skybrian's recent activity

  1. Comment on Is higher education still valuable? in ~life

    skybrian
    Link Parent
    I'll add that anyone who is fortunate enough to retire will have to figure out what they want to do with their life, so this isn't an uncommon problem, though it usually happens to older people....

    I'll add that anyone who is fortunate enough to retire will have to figure out what they want to do with their life, so this isn't an uncommon problem, though it usually happens to older people.

    Sometimes classes can be fun. Is it worth getting a degree? How much should you pay for one? However much you value the intangibles, I think it's pretty clearly a lot less when you don't have a plan to earn the money back somehow? Taking out a loan seems irresponsible under those circumstances.

    Also: "is education worthwhile" is a very broad question. "What should I study and why" seems more relevant and "should I keep studying statistics" directly relevant. I don't have an answer for that, though.

    3 votes

  2. Comment on Is higher education still valuable? in ~life

    skybrian
    Link Parent
    One strategy that used to be common was going to a community college to save money and then transferring to a four year school. Is that still viable nowadays?

    One strategy that used to be common was going to a community college to save money and then transferring to a four year school. Is that still viable nowadays?

    2 votes

  3. Comment on We deserve a better streams API for JavaScript in ~comp

    skybrian
    Link
    From the article: [...] [...]

    From the article:

    But after years of building on Web streams — implementing them in both Node.js and Cloudflare Workers, debugging production issues for customers and runtimes, and helping developers work through far too many common pitfalls — I've come to believe that the standard API has fundamental usability and performance issues that cannot be fixed easily with incremental improvements alone. The problems aren't bugs; they're consequences of design decisions that may have made sense a decade ago, but don't align with how JavaScript developers write code today.

    This post explores some of the fundamental issues I see with Web streams and presents an alternative approach built around JavaScript language primitives that demonstrate something better is possible.

    In benchmarks, this alternative can run anywhere between 2x to 120x faster than Web streams in every runtime I've tested it on (including Cloudflare Workers, Node.js, Deno, Bun, and every major browser). The improvements are not due to clever optimizations, but fundamentally different design choices that more effectively leverage modern JavaScript language features. I'm not here to disparage the work that came before — I'm here to start a conversation about what can potentially come next.

    [...]

    I'm publishing this to start a conversation. What did I get right? What did I miss? Are there use cases that don't fit this model? What would a migration path for this approach look like? The goal is to gather feedback from developers who've felt the pain of Web streams and have opinions about what a better API should look like.

    [...]

    A reference implementation for this alternative approach is available now and can be found at https://github.com/jasnell/new-streams.

  5. Comment on Is higher education still valuable? in ~life

    skybrian
    Link
    Nobody knows the future, but it seems like software is going to become increasingly important even if we conjure it up instead of hand-crafting it the old way? Also, there will be plenty of...

    Nobody knows the future, but it seems like software is going to become increasingly important even if we conjure it up instead of hand-crafting it the old way? Also, there will be plenty of interesting phenomena to gather statistics about.

    It's a time of change and there are probably going to be new kinds of jobs that you can't directly study in school for, and formal credentials will likely be less important for them.

    But what are the alternatives? What would you study instead?

    6 votes

  6. Comment on Inside the quixotic team trying to build an entire world in a twenty-year-old game in ~games

    skybrian
    Link
    From the article: [...] [...]

    From the article:

    Despite being regarded as one of the greatest role-playing games of all time, The Elder Scrolls III: Morrowind disappointed some fans upon its release in 2002 because it didn’t match the colossal scope of its predecessor, The Elder Scrolls II: Daggerfall. Almost immediately, fans began modding the remaining parts of the series’ fictional continent, Tamriel, into the game.

    Over 20 years later, thousands of volunteers have collaborated on the mod projects Tamriel Rebuilt and Project Tamriel, building a space comparable in size to a small country. Such projects often sputter out, but these have endured, thanks in part to a steady stream of small, manageable updates instead of larger, less frequent ones.

    [...]

    It’s true that Daggerfall included an entire continent’s worth of content, but it was mostly composed of procedurally generated liminal space. By contrast, Morrowind contained just a single island—not even the entire province after which the game was named. The difference was that it was handcrafted.

    [...]

    “The entirety of Tamriel is, in our scale, roughly the size of the real-life country of Malta, which is small in real life, but quite big from a human perspective,” said Tiny Plesiosaur, a senior developer who has done mapping and planning for both projects but who spends most of her time on Project Tamriel these days.

    Both projects aim to create a cohesive, lore-accurate representation of these realms as they would have looked during the fictional historical period in which Morrowind takes place. So far, they’ve made substantial progress.

    3 votes

  8. Comment on Here's to the polypropylene makers in ~humanities.history

    skybrian
    Link
    From the article: [...] [...]

    From the article:

    N95s are made from meltblown polypropylene, produced from plastic pellets manufactured in a small number of chemical plants. Two of these plants were operated by Braskem America in Marcus Hook PA and Neal WV. If there were infections on site, the whole operation would need to shut down, and the factories that turned their pellets into mask fabric would stall.

    [...]

    Someone had the idea: what if we never left? About eighty people, across both plants, volunteered to move in. The plan was four weeks, twelve-hour shifts with air mattresses on the floor each night and seeing their families only through screens. With full isolation no one would be exposed, and they could keep the polypropylene flowing.

    The company would compensate them well: full wages for the whole time, even when sleeping, and a paid week off after. They had more volunteers than they had space for.

    [...]

    In those 28 days they produced 40M pounds of polypropylene, enough for maybe 500M N95s.

    6 votes

  10. Comment on The first fully general computer action model in ~tech

    skybrian
    Link Parent
    I'm no expert either. I assume it means AI will get a lot better at looking at computer screens and acting on what it sees.

    I'm no expert either. I assume it means AI will get a lot better at looking at computer screens and acting on what it sees.

    1 vote

  11. Comment on Statement from Dario Amodei on our discussions with the Department of War in ~society

    skybrian
    Link
    From the statement:

    From the statement:

    The Department of War has stated they will only contract with AI companies who accede to “any lawful use” and remove safeguards in the cases mentioned above. They have threatened to remove us from their systems if we maintain these safeguards; they have also threatened to designate us a “supply chain risk”—a label reserved for US adversaries, never before applied to an American company—and to invoke the Defense Production Act to force the safeguards’ removal. These latter two threats are inherently contradictory: one labels us a security risk; the other labels Claude as essential to national security.

    Regardless, these threats do not change our position: we cannot in good conscience accede to their request.

    9 votes

  13. Comment on What are some bands you regret not seeing live (or, just never had the chance to see in the first place)? in ~music

    skybrian
    Link
    Although I had no chance to because I hadn't heard of her yet, I regret not seeing Hiromi when she was playing with her previous bands, Sonicbloom and Trio Project. I've seen her twice with her...

    Although I had no chance to because I hadn't heard of her yet, I regret not seeing Hiromi when she was playing with her previous bands, Sonicbloom and Trio Project. I've seen her twice with her latest band which is okay but I don't like the songs as much.

    Fortunately there are lots of great concert videos on YouTube.

    2 votes

  14. Comment on New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises in ~tech

    skybrian
    Link
    From the article: [...] [...] [...] [...] [...] [...] [...] [...] [...] The attack is somewhat mitigated by widespread use of https and ssh. Something like Tailscale would probably help for...

    From the article:

    New research shows that behaviors that occur at the very lowest levels of the network stack make encryption—in any form, not just those that have been broken in the past—incapable of providing client isolation, an encryption-enabled protection promised by all router makers, that is intended to block direct communication between two or more connected clients.

    [...]

    The isolation can effectively be nullified through AirSnitch, the name the researchers gave to a series of attacks that capitalize on the newly discovered weaknesses. Various forms of AirSnitch work across a broad range of routers, including those from Netgear, D-Link, Ubiquiti, Cisco, and those running DD-WRT and OpenWrt.

    AirSnitch “breaks worldwide Wi-Fi encryption, and it might have the potential to enable advanced cyberattacks,” Xin’an Zhou, the lead author of the research paper, said in an interview. “Advanced attacks can build on our primitives to [perform] cookie stealing, DNS and cache poisoning. Our research physically wiretaps the wire altogether so these sophisticated attacks will work. It’s really a threat to worldwide network security.” Zhou presented his research on Wednesday at the 2026 Network and Distributed System Security Symposium.

    [...]

    The most powerful such attack is a full, bidirectional machine-in-the-middle (MitM) attack, meaning the attacker can view and modify data before it makes its way to the intended recipient. The attacker can be on the same SSID, a separate one, or even a separate network segment tied to the same AP. It works against small Wi-Fi networks in both homes and offices and large networks in enterprises.

    [...]

    Given the range of possibilities it affords, AirSnitch gives attackers capabilities that haven’t been possible with other Wi-Fi attacks, including KRACK from 2017 and 2019 and more recent Wi-Fi attacks that, like AirSnitch, inject data (known as frames) into remote GRE tunnels and bypass network access control lists.

    [...]

    The MitM targets Layers 1 and 2 and the interaction between them. It starts with port stealing, one of the earliest attack classes of Ethernet. An attacker carries it out by modifying the Layer-1 mapping that associates a network port with a victim’s MAC—a unique address that identifies each connected device. By connecting to the BSSID that bridges the AP to a radio frequency the target isn’t using (usually a 2.4GHz or 5GHz) and completing a Wi-Fi four-way handshake, the attacker replaces the target’s MAC with one of their own.

    [...]

    “In a normal Layer-2 switch, the switch learns the MAC of the client by seeing it respond with its source address,” Moore explained. “This attack confuses the AP into thinking that the client reconnected elsewhere, allowing an attacker to redirect Layer-2 traffic. Unlike Ethernet switches, wireless APs can’t tie a physical port on the device to a single client; clients are mobile by design.”

    [...]

    “Even when the guest SSID has a different name and password, it may still share parts of the same internal network infrastructure as your main Wi-Fi,” the researcher explained. “In some setups, that shared infrastructure can allow unexpected connectivity between guest devices and trusted devices.”

    [...]

    As noted earlier, every tested router was vulnerable to at least one attack. Zhou said that some router makers have already released updates that mitigate some of the attacks, and more updates are expected in the future. But he also said some manufacturers have told him that some of the systemic weaknesses can only be addressed through changes in the underlying chips they buy from silicon makers.

    The hardware manufacturers face yet another challenge: The client isolation mechanisms vary from maker to maker. With no industry-wide standard, these one-off solutions are splintered and may not receive the concerted security attention that formal protocols are given.

    [...]

    If the network is properly secured—meaning it’s protected by a strong password that’s known only to authorized users—AirSnitch may not be of much value to an attacker. The nuance here is that even if an attacker doesn’t have access to a specific SSID, they may still use AirSnitch if they have access to other SSIDs or BSSIDs that use the same AP or other connecting infrastructure.

    [...]

    The most effective remedy may be to adopt a security stance known as zero trust, which treats each node inside a network as a potential adversary until it provides proof it can be trusted. This model is challenging for even well-funded enterprise organizations to adopt, although it’s becoming easier. It’s not clear if it will ever be feasible for more casual Wi-Fi users in homes and smaller businesses.

    The attack is somewhat mitigated by widespread use of https and ssh. Something like Tailscale would probably help for connections between machines on the same network? Since it only works if the attacker has a connection to the wifi router (on any network) either not having a guest network or having one with a decent password probably helps too.

    It seems bad if you're connected to someone else's WiFi network, but it's always been the case that you should be more careful then.

    9 votes

  16. Comment on How The New York Times uses a custom AI tool to track the “manosphere” in ~life.men

    skybrian
    Link Parent
    A simple tool can still be quite useful. Also there's a lot of activity around figuring out how best to build tools that use LLM calls to do interesting things. These tools are cheap to build so...

    A simple tool can still be quite useful.

    Also there's a lot of activity around figuring out how best to build tools that use LLM calls to do interesting things. These tools are cheap to build so there's a zillion of them. People are building their own.

    It reminds me a bit of when seemingly everyone was building their own websites. A lot of them will be slop. Most will be ignored. But I expect there will be hits, too, like that crazy OpenClaw thing. Well, hopefully better than that next time.

    4 votes

  17. Comment on Wolbachia-infected mosquitoes can lower dengue risk by 70%, citywide experiment finds in ~health

    skybrian
    Link
    From the article: [...]

    From the article:

    In a two-year-long citywide experiment in Singapore, researchers divided urban neighborhoods into clusters, releasing sterile, Wolbachia-infected Aedes aegypti male mosquitoes in some areas while leaving others untreated to test whether this biological approach could reduce disease transmission in a densely populated city.

    The mosquito releases proved to be quite effective. In areas where the intervention was used, mosquito numbers fell sharply, and the people living in treated neighborhoods were about 70% less likely to develop symptomatic dengue after a few months of exposure. The findings are published in The New England Journal of Medicine.

    [...]

    Over the past few years, scientists have discovered that infecting Aedes aegypti mosquitoes with Wolbachia bacteria can be a powerful alternative to traditional dengue control methods. Wolbachia prevents the dengue virus from replicating inside these mosquitoes, making them far less capable of spreading the disease.

    Project Wolbachia works by releasing male Aedes mosquitoes that carry Wolbachia. Although male mosquitoes do not bite humans, they play an important role in reducing the population of biting mosquitoes that transmit dengue.

    When these infected males are released to mate with wild female mosquitoes that do not carry Wolbachia, the eggs they produce do not hatch. Over time, repeated releases result in fewer mosquitoes surviving in the city. This specific strategy is known as the Wolbachia-mediated incompatible insect technique–sterile insect technique (IIT-SIT).

    2 votes

  19. Comment on The first fully general computer action model in ~tech

    skybrian
    Link
    From the article: [...] [...] [...]

    From the article:

    We designed FDM-1, a foundation model for computer use. FDM-1 is trained on videos from a portion of our 11-million-hour screen recording dataset, which we labeled using an inverse dynamics model that we trained. Our video encoder can compress almost 2 hours of 30 FPS video in only 1M tokens. FDM-1 is the first model with the long-context training needed to become a coworker for CAD, finance, engineering, and eventually ML research, and it consistently improves with scale. It trains and infers directly on video instead of screenshots and can learn unsupervised from the entirety of the internet.

    Before today, the recipe for building a computer use agent was to finetune a vision-language model (VLM) on contractor-annotated screenshots of computer use, then build reinforcement learning environments to learn each specific downstream task. Agents trained this way are unable to act on more than a few seconds of context, process high-framerate video, do long-horizon tasks, or scale to competent agents.

    [...]

    To train on all this video, you need to label it with actions like key presses and mouse movements. Prior literature has explored automatically labeling data: in Behavior Cloning from Observation, the researchers taught an “inverse dynamics model” (IDM) to label what action was taken between before states and after states in various simulated environments. IDM-labeling is possible for computer use datasets because mouse movement and typing actions are often easily inferable from the screen: if a “K” shows up, you can be reasonably confident the “K” key was pressed. [1] 1. There are harder examples (e.g. a Cmd+V from an earlier Cmd+C) but looking at minutes of history lets us accurately label long-range inverse dynamics, so we can have high confidence in the sequence of actions that produced a given computer state for almost any video. OpenAI’s Video PreTraining (VPT) paper was the first to apply this method at scale, bootstrapping a Minecraft-specific IDM on a small amount of contractor data to create a competent Minecraft agent with six seconds of context. [2] 2. https://arxiv.org/pdf/2510.19 VideoAgentTrek also trained a computer action IDM to label data. The key problem here is they don’t have video context (cannot do Blender or any continuous tasks) and instead rely on screenshot-action-CoT triplets.

    [...]

    The missing piece is a video encoder. VLMs burn a million tokens to understand just one minute of 30 FPS computer data. Our video encoder encodes nearly 2 hours of video in the same number of tokens—that’s 50x more token-efficient than the previous state-of-the-art and 100x more token-efficient than OpenAI’s encoder. These improvements in context length and dataset size mean we can finally pretrain on enough video to scale computer action models.

    [...]

    The FDM predicts the next action given the prior frames and actions (Figure 9). [8] 8. Labeled data isn’t strictly necessary for prediction because of the near-determinism of computer environments. We exploit this for small-scale experiments, masking action events to slow overfitting. Unlike VLM-based approaches, our FDM operates directly on video and action tokens—no chain-of-thought reasoning, byte-pair encoding, or tool use. [9] 9. We still have transcription tokens during training, mainly for instruction tuning downstream and general language grounding. This is still extremely different from chain-of-thought data because most actions do not have a transcript preceding them. Overall we have ~1.25T transcript tokens This keeps inference low-latency and allows modeling a multitude of tasks that current designs cannot capture—e.g. scrolling, 3D modelling, gameplay. We trained FDM-1 with no language model transfer.

    5 votes