• 0 Posts
  • 199 Comments
Joined 3 years ago
cake
Cake day: June 7th, 2023

help-circle
  • The AI is a tool argument is getting tired. I haven’t seen it do anything useful at all that helps my day to day life.

    I’ve also never had a use for a rib spreader. That doesn’t mean it’s not useful in the right setting. I talked through it in a different reply (feel free to use AI to find it), but LLMs and image classifiers do have use cases in particular settings. Just because some folks abuse them and use them for entirely the wrong use cases, doesn’t mean they aren’t useful in the right ones.


  • I might need to ask chatgpt to reply to this comment. In fact if i ever see your username around i will put it into chatgpt and ask it to generate a reply for me, because i can’t think for myself.

    Go for it, it might be kinda funny. A bit of irony in it too, as it would offloading the critical thinking required to engage with an argument you disagree with.

    i don’t believe i’ve ever asked calculator to answer biology question for me.

    Nor should you, you would be using the wrong tool for the job. I’d also not use a calculator to drive screws, that doesn’t invalidate the point. Tools are useful when we use them the right ways. And ya, AI is a terrible tool to offload critical thinking onto. There are use cases where AI makes sense though. Things like image classification and fuzzy searches on large data sets are good use cases for various AI models. One of the problems with AI, at the moment, is that it has been sold as some sort of cure-all that will replace humans and critical thinking. And it’s absolutely not that. It’s in much the same place as cocaine in the first part of the 20th century. Hucksters are putting “AI” on the label and claiming it will solve everything. The reality is much more nuanced. It has it’s uses but they are far more limited than the hucksters are claiming.

    Large language models really can be useful for fuzzy searches in large data sets. To give an example from my own work, Copilot is really good at searching Microsoft documentation for me. Could I find the answers with a regular search? Probably, it would also take me longer. Instead, I send Copilot chasing after the answer to that question and go do something else while it finds the answer. They can also help in re-writing for different audiences. I write a lot of technical reports and those need to be summarized for managerial audiences. Yes, I could do that manually, I’ve done it for years. I also hate doing it. Clippy is good enough at doing it that it can give me a first draft and I can finish it up in far less time and effort.

    The biggest issue I have seen with LLMs is exactly what you point out, that people trust them too much and don’t think critically about their answers. Again with my work, we use a product that uses an LLM to summarize cybersecurity issues and provides suggestions for response and investigation. It’s a pretty well trained model and it’s suggestions are pretty good most of the time. But, it falls down spectacularly bad from time to time and the analyst needs to be able to recognize that and respond to the alerts appropriately. Some analysts are better at this than others and this is now part of our training for new analysts. We teach them to use the LLM, but to also always think about the basics and question the LLM when it doesn’t seem right.

    Image classifiers are another area where I think AI has some good use cases. Consider the job of reviewing images and videos for sites like FaceBook, TikTok or YouTube. The folks who do this work are exposed to a lot of very violent and disturbing media. I used to work with a guy who did computer forensics in a law enforcement setting and he finally left that work because he could deal with having to review CSAM images any more. This seems like the perfect place to slot in an AI image classifier, to make a first pass at it. If it can correctly classify the vast majority of that sort of content, that greatly lessens the workload on the analysts who will need to deal with the borderline stuff and reports of false positives and negatives.

    The new normal is people just follow what billionaire said, and you think it’s okay.

    Not at all, but I also think the reactionary “fuck all AI” isn’t okay either. It’s a tool and it’s going to change things. We need to navigate that with a clear head and careful consideration.




  • Do you disregard people IRL who you know use a calculator for everything?

    If that sounds like a ridiculous question, it’s because the use of that tool has become so ingrained in our society that we don’t question its use anymore. AI is a new tool and one which can offload a lot of mental work. Such tools have always been controversial. If Plato is to be believed (and that isn’t necessarily a given), Socrates complained that writing made men lazy and their minds weak, because they didn’t have to exercise their memories and were not taught things, just read facts.

    AI is a tool, and it’s going to be worked into the fabric of our society, for good or ill. It’s also facing a lot of push-back, as have many tools, but that is unlikely to stop it. Will AI make us lazier? Absolutely. That’s kinda the point. If necessity is the mother of invention, laziness is the father. So much of human invention is all about ways to not work as hard. Sometimes, this is because we need to improve how we do something, sometimes its because we’d rather be down at the pub sipping a brew while a machine does the hard stuff. Often, it’s both.

    That said, there is likely to be a lot of pain in the short term as we adjust to the new reality. And it will likely cause another shift in how work happens. Businesses used to have hundreds of people doing nothing but tabulating accounts. Rooms would be full of people just doing math. Now, we have Excel and most of that tedious work is now done by one person at the click of a button. The main problem with the rollout of AI may be one of speed. The same speed which empowers Excel is making the disruption of AI happen at a much faster speed than many of our institutions may be equipped to handle. Or not, there’s been some reporting lately that the promises of AI have been severely over-hyped (shocker, AI companies over sold the capabilities of AI, whodathunkit?). We won’t really know until we’re well past the point of disruption.

    So, does it annoy me that people use (and believe) AI to answer relatively simple questions? No not really. Sure, they could take the time to look it up with google, but that is slower and harder. Or they could look it up in a book, which is even slower and harder. Or they could just memorize it and avoid that new fangled writing thing, which is making kids lazy. But, that sort of thing is a dead end. Ai is here, it’s a tool people will use. We just need to find a way to educate people about its strengths and limitations. And that is a hard problem, but maybe AI will help us solve it.


  • Don’t worry so much about sports, as finding something you enjoy which gets you moving. The important thing is to try stuff and find something that works for you. Really, the best exercise you can do, is one you will actually do. It sounds like you have issues with team sports, so maybe try some stuff which doesn’t involve other people. Also, accept that you will likely suck as whatever you do, if you keep practicing, you might find you suck less over time.

    I’m not a “sports person”. In fact, I suck as most sports I have tried. But, I discovered that I enjoy indoor sport climbing. I sucked amazingly bad at it when I first started. I mostly climb top rope and was struggling to finish a 5.9 climb. But, I kept at it and now I can finish most 5.10a climbs on my first attempt. I’m not some super climber by any means, but I have become kinda competent. I enjoy the challenge and have met some great people along the way. I also get excited when I walk into the gym and see a new set of routes. It’s like being handed a new set of puzzles to solve.



  • Another investment area to consider is other Tax Advantaged savings accounts (e.g. IRA).

    I do not really want a credit card, but I need to start using one because my credit score dropped to 550 after not making a payment for a while.

    While they are a Faustian deal, you do want one. Much of our society is built around credit scores and the credit reporting companies. It sucks, but you have to deal with it. Find a credit card which doesn’t charge an annual fee, and which provides some sort of kick back you can make use of. Use this for everything, and pay it off completely every month. Use the points/miles/etc when possible.

    There are two primary reasons for this. First off, it gets that credit score up. You want a high credit score as it’s often used for things like background checks. It’s annoying, but you’re not going to win the fight against it. Second, using a credit card comes with some protection for you money. If your card number gets compromised (and it will eventually, if you’re using it) credit card companies have some legal requirements to refund you for the fraud. When paying for things with debit cards and ACH transactions, those protections aren’t as strong and you may end up out some money.

    The one thing I can’t emphasize enough is, pay the damned thing off every month! It’s easy for these to get out of hand. And with your current credit score, the interest rate is going to be in the range “fuck your wallet”. Letting any charges roll over is just pissing away money.

    Lastly, once you have your credit accounts created freeze your credit. Don’t let them trick you into “monitoring” or other bullshit half-measure, do the freeze.


  • I wouldn’t expect it to replace people. It will make workers more productive. However, because it is already pretty well spread through most companies, those productivity gains will only lead to competitive advantages for companies with highly skilled workers.

    Think of it like a chainsaw for lumberjacks. A lumberjack with a chainsaw is going to be far more productive than one with just a hand axe. But since every company equips their lumberjacks with chainsaws, they aren’t really at an advantage, chainsaws are now just a cost of entry for a company. Also, lumberjacks are required to know how to use a chainsaw. But they are ok.

    For knowledge workers, AI is our new chainsaw. We’re going to learn to use it. And it’s going to be part of our jobs going forward. From my own experience, it has it’s uses and is pretty good at certain tasks. It can also be endlessly frustrating at tasks where it’s not well suited or the training isn’t up to snuff. We just have to learn and adjust to a world where the tool exists and is used everywhere. The genie isn’t going back in the bottle.


  • All of the above.

    Is it that ISPs are being paid by tech-bros to assign them these IPs?

    Bullet Proof Hosting is a thing. Some ISPs basically advertise to criminals about their ability to evade take down orders and unwillingness to work with law enforcement. So, some infrastructure ends up on these devices. However, the IP ranges from these services often get discovered and are added to public reputation and block lists.

    Along side this, cloud providers are pretty bad about policing their networks. On my own home server, I have blocked much of the Digital Ocean IP space, as it’s home to a lot of scanners, bots and other malicious traffic.

    Is it that residential devices have been hacked /contain malware that does this?

    This happens, a lot. The Mirai Botnet thrived on compromised home routers. People are pretty bad at updating their devices and many SOHO routers ship with some pretty bad vulnerabilities. It’s only a matter of time until someone finds an unpatched or misconfigured router and adds it to a botnet. People also get phished or install trojans all the time, adding to botnets. Darknet Diaries just had a fantastic episode on the Bayrob malware, part of which was turning infected machines into a custom botnet.

    Is it trivial for companies to assign themselves residential IPs?

    Some ISPs just look the other way when they get reports of malicious activity on their network. Also, attackers can force a DHCP refresh and just get a new IP when the old one seems blocked. Getting one in the first place is often as simple as signing up for service and/or compromising someone’s home PC and using it as a relay.

    Paid volunteers are doing this for AI companies?

    This probably happens. Afterall, we’ve already seen a company selling an AI product which was just workers in India.

    Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.

    Look into Fail2Ban. This program monitors your logs and will ban IPs automatically based on criteria you set. This can include specific HTTP requests in your web logs. The ban can be permanent or can be time limited. For example, I have a container running in a cloud provider which I use to proxy requests through my ISP’s CGNAT setup. There is an NGinx reverse proxy running there and I have fail2ban watching the access log. If certain request strings are seen, the sending IP gets dumped in a permanent jail. I also have it scanning the sshd logs and banning IPs which fail to login 3 times within a short period.

    It’s far from a silver bullet, but it’s something which should be running on any web facing system. Attackers will always be rattling the door knobs. There is no reason to let them keep rattling away.




  • Sadly, a reluctance to install patches isn’t unique to Windows administration. I worked at a site with a well functioning Satellite infrastructure and support contracts with Red Hat. And we (InfoSec) were still chasing down admins to get their shit patched. Thankfully, we had NAC and authorization to disconnect systems that feel out of compliance. Most departments got with the program pretty quick when they ignored the "please patch all critical vulnerabilities in three days’ email and ended up with a “you are out of compliance and have been disconnected” email.

    And Docker had made the whole Linux situation even worse. So many devs love to spin up containers, basically disable any sort of firewall, don’t bother with IP filtering. Oh and let’s just use passwords for ssh. Also, who needs logs? It’s a container, right. So, let’s disable all logging and not forward those anywhere. Then they promptly forget about the container until we run a vuln scan and find it’s got half a dozen RCE vulns and have to run them down and ask why the fuck it’s still running.

    Linux is a much better base to build on. But bad security hygiene is still rife and still really bad for security.



  • Anything SharePoint.
    So many companies end up using SharePoint for “knowledge management” not realizing they are dooming their knowledge to be lost in some byzantine hole of information where no one will ever be able to find or use it ever again. Worse, as more knowledge is yeeted into the pile, the search becomes better and better at presenting outdated, or irrelevant information. So, you will have new employees who find a process which is 5-10 years out of date, completely wrong, but it looks official and the links still work for some gods forsake reason. Of course, the right information is in SharePoint somewhere, but it’s probably locked behind a site with broken permissions, in a document library in a Word document which isn’t properly indexed and there’s 4 different versions of the same document with names like “New procedure_v3_DRAFT_bob’s edits.docx”, because no one understands how file versioning works.


  • The just stopped working was the client stopped syncing?

    The client doesn’t seem to detect new photos as they are created/taken. If I manually upload an image from my photos folder, it syncs just fine. Files in other folders seem to sync just fine. But, photos and videos just never even try to sync.

    NextCloud decided to stop allow private made certificates with its client in 2025 and its what made me switch.

    This hasn’t been an issue for me. I pay for a domain and have a certificate issued by Let’s Encrypt. The only certificate errors I get are when I refresh the certificate every 6 months, and that’s just the client asking me if I want to trust the new certificate.

    Syncthing

    I had looked into this a while back, but it seemed to be more of a point to point solution and not a client-server system. I was aiming to have an authoritative server with everything and clients (both phone and desktop) able to pull the needed/request files. I also like the ability to share via a web link when needed. Am I wrong in that understanding?


  • I currently use NextCloud, but I have been looking to move away from it. My main use case is for syncing photos and videos to the cloud from my phone (Android) and this used to work flawlessly. But, some time in early 2025, it just stopped working. I can still manually upload files and sync still works for other folders (e.g. Documents) just fine. But, photos and videos just won’t sync automatically. Not sure if there are other options which would work better, but NextCloud on Android just seems to be broke.



  • AI is the shiny new tech and investors are more worried about missing out on “the next big thing” than they areabout pissing away a few billion dollars. For investors at that level, it’s all a game of numbers. If they invest a billion dollars in 20 different things, and 19 of those things fail, but one has a return of 100 billion dollars, that’s a win.

    Sure, there is no guarantee that AI will pan out. But, that’s a very hard thing to determine ahead of time. Everyone thought e-commerce would pay off big in the 90’s/00’s. And it did, for a few companies (Google, Amazon). The rest got slaughtered and we got the dot-com bubble. Then folks expected Crypto currencies, EFTs and NFTs to pay off big. Mostly, that didn’t happen, though they do thrive in a few places. Again, investors just wanted to ride that profit wave.

    In short, investments are all about making money. And at a sufficient scale, it’s not about picking winners or losers, it’s about picking everything and making sure the wins from the winners cover the losses from the losers.