I self hosted for 20 years, worked flawlessly, gave up because of security concerns. I would like to go back to it.
Question: How do you manage the security on such a box? Is there any simplification I missed?
I couldn’t keep up with it. So many patches, unrelated to mail, broke something in the stack, bringing the server into a critical state. Often, I had to lock down everything before going up again, consuming a day’s effort or two. These were two days without mail.
Are you talking about the “Thinking Machines” company that shut down in 1994? Took me some digging to figure it out, doesn’t seem well-known enough to be the reason - it’s just a nice (and relatively obvious) name.
Yes. Danny Hillis’ Thinking Machines Corporation, an AI company which created its own massive parallel processing supercomputer hardware.
“We are building a machine that will be proud of us” was their corporate motto. And that was in 1983.
One of those Machines is on view at the Computer History Museum in Mountain View.
Back then, they could be ordered in “Darth Vader Black”, no kidding here. You can also see a couple of them (the CM-5) as the stereotypical supercomputer in the original Jurassic Park.
It may not be a household name like Apple or Microsoft but its flagship product the Connection Machine is somewhat iconic in (super)computing history. The physical design of the machine is cool and unforgettable looking, plus recurring HN favorite Richard Feynman contributed to the original architecture.
That is an issue prevalent in the western world for the last 200 years, beginning possibly with the Industrial Revolution, probably earlier. That problem is reductionism, consequently applied down to the last level: discover the smallest element of every field of science, develop an understanding of all the parts from the smallest part upwards and develop, from the understanding of the parts, an understanding of the whole.
Unfortunately, this approach does not yield understanding, it yields know-how.
Taking things apart to see how they tick is called reduction, but (re)assembling the parts is emergence.
When you reduce something to its components, you lose information on how the components work together. Emergence 'finds' that information back.
Compare differentiation and integration, which lose and gain terms respectively.
In some cases, I can imagine differentiating and integrating certain functions actually would even be a direct demonstration of reduction and emergence.
Yeah that’s a nice addition. However, remember that reassembling is synthesis, not emergence. Emergence is what you /may/ get by reassembling, but must not. We are talking about systems, thus, in the end, you are correct. It’s just that the terms seem to be a bit muddled.
If I am not mistaken, we are already past that. The pixel, or token, gets probability-predicted in real time. The complete, shaded pixel, as you will, gets computed ‘at once’ instead of layers of simulation. That’s the LLM’s core mechanism.
If the mechanism allows for predicting how the next pixel will look like, which includes the lighting equation, then there is no need anymore for a light simulation.
Would also like to know how Genie works. Maybe some parts get indeed already simulated in a hybrid approach.
The model has multiple layers which are basically a giant non-linear equation to predict the final shaded pixel, I don't see how it's inherently difference from a shader outputing a pixel "at once".
Correct me if I'm wrong, but I don't see how you can simulate a PBR pixel without doing ANY pbr computation whatsoever.
For example one could imagine a very simple program computing sin(x), or a giant multi-layered model that does the same, wouldn't it just be a latent, more-or-less compressed version of sin(x)?
You're saying SV (& co) should convene some kind of gentleman's agreement that they should all leave a massive, profitable, legal, intellectually interesting niche with a stable customer base, because its immoral - perhaps.
Can you think of a single other industry where this worked? It seems implausible to me that it would.
Okay, here we go: No, I am not saying anything you said.
This was not about a gentleman's agreement at all - that was a rhetorical figure to demonstrate that it is not the game which is at fault, it’s both. The behaviour of the game and the behaviour of the actors in that game, and almost in any other game is not an input -> output scenario, but instead, the output of the loop will be the input of the exact same loop. That is the definition of a feedback loop. It’s all recursion.
By shifting the responsibility to the ominous “game”, which is just another term for a system, you exclude the elements of a system from being part of the system itself.
There is a whole branch of science occupied with this. System Dynamics, Cybernetics, Chaos Theory, Systems Theory and whatnot. The argument that actors in a system are decoupled from the system or the environment as in a closed system approach is factually wrong. Apart from laboratories, there is practically no closed system on this planet.
The phrase “hate the game not the player” is cybernetic nonsense with the sole purpose of giving up responsibility. It does not matter that it gets repeated more often than not. It won’t be correct, no matter how many times the figure is used.
There were lawsuits against Intel for IP theft in the news 25+ years ago. It is hard to find articles on them these days as web searches are biased toward recent events, but I was able to find this:
Companies did that and thoughtless website owners, small and large, who decided that it is better to collect arbitrary data, even if they have no capacity to convert it into information.
The solution to get rid of cookie banners, as it was intended, is super simple: only use cookies if absolutely necessary.
It was and is a blatant misuse. The website owners all have a choice: shift the responsibility from themselves to the users and bugger them with endless pop ups, collect the data and don’t give a shit about user experience. Or, just don’t use cookies for a change.
And look which decision they all made.
A few notable examples do exist: https://fabiensanglard.net/
No popups, no banner, nothing. He just don’t collect anything, thus, no need for a cookie banner.
The mistake the EU made was
to not foresee the madness used to make these decisions.
I’ll give you that it was an ugly, ugly outcome. :(
> The mistake the EU made was to not foresee the madness used to make these decisions.
It's not madness, it's a totally predictable response, and all web users pay the price for the EC's lack of foresight every day. That they didn't foresee it should cause us to question their ability to foresee the downstream effects of all their other planned regulations.
Interesting framing. If you continue this line of thought, it will end up in a philosophical argument about what kind of image of humanity one has. So your solution would be to always expect everybody to be the worst version of themselves? In that case, that will make for some quite restrictive laws, I guess.
People are generally responsive to incentives. In this case, the GDPR required:
1. Consent to be freely given, specific, informed and unambiguous and as easy to withdraw as to give
2. High penalties for failure to comply (€20 million or 4 % of worldwide annual turnover, whichever is higher)
Compliance is tricky and mistakes are costly. A pop-up banner is the easiest off-the-shelf solution, and most site operators care about focusing on their actual business rather than compliance, so it's not surprising that they took this easy path.
If your model of the world or "image of humanity" can't predict an outcome like this, then maybe it's wrong.
> and most site operators care about focusing on their actual business rather than compliance,
And that is exactly the point. Thank you. What is encoded as compliance in your example is actually the user experience. They off-loaded responsibility completely to the users. Compliance is identical to UX at this point, and they all know it. To modify your sentence: “and most site operators care about focusing on their actual business rather than user experience.”
The other thing is a lack of differentiation. The high penalities you are talking about are for all but of the top traffic website. I agree, it would be insane to play the gamble of removing the banners in that league. But tell me: why has ever single-site- website of a restaurant, fishing club and retro gamer blog a cookie banner? For what reason? They won’t making a turnover you dream about in your example even if they would win the lottery, twice.
Well, you and I could have easily anticipated this outcome. So could regulators. For that reason alone…it’s stupid policy on their part imo.
Writing policy is not supposed to be an exercise where you “will” a utopia into existence. Policy should consider current reality. if your policy just ends up inconveniencing 99% of users, what are we even doing lol?
I don’t have all the answers. Maybe a carrot-and-stick approach could have helped? For example giving a one time tax break to any org that fully complies with the regulation? To limit abuse, you could restrict the tax break to companies with at least X number of EU customers.
I’m sure there are other creative solutions as well. Or just implementing larger fines.
If the law incentivized practically every website to implement the law in the "wrong" way, then the law seems wrong and its implications weren't fully thought out.
But this is a failure on the part of the EU law makers. They did not understand how their laws would look in practice.
Obviously some websites need to collect certain data and the EU provided a pathway for them to do that, user consent. It was essentially obvious that every site which wanted to collect data for some reason also could just ask for consent. If this wasn't intended by the EU it was obviously foreseeable.
>The mistake the EU made was to not foresee the madness used to make these decisions.
Exactly. Because the EU law makers are incompetent and they lack technical understanding and the ability to write laws which clearly define what is and what isn't okay.
What makes all these EU laws so insufferable isn't that they make certain things illegal, it is that they force everyone to adopt specific compliance processes, which often do exactly nothing to achieve the intended goal.
User consent was the compliance path to be able to gather more user data. Not foreseeing that sites would just ask that consent was a failure of stupid bureaucrats.
Of course they did not intend that sites would just show pop ups, but the law they created made this the most straightforward path for compliance.
Tracking users isn’t actually needed, though. Websites that store data only for the functionality they offer don’t need to seek consent.
The actual problem is weak enforcement. If the maximum fines allowed by the law had been levied, several companies would’ve been effectively ended or excluded from the EU. That would’ve been good incentive for non-malicious compliance.
That possibly cannot be the common notion to frame this.
I agree with some parts it but also see two significant issues:
1. It is even statistically implausible that everyone working at the EU is tech-illiterate and stupid and everybody at HN is a body of enlightenment on two legs. This is a tech-heavy forum, but I would guess most here are bloody amateurs regarding theory and science of law and you need at least two disciplines at work here, probably more.
This is drifting too quickly into a territory of critique by platitudes for the sake of criticism.
2. The EU made an error of commission, not omission, and I think that that is a good thing. They need to make errors in order to learn from them and get better. Critique by using platitudes is not going to help the case. It is actually working against it. The next person initiating a EU procedure to correct the current error with the popups will have the burden of doing everything perfectly right, all at once, thought through front to back, or face the wrath of the all-knowing internet. So, how should that work out? Exactly like this: we will be stuck for half an eternity and no one will correct anything because if you don’t do anything you can’t do any wrong! We as a society mostly record the things that someone did wrong but almost never record something somebody should have done but didn’t. That’s an error of omission, and is usually magnitudes more significant than an error of commission. What is needed is an alternative way of handling and judging errors. Otherwise, the path of learning by error will be blocked by populism.
——-
In my mind, the main issue is not that the EU made a mistake. The main issue is that it is not getting corrected in time and we will probably have to suffer another ten years or so until the error gets removed. The EU as a system needs to be accelerated by a margin so that it gets to an iterative approach if an error was made. I would argue with a cybernetic feedback loop approach here, but as we are on HN, this would translate to: move fast and break things.
On point 1. Tech illiteracy is something that affects an organization, it is independent of whether some individuals in that organization understand the issues involved. I am not arguing that nobody at the EU understands technology, but that key people pushing forward certain pieces of legislation have a severe lack of technical background.
On point 2. My argument is that the EU is fundamentally legislating wrong. The laws they create are extremely complex and very hard to decipher, even by large corporate law teams. The EU does not create laws which clearly outlaw certain behaviors, they create corridors of compliance, which legislate how corporations have to set up processes to allow for certain ends. This makes adhering to these laws extremely difficult, as you can not figure out if something you are trying to do is illegal. Instead you have to work backwards, start by what you want to do, then follow the law backwards and decipher the way bureaucrats want you to accomplish that thing.
I do not particularly care about cookie banners. They are just an annoying thing. But they clearly demonstrate how the EU is thinking about legislation, not as strict rules, but as creating corridors. In the case of cookie banners the EU bureaucrats themselves did not understand that the corridor they created allowed basically anyone to still collect user data, if they got the user to click "accept".
The EU creates corridors of compliance. These corridors often map very poorly onto the actual processes and often do little to solve the actual issues. The EU needs to stop seeing themselves as innovators, who create broad highly detailed regulations. They need to radically reform themselves and need to provide, clear and concise laws which guarantee basic adherence to the desired standards. Only then will their laws find social acceptance and will not be viewed as bureaucratic overreach.
> Exactly. Because the EU law makers are incompetent and they lack technical understanding and the ability to write laws which clearly define what is and what isn't okay.
I am sorry but I too agree with OP's statement. The EU is full of technocrats who have no idea about tech and they get easily swayed by lobbies selling them on a dream that is completely untethered to the reality we live in.
> The next person initiating a EU procedure to correct the current error with the popups will have the burden of doing everything perfectly right, all at once, thought through front to back, or face the wrath of the all-knowing internet.
You are talking as if someone is actually looking at the problem. is that so? Because if there was such a feedback loop that you seem to think exists in order to correct this issue, then where is it?
> In my mind, the main issue is not that the EU made a mistake. The main issue is that it is not getting corrected in time and we will probably have to suffer another ten years or so until the error gets removed.
So we should not hold people accountable when they make mistakes and waste everyone's time then?
There is plenty of evidence to show that the EU as a whole is incompetent when it comes to tech.
Case and point the Chat control law that is being pushed despite every single expert warning of the dire consequences in terms of privacy, and setting a dangerous precedent. Yet, they keep pushing it because it is seen as a political win.
If the EU knew something about tech they would know that placing back-doors in all communication applications is non starter.
> You are talking as if someone is actually looking at the problem. is that so? Because if there was such a feedback loop that you seem to think exists in order to correct this issue, then where is it?
Yes, the problem is known and actually worked on. There are several approaches, some being initiated on country level (probably because EU is too slow) some within the institution, as this one:
No, I don’t think that institutionalised feedback loops exist there, but I do not know. I can only infer from observation that they are probably not in place, as this would, I would think, show up as “move fast and break things”.
> So we should not hold people accountable when they make mistakes and waste everyone's time then?
I have not made any direct remark to accountability, but I’ll play along: what happens by handling mistakes that way is accountability through fear. What is, in my opinion, needed is calculated risk taking and responsibility on a base of trust and not punishment. Otherwise, eventually, you will be left with no one taking over the job or people taking over the job who will conserve the status quo. This is the opposite of pushing things through at high speed. There needs to be an environment in place which can absorb this variety before you can do that(see also: Peter Senge’s “Learning Organisation”).
On a final note, I agree that the whole lobbying got out of hand. I also agree on the back-door issue and I would probably agree on a dozen other things. I am not in the seat of generally approving what the European Administration is doing. One of my initial points, however, was that the EU is not “the evil,
dumb-as-brick-creator” of the cookie-popup-mess. Instead, this is probably one of the biggest cases of malicious compliance in history. And still, the EU gets the full, 100% blame, almost unanimously (and no comment as to what the initial goal was).
That is quite a shift in accountability you just were interested in not to loose.
Right there... "This site uses cookies." Yes, it's a footer rather than a banner. There is no option to reject all cookies (you can accept all cookies or only "necessary" cookies).
Do you have a suggestion for how the GDPR site could implement this differently so that they wouldn't need a cookie footer?
> Do you have a suggestion for how the GDPR site could implement this differently so that they wouldn't need a cookie footer?
Well, it's a information-only website, it has no ads or even a login, so they don't need to use any cookies at all. In fact if you look at the page response in the browser dev tools, there's in fact no cookies on the website, so to be honest they should just delete the cookie banner.
This is why the EU law was nonsense. Many of those cookies listed are just because of they want embed things like YouTube or Vimeo videos. Embedding YouTube to show videos to your users is massively cheaper and easier than self hosted video infrastructure. The idea that the GDPR's own website just implemented GPDR "wrong" because they should just avoid using cookies is nonsense and impractical.
The other part of the point I was trying to make that if there's a different technological solution to cookie banners, the europa.eu sites are not demonstrating it. Instead, companies that don't do it that way get fined for some inadequacy in their approach.
Thus, I hold that the GPDR requires cookie banners.
---
Another part to consider that if videos (and LinkedIn for job searches and Google Maps for maps and Internet Archive for whatever they embed from there) are sufficiently onerous 3rd party cookies ("yea, we're being good with our cookies, but we use 3rd party providers and can't do anything about them, but we informed and you accepted their cookies")... then wouldn't it be an opportunity for the Federal Ministry of Transport and Digital Infrastructure https://en.wikipedia.org/wiki/Federal_Ministry_for_Transport or similar to have grants https://www.foerderdatenbank.de for companies to create a viable GDPR friendly alternative to those services?
That is, if the GDPR and other EU regulations weren't stifling innovation and establishing regulatory capture (its expensive to do and retain the lawyers needed to skirt the rules) making it impossible for such newer alternative companies to thrive and prosper within the EU.
“Increasing Success by Lowering Expectations” That is from Despair Inc.
This was obviously meant to be funny by them, now it looks like the state of play.
Contrary to popular belief, the EU organs are able to learn. About half a year ago, I read statements of members which, if one would translate the political jargon, would amount to: “We haven’t foreseen such a blatant misuse of the law. These banners should never have happened and we would not have dreamed that corporations would shift the burden to the user. We are, in fact, quite furious about the whole thing.”
Are you saying that if some person is making a mistake, is angry about making the mistake at all, that this person will just happily do the mistake again because being angry about one’s own mistake is such a beautiful state of mind?
I am unsure of how your mental model of ‘error correction’ is working without starting at the point of recognising an error in the first place - just deliberately ignoring for a moment whatever you emotionally might attach to it.
I would say the just checked the fist step with bravery by openly admitting the mistake.
Fair enough, getting mad is maybe the first step. Whenever person A tries to influence person B to act a certain way, and it backfires spectacularly, person A may be initially angry before realizing the blame is their own.
I wish this would be the solution. What I would like specifically for Linux are alternative desktop environments like the resurrected CDE. Themes don’t update well and are in my experience, sluggish.
Question: How do you manage the security on such a box? Is there any simplification I missed?
I couldn’t keep up with it. So many patches, unrelated to mail, broke something in the stack, bringing the server into a critical state. Often, I had to lock down everything before going up again, consuming a day’s effort or two. These were two days without mail.