide development of major warships under the Washington Naval Treaty, for example, yet there were still parties evading restrictions — were not always successful. #1 comes with its own set of hard problems too. Are parallel compute processors legal? What about their development and production? Under what restrictions are they used? Is it possible to achieve advanced AI using CPUs (my guess is that it likely is)? If so, what new restrictions will need to be placed on use and access to CPUs? How will we identify entities building production facilities to build CPUs and GPUs? Will we need to track all existing CPUs and GPUs, to try to identify entities who might be stockpiling them? How will we monitor what the great stores of those out there now are being used for?

If we go with #1, that also entails a different world from the one that we live in today.

I’ve got some pessimistic views as to long-term AI concerns — I’m not sure that aligning advanced AI goals with human goals in the long run is a viable problem to solve. We may not be able to achieve Friendly AI. I could believe that.

But I certainly don’t think that AI development is “moving too fast”. Not really anything to gain in slowing down development. I remember Elon Musk proposing a six-month moratorium on development — that doesn’t make any sense, only would be something that you’d want to do if you had an immediate milestone that you believed that there was major risk attached to. In general, either AI is something that you should ban globally because it’s too much of an existential risk for humanity, and halt all development and enforce that halt, or you’d like to achieve it as soon as possible. We are not at a point where there is a consensus that that level of unacceptable risk exists and there is a global commitment to enforcing such a global prohibition.

I can believe that there might be an excess of infrastructure development in particular, that we might not have the research side moving as quickly as need be to support that. Like, we might be doing misallocation in buying a lot of specific chips without establishing that those chips are going to provide a worthwhile return. But in terms of the technology advancing…no, can’t agree there.

24 years ago

Oh God how is the Internet this old

So, I’m being a nit-picky, but while I’d say that personal Internet access really became a major thing in the US in the late 1990s or so, and that led to a huge explosion in the creation of the stuff like commercial websites, and so from consumer “the Internet is directly part of my life” standpoint, a lot of people might say “that’s when the Internet became a thing,” the Internet as an entity has been around since it was created from the ARPANET.

https://en.wikipedia.org/wiki/Internet

The ARPANET initially served as a backbone for the interconnection of regional academic and military networks in the United States to enable resource sharing. Access to the ARPANET was expanded in 1981 when the National Science Foundation (NSF) funded the Computer Science Network (CSNET).[39]

In 1982, the Internet Protocol Suite (TCP/IP) was standardized, which facilitated worldwide proliferation of interconnected networks. TCP/IP network access expanded again in 1986 when the National Science Foundation Network (NSFNet) provided access to supercomputer sites in the United States for researchers, first at speeds of 56 kbit/s and later at 1.5 Mbit/s and 45 Mbit/s.[40]

The NSFNet expanded into academic and research organizations in Europe, Australia, New Zealand and Japan in 1988–89.[41][42][43][44] Although other network protocols such as UUCP and PTT public data networks had global reach well before this time, this marked the beginning of the Internet as an intercontinental network. Commercial Internet service providers emerged in 1989 in the United States and Australia.[45] The ARPANET was decommissioned in 1990.[46]

It’s just that the places using it were more universities and companies doing engineering stuff and stuff like that for a while.

So if you say that the Internet was really born from the ARPANET when networks shifted to TCP/IP, you’re talking something like early 1980s; by that metric, the Internet would be something like 55-ish years old.

EDIT: Some users here are on lemmy.sdf.org. SDF was around well before 2000.

https://en.wikipedia.org/wiki/SDF_Public_Access_Unix_System

Super Dimension Fortress (abbreviated as SDF, also known as freeshell.org) is a non-profit public access UNIX shell provider on the Internet. It has been in continual operation since 1987 as a non-profit social club. The name is derived from the Japanese anime series Super Dimension Fortress Macross; the original SDF server was a Bulletin board system created by Ted Uhlemann for fellow Japanese anime fans.[1] From its BBS roots, which have been well documented as part of the BBS: The Documentary project, SDF has grown into a feature-rich provider serving members around the world.

Does Kickstarter have liability in general for Kickstarted projects? I’d kind of assume that that’s on the specific project. I can’t imagine that Kickstarter is in any kind of position to really do a domain-specific evaluation of whether a given project is in line with local regulations.

SATA drives ain’t dead

Who was saying that they were?

Rotational drive demand is way up due to AI, which is why prices are way up, and for rotational drives, the SATA interface is just fine.

EDIT:

https://pcpartpicker.com/trends/price/internal-hard-drive/

Hard Drive - 3.5" SATA 16 TB (Average price in USD over last 18 months)

“Observe my anus. I will place it directly in front of your eyes to facilitate inspection.”

“I was feeling under the weather and wanted to find a safe place to hide, so I threw up in various nooks and crannies around the house.”

“I want to go out. Actually, I want in. Actually, no, I want out. On second thought, I want in.”

“I just thought I’d drop by and check to see whether I could get food a few hours early. No? Okay, how about now? No? How about now?”

“As a sign of my undying loyalty, I have placed a dead mouse on the foot of your bed.”

“A new pleather couch? Oh, you shouldn’t have! Permit me to extend my claws and take a jaunt to enhance its breathability.”