Due to the impending lemm.ee shutdown I have migrated to notabot@piefed.social.
I’m unlikely to do a full code audit, unless something about it doesn’t pass the ‘sniff test’. I will often go over the main code flows, the issue tracker, mailing lists and comments, positive or negative, from users on other forums.
I mean, if you’re not doing that, what are you doing, just installing it and using it??!? Where’s the fun in that? (I mean this at least semi seriously, you learn a lot about the software you’re running if you put in some effort to learn about it)
‘AI’ as we currently know it, is terrible at this sort of task. It’s not capable of understanding the flow of the code in any meaningful way, and tends to raise entirely spurious issues (see the problems the curl author has with being overwhealmed for example). It also wont spot actually malicious code that’s been included with any sort of care, nor would it find intentional behaviour that would be harmful or counterproductive in the particular scenario you want to use the program.
A valid point, trackers often give you a certain amount of upload credit for free, and there are often other ways to earn those credits too, so all users’ ratios would be above 1.0, but that should have read “A closed group of users can all have a seed ratio of 1.0” if we’re looking at just the data transfer itself.
A closed group of users can all have a seed ratio above 1.0, but it’s a bit of a contrived set up. For simplicity, in the following examples we assume that each file is the same size, but this also works for other combinations.
Consider the smallest group, two users. If user A seeds a file and user B downloads it, whilst B seeds a different file, which A downloads, both users will have a ratio of 1.0 as they’ve up and down loaded the same amount.
For three users, A seeds a file, B and C then download a different half each, which they then share with each other. A has a total (upload, download) of (1,0), whilst B and C have (0.5,1). If you repeat this with B seeding and A and C downloading, then C seeding to A and B, you get each peer uploading 2 files worth of data, and downloading 2 files worth, for a ratio of 1.0 each.
You can keep adding peers and keep the ratios balanced, so it is possible for all the users on a private tracker to have a 1.0 ratio, but it’s very unlikely to work out like that in real life, which is why you have other ways to boost your ratio.
Fair point, I wasn’t sure it was the equals, hence my initial question. Drawing boxes with the box drawing characters does make a lot more sense.
The line would mean the = would be effectively removed, rendering the for a syntax error. That is, assuming it is an equals sign they’ve redefined, and not similar looking character.
Have they d out the equals symbol? I don’t think that for loop is going to compile.
They’re a high starch part of the banana family, but taste more like slighty sweet potatoes in my opinion. They’re good fried or roasted.
Their jalepeno ones are fantastic.
Before you can decide on how to do this, you’re going to have to make a few choices:
Theres two main ways to expose a git repo, HTTPS or SSH, and they both have pros and cons here:
HTTPS
A standard sort of protocol to proxy, but you’ll need to make sure you set up authentication on the proxy properly so that only only thise who should have access can get it. The git client will need to store a username and password to talk to the server or you’ll have to enter them on every request. gitweb is a CGI that provides a basic, but useful, web interface.
SSH Simpler to set up, and authentication is a solved problem. Proxying it isn’t hard, just forward the port to any of the backend servers, which avoids decrypting on the proxy. You will want to use the same hostkey on all the servers though, or SSH will refuse to connect. Doesn’t require any special setup.
Git is a distributed version control system, so you could replicate it at that level, alternatively you could use a replicated file system, or a simple file based replication. Each has it’s own trade-offs.
Git replication
Using git pull to replicate between repositories is probably going to be your most reliable option, as it’s the job git was built for, and doesn’t rely on messing with it’s underlying files directly. The one caveat is that, if you push to different servers in quick suscession you may cause a merge confict, which would break your replication. The cleanest way to deal with that is to have the load balancer send all requests to server1 if it’s up, and only switch to the next server if all the prior ones are down. That way writes will alk be going to the same place. Then set up replication in loop, with server2 pulling from server1, server3 pulling from server2, and so on up to server1 pulling from server5. With frequent pulls changes that are commited to server1 will quickly replicate to all the other servers. This would effectively be a shared nothing solution as none of the servers are sharing resources, which would make it easier to geigraphically separate them. The load balancer could be replaced by a CNAME record in DNS, with a daemon that updates it to point to the correct server.
Replicated filesystem Git stores its data in a fairly simple file structure, so placing that on a replicated filesystem such as GlusterFS or Ceph would mean multiple servers could use the same data. From experience, this sort of thing is great when it’s working, but can be fragile and break in unexpected ways. You don’t want to be up at 2am trying to fix a file replication issue if you can avoid it.
File replication. This is similar to the git replication option, in that you have to be very aware of the risk of conflicts. A similar strategy would probably work, but I’m not sure it brings you any advantages.
I think my prefered solution would be to have SSH access to the git servers and to set up pull based replication on a fairly fast schedule (where fast is relative to how frequently you push changes). You mention having a VPS as obe of the servers, so you might want to push changes to that rather than have be able to connect to your internal network.
A useful property of git is that, if the server is missing changesets you can just push them again. So if a server goes down before your last push gets replicated, you can just push again once the system has switched to the new server. Once the first server comes back online it’ll naturally get any changesets it’s missing and effectively ‘heal’.
Design Patterns is good, another one is The New Turing Omnibus.
trackballs, the arguably superior input method.
It’s not arguable, because it’s true! The mouse mafia are just trying to give everyone Carpal Tunnel Syndrone. We must overthrown the waggly input hegemony and bring peace to desktops everywhere!
Ok, I’ll settle down now.
Most of the time you’re right, it’s little more than a detail, but sometimes I miss the querying that it allowed. You could ask for things like a list of all branches that branched from a specific parent branch and modified a specific file, Which can be handy when you want to understand the impact a change might have before you make it and try merging.
Having the branch name embedded in the commit means you can meaningfully ask this sort of question. In git’s model you can’t say a changeset is in a specific branch once there are child branches further downstream because the changeset is in all of those branches.
Rather than come up with lots of examples for other queries (I know it wasn’t the focus of your question, but I think it’s really neat), I found this page which seems like a reasonable description.
Git branches are very different to Mercurial branches. In git they’re similar to tags that move along with the head commit of that particular branch. In Mercurial every commit contains meta data indicating the branch it’s on. It also has a query language that lets you do sone quite neat things with selecting groups of commits based on their metadata, which can be useful in code reviews and similar.
I manage all my homelab infra stuff via ansible and run services via kubenetes. All the ansible playbooks are in git, so I can roll back if I screw something up, and I test it on a sacrificial VM first when I can. Running services in kubenetes means I can spin up new instances and test them before putting them live.
Working like that makes it all a lot more relaxing as I can be confident in my changes, and back them out if I still get it wrong.
I normally just use X forwarding over ssh. For simple, X native, apps it usually works nicely, but if you’re using something that draws its own UI (electron apps, browsers and the like often do) it’ll be extremely painful or just fail.
I believe there is, or was, a way to run a vnc client rootless, but I think you needed to configure the server in a specific way too. It’s been a long time since I tried though so things will have changed.
find can be a bit slow because it enumerates every directory recursively from the root you specified, but it let’s you do a lot more than just search by name. locate is available on most distros and give fast results, albiet from when the index was last rebuilt (usually nightly). They both have the vital property that they output a list of files to stdout for further processing.
(In the ‘Churchgoer’ slide I think you have the wrong year on the bit about ICE)
One group you’ve missed that I think can do a lot of good are what you might call ‘Interference’. Basically finding ways to make the system less efficient and effective. The resistance manual that’s been going round has some ideas, but there’s also basic stuff that can gum up the processes they use to be evil.
If they start a tip line to identify a certain class of individual, send them tips. Lots of tips. Make them plausible so they have to divert time and energy to investigting them.
If you see an official vehicle when you’re travelling, obstruct it as much as could plausibly not be deliberate. Drive slowly and brake harder than you need to. In fact, do that anytime you can cause a nuisance.
Slow productivity anywhere you can. If you have to interact with a business that supports the oligarcy, do everything you can to reduce their efficiency. Call them repeatedly for minor things and talk for as long as possible. Place orders and then cancel them after they’ve started fulfilment. Return things.
Be sand in the cogs of the system without exposing yourself to direct physical danger. None of these things will end the threat on their own, but they make it easier for others to resist and add up if many people do them. If you’re working online use protection. A good, ideally foreign and non-logging, VPN helps, TOR also helps, but you should always assume these things c`n be compromised, so stack them.
Remarkable! Everyone who followed your advice stopped aging almost immediately.
Could you let me know what sort of models you’re using? Everything I’ve tried has basically been so bad it was quicker and more reliable to to the job myself. Most of the models can barely write boilerplate code accurately and securely, let alone anything even moderately complex.
I’ve tried to get them to analyse code too, and that’s hit and miss at best, even with small programs. I’d have no faith at all that they could handle anything larger; the answers they give would be confident and wrong, which is easy to spot with something small, but much harder to catch with a large, multi process system spread over a network. It’s hard enough for humans, who have actual context, understanding and domain knowledge, to do it well, and I’ve, personally, not seen any evidence that an LLM (which is what I’m assuming you’re referring to) could do anywhere near as well. I don’t doubt that they flag some issues, but without a comprehensive, human, review of the system architecture, implementation and code, you can’t be sure what they’ve missed, and if you’re going to do that anyway, you’ve done the job yourself!
Having said that, I’ve no doubt that things will improve, programming languages have well defined syntaxes and so they should be some of the easiest types of text for an LLM to parse and build a context from. If that can be combined with enough domain knowledge, a description of the deployment environment and a model that’s actually trained for and tuned for code analysis and security auditing, it might be possible to get similar results to humans.