I’d use macOS. Application sandboxing, per directory access controls, signed read only root, xprotect and gatekeeper - security out of the box on common linux OSes is a joke compared to modern macOS.
Humans are notoriously bad at formal logic. The Wason selection task is the classic example: most people fail a simple conditional reasoning problem unless it’s dressed up in familiar social context, like catching cheaters. That looks a lot more like pattern matching than rule application.
Kahneman’s whole framework points the same direction. Most of what people call “reasoning” is fast, associative, pattern-based. The slow, deliberate, step-by-step stuff is effortful and error-prone, and people avoid it when they can. And even when they do engage it, they’re often confabulating a logical-sounding justification for a conclusion they already reached by other means.
So maybe the honest answer is: the gap between what LLMs do and what most humans do most of the time might be smaller than people assume. The story that humans have access to some pure deductive engine and LLMs are just faking it with statistics might be flattering to humans more than it’s accurate.
Where I’d still flag a possible difference is something like adaptability. A person can learn a totally new formal system and start applying its rules, even if clumsily. Whether LLMs can genuinely do that outside their training distribution or just interpolate convincingly is still an open question. But then again, how often do humans actually reason outside their own “training distribution”? Most human insight happens within well-practiced domains.
You can always tell claude to use red-green-refactor and that really is a step-up from "yeah don't forget to write tests and make sure they pass" at the end of the prompt, sure. But even better, tell it to create subagents to form red team, green team and refactor team while the main instance coordinates them, respecting the clean-room rules. It really works.
The trick is just not mixing/sharing the context. Different instances of the same model do not recognize each other to be more compliant.
There are plenty of options: nix-sops, or nix-age, or whatever you would like - past the overall idea the implementation details are purely a matter of taste how you fancy things to be. Key idea is to have encrypted secrets in the store, decrypted at runtime using machine-specific credentials (host SSH keys are a typical option to repurpose, or you can set up something else). For local management you also encrypt to the “developer” keys (under the hood data is symmetrically encrypted with a random key and that key is encrypted to every key you have - machines and humans).
Alternatively, you can set up a secrets service (like a password manager/vault) and source from that. Difference is where the secrets live (encrypted store or networked service, with all the consequences of every approach), commonality is that they’re fetched at runtime, before your programs start.
I’m currently using deploy-rs, but if I’d redo my stuff (and the only reason I don’t is that I’m pretty much overwhelmed by life) I’d probably go with plain vanilla nixos-rebuild --target-host and skip any additional layers (that introduce extra complexity and fragility).
Just a crude and somewhat haphazard summary but hope it helps.
> Good science fiction where the aliens are very alien are hard to come by.
Apart from "Solaris", which many probably know because there's been a reasonably well-known movie, I recommend "Fiasco" by the same author, Good science fiction where the aliens are very alien are hard to come by Stanisław Lem. Spoiler: It does not end well. The aliens are too alien, and the humans do what humans often do.
Depends. If you're talking about a free online test I can take to prove I have basic critical thinking skills, maybe, but that's still a slippery slope. As a legal adult with the right to consent to all sorts of things, I shouldn't have to prove my competence to someone else's satisfaction before I'm allowed autonomy to make my own personal decisions.
If what you're suggesting is a license that would cost money and/or a non-trivial amount of time to obtain, it's a nonstarter. That's how you create an unregulated black market and cause more harm than leaving the situation alone would have. See: the wars on drugs, prostitutes, and alcohol.
Aside from what some other users have said, logging is fundamentally an observable side-effect of your library. It’s now a behavior that can become load-bearing — and putting it in library code forces this exposed behavior on the consumer.
As a developer, this gets frustrating. I want to present a clean and coherent output to my callers, and poorly-authored libraries ruin that — especially if they offer no mechanism to disable it.
It’s also just _sloppy_ in many cases. Well-designed library code often shouldn’t even need to log in the first place because it should clearly articulate each units side-effects; the composition of which should become clear to understand. Sadly, “design” has become a lost art in modern software development.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
I am excited for having a new version of NixOS. Few days ago I realized that November is almost gone and went looking for when I can expect the new release. And right on schedule it popped out (was checking throughout the day). Big props to the release managers (and of course the maintainers)
I use nix via flakes on my own machines (via NixOS), in my projects (with direnv), on my infrastructure/servers (NixOS deploying with colmena) and at work (nix-darwin and projects). So far the upgrade have gone painlessly, the only change I needed to make is how git is configured in home manager. I continue to be amazed how well NixOS works.
Edit: The only place I still struggle in adopting nix is on my phone. Last time I tried nix-on-droid it didn't even run, but I plan to try that again. Still new to Android (and GrapheneOS)
i used the UTM app from the App Store, and when creating a new instance, i select the Linux icon, which exposes the selection to enable Apple Silicon hypervisor rather than Qemu. it works perfectly. and it's fast. just great. I had used Asahi before, dual booting, which was a pain in the neck. this meanwhile is perfect.
I've always noticed that when I'm giving advice to someone or trying to help out, it always feels their problem is easier than whatever problem I have. As someone with some anxiety around things like calling some company to get something done or asking a random stranger for some help in a store, I would gladly do it if it was to help someone else (family member or friend). But when it's for me I find it harder.
I wonder how much psychologically we can be more confident and less anxious when we're doing something for others vs ourselves..
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ .
That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
I did some experimentation with UniFi hubs and came to the conclusion that if you can give each device its own WiFi channel that would be ideal -- contention is that bad and often an uncontended channel with otherwise poor characteristics will beat a contended channel that otherwise looks good.
The other bit of advice that is buried in there that no-one wants to hear for residences is the best way to speed up your Wi-Fi is to not use it. You might think it's convenient to have your TV connect to Netflix via WiFi and it is, but it is going to make everything else that really needs the Wi-Fi slower. It's a much better answer to hook up everything on Ethernet that you possibly can than it is to follow the more traveled route of more channels and more congestion with mesh Wi-Fi.
I noticed this pattern that a page with some text and images is often too demanding for my phone: it becomes impossible to scroll the page smoothly. We simply do not have the technology yet to handle text and images in a consistent way! But anything involving 3D graphics (or 4K video) will run just fine.
2) BAD website says “We’ve sent you an email, please enter the 6-digit code! The email will come from GOOD, as they are our sign-in partner.”
3) BAD’s bots start a “Sign in with email one-time code” flow on the GOOD website using the user’s email.
4) GOOD sends a one-time login code email to the user’s email address.
5) The user is very likely to trust this email, because it’s from GOOD, and why would GOOD send it if it’s not a proper login?
6) User enters code into BAD’s website.
7) BAD uses code to login to GOOD’s website as the user. BAD now has full access to the user’s GOOD account.
This is why “email me a one-time code” is one of the worst authentication flows for phishing. It’s just so hard to stop users from making this mistake.
“Click a link in the email” is a tiny bit better because it takes the user straight to the GOOD website, and passing that link to BAD is more tedious and therefore more suspicious. However, if some popular email service suddenly decides your login emails or the login link within should be blocked, then suddenly many of your users cannot login.
Passkeys is the way to go. Password manager support for passkeys is getting really good. And I assure you, all passkeys being lost when a user loses their phone is far, far better than what’s been happening with passwords. I’d rather granny needs to visit the bank to get access to her account again, than someone phishes her and steals all her money.
This is written for the Linux-on-the-Desktop crowd, and good for them. But tmux really shines for folks using MacBooks with iTerm2. Its tmux integration is so good that it simply disappears into my workflow.
With this in my `~/.ssh/config`, I can just type `ssh tmux` to get back to my remote dev box whenever I wake my computer or change connections.
Host tmux
HostName 1.2.3.4
IdentityFile ~/.ssh/etc.etc.etc
RequestTTY force
RemoteCommand tmux -CC new -A -s 0
With iTerm2's tmux integration enabled, this will pop open a new window where the remote tmux tabs and scroll buffer look and act just like native, local iTerm2 tabs and scroll buffer. I don't even know any tmux commands.
Communism has been tried many times always with severe quality issues. But my point isn't just about communism. You have to run a different argument for mercantilism, command economies, mixed economies, barter economies, etc.
The fact that people have historically tried devaluing currency for as long as they've had currency suggests that there's a force that favors attempting to sell inferior goods without decreasing price and that this force predates the industrial revolution.
> So if you were referring to China... they are the world's foremost capitalists right now.
This is the same logic by which communists called socialists who believed in democracy "fascists". It's just an attempt to excommunicate people from the church if their interpretation is different from yours.
- sqlite is a bit like a RWLocked database either any number or readers xor exactly one writer and no readers
- but with WAL mode enabled readers and writers (mostly) don't block each other, i.e. you can have any number of readers and up to one writer (so normally you want WAL mode if there is any concurrent access)
- if a transaction (including implicit by a single command without "begin", or e.g. upgrading from a read to a write transaction) is taking too long due to a different processes write transaction blocking it SQLITE_BUSY might be returned.
- in addition file locks might be used by SQL bindings or similar to prevent multi application access, normally you wouldn't expect that but given that sqlite had a OPEN_EXCLUSIVE option in the past (which should be ignored by half way modern impl. of it) I wouldn't be surprised to find that.
- your file system might also prevent concurrent access to sqlite db files, this is a super obscure niche case but I have seen it once (in a shared server, network filesystem(??) context, probably because sqlite really doesn't like network filesystems often having unreliable implementations for some of the primitives sqlite needs for proper synchronization)
as other comments pointed out enabling WAL mode will (probably) fix your issues
The trick for me was just using a hidden input and updating the state of an in game input box. The code is ancient by today's standards but uses a reasonably simple technique to get the selection bounds of the text.
It works with auto complete on phones and has been stable for a decade.
Browser text entry on mobile phones is notoriously hard to get right and some bugs are literally unfixable [1]. I'm a frontend developer in my day job and I struggled with this even before AI was a thing. I think you just accidentally picked one of the hardest tasks for the AI to do for you.
