Recently I used Google maps to search for the nearest DHL near me so I could return a package. DHL is not that popular near me and when I specifically typed for DHL, I would get only their competitors in the search results.
There was a DHL service center near me and I had to scroll a bunch to find it. Oh, and apparently big box stores (or anyone) can pay Google to come up in the search on maps, even if unrelated.
I don't think they have skin the in shipping game but their algorithms are over optimized that they don't even show what your searching for, but trying to infer why you're searching for it. That or whoever pays them more. Certainly a search risk
Out of college I did not work at a start-up but instead got a job at a "big, stable" corp. I got the following advice from the older engineers at big, stable corp. Some of those engineers are my personal friends 7 years later.
"Why work here where it's slow and stable? You're young, go take some risks, earn money, and most importantly get experience under your belt. Then come back with experience and coast. Your compensation grows slowly here so might as well come in with experience and start with a high salary. Also, everything is slow here, your peers at fast paced companies will out pace you."
That was some of the truest shit I've ever heard. I've since left big,stable corp and am working at a company who was a start-up but opted to grow instead of being bought out. I am working on a family so cannot afford the risks of a start-up.
Yes, I work many more hours but the pay is way better and in the last 1 year I've learned more than i've learned at big,stable corp. There is just much less process and red tape and we are more hands on and wear many hats. At times this is exhausting but I find comfort that if I were to lose my job, I have tangible experience to get hired again where as at Big,stable I was picking up skills how to do reviews on processes and techniques unique to the company.
when running models locally, I presume the models are trained and the weights and stuff are exported to a "model." For example Meta's LLama model.
Do these models get updated, new versions released? I don't quite understand
wow 10 months flew by since this was posted and since then the United States had a surprise privacy bill that is bipartisan that sort of addresses the issues you and I mentioned. https://www.washingtonpost.com/technology/2024/04/07/congress-privacy-deal-cantwell-rodgers/
This bill was proposed around the same time the TikTok ban was announced. I speculate that law makers had a difficult time framing the arguments against TikTok when "the data of citizens have no protections so there was no easy legal grounds to forbit the likes of TikTok to harvest it"
From what I've heard, this bill is pretty good. I need to educate myself more on it, however.
was it ever? I participate in interview rounds at my company (several tech screens a month) and I must say a candidate's email was not something that drew attention
you're able to unsubscribe from all those protomtions . . . that is in settings. Personally, a once-a-month newsletter of everything that is new is helpful bc I don't need to put in the effort tlinto keeping up
For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.
I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.
I also have a policy to sync specified folders (and subfolder) with my family's devices. No more " hey can you send me all the pics from the XYZ trip"
We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.
simply put, programming is glorified automation. There are jobs where the process that needs automating makes money.
Debian has the advantage of not using snapd like Ubuntu does. You have to not only remove snaps but also instruct the package manager not you pull in snaps as dependencies and not to favor snap packages.
I have fond memories of Ubuntu being my first distro many years ago but pushing snaps onto users to compete with flatpak is a nuisance.
I don't think I am well positioned to answer that question given my experience. Ill give it my best.
I believe the advantage of more abstraction of gRPC was desireable because we can point it at a socket (Unix domain or internet sockets) and communicate across different domains. I think we are shooting for a "microserves" architecture but running it on one machine. FFI (IIRC) is more low level and more about language interoperability. gRPC would allow us to prototype stuff faster in other languages (like Python or go) and optimize to rust if it became a bottleneck.
Short answer is, we are able to deliver more value, quicker, to customers (I guess). But I don't know much about FFI. Perhaps you can offer some reasons and use cases for it?
At work, we started the c++ migration to rust doing the following:
- Identify "subsystems" in the c++ code base
- Identify the ingress/egress data flows into this subsystem
- Replace those ingress/engress interfaces with grpc for data/event sharing (we have yet to profile the performance impact of passing an object over grpc, do work on it, then pass it back)
- Start a rewrite of the subsystem. from c++ to rust
- Swap out the two subsystems and reattach at the grpc interfaces
- Profit in that now our code is memory safe AND decoupled
The challenge here is identifying the subsystems. If the codebase didn't have distinct boundaries for subsystems, rewrite becomes much more difficult
hey, that's what the internet is for; information sharing :)
for the dummies (like me) that can't read the room, especially online, a sarcasm tag /s goes a long way 🙃
you sound like a Microsoft engineer ;)
I agree with the sentiment but Google is an Ad business. Selling phones by itself does not financially support them.
GrapheneOS on Pixel is the most stable and secure way to have a modern mobile phone that is free of trackers (from google and apple alike).
I can't picture a better way to "stick it to the man" than 7 years of them unable to track and serve you ads
Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man."
The article discusses the use of targeted advertising data by government agencies, particularly focusing on how a technology consultant demonstrated the security risks posed by Grindr's data to national security agencies. It highlights the widespread availability and potential surveillance applications of advertising data, as well as the government's interest in obtaining and utilizing such data for intelligence purposes.
Why is this worth the read? It goes into detail how these data exchanges work and the mechanisms of obtaining such data. We often hear about the result of these actions, but how these actions are performed are described within.
(clear your cookies to read the paywalled article)
hahaha good point.
That colleague, keep in mind is a bit older, also has Vim navigation burned into his head. I think where he was coming from, all these new technologies and syntax for them, he much rather prefers right clicking in the IDE and it'll show him options instead of doing it all from command line. For example docker container management, Go's devle debugger syntax, GDB. He has a hybrid workflow tho.
After having spent countless hours on my Vim config only to restart everything using Lua with nvim, I can relate to time sink that is vim.
Had a distinguished collegue (from the Bell Lab days) say to me recently:
"IDEs take up a lot of RAM on my machine. Vim takes up a lot of squishy RAM in my head. I need squishy RAM to hold info relevant to problem solving, not options available in my tool chain."
As a former Vim user myself, I have to say I really dislike screensharing with coworkers who use Vim. They are walking me through code and shit pops up left and right and I don't know where it comes from or what it is I'm looking at. Code reviews are painful when they walk me through a large-ish PR.
These days, I tend to bring my vim navigation/key bindings to my IDE instead of IDE funcs to Vim. Hard to beat JetBrains IDEs, especially when you pay them to maintain the IDE functionality.
code is just text, so code editors are text editors.
What sets IDEs apart are their features, like debugger integrations, refactoring assists, etc.
I love command line ± Vim and used solely it for a large portion of my career but that was back when you had a few big enterprise languages (C/C++, Java).
With micro services being language agnostic, I find I use a larger variety of languages. And configuring and remembering an environment for rust, go, c, python etc. is just too much mental overhead. Hard to beat JetBrain's IDEs; now-a-days I bring my Vim navigation key bindings to my IDE instead of my IDE features to Vim. And I pay a company to work out the IDE features.
for the record, I am in the boat of, use whatever brings you the greatest joy/productivity.
wait until Google releases a new pixel this fall, buy "last year's" pixel at a discount and they are supported for 7 (?) years of updates (including firmware).
I would recommend GraphenesOS bc they only deal with android and pixel phones so there is a high level of compatibility and things rarely break. (In many cases GrapheneOS was more stable than Google's android, recently with the multiple profiles and memory bug). They also push fixes and security hardening upstream sometimes.
Anyway, GrapheneOS will support a Pixel for as long as the manufacturer (Google) releases firmware updates. So you have the potential of 7+ years of support from GrapheneOS.
Hey everyone,
I wanted to poll the community and pick up tips on DIY cable labeling and management.
At work, we label both ends of Ethernet cabels using a Brady Label maker. They are awesome but run about $200 USD.
I don't need such an expensive device to create (one-time) 40ish labels.
I was hoping for DIY suggestions that balances durability and ease of installation. Was thinking tape, sharpies, or even thick zip ties etc. Some forums even suggested bread ties (but I'm concerned they will fall off in hard to reach places). And sharpies are great but can wear on some materials (like those plastic sticky tabs for books and notes)
What are some pros and cons of approaches you guys have tried?
EDIT:
I was pointed to this video which suggests you:
- Grid up a piece of paper so each rectangle's height is the size of a circumference of a cable. It will later be wrapped around the cable.
- Then hand write the labels.
- Cut out each label/rectangle.
- Then use clear masking tape slightly larger than the label to secure it to the cable by wrapping it around the circumference of the cable.
The finished product looks like those shrinking labels where the label is flush against the cable and text is behind a clear film and can't be smudged.
For those that suggested borrow the label maker from work or print them at work: that has occured to every one of our engineers on staff and now our printers are locked away and are signed out bc we would always find them either low on ink/toner or more frequently out of lable paper. Yes, ordering those supplies is negligibly cheap for a budget at work but the issue lied in whenever you picked up the label maker at work, you immediately had to either change the roll or ink. sigh this is why we can't have nice things :)
Judge: Data broker’s motion to sanction FTC “long on hyperbole, short on facts.”
Below is a disturbing amount of information data brokers have ammased from buying your data from trackers in ads and apps.
> "a staggering amount of sensitive and identifying information about consumers," alleging that Kochava's database includes products seemingly capable of identifying nearly every person in the United States. > > ... can access this data to trace individuals' movements—including to sensitive locations like hospitals, temporary shelters, and places of worship, with a promised accuracy within "a few meters"—over a day, a week, a month, or a year. Kochava's products can also provide a "360-degree perspective" on individuals, unveiling personally identifying information like their names, home addresses, phone numbers, as well as sensitive information like their race, gender, ethnicity, annual income, political affiliations, or religion, the FTC alleged. > > ... target customers by categories that are "often based on specific sensitive and personal characteristics or attributes identified from its massive collection of data about individual consumers." These "audience segments" allegedly allow advertisers to conduct invasive targeting by grouping people not just by common data points like age or gender, but by "places they have visited," political associations, or even their current circumstances, like whether they're expectant parents. Or advertisers can allegedly combine data points to target highly specific audience segments like "all the pregnant Muslim women in Kochava’s database," the FTC alleged, or "parents with different ages of children." >
A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.
For all you USA peeps:
A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.
The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.
A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.
A bipartisan team of U.S. lawmakers has introduced new legislation intended to curb the FBI's sweeping surveillance powers, saying the bill helps close the loopholes that allow officials to seize Americans' data without a warrant.
The bill follows more than a decade of debate over post-Sept. 11, 2001, surveillance powers that allow domestic law enforcement to warrantlessly scan the vast mountains of data gathered by America's foreign surveillance apparatus.
Prossimo is pleased to announce the first stable release of sudo-rs, our Rust rewrite of the critical sudo utility. The sudo utility is one of the most common ways for engineers to cross the privacy boundary between user and administrative accounts in the ubiquitous Linux operating system. As such, ...
> The sudo-rs project improves on the security of the original sudo by:
> - Using a memory safe language (Rust), as it's estimated that one out of three security bugs in the original sudo have been memory management issues
> - Leaving out less commonly used features so as to reduce attack surface
> - Developing an extensive test suite which even managed to find bugs in the original sudo
I have a device that reached end-of-life support and I'm burned out loading ROMs to extend it's support. Upon from my return from the trip I plan on purchasing a new device anyway, so buying one while traveling is also an option.
I'm traveling to a European Market that has stronger privacy rules GDPR and their devices must have lower SAR (regarding phone RF emissions).
Regarding RF and SAR
My carrier frequency bands in my home country are supported by European phones I'm looking at (Android and Apple). But do the phones dynamically manage the RF emission based on locale or are the limited at hardware or software?
Would purchasing the device abroad have an effect I think it does when I bring it home?
Regarding Privacy
This one is tricky, typically the account (gmail or Apple ID) is associated with the locale. If I were to create a new account and set up my device while abroad, will this have lasting effects? I have a friend who have immigrated and set their devices up abroad and their locale is still their OG country. One of them changed locales (for android) because spotify (app) wasnt available in their home country locale. So I speculate this is a solid approach if I were to do so.
I know I might have issues with availability of content (downloading from app stores). But as far as accounts go, my Spotify (and netflix if i stil had it) account is associated with my home country so I will still be able to watch shows in my locale. Being able to download the app is the limiting factor but there are ways to get around that with side loading.
So yeah, if anyone has experience with this and could call out some things I didn't consider or validate my expectations, would be appretiated.
Unit tests are meant to verify the functionality of isolated units of code. When dealing with code whose output depends on the system or system configuration, what are approaches to write effective unit tests? I feel this problem plagues lower level systems languages more so I am asking it here.
I solve this by writing "unit tests" that I then manually compare to the output of my terminal's utilities. It is the quickest way to verify units work as expected but it is obviously not automated.
Making a container or a VM to run integration tests seems like the next easiest way, not sure if there are other cost effective ways.
Scenario
Say I have a function called
get_ip_by_ifname(const char *if_name, struct in_addr *ipaddr)
Inputs:
- string of interface name
- pointer to variable where the returned IP address will be
Returns:
- -1 if interface does not exist,
- 0 if interface exists but has no IPv4 IP
- 1+ if interface exists and has at least 1 ip addr (some interfaces have multiple addresses, only 1st is written to ipaddr buffer)
Test Cases and their dependencies
- Interface doesn't exist
- easy to test, use uncommon interface name
- Interface exists has no ipv4 ip address
- requires the underlying system to have a unique interface name which I need to hard code and compare to in my unit test
- interface exists, has 1 ipv4 ip address
- requires underlying system to have the uniquely named interface with exactly 1 uniquely defined ip address. Both of which I need to hard code into my test
- interface exists, has 1+ ipv4 ip addresses
- similar to item 3.
The way I might test something like this works is write a test that logs each case's output to the terminal than run ip -c a
in another terminal and compare the info in the 2 outputs. I verify it works as expected manually with very minimal setup (just assigned multiple IP addresses to one of my interfaces).
I would like to test this in an automated fashion. Is there any way that wont be a time sink?
gpt4all: an ecosystem of open-source chatbots trained on a massive collections of clean assistant data including code, stories and dialogue - GitHub - nomic-ai/gpt4all: gpt4all: an ecosystem of ope...
Wanted to share a resource I stumbled on that I can't wait to try and integrate into my projects.
>A GPT4All model is a 3GB - 8GB file that you can download and plug into the GPT4All open-source ecosystem software. Nomic AI supports and maintains this software ecosystem to enforce quality and security alongside spearheading the effort to allow any person or enterprise to easily train and deploy their own on-edge large language models.
If you didn't get a choice to work remote, how come?
A number of Lemmy instances have been hacked overnight. Some may remain inaccessible until they have been secured and restarted. As a safety precaution logged-on sessions on many servers have been cancelled and you are required to logon again. Unfortunately, the only way I could find to do this in L...
Drawing attention on this instance so Admins are aware and can address the propagating exploit.
EDIT: Found more info about the patch.
A more thorough recap of the issue.
GitHub PR fixing the bug: https://github.com/LemmyNet/lemmy-ui/pull/1897/files
If your instance has custom emojis defined, this is exploitable everywhere Markdown is available. It is NOT restricted to admins, but can be used to steal an admin's JWT, which then lets the attacker get into that admin's account which can then spread the exploit further by putting it somewhere where it's rendered on every single page and then deface the site.
If your instance doesn't have any custom emojis, you are safe, the exploit requires custom emojis to trigger the bad code branch.
https://radar.cloudflare.com/domains
Source of this is from Matthew Prince, Co-founder & CEO of Cloudflare posted at 11:34 Jul 9,2023. It was posted to his twitter (@eastdakota). Not linking to twitter bc don't want a deadlink next time twitter makes API changes. And not to drive traffic to twitter :D
Edit: July 11th update, arstechnica published a detailed explanation
https://arstechnica.com/tech-policy/2023/07/twitter-is-tanking-amid-threads-surging-popularity-analysts-say/
I’m not suggesting anything, just want to know what do you think. Here is a link if someone don’t know what Meta’s Threads is: https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/ [https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/]
I am not one for policies restricting choice but I fear the situation where Meta sets up instances that become big, say like Lemmy.world
. Then one day when their instance is popular, they decide to charge other instances to federate with Meta's instances.
Big corps like YouTube, twitter, Meta, etc are known to offer services at a loss to grow their service and then drop the hammer and demand payment to use what people already rely on.
I feel a policy that prevents federated corp instance from profiting early on from FOSS, self hosted, and volunteer federated servers is something to think about - though I do not know the best approach.
I like what Open Source software does with their licensing approach where you are free to view, use, and contribute but if you take you must distribute the source code to others. Some outright ban usage for profit without a license.
Obviously licensing applies well for software to prevent abuse, and I would like a discussion about what Terms of Use policies can prevent volunteer work from being abused - if any are desired.
------------------------------------------------------------------------------- ------------------------------------------------------------------------------- see the following cross-post from: https://programming.dev/post/427323 > Should programming.dev defederate from Meta if they implement ActivityPub?
> I'm not suggesting anything, just want to know what do you think. > > Here is a link if someone don't know what Meta's Threads is: https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/
With all the strengths and shortcomings of Chat-GPT, I wanted to share one consistent strength I found it has when working with regex.
- You can ask it to generate regex patterns for known and custom things.
- If you are skeptical it is correct (like me), you can ask it to break down the pattern and inspect why the decisions were made. If I don't understand some fields, I type up a quick test and make sure it covers all edge cases.
- And my personal favorite, you can paste a regex and ask it to tell you what it matches to. No more writing regex and forgetting what they are for!
I don't always have the opportunity to use regex when I work and would shy away from it because it can become illegible, but now that it is so easy I find I am slapping it everywhere and I cutting down on logic when sanitizing inputs/data. The bonus is now that I'm using it more, I am becoming less reliant on having it be generated for me.
I want to discuss a topic, say a recent event like "Google Search will omit links to Canadian news sites in Canada". So I find communities where that topic might appear but I cannot search the contents of a community to see if that thread exists.
Has anyone figured out good approaches to searching in Lemmy? I mostly use mobile apps like Jeroba or Liftoff so my experience is limited to them.
I'm still getting the hang of Lemmy and federated services.
I'm browsing the programming.dev instandce in the Liftoff app and I can choose to view:
- my subscribed communities on the server (currently none)
- Local communities on the server
- All (?)
I know All is not "all communities on Lemmy" but what perplexes me is I can see posts from another community that is hosted on a different server and it appears because it is "via programming.dev".
At first I thought it was because a user registered on " programming.dev " posted on another instance but I opened my eyes and saw the user's origin is no way related.
Any ideas?
EDIT:
After reading all the comments I’m pretty sure “via programming.dev” should read in the context of the post as !community@instance
is known via programming.dev
instance. I guess it makes it explicit which “all” I am browsing if I pick up browsing where I left off and forget I am not in the “all local”.
At this point I have only seen this on the Liftoff App for Lemmy but still trying other. Must be in the metadata and Liftoff decided to display it.