GoatOnPony's recent activity

  1. Comment on I made a website with free and low-cost resources for web development, game development, privacy, graphics, small web, etc in ~tech

    GoatOnPony
    Link
    This is an awesome resource! Thanks for putting it together and sharing - I'll have fun looking through them! Some quick suggestions for additions: Maybe mention static site generators? Creating a...

    This is an awesome resource! Thanks for putting it together and sharing - I'll have fun looking through them! Some quick suggestions for additions:

    • Maybe mention static site generators? Creating a whole website whole cloth from html can be intimidating whereas an SSG is just markdown -> run SSG -> push to host
    • I've been digging into gemini (no, not that gemini, this gemini) using the lagrange browser and visiting gemini://skyjake.fi/~Cosmos/ and gemini://warmedal.se/~antenna/
    • I like this little project: wander console which is like a decentralized stumbleupon (if you remember that website) and very easy to host given an existing static site. If anyone does pick this up let me know and I'll add you to my console
    • Please mention RSS! RSS is soooo good and lots of websites still have feeds. Being able to get people's blog posts delivered in one place is :chef's kiss:. I good reminder that I need to put my opml file up on my website to help share around TTRPG blogs that I'm aware of
    6 votes

  2. Comment on Medium term cold storage options? in ~comp

    GoatOnPony
    Link Parent
    I'll admit that I didn't look super hard when I set it up since I knew I wanted tailscale to access other services running on the NAS, but you're right you can use the syncthing community run relays.

    I'll admit that I didn't look super hard when I set it up since I knew I wanted tailscale to access other services running on the NAS, but you're right you can use the syncthing community run relays.

  3. Comment on Medium term cold storage options? in ~comp

    GoatOnPony
    Link Parent
    I have the same setup of syncthing + tailscale and the tailscale is there so I can give syncthing a magic url/IP address which can reach my NAS/desktop which live behind a potentially changing...

    I have the same setup of syncthing + tailscale and the tailscale is there so I can give syncthing a magic url/IP address which can reach my NAS/desktop which live behind a potentially changing residential IP. Similarly if I'm out and about with my laptop and phone the two can sync even if I'm on some random network and therefore given some unknown IP address.

  4. Comment on No one can force me to have a secure website!!! in ~tech

    GoatOnPony
    Link
    I like the video and I like Tom, super interesting and accomplished person. The video is provocative and that provocation is useful in that it's useful to ask people to re-examine the base...
    • Exemplary

    I like the video and I like Tom, super interesting and accomplished person. The video is provocative and that provocation is useful in that it's useful to ask people to re-examine the base assumptions every once in a while. Laying out my own biases, I work in areas related to security and privacy but wouldn't consider myself an expert. Having said all that, I have a fair number of disagreements with Tom's complaints.

    First, Tom lumps https and warnings about https in with other user hostile design to lock people into specific vendors. This is a category error - not every annoyance is vendor lock in or bad friction put there maliciously to extract something from users. No company wants to deal with HTTPS and if they didn't think it necessary they would not have it. Chrome and other browsers added those frictions because it addressed real user harm and mitigated actual attacks (ISPs inserting ads into web pages, public wifi snooping, government data collection, phishing attacks). I'm fine with quibbling about how the interstitial should look (I hate that the proceed is pushed to behind advanced too), but ultimately I do buy that users need some protection from taking unwittingly risky actions and that the friction does more good than harm.

    Second, Tom seems to believe that because a server could be compromised or MITM'ed during ACME to establish domain ownership that this is hypocrisy and equivalent to any other MITM attack later on. I'm not particularly convinced by this argument, forward security is still good and website owners are in a much better position to notice and correct that attack than a random user. Users also face different MITM adversaries than server owners do. I'm not setting up a server over public wifi, but users will connect to the website from there. Making any MITM attack harder to accomplish seems like a very worthy goal to me.

    Third, Tom downplays the connection between security and privacy. Banks are not the only sites that need security. You need security in order to have privacy and even a static site should still protect outsiders from seeing what content was accessed.

    Fourth, there's a fair bit of bashing of CAs. I agree that CAs have bad track records and should be policed better. I also don't like the hierarchical nature involved. But, trust on the internet is hard and this is hardly the only hierarchical or centralizing portion (DNS, ISPs, browsers, search, social media network effects). Relative to other effects CAs are pretty unimportant. The internet is a giant game of picking entities to trust who then delegate that trust out further. I don't think there's any unequivocally better alternatives, let alone better alternatives for non technically savvy users. It's impressive that we at least get the level of control to pick who we root our trust in. If users pick Microsoft or Google or Apple or Mozilla as that entity then that's a valid choice and likely far better as a practical matter than asking users to make individual decisions about trust on the internet. If Tom wants to pursue different sources of root trust, he's able to do so.

    Ultimately, I'm sympathetic to the general complaints about centralization and some of the specific complaints about HTTPS in particular, but I don't like the framing.

    19 votes

  5. Comment on What have you been watching / reading this week? (Anime/Manga) in ~anime

    GoatOnPony
    Link Parent
    If you liked the lgbtq elements of TWFM, have you watched the show its plot is based on/lifted from, Revolutionary Girl Utena? Knowing that the plot is based on Utena, which is much older and much...

    If you liked the lgbtq elements of TWFM, have you watched the show its plot is based on/lifted from, Revolutionary Girl Utena? Knowing that the plot is based on Utena, which is much older and much more surrealist, helps with knowing why the plot is so all over the place at times.

    6 votes

  6. Comment on Government-appointed Norwegian Nuclear Committee says no to nuclear power – should build up expertise that will make it easier to make such a decision in the future in ~enviro

    GoatOnPony
    Link Parent
    I'll add another issue with nuclear power that I don't see discussed much which is that uranium mining is concentrated in Australia, Canada, Russia, and Kazakhstan. While Australia and Canada...

    I'll add another issue with nuclear power that I don't see discussed much which is that uranium mining is concentrated in Australia, Canada, Russia, and Kazakhstan. While Australia and Canada would be a 'safe' supplier to Europe, the world is a topsy turvy place right now and having a large portion of your power come from imported sources (whether that's oil or LNG or anything else) doesn't seem like a good bet. Solar, wind, and battery storage are much more sovereign (and decentralizable) power sources.

    10 votes

  7. Comment on Nation's largest urban battery is being built in Daly City, California in ~enviro

    GoatOnPony
    Link Parent
    Why do you think we have a long way to go before we roll out grid scale battery? I ask since we're already in the midst of that transition, the US added 19 GWh of battery storage last year and the...

    Why do you think we have a long way to go before we roll out grid scale battery? I ask since we're already in the midst of that transition, the US added 19 GWh of battery storage last year and the pace is only growing. Battery + solar seems to be the cheapest and cleanest way to transition the energy system over and it's only going to get cheaper and safer.

    I'm not sure I follow all the bits of the later portion of your comment, but battery fires are much less frequent and probably significantly better than either of the ongoing air pollution, CO2 emissions, or environmental catastrophes caused by fracking, oil spills, pipelines, massive human risks during transit, etc. Oil and methane (I dislike the term 'natural gas') extraction and consumption have had world changing impacts, so I'm firmly in the camp that solar and batteries are necessary and better than the status quo.

    4 votes

  8. Comment on Software job openings surge this year, defying AI fears in ~tech

    GoatOnPony
    Link
    I wish there was more analysis of where these job openings are coming from within the tech industry and what types of jobs (in particular pay and seniority) are open right now. There's been plenty...

    I wish there was more analysis of where these job openings are coming from within the tech industry and what types of jobs (in particular pay and seniority) are open right now. There's been plenty of recent large layoffs going on, so the tech industry has /something/ going on. Oracle and Amazon both have had 10k+ person layoffs this year already and https://www.trueup.io/layoffs, the same place generating the job opening data, also shows a steady rate of layoffs within tech. That suggests a more complex answer than just tech is back to it's normal growth. In terms of AI fears for software engineering, I expect people to care as much or more about the pay, working conditions, and job stability as the single metric of number of openings.

    24 votes

  9. Comment on Surf Social (from the makers of Flipboard) in ~tech

    GoatOnPony
    Link Parent
    I knew I shouldn't have used the term protocol without having a more baked proposal... But I guess I'll still respond more even if the protocol suggestion wasn't actually the thrust of my original...

    I knew I shouldn't have used the term protocol without having a more baked proposal... But I guess I'll still respond more even if the protocol suggestion wasn't actually the thrust of my original post. I was suggesting being able to convert everything into RSS, not a new meta protocol.

    My desire is that a central service like surf.social shouldn't need to exist. I jumped the gun on assuming there were technical rather than social reasons for it. I want to accomplish whatever surf.social is doing from within the RSS readers I already use. On reflection I think that's already possible, just maybe cumbersome, so this was ignorance on my part of how to accomplish it.

    3 votes

  10. Comment on Surf Social (from the makers of Flipboard) in ~tech

    GoatOnPony
    Link Parent
    My point was to have something that can aggregate across RSS, Atom, atproto, activity pub, and any other feed like surface and re-expose it as a single feed. Which yeah, it'd be exposed as an...

    My point was to have something that can aggregate across RSS, Atom, atproto, activity pub, and any other feed like surface and re-expose it as a single feed. Which yeah, it'd be exposed as an RSS/Atom feed. The point was more that there's still annoyances at getting everything munged into RSS, although looking around I do see stuff like https://github.com/open-risk/atp2rss, so perhaps it's easier than I thought.

    3 votes

  11. Comment on Surf Social (from the makers of Flipboard) in ~tech

    GoatOnPony
    Link
    The core idea seems useful, collecting up various feeds into one place solves a real pain point. I also like the UI, very clean and can separate out by medium which is an unusual choice for...

    The core idea seems useful, collecting up various feeds into one place solves a real pain point. I also like the UI, very clean and can separate out by medium which is an unusual choice for slicing up the feeds but I find it a relevant dimension.

    I'm a little worried about two things though.

    First, while the feeds regular users can create are namespaced by username, I don't find that particular helpful. There's lots of feeds sharing similar names and just generally being very similar to each other. Basically right now the search and discoverability for feeds is kinda poor.

    Second, I really wish this stuff was a protocol and open source software for domains to host themselves than having it all run through surf.social. The general framing of 'helping the open web' by asking for accounts and viewing other people's content through their website is weird. Seeing verge.surf.social instead of going to the verge and getting a nice collected feed from them directly means we're still getting intermediaries. For a moment and movement trying to get away from centralized control and monopoly gatekeeping, it's just a little too similar for my tastes. All of the underlying feeds are still open and available through other means, so I'm not worried - if they decide to start putting up interstitials and ads and other hurdles (as other sites have done in the past), the offramps will be a lot smoother.

    6 votes

  12. Comment on Can we talk about rice cookers? in ~food

    GoatOnPony
    Link Parent
    Yeah, I'm actually really surprised by all of the other suggestions - I bought a small rice cooker from some random Asian supply store for like $20 9 years ago and the thing is trucking along just...

    Yeah, I'm actually really surprised by all of the other suggestions - I bought a small rice cooker from some random Asian supply store for like $20 9 years ago and the thing is trucking along just fine. I think dialing in the precise amount of rice and water is the important part, so maybe also pick up a kitchen scale. The basic rice cookers have no moving parts and are dead simple commodity appliances. They're markedly simpler than toasters and I wouldn't even go out of my way to buy a fancy toaster.

    Also the convenience of even a cheap rice cooker is great, so little counter space for a set it and forget it device. It takes care of one part of the carbs + veg + protein that makes up most meals and going from juggling 3 things to 2 things during it's surprising how much it helps.

    4 votes

  13. Comment on The bot situation on the internet is actually worse than you could imagine. Here's why. in ~tech

    GoatOnPony
    Link Parent
    Caveat up front that I don't really have any reliable data to back up the following statements and I could easily turn out to be incorrect about the direction of the internet. Prognosticating is...

    Caveat up front that I don't really have any reliable data to back up the following statements and I could easily turn out to be incorrect about the direction of the internet. Prognosticating is errorprone!

    Some bots are fine, search crawlers, rss/atom feed readers, etc in theory are net directors of traffic or at least wouldn't likely detract from traffic. The bots at issue in the current internet though have a different purpose, they're LLM training data scrapers, RAG query answer bots, and other ingestors of data who have no (or negative) interest in sending traffic to my website. Their aim is to provide an alternative within which users have no need to leave, they are building a generic competitor to all other websites. A competitor which is well funded and desires to take your traffic. Trying to make their lives difficult is a very small, probably ineffective, but maybe collectively useful way to delay them taking the content and giving people who come to my website directly a benefit. I view it as attempting to prevent them from keeping everyone in their walled gardens while the rest of us can only feed their machine.

    Having said all that, I don't think excluding bots is a particularly effective approach - instead I'd rather try to find audiences who actually want human content instead.

    7 votes

  14. Comment on The bot situation on the internet is actually worse than you could imagine. Here's why. in ~tech

    GoatOnPony
    Link Parent
    Counterexample as someone who is starting to put content on the internet, I do care regardless of the resource impact. I'm not running analytics or using any non-static resources (at least not...

    Counterexample as someone who is starting to put content on the internet, I do care regardless of the resource impact. I'm not running analytics or using any non-static resources (at least not currently) but I want people to interact with what I write and produce, not bots. Call it vanity perhaps, but I'm not putting things on the internet out of pure altruism - I want some amount of validation and credit and feedback. Most bots today don't provide that and more often provide the opposite in that they disintermediate between my work and potential audience. If the return (monetary or via ego boost) on putting things on the internet goes negative then people (myself included) will find alternative distribution channels, likely ones less free, widespread, or available, which would be sad. So even if bots aren't directly costing me money they are still an element of a web shifting towards more intermediaries which I'd like to avoid.

    11 votes

  15. Comment on I hope you don't use generative AI - an essay about my experience offering an open-source tool in ~tech

    GoatOnPony
    Link Parent
    I'm anti copyright law, I'm in no way arguing for its expansion. However, I don't think that for many of the people arguing for more powerful copyright law or for its enforcement against AI...

    I'm anti copyright law, I'm in no way arguing for its expansion. However, I don't think that for many of the people arguing for more powerful copyright law or for its enforcement against AI companies they are doing so irrationally or with malice. I empathize with people who see their work being displaced or otherwise undercut. I don't need to advocate for their position to stand with them.

    Separately, I think AI and AI training are actually likely to do as much harm to the free and open access of information and personal freedoms as copyright law. Websites are closing off access and instigating deeper technical countermeasures absent any change in the law because they see the threat too. I'd almost rather a legal threat unlikely to be used against me personally than technical hurdles I must interact with constantly.

  16. Comment on I hope you don't use generative AI - an essay about my experience offering an open-source tool in ~tech

    GoatOnPony
    (edited )
    Link Parent
    Absolutely, I agree with almost all that you've written! My attempted point is not that I think copyright solves anything (agree it wouldn't), but that the essay attempts to address ethical...

    Absolutely, I agree with almost all that you've written! My attempted point is not that I think copyright solves anything (agree it wouldn't), but that the essay attempts to address ethical concerns by saying "I don't like copyright" which is IMO not really a response. Whether or not copyright exists shouldn't really matter to whether an individual considers AI usage ethical.

    I also don't think it's on us to determine a legal or technical framework that would work in all scenarios before we can critique AI companies or their actions. Precise lines of demarcation in the realms of morality, ethics, or law don't exist but we regulate and debate all sorts of things in that area. If you were to press me on a specific course of action I wouldn't look to copyright but to AI rules to require transparency about training datasets, monetary awards for contributors to those datasets, restrictions on requests to output styles that are not already broadly shared, and just compensation for workers who are displaced by the technology. That's assuming we operate in the confines of the current politics. My ideal answer would be that entities should be automatically nationalized and democratized in proportion to their size and influence. Then we as a society can direct the benefits of it in more specific, responsive ways.

    4 votes

  17. Comment on I hope you don't use generative AI - an essay about my experience offering an open-source tool in ~tech

    GoatOnPony
    Link Parent
    I didn't find that section of the essay particularly helpful since I dislike copyright law for the same reason I find AI unethical: they're tools larger and more powerful entities use to squash...

    I didn't find that section of the essay particularly helpful since I dislike copyright law for the same reason I find AI unethical: they're tools larger and more powerful entities use to squash the artistic endeavors of the less powerful. Regardless of the legality, AI took valuable labor without compensation and used it to enrich already fantastically wealthy companies and undermine the uniqueness of that labor, likely forever. People may be attempting to use copyright to push back on the unethical actions but that's just the tool to put teeth into the argument not the underlying ethical argument of extraction without credit.

    6 votes

  18. Comment on The ethics of buying, playing military, war or games inspired by them? in ~games

    GoatOnPony
    Link
    I doubt that the licensing fees (likely a few cents/dollar per copy of the game sold) materially help any of the major defense contractors bottom lines and if they did a singular boycott is...

    I doubt that the licensing fees (likely a few cents/dollar per copy of the game sold) materially help any of the major defense contractors bottom lines and if they did a singular boycott is unlikely to matter. That's not to say you should of shouldn't do something on ethical grounds, just that the magnitude of the impact is likely extremely low. IMO the more problematic element is that games heavily reliant on the 'realism' of real weapons are usually glorifying war and/or American imperialism. See folding ideas video on COD or Jacob Geller. If you can avoid that cognito-hazard then I wouldn't worry overly much about the direct financial arrangement.

    For the few cents you buying/not buying a game would mean to Lockheed Martin my suggestion would be to dedicate the concern instead towards donating/volunteering/calling a congress critter/going to a protest/etc where you'll have much more impact. My ethos is that the ideas of no ethical consumption under capitalism and fallacies around personal footprint mean that it's not that worthwhile agonizing over these kinds of issues and to instead join, support, or create movements which collectively push on these fronts.

    29 votes

  19. Comment on Attention economics, software engineering, and AI in ~tech

    GoatOnPony
    Link Parent
    Yeah there's plenty of valid use cases for LLM library extraction, and what you've described certainly seems like one of them! I didn't mean to imply one should never do it, just that I don't...

    Yeah there's plenty of valid use cases for LLM library extraction, and what you've described certainly seems like one of them! I didn't mean to imply one should never do it, just that I don't think it's always a benefit even for shorter portions of code.

    1 vote

  20. Comment on Attention economics, software engineering, and AI in ~tech

    GoatOnPony
    Link Parent
    I said it's a balance, not to never copy/replicate library logic yourself. Absolutely use your own judgement as to when and where that makes sense. My commentary is only that unqualified...

    I said it's a balance, not to never copy/replicate library logic yourself. Absolutely use your own judgement as to when and where that makes sense. My commentary is only that unqualified statements like "It's absolutely a straight upgrade" or "it's undeniably better in every other way" rub me the wrong way. Everything has tradeoffs and your own comment even points out some of them.

    The context is also important and if unstated can lead to differences in opinion about where to tip the balance. In big team/corporate engineering copying code can quickly result in ultimately way more code to understand for everyone with subtle differences and gotchas and styles which other people still need to find and wade through if a change becomes necessary. In a small team/single person project the tight control and alignment to exactly what you need can be a huge boon.

    Ultimately all code relies on libraries and abstractions somewhere, sometimes they aid in reducing cognitive load, sometimes they don't and there's many factors involved in that. A skilled engineer can usually intuit when to use a library or copy code, but not everyone is skilled across all domains and everyone has blind spots and makes mistakes. In those messy realities I'd lean towards the advice of just use the library unless there's really strong reasons not to or the stakes are low.

    Re LLMs specifically, assuming you review the code and understand it similarly to hand written code, I agree it's an equivalent shortcut. But for many who use LLMs that isn't true (no judgement intended on that, abstraction and not understanding the details of code is the point of libraries after all). When it's not true I don't really see any difference between using a library vs an LLM outside of now you're not going to get any updates in the future and you're replacing a random sampling of human expertise (the library author) with random sampling of LLM expertise. Whether an LLM output generally beats handwritten library code I leave up to personal opinion, but I don't think it's better on average (yet).

    Agreed that drawing inspiration and copy pasting code is and always will be a part of software development. My concern with LLMs is that stack overflow posters and library authors are humans and typically want some form of recognition for their work, even if it is the miniscule breadcrumb of stack overflow upvotes or library download metrics. LLMs remove even that tenuous link when ideally instead we'd move towards greater recognition (and compensation) for the work open source contributors provide.

    2 votes