He's talking about how it's legal and common in the US for governmental agencies to work around the fourth amendment by obtaining the information they want from a third party who has it legally and is willing to give it over.
This is my feeling too. Nix is a relatively high time investment for a tool that tries to do everything, when you might not need or want everything and using the specific language’s tooling is more than sufficient and quicker. It takes a few minutes to install and do `uv sync`, or `nvm install`, or whatever, on a repository on a new computer, and it just works. Until Nix gets there, and I’m skeptical it will because of the “purist” mindset a lot of people in the community have, it’s hard to justify it.
I think the comparison is "X-as-code", like with Terraform and other tools.
If you just want a throwaway VM, it's straightforward to create one through the UI cloud console. Whereas, terraform is nevertheless still a useful tool to use to manage VMs.
For stuff like installing development dependencies.. it's maybe not difficult to copy-and-paste instructions from a readme, but solutions like devcontainers or Nix's development shells can be useful even if costing more overhead.
Of course. I wouldn’t say that Nix is a tool without much use or merit, because setting up development environments can be a huge pain and I understand why some people would use it and prefer it.
My biggest complaint is what I mentioned above: it’s trying to be everything for package management, and adds a lot of complexity (and I disagree that it’s always necessary/inherent) compared to just installing a tool and sometimes upgrading it. That complexity often means I have to debug it rather than the tool that I want to - I might have to debug Nix instead of Node, which is not always straightforward. In my limited experience Nix got in my way more than I’d like, and in ways I didn’t expect or want to deal with, and until it’s as seamless as something like Homebrew or apt, it’ll be a hard sell.
> it’s trying to be everything for package management, and adds a lot of complexity (and I disagree that it’s always necessary/inherent) compared to just installing a tool and sometimes upgrading it. That complexity often means I have to debug it rather than the tool that I want to
Although you're right about nix's DX being quite rough, the problem isn't exactly that it "tries to be everything for package management".
Consider the assumption Nix wants to make about its packages: it should be possible to package software by putting it in some arbitrary directory (i.e. not just /usr/bin), where its dependencies are also put in (or symlinked to) some arbitrary location.
I think with well-written software, this should be a reasonable assumption, but you're going to run into friction with that. (Friction which will require you to have a good breadth/depth of understanding).
In my experience, a lot of the complexity when dealing with Nix is with the large and organic complexity of nixpkgs.
The "trying to be everything" is more incidental to the expressive package management. -- NixOS is 'just' an OS built upon the package manager; dev shells are 'just' shells which expose the build environment of a package; etc.
I'm a bit confused. You say it's wrong, but then later say it's not wrong, and just because it can be used to downplay advancements in AI doesn't mean that it's wrong and saying it's wrong because it can be used that way is a bit disingenuous.
I am not using inflammatory language to hurt anyone. I am illustrating a point on the contrast between technical meaning and non-technical meanings. One meaning is offensive the other meaning is technically correct. Don't start a witch hunt by deliberately misinterpreting what I'm saying.
So technical means something like this: in a technical sense you are a stochastic parrot. You are also technically an object. But in everyday language we don't call people stochastic parrots or objects because language is nuanced and the technical meaning is rarely used at face value and other meanings are used in place of the technical one.
So when people use a term in conversation and go by the technical meaning it's usually either very strange or done deliberately to deceive. Sort of like how you claim you don't know what "technically" means and sort of how you deliberately misinterpreted my words as "inflammatory" when I did nothing of the sort.
I hope you learned something basic about the English today! Good day to you sir!
If I am more than a next token predictor… doesn’t that mean I’m a next token predictor + more? Do you not predict the next word you’re going to say? Of course you do, you do that and more.
Humans ARE next token predictors technically and we are also more than that. That is why calling someone a next token predictor is a mischaracterization. I think we are in agreement you just didn’t fully understand my point.
But the claim for LLMs are next token predictors is the SAME mischaracterization. LLMs are clearly more than next token predictors. Don’t get me wrong LLMs aren’t human… but they are clearly more than just a next token predictor.
The whole point of my post is to point out how the term stochastic parrot is weaponized to dismiss LLMs and mischaracterize and hide the current abilities of AI. The parent OP was using the technical definition as an excuse to use the word as a means to achieve his own ends namely be “against” AI. It’s a pathetic excuse I think it’s clear the LLM has moved beyond a stochastic parrot and there’s just a few stragglers left who can’t see that AI is more than that.
You can be “against” AI, that’s fine but don’t mischaracterize it… argue and make your points honestly and in good faith. Using the term stochastic parrot and even what the other poster did in attempt to accuse me of inflammatory behavior is just tactics and manipulation.
> But the claim for LLMs are next token predictors is the SAME mischaracterization. LLMs are clearly more than next token predictors. Don’t get me wrong LLMs aren’t human… but they are clearly more than just a next token predictor.
it's simply not. I find this argument by analogy very lazy. you need to do the work to show what that "and more" is and how it's the same for humans and LLMs. you can't just hand wave that it feels the same and leave it at that
Look at your response. You first dismissed me completely by saying I don’t know what technically means. Then you mischaracterization my statement as an intent to inflame. These are highly insulting and dismissive statements.
You’re not willing to have good faith discussion. You took the worst possible interpretation of my statement and crafted a terse response to shut me down. I only did two things. First I explained myself… then I called you out for what you did while remaining civil. I don’t skirt around HN rules as a means to an end, which is what I believe you’re doing? I’m ok with what you’re doing… but I will call it out.
No surprise that the dishonesty and playing the victim is persistent. It's a fact that this person misuses the term "technically", and that they used inflammatory language. Saying so does not dismiss them completely ... but even if it did, so what? Doing so is not bad faith. No one has any obligation to engage with someone. I won't comment further.
Indeed, don’t comment further: you didn’t even have the respect to respond to me directly. That is categorically deliberately inflammatory. Just respond to the guy you’re talking to like 99% of HN. Why avoid it? It’s a tactic, that’s why, and also pointless.
I’m not a victim of anything. But you are definitely a perpetrator and instigator.
You have no idea what you're talking about. Approx. 6k€ net is way more than enough to live a "decent quality of life" in western Europe, unless you specifically seek out very expensive rent.
1. Growth is not a must have for an economy, as long as it is sustainable, so even if it is a problem, which is highly arguable, it’s not really a problem like you’re positing.
2. Can you be more specific about what the next Eurozone crisis will be? It’s not useful to be vague and to scaremonger.
> Growth is not a must have for an economy, as long as it is sustainable, so even if it is a problem, which is highly arguable, it’s not really a problem like you’re positing.
If the economy doesn’t grow then you can’t service your debt without ever more cuts and/or tax raises. The other option is printing money to pay the debt, which will lead to inflation. I really want to hear your argument as to why this isn’t a problem in European economies? Unfortunately the system in many ways has presumption of growth built into it. There are no free lunches.
In the EU you don’t need to upload your ID anywhere, the service can use the government’s portal for ID verification. In the case of age verification they can get a yes/no response if the age is above some threshold. This is opaque to the service so they wouldn’t get any additional ID details.
> In the EU you don’t need to upload your ID anywhere, the service can use the government’s portal for ID verification. In the case of age verification they can get a yes/no response
The issue is that now the government knows what you are doing online, and that should never be allowed to happen.
I grew up when the Internet was truly free, before Facebook even existed. People shared source code, videos, MP3s, games, regardless of "copyright" or "intellectual property." To some extent, it is still possible to do all of this, but these freedoms are being eroded every day by making the Internet less anonymous. The endgame is obviously to force people to pay for things whose "marginal cost" is zero in the language of economists. "Protecting the children" is just a convenient excuse.
> The issue is that now the government knows what you are doing online
There's zero technical necessity for this. You could do zero knowledge proofs with crypto key pairs issued together with the eID.
The Swiss proposal for eID includes stuff like that. If a service needs proof of age, you use an app on your phone to generate the response, which is anonymized towards the requester and doesn't need to contact a government server at all.
I don’t really get your point. Your government is generally able to compel your ISP to give them logs of all of your traffic, if they don’t already vacuum it up, so it’s honestly a bit naive to think it shouldn’t be allowed to happen, because in practice it absolutely can.
There is a distinction between getting data from an ISP and getting it via your use of their portal, but I’d argue it’s without much of a difference in reality.
There's an enormous difference in the government having channels allowing for the disclosing of private material to them and just giving them all of it from the get go, and it is not unlike the difference of allowing the government to jail people and allowing it to arbitrarily jail people for life.
The difference is legislation, in both cases. Permissible data exchange between government services is legislatively encoded. Permissible sentences are legislatively encoded.
Since we don't see a whole lot of moderately healthy democracies arbitrarily jailing people for life, one might reasonably assume these sorts of controls work.
The "service" is irrelevant. I think most people would trust Porno Hub to be discreet about their visits. That's in their business interest. But now they have to tell your government about all the times you're visiting Porno Hub.
And nobody should trust their government.
Also, keep in mind that western governments share with each other. There will come a time when Australians will try to enter USA but they'll get flagged at the border because the AUS government shared that this particular individual visited Porno Hub and a few other age-restricted websites 7,000 times in the last 30 days. Red Flag!
Nobody should trust a billion dollar corporation, that's why we have democratically elected governments. All these power hungry fucks counter balance each-other, to some extend at least.
You're equating democracy to presidential elections, that's not the full extent of it. Free press, transparency, independent justice, referendums, etc. are all part of a democratic system. Norway / Denmark / Switzerland do it better than US / UK / France for instance.
To be entirely fair, a government that would abuse your vague "am I allowed to access porn" history seems well into the territory of a government that would just make it up. A nefarious, powerful entity has no real requirement to be honest in their maliciousness.
They also have more direct means of accessing more specific data via ISPs, audits, banks, etc.
I think the government making stuff up is worth considering, but isn't it a kind of different threat model?
The hypothetical government isn't going to make stuff up about me, some nobody, on a flight to the US to be a tourist or something. They statistically don't care about me. However, the US morality police might decide to statistically care about everyone who watches porn.
But if I'm a somebody, say a former or potential whistleblower, or a local politician, etc. then a government might have a specific motive to do me dirty and not care about being honest.
I guess there's a wide and blurry line between being a "nobody" the government has no motivation to lie about and being a "somebody" that deserves special malicious treatment.
The moral outrage crowd in the US have no power. The people who can and will act against you will only use morality as an excuse, not a cause. Being some nobody, the government has no interest in you anyway. You can watch porn, they can know it, and nothing changes, because you're still a nobody.
(If you watch porn online, you can be pretty sure they already "know" it, because you're not doing it in the privacy of your own home, you're doing it on a public network with next to no secrecy about who you are or what you're doing).
That is an assumption. The games the powerful play leverage truth and provable things. I think there is a lot of need for privacy and abuse of dragnet information before you get to the government framing people.
Like January 6th and vaccines causing autism and climate change denial and election rigging and Haitians eating dogs and Venezuela drug boats?
Are you and I living in the same reality? They're constantly just making things up out of nowhere from nothing and refusing to back down. Now to the point of arresting US citizens with a secret police and committing international war crimes in open waters.
> Like January 6th and vaccines causing autism and climate change denial and election rigging and Haitians eating dogs and Venezuela drug boats?
That you categorize all of those things in the same boat is very partisan. And it is exactly why a government controlling access to information is a very bad idea. Some of those things aren't real phenomena, others are just over hyped and some are real and very much proven. The news sources you got those opinions from are highly partisan but you trust them implicitly even though you have access to the Internet and can cross check many of them. That you can make such blind mistakes is exactly why elected officials should never control the flow of information. And to give you an example of an opinion that very much matters, consider is nuclear power green or not? The wrong answer about that is doing more damage than your most hated official could ever do.
- January 6th was an attempted coup of the government coordinated by Republican interest groups and antagonized by Trump.
- Vaccines do not cause autism.
- Climate change is real and anthropological in origin.
- The 2020 election was not rigged for Biden and there exists no evidence of impropriety of any kind.
- Haitians did not eat people's pet dogs in the USA. This was just plain, out-in-the-open racism.
- The US military is using the WMD, sorry, I mean the "drug boat" excuse on vessels 1,200 miles away from US waters to execute a dozen people at a time. They are providing no evidence and performing no seizures or investigations. Then they are violating international law and their own documents on war crimes and service member's duty to refuse by having them execute shipwreck survivors.
Everything above is a fact. Not an opinion. Not partisan. A fact.
You mean like Epstein? We've got a bunch of truths about rich people and nothing happens.
The fear of an evil government misusing something, more often than not, is a thought terminating cliche. It means we cannot regulate, or create any laws about anything, because evil people could abuse those laws. In reality, evil people do evil shit, irrespective of the laws available for abuse.
That's a very good technical solution, but socially it can be foiled by an official-looking alert saying "failed to scan card, please do X instead".
And that's assuming the technical solution is deployed everywhere. I'm in the EU with one of those IDs, and I still had to upload photos of my passport and scan my face to open a bank account. The identification process even had its own app that I had to install.
But then again, should the EU follow up with a similar policy, it could mandate the use of these checks and prevent/penalize ID photos. I’m very optimistic here.
Exactly. I'd concede this point if I'd seen a giant public awareness campaign informing people which official sites to use and general safety awareness about it. I can tell you, literally nothing like that has happened. Not an insufficient effort at it - no effort, nothing. It's clear the people in charge are just head in the sand about this aspect of it.
> they said they are currently prototyping the device, and when asked about a timeframe, Ive said it could arrive in “less than” two years.
I'll believe it when I see it. Making hardware is much more complex than making software, and 2 years is a long time given the iffy market circumstances right now, so let's see if it's materializes, and if it does...
> but it’s rumored to be screen-free and “roughly the size of a smartphone.”
Let's see if it turns out to be another Humane situation.
It’s not like you really had much recourse before anyway, if someone sold you a fake ticket or one that’s already been used, are you really going to sue them or the platform? Charge back and hope you get the money back?
not disagreeing with your point here, or in the follow-ups of the pain of https for "local network" apps... but I really wish that we could get to a place where we could get away from this distinction. Obviously, ipv6 is not that easy or realistic, but that really is, imho, the "right" long term answer.
Having gone down the path of being able to just spin up "local" services that get a publicly routable (but most often firewalled off) ipv6 IPs and then good DNS integration is really neat... but still requires lots of technical chops. I wish that weren't the case
I work with embedded Linux stuff and MCU stuff where we make a significant number of units. Even in an IPv6 world, there's no way each of those would get their own public static IPv6 address with an associated DNS record just for the purpose of being able to spin up a debug web interface. It's explicitly desirable for these devices to not be reachable through the public Internet.
Well then you set your firewall to default-deny. It doesn't make sense to hobble the internet just because NATs are inadvertently a convenient firewall.
DHCP does give you a globally unique IP address when your ISP has allocated a prefix to your router, that's how all the Internet-connected IPv6 devices get their addresses. Where is our misunderstanding?
For many of these systems, I don't control the user's router. I don't know how you imagine I'm supposed to create DNS records for each device when they're assigned some random IP address at some random network I don't control.
Have the device ping a central server and create randomword.centralserver.com, for example. However, if the problem is the DNS record, why has this thread been exclusively about globally routable IP addresses until now?
In https://news.ycombinator.com/item?id=45957048, addisonj suggested that the problem stems from the distinction from "local" and "global", and that with IPv6, you don't need that distinction.
That quite naturally flows into the question: okay, how are these devices supposed to get global IPv6 addresses then?
Yes, with IPv6, there are are enough addresses that you don't need to use NAT. All IPv6 devices that are connected to the internet have global IPv6 addresses. I don't quite understand the question here, it seems to me that we're asking "but how could we possibly do this entirely mundane everyday thing?".
Not all devices connected to the Internet have globally unique IPv6 addresses, SLAAC and often DHCPv6 makes local v6 addresses. Where's the globally unique IPv6 address supposed to be coming from?
So you're talking about being assigned temporary globally unique addresses, if the network the device happens to be on at any given time happens to be set up in a certain way?
I still don't understand how this is supposed to help.
In https://news.ycombinator.com/item?id=45957048, addisonj suggested that the problem stems from the distinction from "local" and "global", and that with IPv6, you don't need that distinction.
This helps because you don't have a NAT distinguishing between "local" and "global", all devices are in the global namespace.
All the comments after that have been about solving an arbitrary and ill-defined problem with goalposts that keep shifting from globally unique addresses to DNS hostnames to permanent addresses.
How does getting a temporary globally unique IPv6 address from DHCPv6 solve any of the issues surrounding how new web technologies aren't available in "insecure contexts"?
I assumed that the suggestion was that you could assign a device a permanent IPv6 address, because I can easily imagine that as a part of a solution to the HTTPS issue. When every device has a permanent IPv6 address, and if every device is reachable through said IPv6 address, you could, in principle, also automate assigning each device a DNS record and set up SSL that way. It would be a pretty terrible solution that's way more complicated than just using a local address over HTTP, but it makes sense.
I have no idea how to even begin translating maybe getting temporary unique addresses through DHCPv6 into a solution to the HTTPS issue.
You can get a static prefix from your ISP. After you get the static prefix, it's up to your local network to make the local parts of the address static. There's no reason why your DHCP server can't give the device a static address, it's not like it's going to run out.
Then again, you don't need a static address to get a TLS certificate. You don't need an address at all! All you need is a domain name.
You're missing the point. The useful thing is to run some service on the LAN, be it a web interface for a NAS, a web interface to control some lighting, a web interface into a media PC to do remote desktop type stuff or control media playback, a debug interface into some embedded product I'm working on, or a whole host of other things. The thing that makes web technologies useful for this is that it Just Works, from any other machine on the LAN (my laptop, my phone, a guest's phone, etc).
By making technologies available only in a "secure context", they're blocking them out of this whole category of use cases.
You can get a free cert from letsencrypt using their dns challenge. No need to expose to the internet. Add a DNS record that points to the address of your LAN and it’ll make things even easier for your guests.
Not interested in going through the effort of setting up a DNS record, go through the whole DNS challenge process, and go through a periodic manual renewal process, for every stupid little thing (many even just temporary things which don't even have a static DHCP lease). There's literally no advantage for my use case, except that I'd be allowed by the web standard bodies to use their shiny new toys that they artificially lock away otherwise.
For the permanent installation case, it's typically easier to use mDNS domains since they're shorter. 'mediapc.local' is easier for guests to type than 'mediapc.local.mort.coffee' or whatever I'd end up with.
What would be a good solution is self-signed certificates, but that too is a non-option until all browser vendors downgrade the warning from a "Someone is trying to hack you!" style scare screen to a more informative "this is a self signed certificate, do you trust it?" style warning screen.
I would be perfectly happy with a solution where browsers show a scare screen for self-signed certificates on the public internet but a benign-looking "Do you want to trust this certificate?" screen for 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 or mDNS .local domains.
reply