archevel's recent activity
-
Comment on Mythos finds a curl vulnerability in ~comp
-
Looking for a large collection of transcribed love letters
I had this idea that is mostly a pun. I want to train a Love Language Model (LLM) on a large corpus of love letters and/or poems. Tricky bit is to find a large collection that is available. Any...
I had this idea that is mostly a pun. I want to train a Love Language Model (LLM) on a large corpus of love letters and/or poems. Tricky bit is to find a large collection that is available. Any advice on sources of transcribed love letters?
Edit: so far I've scraped a few website and downloaded a dataset from kaggle. I think it's enough for a just for fun project :)
7 votes -
Comment on Mythos finds a curl vulnerability in ~comp
archevel Link ParentI don't know, but I would guess a little of both. Finding a security vulnerability in curl would be a big deal for anyone professionally. So unfortunately low effort scan that clogs up the...I don't know, but I would guess a little of both. Finding a security vulnerability in curl would be a big deal for anyone professionally. So unfortunately low effort scan that clogs up the security teams time was probably the main reason for stopping the bug bounty program. If all the issues posted had been for real vulnerabilities I would hope they'd be scrambling to patch them and kept the program running. In addition Mythos is apparently very capable (we have to trust anthropics word on this since there's no way for us mortals to verify it). Given the capability of the models have improved the quality of the reported issues would likely go up. Question is if it's worth having a bug bounty program that will essentially just be receiving slop (unless you have some automated way of verifying the found issues).
Hazarding a guess, the bug bounty program will remain closed. Quality of the reports for bugs/vulnerabilities will probably go up.
-
Comment on What programming/technical projects have you been working on? in ~comp
archevel Link ParentA distrioless Docker image still runs with the same kernel as the Docker host. So if you know of a vulnerability in the kernel you could exploit it to get access to the host. With respect to...A distrioless Docker image still runs with the same kernel as the Docker host. So if you know of a vulnerability in the kernel you could exploit it to get access to the host. With respect to performance I suspect you might be right. Since there is no kernel there's less switching between execution contexts etc. So it seems likely it could be faster. But, that said, as always with performance actually testing and measuring is the way to go. It might be that the hardware interactions that the kernel usually mitigates is crucial for the performance and the kernels implementation is super optimized already. Also if your mostly just executing computations then I suspect it won't make a difference (as long as your process has priority).
-
Comment on Help me test my chess bot in ~games
archevel LinkI have played a little of these 5 min games on lichess, but I usually loose against human opponents. I used to play a bit on the tram to work, but haven't done so in a while. Just tried your bot...I have played a little of these 5 min games on lichess, but I usually loose against human opponents. I used to play a bit on the tram to work, but haven't done so in a while. Just tried your bot and to my surprise I won (I must be some kind of wunderkind)! I have no idea of how difficult the bot is or what blunders I (or the bot) made, but it felt challenging to me. Nice work!
-
Comment on What games have you been playing, and what's your opinion on them? in ~games
archevel LinkStarted playing XCOM 2 WOTC again. It's nice and relaxing. I try to play it straight, but I do reload if something goes majorly wrong or I missclick into something unrecoverable. I think XCOM 2 is...Started playing XCOM 2 WOTC again. It's nice and relaxing. I try to play it straight, but I do reload if something goes majorly wrong or I missclick into something unrecoverable. I think XCOM 2 is still pretty much peek tactical combat it is a very good game imo.
-
Comment on What programming/technical projects have you been working on? in ~comp
archevel LinkFor a long time I've been curios about using unikernels. It is a neat concept. You essentially build a self contained app that can boot on an x86_64 processor. There is no OS, instead the...For a long time I've been curios about using unikernels. It is a neat concept. You essentially build a self contained app that can boot on an x86_64 processor. There is no OS, instead the application boots via a small harness that only contains the bare essentials. This is great from a security perspective! Even if your app has some sequrity flaw there's very little an attacker can do (unless you've done something exceedingly weird). They can't escape to a shell. The attack surface is much smaller.
So today I made my first foray into the wonderful land of qemu+rusty hermit to compile a tiny http server that just responds with a "hello". Quite a bit of config involved in setting up the rust stuff and how it should link to rusty hermit to build the app. What features need to be set and a bunch of small things. But, now it runs and the output (straight from my terminal):
Hello from a unikernel!
-
Comment on I made a post here two years ago about starting my first SWE job, since then I've been promoted and have recently recieved a very exciting job offer in ~tech
archevel LinkMy advice might be a bit too general, but here goes. t Think a bit about what success means for you in this new role. Then think about what success means for your boss. Try to validate that. It...My advice might be a bit too general, but here goes. t
Think a bit about what success means for you in this new role. Then think about what success means for your boss. Try to validate that. It might not always be easy, sometimes people say that the goal is X, but the true goal is infact Y. This may or may not be intentional. I tend to assume good intentions and that people have valid reasons for their behavior (even when they are at odds with what I want). Sometimes it can be useful to write down what you will be measured on and run it by your superiors. That way you can go back to it, check that it's still valid and assess how you are doing. Then again, adapt it if it isn't valid any more or if the approach doesn't gel with you!I imagine keeping up with other companies AI journeys might be inspirational, but this is probably not something that really matters to your company. So I'd focus on what matters for you and your role and your team/company.
Seems like a sensible approach to try to be present at an office to build some social connections. If your team is fully remote, then it might not be as important. Do set up some good habits to separate work from regular life. If you can then having a separate office space where you only work is an approach I find good. It is otherwise very easy for the work and non-work to bleed into each other. That can be fine, but I personally like to separate them.
-
Comment on Gothenburg promised to optimise school admissions with a piece of code. The resulting chaos showed how unaccountable systems are ruining lives. in ~tech
archevel Link ParentThe article mentioned With a link to this audit. In that document, which is the yearly review of "grundskolenämnden" the auditors do find that 450 placements were made in error. Their conclusion...The article mentioned
It was nearly a year before city auditors confirmed what many of us had suspected
With a link to this audit. In that document, which is the yearly review of "grundskolenämnden" the auditors do find that 450 placements were made in error. Their conclusion and recommendations was to ensure there was better followup and routines with the school placement work. So in essence they find that this was a process problem with a lack of quality control. The following year the auditors find that this has been addressed.
To me that indicates more that the system (as a whole) is working. An error occurred. The problem was identified. The audit highlighted the issue and recommended a change. Some processes were amended and when the auditors followed up they noted that there was no longer an issue.
I do agree that having algorithmic decision making can be problematic, but in this instance that wasn't the issue. The issue was in the lack of follow up.
-
Comment on Gothenburg promised to optimise school admissions with a piece of code. The resulting chaos showed how unaccountable systems are ruining lives. in ~tech
archevel Link ParentI think the root problem here is unequal quality of schools. I can see that having a longer commute to school isn't great and all, but calling it an injustice, while it might be correct, is...I think the root problem here is unequal quality of schools. I can see that having a longer commute to school isn't great and all, but calling it an injustice, while it might be correct, is stretching it a bit in my book (all else being equal). My understanding from the article is that they eventually found the issue and would fix it for future placements. Redoing the whole existing placement wouldn't necessarily be fair either (imagine having gotten into your first pick for school and then be told a mistake had been made and you'd have to go somewhere else).
On the algorithmic front, if a person had drawn up an equivalent plan for the childrens school placement, would it be somehow better? I.e. is it better if a administrator makes a mistake in measuring rather than a developer making a mistake when implementing the distance function?
-
Comment on Gothenburg promised to optimise school admissions with a piece of code. The resulting chaos showed how unaccountable systems are ruining lives. in ~tech
archevel LinkThe article is available in here too without the paywall. The topic title is a bit more dramatic than the original with the "resulting chaos... ruining lives" part. People who were unhappy could...The article is available in here too without the paywall. The topic title is a bit more dramatic than the original with the "resulting chaos... ruining lives" part. People who were unhappy could apply to be moved. Doesn't seem to be room for chaos and ruined lives, butI might be missing something.
The main point of the actual argument of the article still seems fair. We shouldn't allow citizens information to be processed in a way that the citizens can't review. In practice I think we need to legally enforce all public institutions to only use open source software and make the source available to the public. I should be able to take part in the processes and procedures that govern me in some way. In Sweden there's the principle of public access to official documents "offentlighetsprincipen", which should be extended to cover this.
-
Comment on Need help making an atlas-styled map without ultramega distortion in ~creative
archevel LinkIf shape and size are important to accurately represent you could try the dymaxion projection. It is a bit strange, but has some nice properties. For earth it has the benefit of being able to...If shape and size are important to accurately represent you could try the dymaxion projection. It is a bit strange, but has some nice properties. For earth it has the benefit of being able to either show the Earth's oceans as one connected area or you can emphasize the landmasses instead. Pretty neat, but not super practical.
I recently learned that the regular Mercantor(?) projection preserves angles which is good when navigating the seas (something about picking a compass heading and then you can follow that and know where you end up...
-
Comment on Final Fantasy XIV: Evercold | Teaser trailer in ~games
archevel Link ParentI've never plated FFXIV. The last FF game I finished was FFX. I played a lot of FF games via emulation (primarily the SNES ones). This being a MMORPG I realize can't really tell the same kind of...I've never plated FFXIV. The last FF game I finished was FFX. I played a lot of FF games via emulation (primarily the SNES ones). This being a MMORPG I realize can't really tell the same kind of epic story... Anyway, a few questions for those more knowledgeable:
Is FFXIV easy to get into for a new player?
Should I coerce some friends to play with me? Some of my friends are much better at these types of games, so they'll likely out pace me...
Is it feasible to play it casually, e.g ones per week maybe, or will I feel perpetually behind and not able to interact with other players? -
Comment on The powerhouse of American citrus is suffering a brutal, unrelenting decline in ~food
archevel LinkThey mention that the infection spread from Asia. How is it handled in those countries? Natural predators keeping it at bay?They mention that the infection spread from Asia. How is it handled in those countries? Natural predators keeping it at bay?
-
Comment on What is your go-to project for learning a new language? in ~comp
archevel Link ParentNah, the basic data is the same, but the file format is specific to Sweden (I believe). It's a standardized format for exchanging accounting data that has wide adoption from the system providers....Nah, the basic data is the same, but the file format is specific to Sweden (I believe). It's a standardized format for exchanging accounting data that has wide adoption from the system providers. Here is some info on it SIE file format. Main thing a lot of applications miss is that it uses cp437 as an encoding which is mostly compatible with ANSI, but reading a file as regular ansinor utf-8 can garble some text.
-
Comment on What is your go-to project for learning a new language? in ~comp
archevel LinkI tend to do something I am fairly familiar with domain wise. Learning F# a while back I did a parser for Swedish accounting data using parser combinations via fparsec. I hadn't done much with...I tend to do something I am fairly familiar with domain wise. Learning F# a while back I did a parser for Swedish accounting data using parser combinations via fparsec. I hadn't done much with parser combinations before, but I knew the file format fairly well. Other times I build a lisp :) getting a basic interpreter is fairly straightforward (the book SICP is a good reference manual for this).
Contrary to other people's recommendation I would avoid building something I actually want to use. I want a certain level of mastery and understanding of the tool (language) before doing anything "serious" with it. YMMV.
-
Comment on Ring camera is getting more and more annoying in ~tech
archevel LinkOut of curiosity what do these cameras do for you? What problem does it solve?Out of curiosity what do these cameras do for you? What problem does it solve?
-
Comment on Which Linux distro do you use, and why? in ~tech
archevel LinkI am running Nixos on my work laptop. I like the convenience of just setting up a nix-shell with the necessary dependencies when I tinker with something. It's running hyperland which feels fairly...I am running Nixos on my work laptop. I like the convenience of just setting up a nix-shell with the necessary dependencies when I tinker with something. It's running hyperland which feels fairly slick. For my home computer I recently just installed Debian. It is just solid. I figured that if I needed to run some software that wasn't in the regular repo I could just as well either run it in a container or flatpak OR just build it from source.
-
Comment on No-stack web development in ~tech
archevel Link ParentYes. If you are working on java I would argue you are working on a legacy system. If you are writing something new with java, then you would just be using a fairly solid and battle tested tool for...Yes. If you are working on java I would argue you are working on a legacy system. If you are writing something new with java, then you would just be using a fairly solid and battle tested tool for solving your problem.
-
Comment on No-stack web development in ~tech
archevel Link ParentWell, arguably Firefox and chrome are both legacy systems. There are a bunch of hidden quirks and obscure settings in Firefox at least dating back many years! Now, are legacy systems automatically...Well, arguably Firefox and chrome are both legacy systems. There are a bunch of hidden quirks and obscure settings in Firefox at least dating back many years! Now, are legacy systems automatically bad? No, I don't think so. Are they harder to maintain than greenfield projects? Definitely!
There was this well known attack on xz which kind of highlights how vulnerable some of the worlds software is to a disciplined threat actor. It's not inconceivable that someone is running such long cons primarily using LLM agents at this point.